Re: [qmailtoaster] Clamav Latest update
Hi Chandran, CentOS 6: ftp://ftp.whitehorsetc.com/pub/repo/qmt/CentOS/6/current/x86_64/clamav-0.99.2-2.qt.el6.x86_64.rpm CentOS 7: ftp://ftp.whitehorsetc.com/pub/repo/qmt/CentOS/7/current/x86_64/clamav-0.99.2-3.qt.el7.x86_64.rpm Eric On 8/30/2016 10:32 PM, Chandran Manikandan wrote: Hi Friends, Could anyone tried to update clamav qt toaster package. My clamav is outdated message shown below. WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99.1 Recommended version: 0.99.2 Am running qmailtoaster .qt packages. Could anyone help me to provide me the support. -- *Thanks,* *Manikandan.C* *System Administrator* - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Clamav Latest update
Hi Friends, Could anyone tried to update clamav qt toaster package. My clamav is outdated message shown below. WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99.1 Recommended version: 0.99.2 Am running qmailtoaster .qt packages. Could anyone help me to provide me the support. -- *Thanks,* *Manikandan.C* *System Administrator*
Re: [qmailtoaster] Fwd: Re: sa-update errors
Everything I read seemed to suggest the same. Thanks, Eric, I'll let the list know if it works itself out. On 8/30/2016 4:15 PM, Eric wrote: From the spamassassin list sa-update will work itself out...eventually. We've had errors the past 2 nights for all of the uridnsbl_skip_domain rules. It's just us? It's been fixed, waiting for a new update to be generated by masscheck. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Fwd: Re: sa-update errors
From the spamassassin list sa-update will work itself out...eventually. We've had errors the past 2 nights for all of the uridnsbl_skip_domain rules. It's just us? It's been fixed, waiting for a new update to be generated by masscheck. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qtp-sa-update message
It should be the next sa-update, but this is not the case with me. It's been throwing these errors everyday, once a day, for about 3-4 days and hasn't stopped. I've been running the same version of spamassassin on this server months, so I can likely exclude that as the problem. I'll ask again on the SA mailing list. On 8/30/2016 7:17 AM, Sean Murphy wrote: Hi Eric, So, the next version of SA, or the next daily update? On 8/30/2016 9:11 AM, Eric wrote: Hi Sean, This is what they told me on the SA mailing list: "source rule file has been pulled next SA update should solve this" EricB On 8/30/2016 7:06 AM, Sean Murphy wrote: Hello all, Two nights ago I received a message from my qmail server regarding the daily qtp-sa-update job, which seems to have completed but with some odd behavior. In the message are a series of failures to parse lines, all related to financial institutions. Example: config: failed to parse line, skipping, in "/tmp/.spamassassin17443CwxpRxtmp/72_active.cf": uridnsbl_skip_domain 1stnationalbank.com I haven't noticed any other problems, spamassassin is running without error. I did some poking around online but couldn't find anything that resembled what I'm seeing here. I'm running toaster 0.3.2-1.4.21, clamav-0.99.2, and spamassassin 3.3.2. I've kept spamassassin at the older version due to conflicts with perl the last time I tried to update beyond 3.3.2. Any help would be appreciated. Thanks! Sean Murphy - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qtp-sa-update message
Sounds good, Eric. I'll do some looking too, and let you and the list know if I find anything. FWIW, I've been seeing these errors for two days now, they started early Monday morning. On 8/30/2016 10:02 AM, Eric wrote: It should be the next sa-update, but this is not the case with me. It's been throwing these errors everyday, once a day, for about 3-4 days and hasn't stopped. I've been running the same version of spamassassin on this server months, so I can likely exclude that as the problem. I'll ask again on the SA mailing list. On 8/30/2016 7:17 AM, Sean Murphy wrote: Hi Eric, So, the next version of SA, or the next daily update? On 8/30/2016 9:11 AM, Eric wrote: Hi Sean, This is what they told me on the SA mailing list: "source rule file has been pulled next SA update should solve this" EricB On 8/30/2016 7:06 AM, Sean Murphy wrote: Hello all, Two nights ago I received a message from my qmail server regarding the daily qtp-sa-update job, which seems to have completed but with some odd behavior. In the message are a series of failures to parse lines, all related to financial institutions. Example: config: failed to parse line, skipping, in "/tmp/.spamassassin17443CwxpRxtmp/72_active.cf": uridnsbl_skip_domain 1stnationalbank.com I haven't noticed any other problems, spamassassin is running without error. I did some poking around online but couldn't find anything that resembled what I'm seeing here. I'm running toaster 0.3.2-1.4.21, clamav-0.99.2, and spamassassin 3.3.2. I've kept spamassassin at the older version due to conflicts with perl the last time I tried to update beyond 3.3.2. Any help would be appreciated. Thanks! Sean Murphy - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] handling email spoofing
Rajesh, SPF Definition: "Sender Policy Framework (SPF) SPF authenticates the envelope HELO and MAIL FROM identities by comparing the sending mail server's IP address to the list of authorized sending IP addresses published by the sender domain's owner in a "v=spf1" DNS record. SPF has succeeded several older envelope sender authentication protocols. Currently SPF is the only widely deployed envelope authentication protocol. For more info about this see the Statistics and Research pages. Envelope sender authentication protocols like SPF are typically used early during the SMTP transaction, before the bulk of the message (its header and body) is transmitted. All of the following protocols require that an entire message be received before it can be rejected, due to the rules of the SMTP protocol. As a result, SPF continues to be an essential front-line defense against sender address forgery when deploying protection for the header fields and body. By rejecting envelope forgeries early, not only network traffic can be saved but also computing power for further protection measures, thus making the entire process more efficient. One of the anticipated features of a future version of SPF is a way for domains to publish that they — or even just specific e-mail addresses of theirs — always use some content authentication protocol (see below) like DKIM, S/MIME, or PGP. This will allow receivers to automatically discard unsigned messages from such domains or addresses." --http://www.openspf.org/Related_Solutions As an example of SPF checking I'll use your email header sent to the qmailtoaster list that was sent to me as a list member, below: Received: from unknown (HELO mail.qmailtoaster.com) (162.213.42.64) by pet105.whitehorsetc.com with SMTP; 30 Aug 2016 12:59:21 - Received-SPF: pass (pet105.whitehorsetc.com: SPF record at _spf.qmailtoaster.com designates 162.213.42.64 as permitted sender) Note especially these two lines: 1) Received: from unknown (HELO mail.qmailtoaster.com) (162.213.42.64) and 2) pass (pet105.whitehorsetc.com: SPF record at _spf.qmailtoaster.com designates 162.213.42.64 as permitted sender. My original questions were "Are you saying that the spam sender is spoofing the originating IP address?" and "Do you have an spf text record set up for domain_on_my_server.com?" My first question was rhetorical. Your statement "but email is sent not from within my server but from some other external server," indicates the reason for my second question. An SPF record for "mycustomer.com" SHOULD take care of this according to how SPF works. Do you have one (an SPF text record) in the DNS settings for the spoofed domain (mycustomer.com or domain_on_my_server.com). Please let me know if I'm missing something. It must be clear to both of us WHAT SPF is checking before we can communicate rationally about it, and I'm not sure we're on the same page yet. To find out if you have an SPF record for 'mycustomer.com' or 'domain_on_my_server.com' run the following command: # dig txt mycustomer.com There should be a line in the output that resembles this mycustomer.com.3600IN TXT "v=spf1 mx a:mail.mycustomer.com -all" Eric On 8/30/2016 6:57 AM, Rajesh M wrote: eric spf checks the envelope sender (reply to) and not the "mailfrom" email id the spammer is sending an email with "mail from" as some user on my server example c...@mycustomer.com to emplo...@mycustomer.com but email is sent not from within my server but from some other external server. the scammer however has the envelope-sender / reply to as his legitimate email id and correctly configured. the qmailtoaster spf check is done not on the mailfrom but on the reply-to and the email gets delivered safely to the inbox of the employee. now what happens is that the employee sees that the email is from the ceo and immediately takes action which leads to a phishing scam. i wish to block emails where the mailfrom domain is on my server but the scam email is sent by a spammer from an external server posing as c...@mycustomer.com ... in other words email spoofing. thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 28 Aug 2016 13:03:16 -0600 Subject: Do you have an spf text record set up for domain_on_my_server.com? SPF should check the 'a' and 'mx' record for the domain, domain_on_my_server.com, against the sender IP address (the one that actually connected to you server). Are you saying that the spam sender is spoofing the originating IP address? On 8/28/2016 7:14 AM, Rajesh M wrote: hi facing issue with email spoofing example spammer sends an email with "mailfrom" as : user@domain_on_my_server.com and the envelope sender is the spammer's email id which has spf records correctly in place and hence spf is not able to catch such spammers. how do i handle this ? thank
Re: [qmailtoaster] handling email spoofing
Rajesh, Have you tested your SPF record setup? http://www.kitterman.com/spf/validate.html best wishes Tony White On 30/08/2016 22:57, Rajesh M wrote: eric spf checks the envelope sender (reply to) and not the "mailfrom" email id the spammer is sending an email with "mail from" as some user on my server example c...@mycustomer.com to emplo...@mycustomer.com but email is sent not from within my server but from some other external server. the scammer however has the envelope-sender / reply to as his legitimate email id and correctly configured. the qmailtoaster spf check is done not on the mailfrom but on the reply-to and the email gets delivered safely to the inbox of the employee. now what happens is that the employee sees that the email is from the ceo and immediately takes action which leads to a phishing scam. i wish to block emails where the mailfrom domain is on my server but the scam email is sent by a spammer from an external server posing as c...@mycustomer.com ... in other words email spoofing. thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 28 Aug 2016 13:03:16 -0600 Subject: Do you have an spf text record set up for domain_on_my_server.com? SPF should check the 'a' and 'mx' record for the domain, domain_on_my_server.com, against the sender IP address (the one that actually connected to you server). Are you saying that the spam sender is spoofing the originating IP address? On 8/28/2016 7:14 AM, Rajesh M wrote: hi facing issue with email spoofing example spammer sends an email with "mailfrom" as : user@domain_on_my_server.com and the envelope sender is the spammer's email id which has spf records correctly in place and hence spf is not able to catch such spammers. how do i handle this ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] handling email spoofing
Rajesh, Can you send the email header so we can see exactly what you are describing please? If you are not comfortable with this then I do not think we can do much to help. Maybe send a copy of a header directly to Eric at least? best wishes Tony White On 30/08/2016 22:57, Rajesh M wrote: eric spf checks the envelope sender (reply to) and not the "mailfrom" email id the spammer is sending an email with "mail from" as some user on my server example c...@mycustomer.com to emplo...@mycustomer.com but email is sent not from within my server but from some other external server. the scammer however has the envelope-sender / reply to as his legitimate email id and correctly configured. the qmailtoaster spf check is done not on the mailfrom but on the reply-to and the email gets delivered safely to the inbox of the employee. now what happens is that the employee sees that the email is from the ceo and immediately takes action which leads to a phishing scam. i wish to block emails where the mailfrom domain is on my server but the scam email is sent by a spammer from an external server posing as c...@mycustomer.com ... in other words email spoofing. thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 28 Aug 2016 13:03:16 -0600 Subject: Do you have an spf text record set up for domain_on_my_server.com? SPF should check the 'a' and 'mx' record for the domain, domain_on_my_server.com, against the sender IP address (the one that actually connected to you server). Are you saying that the spam sender is spoofing the originating IP address? On 8/28/2016 7:14 AM, Rajesh M wrote: hi facing issue with email spoofing example spammer sends an email with "mailfrom" as : user@domain_on_my_server.com and the envelope sender is the spammer's email id which has spf records correctly in place and hence spf is not able to catch such spammers. how do i handle this ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qtp-sa-update message
Hi Eric, So, the next version of SA, or the next daily update? On 8/30/2016 9:11 AM, Eric wrote: Hi Sean, This is what they told me on the SA mailing list: "source rule file has been pulled next SA update should solve this" EricB On 8/30/2016 7:06 AM, Sean Murphy wrote: Hello all, Two nights ago I received a message from my qmail server regarding the daily qtp-sa-update job, which seems to have completed but with some odd behavior. In the message are a series of failures to parse lines, all related to financial institutions. Example: config: failed to parse line, skipping, in "/tmp/.spamassassin17443CwxpRxtmp/72_active.cf": uridnsbl_skip_domain 1stnationalbank.com I haven't noticed any other problems, spamassassin is running without error. I did some poking around online but couldn't find anything that resembled what I'm seeing here. I'm running toaster 0.3.2-1.4.21, clamav-0.99.2, and spamassassin 3.3.2. I've kept spamassassin at the older version due to conflicts with perl the last time I tried to update beyond 3.3.2. Any help would be appreciated. Thanks! Sean Murphy - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qtp-sa-update message
Hi Sean, This is what they told me on the SA mailing list: "source rule file has been pulled next SA update should solve this" EricB On 8/30/2016 7:06 AM, Sean Murphy wrote: Hello all, Two nights ago I received a message from my qmail server regarding the daily qtp-sa-update job, which seems to have completed but with some odd behavior. In the message are a series of failures to parse lines, all related to financial institutions. Example: config: failed to parse line, skipping, in "/tmp/.spamassassin17443CwxpRxtmp/72_active.cf": uridnsbl_skip_domain 1stnationalbank.com I haven't noticed any other problems, spamassassin is running without error. I did some poking around online but couldn't find anything that resembled what I'm seeing here. I'm running toaster 0.3.2-1.4.21, clamav-0.99.2, and spamassassin 3.3.2. I've kept spamassassin at the older version due to conflicts with perl the last time I tried to update beyond 3.3.2. Any help would be appreciated. Thanks! Sean Murphy - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qtp-sa-update message
Hello all, Two nights ago I received a message from my qmail server regarding the daily qtp-sa-update job, which seems to have completed but with some odd behavior. In the message are a series of failures to parse lines, all related to financial institutions. Example: config: failed to parse line, skipping, in "/tmp/.spamassassin17443CwxpRxtmp/72_active.cf": uridnsbl_skip_domain 1stnationalbank.com I haven't noticed any other problems, spamassassin is running without error. I did some poking around online but couldn't find anything that resembled what I'm seeing here. I'm running toaster 0.3.2-1.4.21, clamav-0.99.2, and spamassassin 3.3.2. I've kept spamassassin at the older version due to conflicts with perl the last time I tried to update beyond 3.3.2. Any help would be appreciated. Thanks! Sean Murphy
Re: [qmailtoaster] handling email spoofing
eric spf checks the envelope sender (reply to) and not the "mailfrom" email id the spammer is sending an email with "mail from" as some user on my server example c...@mycustomer.com to emplo...@mycustomer.com but email is sent not from within my server but from some other external server. the scammer however has the envelope-sender / reply to as his legitimate email id and correctly configured. the qmailtoaster spf check is done not on the mailfrom but on the reply-to and the email gets delivered safely to the inbox of the employee. now what happens is that the employee sees that the email is from the ceo and immediately takes action which leads to a phishing scam. i wish to block emails where the mailfrom domain is on my server but the scam email is sent by a spammer from an external server posing as c...@mycustomer.com ... in other words email spoofing. thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 28 Aug 2016 13:03:16 -0600 Subject: Do you have an spf text record set up for domain_on_my_server.com? SPF should check the 'a' and 'mx' record for the domain, domain_on_my_server.com, against the sender IP address (the one that actually connected to you server). Are you saying that the spam sender is spoofing the originating IP address? On 8/28/2016 7:14 AM, Rajesh M wrote: > hi > > facing issue with email spoofing > > example spammer sends an email with "mailfrom" as : > user@domain_on_my_server.com > > and the envelope sender is the spammer's email id which has spf records > correctly in place > > and hence spf is not able to catch such spammers. > > how do i handle this ? > > thanks > rajesh > > > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
