Re: [Mimedefang] Email 101
On Tue, Mar 16, 2010 at 17:43, Ben Kamen bka...@benjammin.net wrote: Ooo, and maybe mention (although possibly not a '101' subject) the TXT record used for things like SPF? (although maybe no longer relevant) TXT records are still the main DNS record type used for SPF since so few DNS hosts support the SPF type. DKIM also uses TXT records from memory. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] How can I block spam mail addressed FROM me TO me if not HELO match of my SMTP server?
On Tue, Feb 23, 2010 at 23:03, Andre Doles an...@doles.com wrote: Hi all. Newbie to your list. Ive searched and searched your archives to no avail. I'm having a large amount of spam mail hitting all my mail accounts, with forged addresses FROM myaccount TO myaccount, but coming from an SMTP server that isnt mine. Is there a rule that will allow me to block any incoming mail FROM a list of legit email addresses, but where the HELO does not match the address/name of my SMTP server? Have you considered using SPF (http://www.openspf.org/)? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] problem from MIMEDefang
On Mon, Feb 22, 2010 at 13:31, Salem, Hadi (Hadi)** CTR ** hadi.sa...@alcatel-lucent.com wrote: Hi all I'm having problem from MIMEDefang 2.57. That's rather old (released on the 20th of June 2006) - 2.67 is the current release and you really should consider upgrading. In mail.log shows 1-Feb 22 07:21:46 server1 sendmail[1]: [ID 801593 mail.error] o1MDLglB01: Milter (mimedefang): error connecting to filter: Connection refused by /var/spool/MIMEDefang/mimedefang.sock 2-Feb 22 07:23:27 server1 mimedefang[2379]: [ID 655476 mail.error] MXCommand: connect: Connection refused: Is multiplexor running? How to solve them and thank you in advance. The obvious question is - is it running? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] stripping Received headers based on authentication
On Wed, Feb 17, 2010 at 14:19, Joseph Brennan bren...@columbia.edu wrote: I agree that it is extremely desirable to have the originating IP and like you I wish Gmail would provide it. I just don't think it's a standards violation. And if you submit email by SMTP they do provide it (in my experience anyway). -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SPF Usefulness (was Re: SNARE spam detection)
On Wed, Jul 29, 2009 at 22:07, David F. Skolld...@roaringpenguin.com wrote: Paul Murphy wrote: Proper implementation of SPF or a similar system across all mail domains would cut spamming by 99% overnight, No, it wouldn't. Spammers would publish SPF records for their throwaway domains. We already see this quite a bit. And it's been going on for some time - like DKIM, SPF is an anti-spoofing measure, not an anti-spam measure. It's never pretended to be anti-spam despite what people think. and would remove almost all of the risk from phishing mails. Not really. SPF applies to envelope senders; people's mail clients show the header senders. So you can have MAIL FROM:spam...@throwaway.net and From: ser...@intl.paypal.com with an SPF pass. :-( Something I'm happy to see that the SPF FAQ covers, even if far too many people fail to understand it. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] which mimedefang.pl us used
On Tue, Apr 21, 2009 at 07:52, Jon Rowlan jon.row...@sads.com wrote: Hi all, I have a bespoke mimedefang.pl script and because I want to keep all my bespoke stuff in the one place I have this in /etc/mail (Debian) The list also got your near identical email from 13 hours earlier - you don't need to send the same thing twice ;) A quick look at the man pages shows that you want the -f option of mimedefang-multiplexor. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] which mimedefang.pl us used
On Tue, Apr 21, 2009 at 09:31, Jon Rowlan jon.row...@sads.com wrote: I have checked that Rob, The -f option seems to apply to which filter to use, not which mimedefang.pl is used. One server calls mimedefang.pl from /etc/mail and the other from /usr/bin Did you read the entire section for the -f option, or just the first few words? -f filter_path Normally, mimedefang-multiplexor executes a Perl filter script called mimedefang.pl to scan the e-mail. However, you can have it execute any program you like by specifying the full path to the program with the -f option. This pro- gram must obey the protocol documented in mimedefang-proto- col(7); see that manual page for details. Note that the -f option does not specify the filter to use with mimedefang.pl; instead, it specifies the program for mimedefang-multiplexor to execute. You almost cer- tainly should not use this option unless you wish to replace mimedefang.pl with your own program. That makes it pretty clear to me that you'd use -f /etc/mail/mimedefang.pl as an argument to mimedefang-multiplexor to get it to call your customised version of mimedefang.pl. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] which mimedefang.pl us used
On Tue, Apr 21, 2009 at 10:15, Jon Rowlan jon.row...@sads.com wrote: In fact the answer lies in the fact that my /usr/bin mimedefang.pl file is the same as my copy on /etc/mail. I have two identical copies. Would a symbolic link make sense if I wanted to keep my script in /etc/mail do you think? If you do that, be aware that depending on how you install/update mimedefang you may find yourself overwriting your custom version. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PDF vulnerability
On Tue, Feb 24, 2009 at 20:09, wbr...@e1b.org wrote: Looks like ClamAvV has added definitions for some PDF vulnerabilities today: Snort have released signatures, though I don't know whether they are for the exploits or the vulnerability. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] On pinheaded ISP's that insist on a copy of Spam
On 1/29/07, Philip Prindeville [EMAIL PROTECTED] wrote: I suppose I'll have to create a new mailbox in Cyrus for that too... (scratching head, trying to remember how to do that...) This part I can help with :) Create the user: saslpasswd2 -c newuser Create the mailbox: cyradm --user adminuser localhost cm user.newuser Replace newuser with the name of the account you're creating and adminuser with the name of a cyrus admin user (grep ^admin /etc/imapd.conf, or wherever your imapd.conf is). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] IMAP (was: Questions about stream_by_recipient and problems it creates.)
On 1/24/07, Jan-Pieter Cornet [EMAIL PROTECTED] wrote: Users actually need to _do_ something to switch to imap, and rethink the way they store and view email. And last I heard Eudora and Outlook Express still didn't support imap anyway... Outlook Express has had IMAP support since at least v4. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reading/writing XML config files
On 11/5/06, Philip Prindeville [EMAIL PROTECTED] wrote: Anyone else have anything to add to this? If it ain't broke, don't fix it... Personally, I hate XML config files, I'd much rather human readable ones and *I* can understand and hand edit. I don't want to be reliant upon some GUI or command line application, or have to wade through some overly complex file. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Setting up a RAM Disk on Freebsd 6.1
On 9/10/06, Wayne Hahn [EMAIL PROTECTED] wrote: Does any one have an example of how to setup a 1.5 Gig Ram disk on FreeBSD 6.1? I can't seem to find any good documentation on it. Keep in mind that with UFS2 short lived (AFAIK 1s on average) files won't get written to disk if you have enough RAM. I setup sendmail with Mimedefang 2.57 and Spamassassin 3.1.4. If I load test it and run more then 5 or 6 concurrent email messages it eats up all of my processors and brings my server to its knees. I am running it on an AMD Athlon 64 X2 4200 with 2 Gig of ram. I am planning on adding more Ram if I can figure out the Ram disk. I have seen wiki with setting up a Ram disk on FreeBSD but I believe that was for version 4. See the mdconfig(8) man page: http://www.freebsd.org/cgi/man.cgi?query=mdconfigapropos=0sektion=0manpath=FreeBSD+6.1-RELEASEformat=html Though, if it's eating all your processor time, it's unlikely to be a memory bottleneck. I'd suggest you look at what you're running the mails through - it's most likely a problem there. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Spam no detect in SA from MD
On 8/18/06, Oliver Schulze L. [EMAIL PROTECTED] wrote: ---SNIP--- So, it seems that mimedefang is not using /etc/mail/sa-mimedefang.cf or something wrong is hapenning with the DNS test. On my (FreeBSD) system the sa-mimedefang.cf file lives in the same directory as the mimedefang filter file. Does your MD config also live in /etc/mail? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
On 5/15/06, Kelson [EMAIL PROTECTED] wrote: David F. Skoll wrote: (although it does have one, to catch people who are too lazy to type www. into their browsers.) ---SNIP--- Am I the only one who finds this talk of lazy users a bit... I don't know, condescending? (Admittedly, this is on a list made up of sysadmins, so I suppose that's par for the course.) No, you're not. I know plent of sites that advertise themselves as http://domain.com;. As you say, the use of the www. prefix is convention, not out of some technical need. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
On 5/10/06, Alan Premselaar [EMAIL PROTECTED] wrote: If I'm not mistaken, even properly configured MTAs will revert to the A record of a domain of there are no MX records available. (although I haven't done any real research to back up this statement recently so I could be completely off base) That is correct. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP signed mail garbled?
On 5/9/06, Gary Funck [EMAIL PROTECTED] wrote: I only recently started using and paying attention to PGP-signed email, and noticed that the PGP mail that I receive results in the following diagnostic from Outlook 2000 when the message is opened: Contents altered after message was signed I don't think the message was actually altered, but I'm surmizing that MdF disassembled and then reassembled the message, and that this may have disturbed the contents of message sufficiently to cause the message's PGP certificate to know longer match the message. Have you seen something like this? Are there tools that might help further diagnose this problem? I suppose that I could cause MdF to save a few original PGP signed mails into an incoming folder on the mail gateway and compare them against the delivered mail, but it'll be a while before I can get to that. I've only had a problem with digital signatures (not PGP) and using action_rebuild(). Even that only broke some messages, not all. I've not yet consistently had problems with PGP signatures (I do have intermittent problems with bad PGP signatures, but I'm fairly confident that's a problem at the far end as it's always the same sender). Keep in mind that signed email only has the body of the email signed. Changed/removed/added headers should never cause a problem. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] May 1st problem
On 5/1/06, Pierre Forget [EMAIL PROTECTED] wrote: Hi, I have a problem that started May 1 at 00:00:03 . Since that time, I get the following error code in the logs: mimedefang.pl[2915]: Problem running virus scanner: code=1, category=swerr, action=tempfail ---SNIP--- Any idea? Consult the logs for clamd - increase it's logging verbosity if necessary. I'm running clamd 0.88.2 with MD 2.56 without problems. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Image blocking idea
On 4/22/06, Paul Whittney [EMAIL PROTECTED] wrote: Valid point, and I wonder if I worded my email wrong. Regardless of the RFCs, I think some emails need to exist, and actually go somewhere, otherwise RBLs will take a stand. What I'm saying, is that email with attachments to these special addresses should have something done to them. Again, caution. What if somebody has forwarded spam by attaching it? I'd say it would be reasonable to change all rfc-822 parts to text/plain, though how you'd do that with MD I couldn't say. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Image blocking idea
On 4/21/06, Paul Whittney [EMAIL PROTECTED] wrote: Maybe another possibility is to limit what accounts get images.. I've been thinking about this, in relation to clients wanting their email address on their webpages (uurrgghh). If there is a [EMAIL PROTECTED] or abuse@ postmaster@ webmaster@ (etc...), would it be worth it to deny connections, stating a Please see www.mydomain.com/emailRules.html in the response? As some small places have info and webmaster directed to their real email address. Check the RFCs. I'm pretty sure that at least abuse@ and postmaster@ are required to be accepted. Auto responders etc have resulted in (that I know of) at least one ISP finding themselves on the wrong end of a number of RBLs (as the result is to make it almost impossible to report spam/abuse). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang: Problem with High load in sendmail
On 4/17/06, Julio Cesar Salas Garcia [EMAIL PROTECTED] wrote: Hi, i have configured mimedefang to generate Signatures in all messages that we send, but the problem is that after a little while working, and with an certain amount of load, the sendmail stops answering por 25 ( or takes a lot of time) and everey body asks if the service is down... Is there any Performance Tunning procedures or Tips to increase the performance for mimedefang? You need to look at the cause of your problem. Is it processor time, memory usage, disk I/O...? You could simply increase the value at which sendmail stops answering, however that would only delay the problem from showing itself. Details of your hardware, sendmail (and mimedefang) version, changes to the filter, whether you're doing any virus/spam scanning, anything else the box is doing... -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD doesn't log anything
On 3/9/06, Fernando Gleiser [EMAIL PROTECTED] wrote: I'm having some weird logging problem with MD on a FreeBSD box: it just won't log mimedefang events. The mimedefang-filter has the corresponding md_graphdefang_log_enable() call enabled. More so, the mimedefang-filter looks a lot like the one in the relay (this is on the internal server, just for virus/and attachment filter, no spam filtering inside) and the relay does log the MD events. I even replaced the internal mimedefang-filter with the one from the relay, but nothing happened. Any sugestions, pointers will be apreciated. Version of MD? Version of FreeBSD? Does your syslog work (ie, are you getting mail logs)? Did you install from ports or by hand? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] network-tests with mimedefang 2.54 and spamassassin3.1.0
On 2/4/06, Florian Meister [EMAIL PROTECTED] wrote: Hi, i have $SALocalTestsOnly = 0; in my filter. That's the problem. I've searched for any solution and every solution is already implemented or does not work. [ Please don't top post ] Next thing to check, your spamassassin config files. That includes sa-mimedefang.cf (is skip_rlb_checks set to 1) and the *.pre files (have you actually loaded the modules for network tests) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] network-tests with mimedefang 2.54 andspamassassin3.1.0
On 2/4/06, Florian Meister [EMAIL PROTECTED] wrote: I have made a symbolic link from my mimedefang-spamassassin config to the init.pre and have deleted all other spamassassin configs which maybe loaded. Hmm, sa-mimedefang.cf shouldn't be a link to init.pre! You should have 3 files for SA: sa-mimedefang.cf init.pre v310.pre In my config razor2 and dcc is enabled, if I test the config with spamassassin --lint -D everything works fine. The debug output shows me, that spamassassin --lint -D uses the symbolic link to my mimedefang config. So they use the same config. Now, how about if you do that as the user that runs mimedefang (which isn't root)? I tried to strace mimedefang.pl with a sample mimedefang-spool-directory and I have not found anything special. When I grep for open it does load the dcc-plugin and the razor plugin, but it does not connect to our dcc-server or to a razor2 server. Have you disabled the tests in your sa-mimedefang.cf file? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] network-tests with mimedefang 2.54 and spamassassin 3.1.0
On 2/3/06, Florian Meister [EMAIL PROTECTED] wrote: Hi, I have searched for a solution for 2 days. Maybe you know what the problem is. As mentioned in the list archive, you need to add the following to your filter: $SALocalTestsOnly = 0; -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] ClamAV 0.88 Patch
On 21/01/06, Dirk the Daring [EMAIL PROTECTED] wrote: I've just stood up a Solaris 9 server with (all built from source) sendmail v8.13.5, SA 3.1.0, MD 2.54 and ClamAV 0.88 with David's patch. Its working fine. Similarly I've been running it on FreeBSD 5.4 (sendmail 8.13.5, SA 3.1.0, MD 2.54, ClamAV 0.88) with the patch and haven't had problems. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang errors: What might be the cause?
On 14/01/06, Lisa Casey [EMAIL PROTECTED] wrote: Hi, I'm running Mimedefang/Spamassassin on a Redhat server with Sendmail. This has all been running fine for a couple of years now. Suddenly, this morning my customers were unable to send e-mail. Looking at /var/log/maillog, I saw lots of entries such as this: Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves ---SNIP signs of a busy mail server--- I need to try to determine what might cause this and how to prevent it from happening again. Likely you had more incoming connections than configured slaves. Also - how do I find out how many slaves Mimedefang is configured to have and should I increase that? If so, how? Check your startup script. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD errors: 451 4.3.2 Please try again later
On 28/12/05, Greg McCarthy [EMAIL PROTECTED] wrote: I've used the md filter example and changed the admin email address. MD ver 2.54 running on Slackware 10.2. I've also double checked the permissions as well - they all seem to be correct. Its probably something small I've overlooked, but have no idea where else to look. Well, I've just gone through your original posting again and found your problem - you've specified the wrong socket. Quoting from the HowTo: INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') You've specified the multiplexor socket instead. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Requiring FQDN in HELO
On 28/12/05, Dirk the Daring [EMAIL PROTECTED] wrote: I've noticed a lot of SPAM does not have an FQDN in the HELO. It'll have just localhost or even omit a hostname entirely. Obviously, if the HELO is an IP address in square brackets, that's fine. Is there any danger of rejecting legitimate E-Mail if I write my mimedefang-filter to: 1) Absent an IP address in square brackets, require a an alphanumeric string in the HELO 2) Reject a HELO where the alphanumeric string is not a FQDN (using a regex looking for at least one . in the HELO string) A number of MUAs, including Outlook, will AFAIK fall foul of that requirement. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mail delay due to Cannot mkdir(Work): No such fileor directory error in maillog
On 23/12/05, Subodh Rawat (NPI) [EMAIL PROTECTED] wrote: I dont think it is a permission issue. Had it been a permission issue, it would have been permanent. However, in our case, its temporary. I would say, that this problem is coming with 10% of mails only and client (Oulook express or others) gets a message Please try later ind of. Any way, we have following permission to /var/spool/MIMEDEFANG : Directory is owned by defang.defang with 700 permission. Please suggest. Time to up the logging levels. It could be any number of other things, including problems with disk space, lack of inodes... -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] disclamer only for out going mails.
On 22/12/05, bablu bablu [EMAIL PROTECTED] wrote: How to change font size of disclamer in mimedefang? (Both txt and html) any idea. With plain text you can't. After all, it is *plain* text. With HTML, use the appropriate HTML tags in the disclaimer. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD errors: 451 4.3.2 Please try again later
On 20/12/05, Greg McCarthy [EMAIL PROTECTED] wrote: Over the last few days I've been trying to get md/clamav up and running. After reading a good few howto's I thought I had everything up and running properly. However when I do a manual telnet 127.0.0.1 25 I get the above error. From what I've read it looks like a generic error. I've checked over all my settings and must be missing something simple. What's in your mail log? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD errors: 451 4.3.2 Please try again later
On 20/12/05, Greg McCarthy [EMAIL PROTECTED] wrote: Uggh - it doesnt look pretty :) What changes have you made to the default mimdefang filter? What version of MD are you running? What OS are you using? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] disclamer only for out going mails.
On 16/12/05, bablu bablu [EMAIL PROTECTED] wrote: Pl. help me I am not much of script writer You've obviously not caught the subtle hint. Generally, people on this list view these disclaimers in a less than positive light. You're not going to get much help beyond the pointers you've already received. Heck, look at the bottom of every recent posting to get an idea of David's view on them :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail filter problems
On 24/10/05, Ross [EMAIL PROTECTED] wrote: As requested: ---SNIP--- dln # temporarily on while setting up server. FEATURE(`accept_unresolvable_domains')dnl I think you meant dnl instead of dln :) Next time, it's worth running your sendmail.mc through a grep -v '^dnl' first, to trim out all the comments. That would have cut the file you posted down from 168 lines to 36 and made spotting problems a *lot* easier. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] learning database
On 15/10/05, Matevz [EMAIL PROTECTED] wrote: Hi, I am pretty new to mimedefang, so i have a question regarding to learning. When I use sa-learn command as root it stores data in /root/.spamassassin/ ? You need to ensure that the user MIMEDefang is running as has access to the bayes_path. Personally I put it in /usr/local/etc/mimedefang/spamassassin/bayes. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: Replace with URL
On 13/10/05, Yizhar Hurwitz [EMAIL PROTECTED] wrote: Can you explain what exactly do you mean? Send the email from mimedefang? how? I was thinking about a hack to the replace_with_url function that will add a text/html MIME part, but I don't feel that I have the required skills to do that in Perl without breaking something else. Simply replace text/plain with text/html and then format the body in HTML. No perl skills required :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Replace with URL
On 12/10/05, Yizhar Hurwitz [EMAIL PROTECTED] wrote: As far as I understand, this is probably because the function replace_with_warning adds a text/plain part, and some EMail clients (like MS Outlook Express) displays the link as regular plain text instead of creating a link from it. Here is an example from one of my test messages: ---SNIP--- So, my question is: How can I use the function replace_with_url, but make my best effort so that the recipient will be able to simply click on the URL instead of needing to copy paste it? Two options off the top of my head: Ugly: Send a text/html mail, with correct HTML formatting Ok: Wrap the url in angle brackets: http://10.0.0.4/mail_parts/attachment.zip -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Odd reject message
On 07/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have a sender who is getting blocked when trying to send through my server. His mail server is 203.34.45.193, but when he sends, he gets a reject showing 24.61.132.169. To complicate matters, I only use two dsbl's (spamcop and njabl) and neither of those IP's are on the blacklists I use. Any help? The info from maillog: Oct 6 19:51:50 mg1 sendmail[8705]: ruleset=check_relay, arg1=mail.austmg.com, arg2=203.34.45.193, relay=mail.austmg.com [203.34.45.193], reject=553 5.3.0 24.61.132.169 REJECT Oct 6 21:01:04 mg1 sendmail[15400]: ruleset=check_relay, arg1=mail.austmg.com, arg2=203.34.45.193, relay=mail.austmg.com [203.34.45.193], reject=553 5.3.0 24.61.132.169 REJECT Oct 6 21:09:22 mg1 sendmail[15957]: ruleset=check_relay, arg1=mail.austmg.com, arg2=203.34.45.193, relay=mail.austmg.com [203.34.45.193], reject=553 5.3.0 24.61.132.169 REJECT More appropriate to comp.mail.sendmail, however... IP 24.61.132.169 *IS* in the njabl.org blacklist, which may be your problem. Seeing the error that your sender gets would help considerably. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Redirecting spam
On 03/10/05, Ashley M. Kirchner [EMAIL PROTECTED] wrote: I want to redirect messages that would otherwise be bounced due to high spam score to a local mailbox instead. After searching the archives, I came across the following snippet: # Add a header with original recipients, just for info action_add_header(X-Orig-Rcpts, join(, , @Recipients)); # Remove original recipients foreach $recip (@Recipients) { delete_recipient($recip); } # Send to spam address add_recipient('[EMAIL PROTECTED]'); I presume this ends up in filter_end()? Yes, though you may find this useful. This adds the original email as a plain text attachment with the SA report as the email it's attached to. It was shamelessly stolen from somebody else's posting some time back. Note that action_rebuild() is critical - if you don't call it the email doesn't get built! BEGIN # This is going to be spam, so it gets wrapped md_graphdefang_log('SPAM', $hits, $RelayAddr); # Record who it was for action_add_header(X-Orig-Rcpts, join(, , @Recipients)); # Remove oroginal recipients foreach $recip (@Recipients) { delete_recipient($recip); } # Send to the spam mailbox add_recipient('[EMAIL PROTECTED]'); # A container for the original message my $raw_container = MIME::Entity-build( Type= 'text/plain', Description = 'Raw message', Data= [ ], ); my $parser = new MIME::Parser; open(IN, ' INPUTMSG'); my $original = $parser-parse(\*IN); close(IN); $original-head()-replace('X-Relay-Addr', $RelayAddr); $RelayHostname ||= 'N/A'; $original-head()-replace('X-Relay-Host', $RelayHostname); $original-head()-replace('X-Relay-Time', scalar(localtime)); # Add the original message to the container $raw_container-add_part($original); my $reportPart = MIME::Entity-build( Type= 'text/plain', Description = 'spam warning', Data= [ $report ], ); $entity-parts([$reportPart]); $entity-head()-mime_attr('content-type' = 'multipart/mixed'); $entity-head()-mime_attr('content-type.boundary' = '=_' . scalar(time) . -$$-nikc); $entity-add_part($raw_container); action_change_header('Subject', SPAM ($hits): $Subject); action_rebuild(); END -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Milter (mimedefang): init failed to open
On 22/09/05, Carlos A. Carnero Delgado [EMAIL PROTECTED] wrote: Hi, Version of MD? Version of SA? Sendmail is 8.13.3, MD is 2.53 and SA 3.04. I'm starting mimedefang-multiplexor like this: mimedefang-multiplexor -U _defang -x 10 -s /var/spool/MIMEDefang/mimedefang.sock -p /var/spool/MIMEDefang/mimedefang.pid -l ---SNIP--- I know, but, AFAICT, people that reported this have a mismatch regarding the name and location of the socket file. Which is the problem you have. The path above is the path for the socket for mimedefang. Try passing the path for the multiplexor's socket. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Milter (mimedefang): init failed to open
On 20/09/05, Carlos A. Carnero Delgado [EMAIL PROTECTED] wrote: Hello, I just installed MIMEDefang w/ SpamAssassin on an OpenBSD 3.7 box, and after setting it up according to the fine manual, I'm getting this: Version of MD? Version of SA? You may want to look in the list archive BTW. This *has* been answered before (as a quick search shows :). http://lists.roaringpenguin.com/pipermail/mimedefang/2003-November/018091.html -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [OT] clamd doesn't recognize virus
On 21/09/05, Marco Berizzi [EMAIL PROTECTED] wrote: Clearly clamd doesn't recognize it as a virus and MD accept the message. Hints? Well, the ClamAV list would have been a more logical place to post this. However, following the link on the clamav home page for submitting code for review gives: http://cgi.clamav.net/sendvirus.cgi -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mail server performence declain
On 19/09/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I got a new debian serge 3.1 installed on a server with intel xeon 2.40GHz 1Gb mem. I got sendmail 8.13.4 + mimedefang 2.51 + sa 3.0.3 + perl 5.8.4. ever since i install mimedefang the delivery of mail got very slow! if i use an asp form to send mail it take too long. How long? What was it like before, what is it like now? (And, any reason you went with an old version of EVERYTHING? Sendmail 8.13.5 is out, as is MD 2.53, SpamAssassin 3.1.0 and Perl 5.8.7) i also notice it filter both incoming and outgoing mail, when my intension were to scan only incoming mail. Unless you've configured it differently (and you don't say how you've configured it) it scans all mail. How do i test latancy?? Check your mail log. Look for the line containing delay=. how can i minimize scan time? Disable network tests. and avoid scanning outbound mail?? Details (and to disabling network tests) can be found in the list archive. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] ClamAV complement
On 09/09/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm looking to run a second antivirus engine on my sendmail MIMEDefang ClamAV SpamAssassin boxen. I'm disillusioned with File::Scan (not that I was ever greatly illusioned with it in the first place.) What are you using? Can you recommend anything? REQUIRED: Must detect viruses with reasonable response rate for virus definitions OPTIONAL: Free is good BitDefender and F-Prot both have (from memory) free versions for non-commercial use. There is somewhere (sorry, I don't remember where) a site that provides details on speed of signature update. You may find that useful, though from memory what I took away from it was that amongst the top dozen or so scanners, some are faster sometimes, some other times. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Timeout reading a message
On 18/08/05, Jim Hatfield [EMAIL PROTECTED] wrote: Is there anything I can do to let it through short of temporarily reconfiguring sendmail to not use the mimedefang milter? Try increasing the timeout from 1 minute to, say, 3 minutes. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves died prematurely
On 04/08/05, Eduardo Otubo [EMAIL PROTECTED] wrote: Aug 4 15:59:03 fefnet119 mimedefang-multiplexor[18851]: Slave 0 stderr: Can't locate object method new via package MIME::Parser::ParanoidFiler at /usr/bin/mimedefang.pl line 5254. Well, an update to MD 2.52 wouldn't hurt I'm sure, however... what the ?!?!!?!??!?!?!!?!?!?! No need for the language... perhaps my perl must be updated this is the second thing that came to my mind (the first thing is above... :) ) What version(s) of perl do you have installed? Did you update perl after installing any perl packages, and forget to re-install them? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anybody any ideas what's causing these errors ?
On 04/06/05, Mack [EMAIL PROTECTED] wrote: the sendmail.cf line is Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:5m;R:5m So i guess the timeouts there are 300s then which does match the 11:27:58 - 11:32:58 exactly (coincidence that lol) I'll tweak those a little, but it does seem strange since the box wasn't what one would call excessively loaded at the time (only about 15 slaves busy) What have you got MD doing (and what virus scanners have you got), are all the emails of the same (or larger) size - in this case ~610 KB. Finally, what's the spec of the box? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anybody any ideas what's causing these errors ?
On 04/08/05, Mack [EMAIL PROTECTED] wrote: MD is actually doing quite a bit, Grey/White/Black per user not all emails are this size, some are larger, majority smaller File checking based on mimetype not extension there's ~2500 lines in mimedefang-filter It's processing about 25k mails a day on this particular cluster member Got 3 AV engines running oh and it's a Dual Xeon 3.6 with 2Gb ram running RHEL 4 on a Mirrored Scsi Raid I suppose my next question would be - what does your normal delay look like? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] has anyone else seen those weird 1.txt emails
On 24/07/05, Fernando Gleiser [EMAIL PROTECTED] wrote: I'm seeing a lot of emails coming with just an 1 in the body, 1 as the subject and an application/octet-stream part called 1.txt Doesn anyone know what can these be? Does anyone have some MD code to block them? See http://isc.sans.org/diary.php?date=2005-07-22 and http://isc.sans.org/diary.php?date=2005-07-23. So far, it looks like nobody's certain what they are. I've been seeing them for maybe a week now, maybe longer. From memory I first saw them on the IP Filter mailing list. For blocking them, I'd go with feeding them into SpamAssassin so that the bayes module learns they're spam. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problems
On 21/07/05, Eduardo Otubo [EMAIL PROTECTED] wrote: Hello! I'm just a begginer in mimedefang... i'm running a Debian server with sendmail and have just installed mimedefang. I've setup all the config process and added the following line at my config file: action_add_header(X-MyHeader,TestingHeader); and nothing is added to my email header. I've just done this 'couse my mail was being scanned by the mimdefang (when i sent an email to myself with an exe attached) and my sendmail delivered the email with no reports. would like some help Did you add the required lines to sendmail.mc, rebuild (and install) sendmail.cf and restart sendmail? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Authentication-Warning: defang set sender to error messages
On 19/07/05, B. Tolka [EMAIL PROTECTED] wrote: I keep see the message below in my maillog. These message are queued in client mailqueue, but they are never delievered. I have sendmail processing that queue evey 5 minutes. Add the user defang to the trusted users for Sendmail. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Blatent spam getting X-Spam-Score: 0 ()
On 08/07/05, Bill Curtis [EMAIL PROTECTED] wrote: So any idea why these aren't getting any scores at all? Try running SA manually against the email source. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RE: HELP! At end of my rope with MD/SA
On 06/07/05, Dirk the Daring [EMAIL PROTECTED] wrote: Summary: Adding SA v3.0.4 to an existing MD v2.52 install breaks MD I've got MD 2.52 running with SA 3.0.4 quite happily here. Looks like you've got something oddball going on. The last command won't run unless I remove the Features{'SpamAssassin'} from mimedefang-filter. If I leave that in, I get the same error as in my first message. What happens if you try the sample filter that's provided? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD 2.52 problems
On 13/06/05, David F. Skoll [EMAIL PROTECTED] wrote: Some Perl module is printing debugging junk to stdout, and that's confusing the multiplexor. Grep for remote addr struc in your Perl modules. Let's hope it's not in an XS module... :-( Turns out to have been the fault of p5-Net-DNS 0.50. Updating to the just release 0.51 fixed the problem. A trawl of the SA list archive (having identified it as an SA problem) showed me the way :-) Thanks anyway. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe
On 04/06/05, Nauman Habib [EMAIL PROTECTED] wrote: HI all , I setted up a Mail server 2 days ago . It is sending and receving mails with out any problem , but it seams that MIMEDefang is not working at all - Mail log return these errors : Milter (mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock'unsafe Milter (mimedefang): to error state AnY Idea ? You'll find a number of threads on this in the list archive (or with Google). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang]local socketname/var/spool/MIMEDefang/mimedefang.sock'unsafe
On 05/06/05, Nauman Habib [EMAIL PROTECTED] wrote: I have check every Permision possiblity , and even in the archives , The solution is yet unknown ---SNIP--- # ls -la /var/spool/MIMEDefang/ srwxrwxrwx1 defang defang 0 Jun 5 19:15 clamd.sock WTF is that doing with those permissions? That's the source of your problem - fix that (and fix whatever's setting those permissions). Oh, and please stop posting the same question multiple times - once is enough. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stripping Selected Headers
On 31/05/05, Dirk the Daring [EMAIL PROTECTED] wrote: Hello, I would like to get some help on a specific task in MD. I've searched the mailing list archives, and I've not found what I want to do in there. You may want to look into the actual value of security through obscurity. I suspect you'll find it doesn't buy you anything like what you're thinking it does. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] 4.7.1 sendmail error
On 5/17/05, Greg Schlut [EMAIL PROTECTED] wrote: I am getting a 4.7.1 sendmail error that is being triggered through mimedefang. Mimedefang also throws a 450 error in the log. It only occurs when I try and send a large zip file(50MB plus). I have increases the number of slaves and increased the timeout as instructed from other posts, but that didn't work. I am running clamAV as well. Any suggestions? We have been breaking the files apart but would like to send as one large zip file. Yeah, I'd suggest you: a) Provide version numbers b) Provide the entry from the mail log -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav problems
On 4/23/05, Al Sparks [EMAIL PROTECTED] wrote: I'm running MIMEDefang 2.44, sendmail-8.12.11, clamav-0.83. ---SNIP--- These errors occur if I send the following on the machine: sendmail postmaster ENTIRE_MESSAGE Ok, 1) Does this happen with something other than sobig? 2) Does this happen if you run the command as root? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Newbie question -
On Mon, 4 Apr 2005 01:05:10 -0700, Randy Johnson [EMAIL PROTECTED] wrote: Is anyone using MIMDefang in conjunction with Spamassassin and ClamAV ? I'm having a devil of a time with the local sockets settings. Some more detail on your problem would be helpful! Saying it's broken doesn't really say much :-) I've got the 3 working just fine. You do need to ensure you're running SA 3.x however - 2.x has some bugs that break the smooth integration of clamav. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with create mask on ./Work directory
On Apr 1, 2005 8:58 PM, Nels Lindquist [EMAIL PROTECTED] wrote: Hi there. I'm running into a bizarre problem on one particular MIMEDefang installation which is giving me grief with ClamAV. I've seen this with older versions of MD and SpamAssassin - if you trawl the archives you'll discover postings from myself and others on this subject. The problem is down to SA's behaviour, not MD. For me, switching to the latest SA (3.0.2 I think) fixed the problem - it's apparently never going to be fixed in the 2.x tree. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Integrating SPF...
On Mar 31, 2005 6:21 PM, Mark [EMAIL PROTECTED] wrote: Indeed. Likewise, there are still mail servers out there who do not enforce an AUTH mechanism on port 587. Try finding ISPs that even *provide* a service on port 587. There are surprisingly few (and if you trawl the NANOG archives you'll see that this isn't just what I've seen, but many others). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang error mimedefang.sock unsafe??
On Tue, 22 Mar 2005 07:33:30 -0600, Troy R. LeBouef [EMAIL PROTECTED] wrote: I am trying to run the latest version of mimedefang and I started getting this error : Mar 21 14:36:31 ns1 sendmail[17185]: j2LKaVL0017185: Milter (mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe First thing to do - search the list archive. This comes up from time to time and the answers are probably there. If the mimedefang.sock isn't being created then either you're not starting MD correctly, not waiting long enough (with the embedded perl interpreter I've seen it take 4 or 5 seconds) or you've got a permissions problem. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] really high cpu
On Tue, 22 Mar 2005 09:18:41 -0500, James Ebright [EMAIL PROTECTED] wrote: Also... isn't Solaris still using UFS??? Yes, but while the name has stayed the same the underlying file system has changed over the years. During Solaris 8's lifetime journalling was introduced. I'm sure other changes have been made, but I'm not with it enough right now to remember :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_replace_with_url and AddWarningsInline
On Tue, 15 Mar 2005 11:07:16 +0100, Andrea Gabellini [EMAIL PROTECTED] wrote: Hi, I'm using MD 2.51 with AddWarningsInline = 1. When I use action_replace_with_url to remove big attachments the warning.txt file doesn't go inline but as attachment. Other dispositions like action_accept_with_warning works fine and put the text inline. What's wrong? AFAIK nothing - it's *replacing* the attachment after all. The others are adding a warning, not replacing anything. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Can't detect header added by forwarding system
On Mon, 7 Mar 2005 13:07:45 -0500 (EST), Leo C. Holmberg (330) 672-1577 [EMAIL PROTECTED] wrote: I've tried adding : header BEEN_TAGGED X-Spam-Flag =~ /YES/ and : header BEEN_TAGGED ALL =~ /X-Spam-Flag: YES/ to the spamassassin local config file, and then reloading mimedefang, but so far, both have failed. Can anyone see what I am doing wrong? My SA rule stuff is a little rusty, but you haven't actually told it what to do. All you've told it is how to identify it. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Can't detect header added by forwarding system
On Mon, 7 Mar 2005 14:35:48 -0500 (EST), Leo C. Holmberg (330) 672-1577 [EMAIL PROTECTED] wrote: Yes, I left that part off. What I tried was: header BEEN_TAGGED ALL =~ /X-Spam-Flag: YES/ score BEEN_TAGGED 1000 and header BEN_TAGGED X-Spam-Flag =~ /YES/ score 1000 Hmm (I'm assuming BEN is a typo :), well I have this for the SOBER stuff that was doing the rounds, and AFAIK it worked: header FAKE_QMAIL_ID Message-ID =~ /\.[0-9a-z]{0,5}[a-z]{1,5}[0-9a-z]{0,5}\.qmail\@/i describe FAKE_QMAIL_ID SOBER: Fake QMAIL message ID scoreFAKE_QMAIL_ID 10 Maybe you need the i at the end to make it case insensitive? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with Mimedefang!!
On Thu, 3 Mar 2005 09:59:22 +0545, Saisab Pradhan [EMAIL PROTECTED] wrote: Hi, I have just installed mimedefang to integrate sendmail with spamassassin. The installation went quite well as it did not give any errors during configuration, compilation or installation. Now when I try to send mail from other network, it stays in a queue with a deffered message '(Deferred: 451 4.3.2 Please try again later)'. In the server syslog in which mimedefang is installed, I get the following error logs.. Well, the error suggests that you've manually created a file of the same name as one of the sockets MD uses. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anti-virus software
On Tue, 01 Mar 2005 21:25:06 GMT, Mark [EMAIL PROTECTED] wrote: ClamAV, which I am now testing, works as advertised. But I read you get a ClamAV installation is OUTDATED message whenever the update program decides you need a newer version. Probably because they've still not hit a 1.0 release yet and it's very heavily in development. It'll still work if you don't upgrade, you just don't get the new signatures. This will run on a production server; I cannot halt things every week to upgrade clamav. No need to halt things, though my general position is that running development releases of software on a production system should, where possible, be avoided. F-Prot, as mentioned is pretty good, newer versions of AVP (Kaspersky) are also pretty good (I'm still running 4.x at home, and it still updates with new signatures). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Clam AV Question
On Thu, 10 Feb 2005 11:03:08 -0500, Mark Penkower [EMAIL PROTECTED] wrote: When running freshclam, I get the message: WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Current functionality level = 3, required = 4 I am running: X-Virus-Scanned: ClamAV 0.80/562/Fri Oct 29 08:39:45 2004, clamav-milter version 0.75c What does the version that I am running miss that the latest one catches. http://www.clamav.net/faq.html#1 (alternatively, search the clamav-users archive, where people ask this question all the time) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] AWL
On Mon, 31 Jan 2005 10:53:56 -0700, Button, Shawn [EMAIL PROTECTED] wrote: Maybe I am missing something here or doing something wrong. We use AWL pretty successfully and I am pretty happy with it, however, every once in a while we get a spam mail through that is using one of our addresses (forged coming in from the outside) and the AWL gives it a negative score based on it being in the AWL. Is there any way to get around this? It's documented in the SA Wiki (http://wiki.apache.org/spamassassin/AutoWhitelist) and has been discussed in this list before. A little searching would have given you the answer. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is it yet possible to run clamd (with mimedefang) as a different user?
On Tue, 25 Jan 2005 10:07:41 -0500, Lee Dilkie [EMAIL PROTECTED] wrote: Hi all, I just upgraded my clamav (freebsd, ports) and again, it changed the permissions on some of it's directories and caused it to not start as user 'mailnull' (the same user that sendmail and mimedefang run as). I would rather let clamd run as the user it wants to (clamav user) and configure mimedefang/sendmail to allow this but my efforts did not work. No need to - I use clamav with MD and let both use their default users. If you put clamav into the mailnull group and set AllowSupplementaryGroups in clamd.conf, then put this at the top of your mimedefang-filter: $ClamdSock = /var/run/clamav/clamd; Everything will just work. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD/SA and Outlook
On Tue, 18 Jan 2005 15:48:04 -0500, Todd Aiken [EMAIL PROTECTED] wrote: Some of my Outlook loving users are whining that Outlook 2003 is displaying some of the MD/SA headers in the body of the message, most notably the Content preview and Content analysis details. I assume that this is Outlook's fault because it is too stupid to differentiate between headers and message body, but just wanted to validate this. Well, I use Outlook (2003) at home and it doesn't do that - it differentiates perfectly well between body and headers. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus scanning question...
On Mon, 03 Jan 2005 11:23:07 -0700, David Crowfoot [EMAIL PROTECTED] wrote: We currently use MIMEDefang if McAfee uvscan. It catches all viruses EXCEPT emails where the sender is NULL (). It just passes those messages straight through. Both the virus and the file attachment is ignored by MIMEDefang. I am wondering if/what I have configured incorrectly. OS? Version of MD? Any changes to the default filter? Version of UVScan? In short - details! -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] temp failing - got code?
On Wed, 5 Jan 2005 09:38:30 -0800, Gary Funck [EMAIL PROTECTED] wrote: Would like to implement temp failing/grey listing along the following lines: - If haven't seen a given incoming IP address in a while, then temp fail, for say about 1 hour. If the sender doesn't just go away by then, then socre the mail per usual and let it through. This sounds similar to greylisting - have a look and see if that does what you're after (I don't know much about greylisting). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] FreeBSD 512M Limit on ram based spool directory
On Tue, 4 Jan 2005 16:51:17 -0500, Geoff Varosky [EMAIL PROTECTED] wrote: I have been searching all afternoon for a way to tweak a FreeBSD 4.10 kernel so I can use a larger size than 512MB for the spool directory, could anyone point me in the right direction? You probably want to visit the FreeBSD mailing lists, most likely the -stable list. This has been discussed there, so I'd suggest a trawl of the archive first. When you post there do remember to give some details on your hardware, and how much memory you've got! Of course, I'd suggest you upgrade to 5.3-STABLE and use UFS2, which doesn't (usually) write out files that live for less than 5 (ISTR) seconds. If you can get your scanning under that then you never hit the disk :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] simple method to set up a test recipient?
On Thu, 30 Dec 2004 13:06:34 -0800, Gary Funck [EMAIL PROTECTED] wrote: I've nearly got MDF installed, but before unleashing it on the users at large, I'd like to try it out, and tune it up. To do this, I'd like to set up a mailtest user, and only for that user invoke MDF and its actions. Is there something simple I can do in /etc/aliases, or in sendmail.mc to make that happen? No - MIMEDefang is integrated via the milter interface, which is either on, or off. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RE: Software Downgrade
On Tue, 14 Dec 2004 12:06:42 -0500, Moss, Patricia [EMAIL PROTECTED] wrote: I currently have version 2.48 of mimedefang installed on my linux server (version ES 3.0). I need to downgrade to version 2.45. Are there any instructions for doing this? Thanks Remove old version, install new version. Fix anything in your custom filter that's broken as a result. If running SA downgrade to 2.x and re-initialise the Bayes database. Oh, and tell the list why you're doing this :-) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
On Fri, 10 Dec 2004 12:17:56 -0500 (EST), David F. Skoll [EMAIL PROTECTED] wrote: MD 2.49 and SA 3.0.1 works fine for me, with SURBL. I have $SALocalTestsOnly = 0; in the filter, and it works like a charm. Do you have anything odd in sa-mimedefang.cf ? Other than some whitelist/blacklist addresses and some score alterations, all I have is: bayes_path /usr/local/etc/mail/spamassassin/bayes/bayes bayes_auto_learn 1 lock_method flock ok_locales en use_terse_report 0 skip_rbl_checks 0 header RCVD_IN_ABUSEATeval:check_rbl('ABUSEAT','cbl.abuseat.org.') describe RCVD_IN_ABUSEATABUSEAT: sender is listed in Composite list cbl.abuseat.org scoreRCVD_IN_ABUSEAT3 tflags RCVD_IN_ABUSEATnet header FAKE_QMAIL_ID Message-ID =~ /\.[0-9a-z]{0,5}[a-z]{1,5}[0-9a-z]{0,5}\.qmail\@/i describe FAKE_QMAIL_ID SOBER: Fake QMAIL message ID scoreFAKE_QMAIL_ID 3 It's the same file as is used when I call SA directly, and the SURBL lookups work fine there. Other RBL lookups work fine. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
On Fri, 10 Dec 2004 19:15:56 +0100 (CET), Martin Blapp [EMAIL PROTECTED] wrote: Same here. I had to cut and paste all the SURBL lookups into the local-sa.cf file to get them working again. SPAMHAUS and other RBL still work in both situations. Only SURBL stopped working. Some digging suggests it's the lack of loading the URIDNSBL module. With SA 3.0 there's an init.pre file that loads modules for SA. In it there's a line to load the URIDNSBL module. If I comment it out then I get the same result as for MD. This file loads modules for URIDNSBL, hashcash and SPF by default. Putting the same lines in the SA config file doesn't have the same effect - the modules don't seem to be loaded. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
Ok, putting the test into local.cf got me the following error: ... mimedefang-multiplexor[50777]: Slave 0 stderr: Failed to run URIBL_SC_SURBL SpamAssassin test, skipping:(Can't locate object method check_uridnsbl via package Mail::SpamAssassin::PerMsgStatus at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2296. ) Which is what happens if the module isn't loaded, so it looks like something isn't happening with init.pre when called from MD. Sticking the loadplugin command into local.cf AND importing all the UIRBL lines makes it work, but there's obviously something broken :( -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
On Fri, 10 Dec 2004 14:51:26 -0500, Lew E. Lefton [EMAIL PROTECTED] wrote: Thanks! That worked for me. I copied the init.pre installed by spamassassin to /etc/mail/spamassassin and SURBL testpoints are scoring agin. A similar approach has just worked for me - with FreeBSD it looks like MD looks under /usr/local/etc/mimedefang/spamassassin for it's config. I had a symlink to the SA conf file, but not for init.pre. I've just symlinked the whole directory to the SA one and everything now works. Thanks. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SURBL lookups no longer happening after upgrade to 2.48
On Fri, 10 Dec 2004 13:59:48 +0100 (CET), Martin Blapp [EMAIL PROTECTED] wrote: Here we have the same problem. SURBL lookups stopped working after upgrading to 2.49. Similarly with MD 2.48 (the latest on FreeBSD ports) and SpamAssassin 3.0.1 under FreeBSD 5.3-STABLE I don't see the SURBL lookups working when MD is calls SA. When SA is called directly however the lookups do work. Nothing is logged to indicate any problems. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Header only tests for big mails in spamassassin
On Sun, 28 Nov 2004 00:54:14 +0100 (CET), Martin Blapp [EMAIL PROTECTED] wrote: Hi all, We get more and more spams which are big enough to be skipped in spamassassin. I'm thinking now about adding another spamassassin check but only with the header as argument, so bad relays etc. would still be catched and the mails will be marked as SPAM. What do you think about this idea ? Personally, given the 150 KB spams I've been getting lately, I'd like to see this. So far a headers only check would catch 100% of my oversized spam. Actually, it could be a useful speedup in general. Run a headers only check on all mail, only if it gets more than N hits do you give it a full SA run. You take a hit on the stuff most likely to be spam, but you gain on (what hopefully should be) the majority of mail. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] strip invalid IMG tag
On Mon, 29 Nov 2004 09:46:21 -0500 (EST), David F. Skoll [EMAIL PROTECTED] wrote: Why do it to text/plain parts? Does anything actually render text/plain as HTML? (Outhouse, maybe...) Even Outlook (2003/XP anyway) doesn't render plain text as HTML. Heck, it'll render HTML as plain text if you tick one of the (fairly obvious) boxes in the settings. It will however still make obvious URLs clickable in a plain text document. I don't know what it uses to decide, but anything beginning with www or http:// certainly is. -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Need to turn off CC in Defang Notifications
On Mon, 29 Nov 2004 13:43:10 -0500, Mark Penkower [EMAIL PROTECTED] wrote: Since Clamav 0.80 took it upon itself to detect and bounce HTML.Phishing emails, my users are getting cc's with the message. The notification to the sender (from defang) is cc'd to postmaster and to the user. Well, it isn't Clamav doing the bouncing, but your filter. Frankly, there is no point in informing the recipient of any virus related email - most sender addresses are forged. Far better to, at most, inform the postmaster. AFAIK this is the default, so look to the changes you've made to the stock filter, -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Do not use Clam AV version 8.0 --Wrong!
On Sun, 7 Nov 2004 13:31:16 -0800, Tory Blue [EMAIL PROTECTED] wrote: I think we are all just a bit lost or none of us has mastered reading comprehension. This is a slam on all of us, me included, since I'm now foggy, maybe I'm a flip flopper :) From the site: Unless you are using DNSDatabaseInfo, please keep the check frequency below once per hour. This here states that my initial read was in fact correct. If your not using DNSDatabaseInfo (if you are in fact pre 8.0), then please check for updates less then once per hour. Which means that those (me included) that were checking 4-8 times a day, are actually bad mimedefang citizens. Looks like you did fail your reading comprehension - checking 4-8 times a day means an interval of 6-3 hours - certainly less than once an hour. The short answer is - you should upgrade to 0.80 or later anyway, to ensure you're able to use the latest signatures. The long answer is - this belongs on the clamav list, where it's been discussed already (go read the archives). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: Original-Content-Type in header
On Fri, 05 Nov 2004 18:03:29 -0500, Tim Boyer [EMAIL PROTECTED] wrote: On Fri, 5 Nov 2004 08:13:15 -0500 (EST), David F. Skoll Thanks, David - that at least narrows it down. It's nothing I'm doing in MIMEDefang, so it's either SpamAssassin or Sendmail. It won't be sendmail, it will never change the mime type of the mail (actually, AFAIK the only change it'll ever make is from 8 bit to 7 bit). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Spamassassinreport.txt
On Thu, 4 Nov 2004 15:35:31 -0500, Yang Xiao [EMAIL PROTECTED] wrote: Hi, What do I need to do to replace the actual email message body with the SpamAssassin-report.txt and send the spam message body as an attachment? I've certainly posted my solution to the list, so if you check the archive it'll be there (search for [EMAIL PROTECTED] and spamassassin - the thread had Spamassassin in the subject AFAIK). Others have also posted solutions, which also will be in the archive. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Original-Content-Type in header
On Thu, 04 Nov 2004 18:45:17 -0500, Tim Boyer [EMAIL PROTECTED] wrote: I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and SpamAssassin 3.0.1. Somewhere in there a very few html messages are having their content type changed to text/plain, and an 'Original-Content-Type' line inserted, like so: I'd say the most likely is MIMEDefang (and the least likely Sendmail). It depends however on what's in your mimedefang-filter... Also, are you 100% sure that they're not arriving at you like that? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedfang memory problems since upgrade to 2.45
Hi, I'm running Sendmail, SA-3, MD-2.45 on FreeBSD 5.3 RC1. Since upgrading to this config I get the following errors (about 1 in 5 emails): Nov 3 06:06:04 huygens mimedefang-multiplexor[18496]: Slave 0 stderr: Out of memory during request for Nov 3 06:06:04 huygens mimedefang-multiplexor[18496]: Slave 0 stderr: 20592 bytes, total sbrk() is 27375616 bytes! Nov 3 06:06:07 huygens mimedefang-multiplexor[18496]: Slave 0 died prematurely -- check your filter rules Nov 3 06:06:07 huygens mimedefang-multiplexor[18496]: Reap: Idle slave 0 (pid 22437) exited normally with status 1 (SLAVE DIED UNEXPECTEDLY) Nov 3 06:06:07 huygens mimedefang-multiplexor[18496]: Slave 0 resource usage: req=4, scans=4, user=20.896, sys=1.940, nswap=0, majflt=2183, minflt=20032, maxrss=23784, bi=448, bo=16 Nov 3 06:06:07 huygens mimedefang[18508]: Error from multiplexor: ERR No response from slave Nov 3 06:06:07 huygens sm-mta[25322]: iA36616S025322: Milter: data, reject=451 4.3.2 Please try again later Nov 3 06:06:07 huygens sm-mta[25322]: iA36616S025322: to=[EMAIL PROTECTED], delay=00:00:06, pri=50363, stat=Please try again later Nov 3 06:06:10 huygens mimedefang-multiplexor[18496]: Starting slave 0 (pid 25324) (2 running): Bringing slaves up to minSlaves (2) I've trawled through the archives but can't find anything directly relevent. My mimedefang-filter is standard (as distributed aside from email addresses). Any pointers apprciated, Rob *** This e-mail is confidential and privileged. If you are not the intended recipent please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. *** ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedfang memory problems since upgrade to 2.45
On Wed, 3 Nov 2004 11:52:18 GMT, Mason Rob (NHS Information Authority) [EMAIL PROTECTED] wrote: I'm running Sendmail, SA-3, MD-2.45 on FreeBSD 5.3 RC1. Since upgrading to this config I get the following errors (about 1 in 5 emails): ---SNIP--- I've trawled through the archives but can't find anything directly relevent. My mimedefang-filter is standard (as distributed aside from email addresses). Take a look for the thread I kicked off last week (titled Memory Problems), about exactly this problem! Basically, the memory limits in /usr/local/etc/rc.d/mimedefang.sh are too small. I need to raise a PR with the author, but haven't. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] New to Mimedefang
On Wed, 3 Nov 2004 08:14:10 -0500, Lisa Casey [EMAIL PROTECTED] wrote: I installed it exactly as in http://www.mickeyhill.com/mimedefang-howto/ The only glitch I experienced (besides having to upgrade my perl installation) was where it said to copy the init script from the examples directory to my build directory. The directions said: Try instead following the instructions that came with MD :-) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Rules Location
On Wed, 3 Nov 2004 09:21:28 -0600, Mike Carlson [EMAIL PROTECTED] wrote: I have MIMEDefang/SA installed on FreeBSD and there are two location where the .cf files are stored. I am wondering which location is the right one. I have rule files here: /usr/local/etc/mail/spamassassin/ /usr/local/share/spamassassin/ I have mine in /usr/local/etc/mail/spamassassin and they work fine there (FreeBSD 5.3-BETA). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang.sock
On Wed, 03 Nov 2004 11:13:39 -0600, Alex S Moore [EMAIL PROTECTED] wrote: See the sendmail README and SECURITY documents. There are multiple reasons that sendmail posts this message. Generally, group and world writable permissions are not allowed within the directory hierarchy or where the socket in question resides. This includes the socket. You can get around this with the DontBlameSendmail option, but I would fix the permissions. Actually, I think his problem is the 3+ minute delay from starting MD to having the socket created. I'd suggest upping the logging of MD and seeing what's going on. Knowledge of the OS and MD versions here would be *very* useful - without knowing them the problem could be anything. Details of your hardware and current load status (cpu load, memory usage etc) would probably help too. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Memory problems
I'm running MD 2.45 with Perl 5.8.5 on FreeBSD 5.3-BETA5 and am seeing the following in my mail logs: Slave 0 stderr: Out of memory during request for 9224 bytes, total sbrk() is 27406336 bytes! Slave 0 stderr: Out of memory during large request for 69632 bytes, total sbrk() is 27424768 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 162. Slave 0 stderr: Failed to run BAYES_40 SpamAssassin test, skipping: (Out of memory during large request for 266240 bytes, total sbrk() is 27443200 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Bayes.pm line 358. ) Slave 0 stderr: Out of memory during request for 9224 bytes, total sbrk() is 27449344 bytes! Slave 0 stderr: Out of memory during request for 992 bytes, total sbrk() is 27461632 bytes! Slave 0 stderr: Out of memory during request for 10928 bytes, total sbrk() is 27432960 bytes! Slave 0 stderr: Out of memory during request for 9224 bytes, total sbrk() is 27414528 bytes! Slave 0 stderr: Out of memory during large request for 69632 bytes, total sbrk() is 27389952 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 198. Slave 0 stderr: Failed to run BAYES_40 SpamAssassin test, skipping: (Out of memory during large request for 69632 bytes, total sbrk() is 27430912 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 686. ) Slave 0 stderr: Failed to run RAZOR2_CF_RANGE_51_100 SpamAssassin test, skipping: (Out of memory during large request for 135168 bytes, total sbrk() is 27437056 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/EvalTests.pm line 2754. ) Slave 0 stderr: Out of memory during request for 992 bytes, total sbrk() is 27461632 bytes! Slave 0 stderr: Out of memory during request for 9224 bytes, total sbrk() is 27412480 bytes! Slave 0 stderr: razor2 check skipped: Cannot allocate memory Out of memory during large request for 69632 bytes, total sbrk() is 27414528 bytes at /usr/local/lib/perl5/site_perl/5.8.5/mach/Razor2/String.pm line 849. Slave 0 stderr: Out of memory during request for 12016 bytes, total sbrk() is 27465728 bytes! Slave 0 stderr: Out of memory during large request for 135168 bytes, total sbrk() is 27316224 bytes at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 162. Slave 0 stderr: razor2 check skipped: Cannot allocate memory Out of memory during large request for 135168 bytes, total sbrk() is 27439104 bytes at /usr/local/lib/perl5/site_perl/5.8.5/mach/Razor2/String.pm line 849. Slave 0 stderr: Out of memory during request for 752 bytes, total sbrk() is 27449344 bytes! The machine has 512 MB of RAM (36 MB free, 267 MB inactive) and 512 MB of swap (56 KB used) and no other signs of memory problems. A quick Google didn't indicate any obvious issues - anybody else know where I should be looking? Thanks. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Memory problems
On Mon, 25 Oct 2004 12:43:54 -0400 (EDT), David F. Skoll [EMAIL PROTECTED] wrote: On Mon, 25 Oct 2004, Rob MacGregor wrote: Did you impose any per-slave resource limits? (The multiplexor -R or -M options, or the MX_MAX_RSS / MX_MAX_AS settings in the init script.) MX_MAX_RSS=1 MX_MAX_AS=3 Unchanged from the (FreeBSD) init script. Checking historical logs this started on the 12th of October (I know - I should have spotted it before now!). That's when I upgraded from SpamAssassin 2.64 to 3.0.0. Looks like the problem may be memory issues there. I'm now on 3.0.1 - have been for the last 3 days and I'm still seeing the same problem. If anybody else can confirm this I'll raise a bug with the SA folks. Until then however, anything I can do within MD? I'm happy to give MD a 100MB of RAM if it'll help :-) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Memory problems
On Mon, 25 Oct 2004 16:09:23 -0400 (EDT), David F. Skoll [EMAIL PROTECTED] wrote: On Mon, 25 Oct 2004, Rob MacGregor wrote: MX_MAX_RSS=1 MX_MAX_AS=3 That's probably too low. SA is a memory pig; I'd give the slaves 50MB at least, and take out the RSS limit altogether. Thanks. Gone for 60 MB (well, 6 KB) for the AS, and no RSS limit. Hopefully that'll fix the problem. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering received headers
On Mon, 18 Oct 2004 15:09:17 +0800, cc [EMAIL PROTECTED] wrote: Seeing as spam can be visually detected via the Received: headers, is it possible to get MIMEDefang to go through the headers and check each received: address against some DNSL site or even check the consistency of the received headers? Spamassassin does (AFAIK) check *all* the received headers against RBLs, not just the last hop. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang