Re: [Mimedefang] Mimedefang/Multiplexor wrong score. Stops running tests randomly
On Thu, 2014-07-17 at 18:51 -0400, Justin Edmands wrote: > Hey, > Mimedefang is not appending the appropriate score to our messages. > > An example would be a message manually run through spamassassin > produces a 17.6 score. This same message processed by the mimedefang > filter only produces a 0.698. This is all run on the same server. What > the heck? It only runs those tests? It runs random tests sometimes. I > have no idea why. Does it have a max process time or something causing > it to stop running tests after X time? Anyways... You are misunderstanding how Mimedefang uses spamassassin. Spamassassins's rewriting of e-mail headers is done when it's used after the MTA has accepted delivery of the e-mail. Mimedefang runs as a milter (mail filter) within sendmail itself. That means that an incoming e-mail is still in the processing of being received when Mimedefang get's called be sendmail. The e-mail can't be rewritten by spamassassin. The only way to modify the incoming e-mails is via milter API calls. And only Mimedefang itself has to do the rewrites. Spamassassin in this scenario is only used to run the tests. If you are using the default Mimedefang filter (/etc/mail/mimedefang-filter), you will see some rewriting code happening in the fitler_end() function. And in terms of how spamassassin works espceically inside run within Mimedefang. Spamassassin data (e.g. bayes filter database, autowhitelist database, etc), the data is stored on a per user basis. That means the spamassassin runs its tests using data stored in the user id that Mimedefang runs under. Running the same e-mail on a different user it will result in different test scores. If you want a semi-accurate spamassasin check of an e-mail as Mimedefang sees it, it has to be done under the Mimedefang user id. -- Stephen L Johnson Unix Systems Administrator / DNS Hostmaster Department of Information Systems State of Arkansas 501-682-4339 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is it working ??
On Wed, 2012-09-12 at 08:29 +0200, bverst...@borsele.nl wrote: > centos 6.3 > mimedefang 2.73 > spamassassin 3.3.2 > > Spam is getting through and seeing this message in the log file > > Milter delete (noop): header: X-Spam-Score > Milter add: header: X-Scanned-By: MIMEDefang 2.73 > > What does this mean ??? The operations being performed are in the filter_end() section of the mimedefang-filter ( /etc/mail/mimedefang-filter (?)). The default filter will markup the e-mail in various ways. The entries in the log file indicate the e-mail SpamAsassin Score was below the spam score threshold. A header which mimedefang will add if it detected as spam (X-Spam-Score:) tried to be removed. The header was not presentin the message. So trying to remove it resulted in a No Operation situation. The second header that was added is a standard X-... e-mail header that Mimedefang added to all scanned e-mails. As I mentioned all of this is controls in the mimedefang-filter. > > > Op www.borseleheefthet.nl laten wij u zien dat Borsele een mooie > gemeente is om te wonen en te werken. Voor algemene informatie > over de gemeente verwijzen we naar onze website www.borsele.nl > > ** > Voorbehoud Gemeente Borsele: > > Aan de inhoud van dit e-mailbericht kunnen geen rechten worden ontleend, > > tenzij dit expliciet in dit bericht is verwoord. > De informatie verzonden met dit e-mailbericht is uitsluitend > bestemd voor de geadresseerde. Indien dit bericht wordt ontvangen door > iemand anders, wordt deze verzocht het te retourneren aan de afzender. > > > Officiƫle e-mail moet worden gericht aan i...@borsele.nl > ** > ___ > NOTE: If there is a disclaimer or other legal boilerplate in the above > message, it is NULL AND VOID. You may ignore it. > > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Stephen L Johnson Unix Systems Administrator / DNS Hostmaster Department of Information Systems State of Arkansas 501-682-4339 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Roaring Penguin Announces Major Breakthrough in Anti-Spam Technology
On Sun, 2012-04-01 at 02:28 -0500, David F. Skoll wrote: > 1 April 2012 > > FOR IMMEDIATE RELEASE > > OTTAWA - Roaring Penguin Software announces a breakthrough in anti-spam > technology. Whereas all existing approaches concentrated on fighting > spammers, Roaring Penguin's revolutionary technique concentrates on the > psychology of those who buy from spammers. > I want it. I don't care how much it is. Take my money, NOW!!! * with tongue planted firmly in cheek. ;) -- Stephen L Johnson Unix Systems Administrator / DNS Hostmaster Department of Information Systems State of Arkansas 501-682-4339 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: compare mimedefang to mailscanner
On Thu, 2007-01-18 at 09:22 -0500, [EMAIL PROTECTED] wrote: > John Rudd <[EMAIL PROTECTED]> wrote on 01/17/2007 07:11:51 PM: > > > Dropping without notifying _anyone_ is "an even worse practice". You > > don't have to notify the sender, as long as you notify the recipient > > (and visa versa). > > Which is just another piece of annoying email in the inbox. Why bother > removing the spam if your just going to deliver a message held email in > its place? It's a "damned if you do, damned if you don't" type situation. If you delivery it, the recipient gets unwanted spam. If you drop it even though it's thoroughly high scoring, the recipient actually wanted it. -- Stephen Johnson <[EMAIL PROTECTED]> ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Folllow-up Test Code - Re: [Mimedefang] Potential forBusinessmail servers to nothavereverse DNS
On Thu, 2006-10-05 at 14:23 -0400, Kevin A. McGrail wrote: > > SBC/SWBell does this this as well. My home network is > > asdl-1-2-3-4.dsl.ltrkar.swbell.net. whee! > > Is that a static IP though? Yes it's static (but the IP isn't 1.2.3.4). I've have what I guess what you would call a power user type account. I've got a /29 subnet of static IPs. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems Phone: 501-682-4339 State of Arkansas ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Folllow-up Test Code - Re: [Mimedefang] Potential for Businessmail servers to nothavereverse DNS
On Thu, 2006-10-05 at 11:18 -0400, Kevin A. McGrail wrote: > I've taken a while to digest it for a more thorough response but really only > found one issue with the fundamental differences between our approaches. > > > b) I look for elements of the IP address in the domain (or, in the > > sub-domain in your case). > > I would recommend against this because large vendors like > MCI/WorldComm/Verizon have gone with this naming scheme for business static > users: > > static-70-21-118-207.res.east.verizon.net. SBC/SWBell does this this as well. My home network is asdl-1-2-3-4.dsl.ltrkar.swbell.net. whee! -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems Phone: 501-682-4339 State of Arkansas ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] LDAP lookup in each function or write the LDAP results to the spool?
On Wed, 2006-10-04 at 14:25 -0800, Matthew Schumacher wrote: > Any thoughts on this? Anyone else run into this and do some > benchmarking? Perhaps it's a wash, but it's something to think about. I'm using LDAP as a part of a anti-virus/spam cluster I run for out clients. I'm not doing anything LDAP inside of Mimedefang, but I an using the sendmail LDAP schema for the access_db and mailer_db databases. As you may not know sendmail does an ungodly number of lookup in the access_db for each connection, sender and recipient. And the number of lookups increases as the number of feature that use access_db you use. I've got 2 sendmail front-ends that are both mostly hitting the same LDAP server node. They probably go through 400K-600K total connection per day. Most of which are rejected for one reason or another. Lately both mail front-end have been processing 220K+ e-mail a day though Mimedefang. So far I've not had any issues with LDAP servers being a bottle neck. The important thing is to have a proper set of indexes built for your data schema. Making sure that the ldap server process has sufficient ullimit resources to handle your mail load. And to remember that LDAP is designed to be a read-mostly service. If you are doing lots of writes to the datastore, a RDB might be a better choice. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems Phone: 501-682-4339 State of Arkansas ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] LOOPBACK_RESERVED_CONNECTIONS
On Mon, 2006-09-25 at 21:14 -0500, Steve Jordan wrote: > We are using sendmail 8.13.6 and plan on using mimedefang 2.56. > LOOPBACK_RESERVED_CONNECTIONS does not seem to use the A question along the same lines. If LOOPBACK_RESERVED_CONNECTIONS is 0 to allow loopback connection to queue, does queuing need to be enabled (MX_QUEUE_SIZE > 0) ? Or is loopback connection queuing handled as separate case? -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems Phone: 501-682-4339 State of Arkansas ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Relaying denied
On Thu, 2004-07-22 at 09:48, Vivek Kumar wrote: > Hi all, > > I am trying to setup a mail server who will forward all the incoming > mail to MS excange server after virus and spam check and outbound mail > will come from MS exchage server to my mail server and then go out. I am > getting following error message: > > July 22 10:30:00 njmailserv vagated [23403]: Relaying denied for rcpt > [EMAIL PROTECTED] You have to tell sendmail that is OK to handle e-mail for gorave.net. That is handle by the accessdb feature. You should have a file /etc/mail/access. Add a line gorave.net OK Run the following command to rebuild the hash file. makemap hash /etc/mail/access.db < /etc/mail/access ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Using ClamAV with default run-as-user settings
On Tue, 2004-02-10 at 15:39, Kenneth Porter wrote: > The ClamAV RPM installs with the assumption that the services will run as > user "clamav". MD's RPM assumes that it will run as user "defang". Changing > ClamAV to comply requires changing ownership of a couple of directories and > editing the /etc/clamav.conf file. > > It seems to me that it would be simpler if MD made its directories and > files group-readable (using group "defang"); one could then add clamav to > the defang group. The MD RPM could check for the existence of the clamav > user and add it to the defang group. > > Is there a problem with setting things up that way that I'm not seeing? Any > pointers on where to tweak MD to test it? You won't run into a problem with the clamd, but I ran into a problem with freshclam. freshclam update clamd with the --with-notify option. I tried various fixes that didn't work. I wound up rebuilding from source with the user defang. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Security note: Open port 25 on internal mail se rvers
On Wed, 2004-02-04 at 23:47, Justin wrote: > relay (which the FBI later confiscated), and an AIX machine that was an > open relay. I knew where the first two groups were but didn't know where Just FYI, all AIX servers are open relays out of the box. IBM unbelievably uses FEATURE(`promiscious_relay`) in their default sendmail.cf files. It's been this way since AIX 4.3, at least. I always to have touch every AIX server we installed. And generally after ever OS upgrade as well. [EMAIL PROTECTED]@@!!! -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Add host name to watch-defang window title
I think it would be useful to add the hostname to the title of watch-defang window title. During this this current virus outbreak, I'm monitoring multiple MD servers. I sometimes confuse which windows goes with which server. I'll send in a patch if no else does has before I'm finished with my hacking. (cough, cough) /me dusts of tcl programing hat... -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Building rpms from CPAN modules
On Fri, 2004-01-23 at 15:00, Cormack, Ken wrote: > I realize this is sorely OT, but I remember seeing someone post the command > in a recent discussion, and now I cant find hit. > > Does someone remember how to build a Redhat RPM from a CPAN module tarball? > Easy. Grab the cpan2rpm program from a CPAN site. That will do the job for you. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A big recommendation for using ramdisk on MD spool directory
On Mon, 2004-01-12 at 17:06, Ole Craig wrote: > > Olaf pointed this out. I meant to say tmpfs NOT ramfs. > > I see no 'Olaf' here... Although I've been called worse.[1] Sorry. I don't know where that came from. Maybe I need to upgrade my brain up to something a little more modern, Any got an Apple 2 GS handy? ;> Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A big recommendation for using ramdisk on MD spool directory
On Mon, 2004-01-12 at 16:55, Ole Craig wrote: > > > > Sorry I had ramfs on the brain. I meant to say tmpfs. > > Ramfs on the brain? Do you have problems remembering things > first thing in the morning? :-) Acutally I couldn't remember which fs had the memory limited. I looked at an old backup of my IPAQ running linux. They used to use the one that didn't the limits for /tmp and /var. It used ramfs so I used the opposite one on the server. But my brain got stuck on ramfs. :) -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A big recommendation for using ramdisk on MD spool directory
On Mon, 2004-01-12 at 16:14, Stephen Johnson wrote: > I moved /var/spool/MIMEDefang to a ramfsfile system (Linux). Olaf pointed this out. I meant to say tmpfs NOT ramfs. I DON'T recommends using ramfs under Linux for MD. ramfs doesn't have any size limits. One big e-mail could chew up most or all available memory. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] A big recommendation for using ramdisk on MD spool directory
I had been leary of putting the /var/spool/MIMEDefang dir on a ramdisk. It has only 512MB of RAM. But my server had been under a huge deluge of SPAM since the weekend. The server was choking under the load. MAX_SLAVES was being hit and everything slave was busy. Accord to watch-defang the system could only handle around 1.3-1.5 messages per second. I moved /var/spool/MIMEDefang to a ramfsfile system (Linux). Wow! What a difference. The server is handling 3+ messages per second without breaking a sweat. And the best thing, the number of slaves has stayed at MIN_SLAVES. Not one addition slave has been need. I can't wait to see how the server performs tomorrow at peak mail loads. Server is a Dual P3 800Mhz, 512MB of RAM running SA 2.55, MD 2.35, ClamAV and File::Clean. -- Stephen L Johnson [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] Department of Information Systems State of Arkansas 501-682-4339 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang