Re: [qmailtoaster] simscan - bad attachment: d
I'm not an expert developer.
Can someone else check the fix code?
I can do some tests with the recompiled
package.
Thank you
Michele
Il 21/09/2018 20:24, Eric Broch ha
scritto:
I'll ask again, is the qmailtoaster community in agreement that
the following patch
(and here)
should be applied to simscan for qmailtoaster:
--- simscan-1.4.0/simscan.c 2011-02-08 16:00:43.579074836 -0200
+++ simscan-1.4.0-fixed/simscan.c 2011-02-08 16:04:24.931075207
-0200
@@ -1735,10 +1735,14 @@
for(i=0;i
if ( DebugFlag > 2 ) fprintf(stderr, "simscan: checking
attachment %s against %s\n", mydirent->d_name,
bk_attachments[i] );
lowerit(mydirent->d_name);
- if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
- strncpy(AttachName, mydirent->d_name,
sizeof(AttachName)-1);
- closedir(mydir);
- return(1);
+ if ( strlen(mydirent->d_name) >=
strlen(bk_attachments[i]) ) {
+ if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
+ strncpy(AttachName, mydirent->d_name,
sizeof(AttachName)-1);
+ closedir(mydir);
+ return(1);
+ }
+ } else {
+ if ( DebugFlag > 2 ) fprintf(stderr, "simscan: attachment
name '%s' (%d) is shorter than '%s' (%d). IGNORED\n",
mydirent->d_name, strlen( mydirent->d_name ),
bk_attachments[i],
strlen( bk_attachments[i] ) );
}
}
}
Eric
On 9/13/2018 10:02 AM, Michele
Federici wrote:
Hi,
I have done various tests and can confirm the presence of
the bug.
If the doc attachment created with word 2007 (or other?)
is sent through outlook 2003/2007 (or others?), sometimes
ripmime wrong to extract the various parts of the email by
generating a file "d".
# ripmime
--disable-qmail-bounce -i test_outlook.eml -d out_dir_res
# ls -l ./out_dir_res/
-rw-r--r-- 1 root root 0 13 sep 13.32 d
-rw--- 1 root root 442368 13 sep 13.32
mydocument.doc
-rw-r--r-- 1 root root 48 13 sep 13.32
textfile0
-rw-r--r-- 1 root root 121 13 sep 13.32
textfile1
-rw-r--r-- 1 root root 167 13 sep 13.32
textfile2
The interesting thing is that: this does not happen with
all the doc files but only with some.
Simscan 1.4.0 (1.qt.el7) analyzes these files and
due to a bug blocks the e-mail with the error "bad
attachment: d"
I could not replicate the problem with thunderbird: all
the emails sent arrived without problems.
Probably the correct solution is to compile simscan with
the patch indicated in the post by Gustavo Castro.
Thank you
Michele
Il 11/09/2018 12:44, Michele
Federici ha scritto:
Hi,
I've found this error "Your email was rejected because it
contains a bad attachment: d" in the smtp log.
I read these old post
http://qmailtoaster-list.qmailtoaster.narkive.com/u9RF8MRE/your-email-was-rejected-because-it-contains-a-bad-attachment-d
http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.html
but I did not understand if current simscan 1.4.0 (1.qt.el7)
is compiled with the patch.
Can you help me?
Thank you
Michele
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] simscan - bad attachment: d
Hi, I have done various tests and can confirm the presence of the bug. If the doc attachment created with word 2007 (or other?) is sent through outlook 2003/2007 (or others?), sometimes ripmime wrong to extract the various parts of the email by generating a file "d". # ripmime --disable-qmail-bounce -i test_outlook.eml -d out_dir_res # ls -l ./out_dir_res/ -rw-r--r-- 1 root root 0 13 sep 13.32 d -rw--- 1 root root 442368 13 sep 13.32 mydocument.doc -rw-r--r-- 1 root root 48 13 sep 13.32 textfile0 -rw-r--r-- 1 root root 121 13 sep 13.32 textfile1 -rw-r--r-- 1 root root 167 13 sep 13.32 textfile2 The interesting thing is that: this does not happen with all the doc files but only with some. Simscan 1.4.0 (1.qt.el7) analyzes these files and due to a bug blocks the e-mail with the error "bad attachment: d" I could not replicate the problem with thunderbird: all the emails sent arrived without problems. Probably the correct solution is to compile simscan with the patch indicated in the post by Gustavo Castro. Thank you Michele Il 11/09/2018 12:44, Michele Federici ha scritto: Hi, I've found this error "Your email was rejected because it contains a bad attachment: d" in the smtp log. I read these old post http://qmailtoaster-list.qmailtoaster.narkive.com/u9RF8MRE/your-email-was-rejected-because-it-contains-a-bad-attachment-d http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.html but I did not understand if current simscan 1.4.0 (1.qt.el7) is compiled with the patch. Can you help me? Thank you Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] simscan - bad attachment: d
Hi, I've found this error "Your email was rejected because it contains a bad attachment: d" in the smtp log. I read these old post http://qmailtoaster-list.qmailtoaster.narkive.com/u9RF8MRE/your-email-was-rejected-because-it-contains-a-bad-attachment-d http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.html but I did not understand if current simscan 1.4.0 (1.qt.el7) is compiled with the patch. Can you help me? Thank you Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] ClamAV 0.99.3
I will do some test. Thanks a lot Eric -- Michele Federici Il 27/01/2018 08:39, Eric Broch ha scritto: And, Jeff This DOES fix the problem. On 1/27/2018 12:37 AM, Eric Broch wrote: The patched 0.99.3-2 version... The ClamAV 0.99.3 RPMS/SRPMS for COS 6 (i386, x86_64) & 7 (x86_64) are available for download or you can use Yum with the --enablerepo=qmt-testing option ftp://ftp.qmailtoaster.org/pub/repo/qmt/CentOS/7/testing/x86_64/clamav-0.99.3-2.qt.el7.x86_64.rpm ftp://ftp.qmailtoaster.org/pub/repo/qmt/CentOS/7/testing/SRPMS/clamav-0.99.3-2.qt.el7.src.rpm ftp://ftp.qmailtoaster.org/pub/repo/qmt/CentOS/6/testing/x86_64/clamav-0.99.3-2.qt.el6.x86_64.rpm ftp://ftp.qmailtoaster.org/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.99.3-2.qt.el6.i686.rpm ftp://ftp.qmailtoaster.org/pub/repo/qmt/CentOS/6/testing/SRPMS/clamav-0.99.3-2.qt.el6.src.rpm Eric On 1/26/2018 10:20 PM, Chris wrote: I installed your 0.99.3 package on CentOS 7 a couple of hours ago, and I am no longer seeing a buildup of orphaned filehandles in my lsof output. YMMV -Chris On Fri, Jan 26, 2018 at 6:20 PM, Eric Broch <ebr...@whitehorsetc.com> wrote: No. I'm going to have to patch it...ugh! Patch is here: https://src.fedoraproject.org/rpms/clamav/blob/master/f/clamav-0.99.2-temp-cleanup.patch On 1/26/2018 6:44 PM, Jeff Koch wrote: Eric - does anyone know if this solves the problem? Jeff On 1/26/2018 8:37 PM, Eric Broch wrote: Hello list members, The ClamAV 0.99.3 RPMS/SRPMS for COS 6 (i386, x86_64) & 7 (x86_64) are available for download or you can use Yum with the --enablerepo=qmt-testing option ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/7/testing/x86_64/clamav-0.99.3-1.qt.el7.x86_64.rpm ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/7/testing/SRPMS/clamav-0.99.3-1.qt.el7.src.rpm ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/clamav-0.99.3-1.qt.el6.x86_64.rpm ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.99.3-1.qt.el6.i686.rpm ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/SRPMS/clamav-0.99.3-1.qt.el6.src.rpm Eric - To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-help@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] clamav KO - ERROR: accept() failed
Hi, A new versione was released 24258 http://lists.clamav.net/pipermail/clamav-virusdb/2018-January/thread.html Other news from clamav http://lists.clamav.net/pipermail/clamav-users/2018-January/005737.html Thank you all -- Michele Federici Polo Telematico Avantgarde S.r.l. Passaggio Ungaretti n.4, 24020 Gorle BG Web: www.ptavant.it Tel: +39 035 657510 (09.00-12.00 15.00-18.30) Fax: +39 035 657515 Il 26/01/2018 18:31, Eric Broch ha scritto: I think you're right...a server that all of a sudden stops working with no changes except clamav definitions On 1/26/2018 10:16 AM, Jeff Koch wrote: Hi - I don't think this has anything to do with the problem - the ClamAV team at Cisco released a buggy set of definitions last night and they need patch that before ClamAV works properly again. Plus they need to fix the clamav code so that a buggy set of definitions will fall back to something that won't kill a mailserver. http://lists.clamav.net/pipermail/clamav-users/2018-January/005687.html Jeff On 1/26/2018 11:38 AM, Remo Mattei wrote: Here is what is mine set to -rws--x--x 1 clamav root 34774 Apr 6 2016 simscan And increased the exec /usr/bin/softlimit -m 6400 \ All good here. Remo On Jan 26, 2018, at 11:55 AM, Havrla <hav...@lhotkanet.cz> wrote: Can't create temporary file -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] clamav KO - ERROR: accept() failed
Hi, I have the same in temp #ls -ila [..] 202457136 drwx-- 2 clamav clamav 6 26 gen 10.51 clamav-007dd5550d9cb969386d676f774cf578.tmp 2551809303 drwx-- 2 clamav clamav 6 26 gen 12.04 clamav-009b4151d2dd18e473124895476a503d.tmp 1677724965 drwx-- 3 clamav clamav 20 26 gen 11.53 clamav-00a5d9051747c0f79f44319ccfc91aa7.tmp 134460708 drwx-- 2 clamav clamav 6 26 gen 10.09 clamav-00b78066031474f86a0f5d2e6a3261b3.tmp 2416025685 drwx-- 3 clamav clamav 20 26 gen 09.06 clamav-00cadcd7f8e9ccc16a51394234407b3f.tmp 2619085158 drwx-- 3 clamav clamav 20 26 gen 10.07 clamav-00cc20d58c2364c4ffa1dbd020f0aac6.tmp 805455041 drwx-- 2 clamav clamav 6 26 gen 10.13 clamav-00cd6395dfc6761f3f6db75d24c517ae.tmp 1476432742 drwx-- 2 clamav clamav 6 26 gen 12.29 clamav-00d9ba3ae1314cd084a92d2148a14303.tmp 872463799 drwx-- 2 clamav clamav 6 26 gen 12.29 clamav-012755fc8254649eaeb3f2276a070093.tmp 2348886705 drwx-- 3 clamav clamav 20 26 gen 10.51 clamav-012e3d16fdbe8684d80191999aac97fa.tmp [..] > 120 of clamav-*.tmp files Thank you -- Michele Federici Il 26/01/2018 18:00, Havrla ha scritto: Remo: Good Temporarily ClamAV not close file descriptor: lsof | grep clamav | grep delete more more more clamd 160821 171659 clamav 26u REG 253,0 2 672063 /tmp/clamav-6066a4d288b5c900926781c172bc116b.tmp (deleted) clamd 160821 171659 clamav 27u REG 253,0 23 672065 /tmp/clamav-b4caea19b543ad25e02fa960a92f0aa2.tmp (deleted) clamd 160821 171659 clamav 28u REG 253,0 2 672066 /tmp/clamav-fb78c6f53c4d6a6b8ac253e6621fa3a9.tmp (deleted) clamd 160821 171659 clamav 29u REG 253,0 23 672068 /tmp/clamav-a52275713035f14c03d3193879a5a164.tmp (deleted) more more more [root@tonda clamav]# Havrla Dne 26.1.2018 v 17:38 Remo Mattei napsal(a): Here is what is mine set to -rws--x--x 1 clamav root 34774 Apr 6 2016 simscan And increased the exec /usr/bin/softlimit -m 6400 \ All good here. Remo - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] ERROR: accept() failed
Hi, I have in my centos 7 drwxr-x--- 2 clamav root 6 26 gen 17.44 simscan and exec /usr/bin/softlimit -m 6400 \ The server configuration did not change and the anomaly start this morning. What versions do you have of the virus definitions? Jan 26 17:18:13 mailbox freshclam: daily.cld updated (version: 24257, sigs: 1835982, f-level: 63, builder: neo) thank you -- Michele Federici Il 26/01/2018 17:46, Remo Mattei ha scritto: Michele a me funziona con la versione che hai tu. I have the same version and it’s all working permissions check my email Inviato da iPhone Il giorno 26 gen 2018, alle ore 16:47, Peter Peltonen <peter.pelto...@gmail.com> ha scritto: First thing that comes to my mind is to check qmail directory ownerships and permissions? On Fri, Jan 26, 2018 at 12:24 PM, Michele Federici <mfeder...@ptavant.it> wrote: Hi, I have a qmail server that today returns in the smtp log "mail server temporarily rejected message (# 4.3.0)". Everything works fine until the start of these errors on simscan Fri Jan 26 10:00:52 2018 -> /var/qmail/simscan/1516957251.438820.10197/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/msg.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/addr.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile0: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile1: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/addr.1516957279.523709.10292: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile3: Can't open file or directory ERROR Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/image001.png: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/msg.1516957282.930250.10316: Can't open file or directory ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/addr.1516957282.930250.10316: Can't create new file ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/textfile0: Can't open file or directory ERROR [..] Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: So I restart # systemctl restart clamav-daemon.service # systemctl restart clamav-daemon.socket and then everything works fine until simscan restarts to return "Unable to open file or directory ERROR" I'm running qmailtoaster on Centos 7 with ClamAV 0.99.2. Any suggestions? -- Michele Federici - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] ERROR: accept() failed
Hi, I confirm you: after 1 hour the problem caming back I prefer do not stop clamav. I've create a script who check every few minutes "/var/log/clamd/clamd.log" and if there is an errore it restart clamav thank you -- Michele Federici Il 26/01/2018 17:18, Havrla ha scritto: Hi Restart clamav fix only for cca 1 hour. After problem back. I turned off simscan for clamav. file /var/qmail/control/simcontrol :clam=no,spam=yes,spam_hits=12,attach=.src:.bat:.pif:.js /etc/init.d/qmail cdb I'm waiting for another update clamav (antivir base). We'll see tomorrow. H. Dne 26.1.2018 v 17:08 Michele Federici napsal(a): Hi, I have more than 200 GB free. But i think is the current clamav signature problem. This post is similar http://lists.clamav.net/pipermail/clamav-users/2018-January/005658.html If i restart clamav works all fine. Thank you - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] ERROR: accept() failed
Hi, I have more than 200 GB free. But i think is the current clamav signature problem. This post is similar http://lists.clamav.net/pipermail/clamav-users/2018-January/005658.html If i restart clamav works all fine. Thank you -- Michele Federici Il 26/01/2018 16:59, Eric Broch ha scritto: Hi Michele Is the directory /var/qmail/simscan full? How much space do you have? Check out this link on the mailing list for permissions issues some have had: https://www.mail-archive.com/search?q=SOLVED+-+qq+soft+reject+with+Centos+7=qmailtoaster-list%40qmailtoaster.com On 1/26/2018 8:47 AM, Peter Peltonen wrote: First thing that comes to my mind is to check qmail directory ownerships and permissions? On Fri, Jan 26, 2018 at 12:24 PM, Michele Federici <mfeder...@ptavant.it> wrote: Hi, I have a qmail server that today returns in the smtp log "mail server temporarily rejected message (# 4.3.0)". Everything works fine until the start of these errors on simscan Fri Jan 26 10:00:52 2018 -> /var/qmail/simscan/1516957251.438820.10197/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/msg.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/addr.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile0: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile1: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/addr.1516957279.523709.10292: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile3: Can't open file or directory ERROR Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/image001.png: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/msg.1516957282.930250.10316: Can't open file or directory ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/addr.1516957282.930250.10316: Can't create new file ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/textfile0: Can't open file or directory ERROR [..] Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: So I restart # systemctl restart clamav-daemon.service # systemctl restart clamav-daemon.socket and then everything works fine until simscan restarts to return "Unable to open file or directory ERROR" I'm running qmailtoaster on Centos 7 with ClamAV 0.99.2. Any suggestions? -- Michele Federici - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
[qmailtoaster] ERROR: accept() failed
Hi, I have a qmail server that today returns in the smtp log "mail server temporarily rejected message (# 4.3.0)". Everything works fine until the start of these errors on simscan Fri Jan 26 10:00:52 2018 -> /var/qmail/simscan/1516957251.438820.10197/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/msg.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/addr.1516957274.430368.10271: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile0: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile1: OK Fri Jan 26 10:01:16 2018 -> /var/qmail/simscan/1516957274.430368.10271/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/addr.1516957279.523709.10292: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile2: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/textfile3: Can't open file or directory ERROR Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/image001.png: OK Fri Jan 26 10:01:20 2018 -> /var/qmail/simscan/1516957279.523709.10292/doc05577520180126111044.pdf: OK Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/msg.1516957282.930250.10316: Can't open file or directory ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/addr.1516957282.930250.10316: Can't create new file ERROR Fri Jan 26 10:01:23 2018 -> /var/qmail/simscan/1516957282.930250.10316/textfile0: Can't open file or directory ERROR [..] Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: Fri Jan 26 10:09:15 2018 -> ERROR: accept() failed: So I restart # systemctl restart clamav-daemon.service # systemctl restart clamav-daemon.socket and then everything works fine until simscan restarts to return "Unable to open file or directory ERROR" I'm running qmailtoaster on Centos 7 with ClamAV 0.99.2. Any suggestions? -- Michele Federici - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] block attachment
Hi, I need to block an attachment name.zip with qmailtoaster. It's possibile? This is the header Content-Type: application/zip; name=stampa-Marcia-2015.zip I tryed with spamasassin mimeheader BLOCCO_FILE01 Content-Disposition =~ /name=stampa-Marcia-2015\.zip/i but nothing. How can i do? -- Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] block attachment
Hi, Yes, I dont want to block *.zip but a specific file. Now i can block file with rule like this full BLOCK_FILE01 /\nomefile\.zip\b/i I think is "cpu expensive" but for now work. thank you -- Michele Il 26/03/2015 13:20, Bharath Chari ha scritto: Eric, I think Michele wants to block a SPECIFIC file and not all zip files. I don't know if that's possible with simcontrol. Bharath On 03/26/2015 02:01 PM, Eric Broch wrote: On 3/26/2015 2:46 AM, Michele Federici wrote: Hi, I need to block an attachment name.zip with qmailtoaster. It's possibile? This is the header Content-Type: application/zip; name="stampa-Marcia-2015.zip" I tryed with spamasassin mimeheader BLOCCO_FILE01 Content-Disposition =~ /name="stampa-Marcia-2015\.zip"/i but nothing. How can i do? Michele, Add '.zip:' to /var/qmail/control/simcontrol. For my '/var/qmail/control/simcontrol' control file it would change... From: :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif To: :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif:.zip Next rebuild the db: # qmailctl cdb I'm not sure if you have to restart qmail or not, but you might as well # qmailctl stop # qmailctl start Eric - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] dnscache
Hi, On a my qmailtoaster server i've several established connections to 192.175.48.6 and 192.175.48.42 [..] udp0 0 ipmyserver:61910 192.175.48.6:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:14429 192.175.48.42:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:2404 192.175.48.6:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:44772 192.175.48.6:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:19943 192.175.48.42:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:13289 192.175.48.6:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:63723 192.175.48.6:53 ESTABLISHED 5679/dnscache udp0 0 ipmyserver:35307 192.175.48.6:53 ESTABLISHED 5679/dnscache [..] These connection remain ESTABLISHED until i restart the services... shortly thereafter reappear. Is it normal they stay in ESTABLISHED STATE? Why qmailtoaster has needs to contact these root servers? Is it a dns/spam attack? Thank you -- Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] CHKUSER_WRONGRCPTLIMIT
Hi, I need to enable a remote service (with a specific ip) to use my smtp server to send email to high number ( 300) of email account (internal/external). I try with openrelay... all work fine but I've a big problem. If only one local email account is wrong then check user stop to send ALL emails. So i tried to add CHKUSER_WRONGRCPTLIMIT like xx.xx.xx.xx:allow,RELAYCLIENT="",RBLSMTPD="",SENDER_NOCHECK="1",CHKUSER_RCPTLIMIT="500",CHKUSER_WRONGRCPTLIMIT="30" but check user stop email like CHKUSER_WRONGRCPTLIMIT="1" The strange thing is that: CHKUSER_RCPTLIMIT work fine but CHKUSER_WRONGRCPTLIMIT not. I also tried to replace RELAY and with authenticated sender but doesn't work. Where am I wrong? -- Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] CHKUSER_WRONGRCPTLIMIT
My "remote service" is not a "desktop client" but is a web application who send 1 email with N email account in BCC by qmailtoaster server. If in bcc there is only one wrong address... the send will fail. I want increase CHKUSER_WRONGRCPTLIMIT but seem it's ignored. If is not possible, the solutions are - web application loop to send 1 email to 1 email account and intercept single errors... (but send procedure will be more slowly with attachment). - web application sent email to local MTA agent who will send email to my smtp server or to other external server Ciao -- Michele Il 29/08/2014 11:21, Tonix - Antonio Nati ha scritto: If your desktop client is taliking directly with the SMTP server with chkuser enabled, is it high probable the problem is in the desktop client. SMTP server with chkuser enabled should only taks with servers, because servers handle negative answer on one recipient, while desktop clients do not and stop on first negative answer. Ciao, Tonino Il 29/08/2014 11:17, Michele Federici ha scritto: Hi, I need to enable a remote service (with a specific ip) to use my smtp server to send email to high number ( 300) of email account (internal/external). I try with openrelay... all work fine but I've a big problem. If only one local email account is wrong then check user stop to send ALL emails. So i tried to add CHKUSER_WRONGRCPTLIMIT like xx.xx.xx.xx:allow,RELAYCLIENT="",RBLSMTPD="",SENDER_NOCHECK="1",CHKUSER_RCPTLIMIT="500",CHKUSER_WRONGRCPTLIMIT="30" but check user stop email like CHKUSER_WRONGRCPTLIMIT="1" The strange thing is that: CHKUSER_RCPTLIMIT work fine but CHKUSER_WRONGRCPTLIMIT not. I also tried to replace RELAY and with authenticated sender but doesn't work. Where am I wrong? -- Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] CHKUSER_WRONGRCPTLIMIT
I understand
so I want my qmailtoaster server will be a "SMTP server which
accept every recipient". But not for all ip but only for
certain ip (xx.xx.xx.xx) to do this i think i need to have
a open relay for xx.xx.xx.xx.
So... what i need to do to be ""SMTP server which accept every
recipient"?
I tried to disable checkuser replace
xx.xx.xx.xx:allow,RELAYCLIENT="",RBLSMTPD="",SENDER_NOCHECK="1",CHKUSER_RCPTLIMIT="500",CHKUSER_WRONGRCPTLIMIT="30"
with
xx.xx.xx.xx:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1"
but doesn't work... checkuser still block incorrect email
account
Maybe i've an old release? How i can check?
Ciao
--
Michele
Il 29/08/2014 12:40, Tonix - Antonio Nati ha scritto:
In this case your web application is
like a desktop client. It's a client, trying to speak server
language, but it it not able (common to all clients).
This has already been answered several times.
When a receiving SMTP server answers 'NEGATIVE' to an email
sending server, the email sending server continues his job of
sending, and takes note of the negative answer for the not
existing recipient.
Instead a desktop client or a web application just stop at the
first negative answer.
So, solution are: client desktops or web applications must send
to SMTP server which accept every recipient, or must send
messages for each recipient separately.
Ciao,
Tonino
Il 29/08/2014 12:31, Michele Federici ha scritto:
My "remote service" is not a
"desktop client" but is a web application who send 1 email
with N email account in BCC by qmailtoaster server.
If in bcc there is only one wrong address... the send will
fail. I want increase CHKUSER_WRONGRCPTLIMIT
but seem it's ignored.
If is not possible, the solutions are
- web application loop to send 1 email to 1 email account and
intercept single errors... (but send procedure will be more
slowly with attachment).
- web application sent email to local MTA agent who
will send email to my smtp server or to other external server
Ciao
--
Michele
Il 29/08/2014 11:21, Tonix - Antonio Nati ha scritto:
If your desktop client is
taliking directly with the SMTP server with chkuser enabled,
is it high probable the problem is in the desktop client.
SMTP server with chkuser enabled should only taks with
servers, because servers handle negative answer on one
recipient, while desktop clients do not and stop on first
negative answer.
Ciao,
Tonino
Il 29/08/2014 11:17, Michele Federici ha scritto:
Hi,
I need to enable a remote service (with a specific ip)
to use my smtp server to send email to high number (
300) of email account (internal/external).
I try with openrelay... all work fine but I've a big
problem. If only one local email account is wrong then
check user stop to send ALL emails.
So i tried to add CHKUSER_WRONGRCPTLIMIT like
xx.xx.xx.xx:allow,RELAYCLIENT="",RBLSMTPD="",SENDER_NOCHECK="1",CHKUSER_RCPTLIMIT="500",CHKUSER_WRONGRCPTLIMIT="30"
but check user stop email like
CHKUSER_WRONGRCPTLIMIT="1"
The strange thing is that: CHKUSER_RCPTLIMIT work fine
but CHKUSER_WRONGRCPTLIMIT not.
I also tried to replace RELAY and with authenticated
sender but doesn't work.
Where am I wrong?
--
Michele
-
To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: CHKUSER_WRONGRCPTLIMIT
Hi Eric, Unfortunately, I've missed this recommendation up to now, and this variable is not set. I'll see about getting this included in the next release of the qmail package. Interesting! Michele, are you running legacy (*-toaster) packages, or the new ones? I used (*-toaster) packages. I have on this server qmail-toaster-1.03-1.3.20 (i know i need to update it). Thanks -- Michele Il 29/08/2014 16:58, Eric Shubert ha scritto: On 08/29/2014su questo server ho 07:12 AM, Tonix - Antonio Nati wrote: I don't know if the variable you need is enabled in your distribution/version. Actually you could put in place this solution: Enable (uncomment) the following define in checkuser_settings.h and recompile. #define CHKUSER_DISABLE_VARIABLE "RELAYCLIENT" With such option, chkuser is disabled for every aythenticated or authorized sender which has RELAYCLIENT set (we reccomend this option). Unfortunately, I've missed this recommendation up to now, and this variable is not set. I'll see about getting this included in the next release of the qmail package. Michele, are you running legacy (*-toaster) packages, or the new ones? As alternative if you want to disable chkuser from a specific IP: Enable (uncomment) the following define in checkuser_settings.h and recompile. #define CHKUSER_DISABLE_VARIABLE "DISABLE_CHECKUSER" and put in your control file: xx.xx.xx.xx:allow,DISABLE_CHECKUSER="",RBLSMTPD="" Actually, all controls related to too many wrong or existing recipients, as well as not existin domains or other like that should be set only for public MX frontends, not for SMTP relays serving only authenticated users. This brings up an interesting point. It'll be easy enough to disable these controls on port 587. Is there a way though that chkuser can tell if authentication has taken place or not on port 25? Also, can you list the specific controls that you feel should be disabled for authenticated sessions? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] queue/bounce and failure notice
Hi, I do some checks in a mail server and i found this strange problem. Sometimes I've received failure notice email who contains the original message --- Below this line is a copy of the message. but with strange email in the error text... Delivered-To:postmas...@mydomain.it Date: xx From:mailer-dae...@mydomain.it To:postmas...@mydomain.it Subject: failure notice Hi. This is the qmail-send program at mailbox.ptavant.it. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. strangeemail1@somedomain: User and password not set, continuing without authentication. x.y.z.k does not like recipient. Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on x.y.z.k . strangeemail2@somedomain: User and password not set, continuing without authentication. x.y.z.k does not like recipient. Remote host said: 550 5.1.1 strangeemail@somedomain: Recipient address rejected: User unknown Giving up on x.y.z.k . --- Below this line is a copy of the message. Return-Path: postmas...@mydomain.it Date: x From: postmas...@mydomain.it To: validacco...@domain.com Subject: test test ...But strangeemail1 somedomain and strangeemail2 @ @ somedomain were not the recipients of the original email. In additional some days ago mail server was attacked with a relay attack. IT operator resolved the problem by changing an compromised password and rebooting server a few times (qmail supervise was locked). In queue/bounce i found 4000 files oldest than one week and Local and remote queue have only 6 email. I think the problem mentioned above is related to the files found in the queue / bounce but could not find anything about it. Suggestions? Can i delete (or move) bounce files or is there a qmailtoaster command to do it? thank you -- Michele - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] block a phishing email
Hi, I'm not unable to block a phishing email. smtp log contains these records 2011-11-23 01:52:27.470596500 tcpserver: ok 3227 mailbox.mydomain.xx:xxx.xxx.xxx.xxx:25 :173.0.59.30::60803 2011-11-23 01:52:27.827007500 CHKUSER accepted sender: from i...@jserves.co.cc:: remote dservmail.co.cc:unknown:173.0.59.30 rcpt : sender accepted 2011-11-23 01:52:27.827757500 CHKUSER accepted rcpt: from i...@jserves.co.cc:: remote dservmail.co.cc:unknown:173.0.59.30 rcpt xx...@mydomain.xx : found existing recipient 2011-11-23 01:52:27.827772500 policy_check: remote i...@jserves.co.cc - local xx...@mydomain.xx (UNAUTHENTICATED SENDER) 2011-11-23 01:52:27.827803500 policy_check: policy allows transmission 2011-11-23 01:52:31.149553500 simscan:[3227]:CLEAN (0.00/5.00):3.3212s:PREMIO NOTIFICA 960.000.00:173.0.59.30:i...@jserves.co.cc:xx...@mydomain.xx clamav detects email is virus free 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/msg.1322009547.828470.3231: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/addr.1322009547.828470.3231: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/textfile0: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/textfile1: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/ziz.pdf: OK but spamassassin don't process the phishing email: spam log contains no records! 11-23 02:51:50 [28246] info: prefork: child states: II 11-23 02:53:09 [10722] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 47239 11-23 02:53:09 [10722] info: spamd: processing message 189de6692a6bc541daf3ed45d...@async.facebook.com for clamav:89 11-23 02:53:10 [10722] info: spamd: clean message (1.8/5.0) for clamav:89 in 1.6 seconds, 8083 bytes. 11-23 02:53:10 [10722] info: spamd: result: . 1 - BAYES_50,HTML_MESSAGE,RDNS_NONE,SARE_UNSUB13 scantime=1.6,size=8083,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47239,mid=189de6692a6bc541 daf3ed45d...@async.facebook.com,bayes=0.50,autolearn=no 11-23 02:53:10 [28246] info: prefork: child states: II I've added some spam rules to block this email blacklist_from i...@jserves.co.cc header BLOCCO_SUBJECT_01 Subject=~ /\b960.000.00\b/i score BLOCCO_SUBJECT_01 5 body BLOCCO_BODY_21 /Gentilmente Aprire l'allegato in formato pdf per le informazioni sulla tua lotteria vincente/i scoreBLOCCO_BODY_21 4 describe BLOCCO_BODY_21 BLOCCO lotteria vincente 1 body BLOCCO_BODY_22 /lotteria vincente/i scoreBLOCCO_BODY_22 3 describe BLOCCO_BODY_22 BLOCCO lotteria vincente 2 i check spamaasssisin rules and these are ok so i tried to calc spam score and i'm obtain 126.8!!! X-Spam-Status: Yes, score=126.8 required=5.0 tests=BAYES_99,BLOCCO_BODY_21, BLOCCO_BODY_22,BLOCCO_SUBJECT_01,FORGED_MUA_OUTLOOK,MSOE_MID_WRONG_CASE, PYZOR_CHECK,RDNS_NONE,SUBJ_ALL_CAPS,URIBL_BLACK,USER_IN_BLACKLIST autolearn=unavailable version=3.2.5 Phishing email contain a pdf. This is the source: [..] From: apuestasi...@jserves.co.cc Subject: PREMIO NOTIFICA 960.000.00 Date: Thu, 17 Nov 2011 18:18:18 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_007B_01C2A9A6.1CD1EEB0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-Id: 2018021500.929e15b8...@jserves.co.cc To: undisclosed-recipients:; This is a multi-part message in MIME format. --=_NextPart_000_007B_01C2A9A6.1CD1EEB0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 7bit Ciao Vincitore Gentilmente Aprire l'allegato in formato pdf per le informazioni sulla tua lotteria vincente Cordiali saluti --=_NextPart_000_007B_01C2A9A6.1CD1EEB0 Content-Type: application/octet-stream; name=ggg.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=ziz.pdf [..] MUE3Q0QyNjdFNUIzMzM0M0Y+XS9JbmZvIDYgMCBSL0xlbmd0aCAzOS9Sb290 IDggMCBSL1NpemUgNy9UeXBlL1hSZWYvV1sxIDMgMF0+PnN0cmVhbQ0KaN5i YgACJkY2vjAmBgbeRCDB2AMiPjEx/np8FshiYAQIMAA7aQUUDQplbmRzdHJl YW0NZW5kb2JqDXN0YXJ0eHJlZg0KMTE2DQolJUVPRg0K --=_NextPart_000_007B_01C2A9A6.1CD1EEB0-- [..] so my question is: why simscan don't performs spamasassin email check? thank you Michele
[qmailtoaster] 2 xdsl lines
Hi, My customer have 2 qmailtoaster server: a master server replicates (via rsync) to a backup server. Master server receive all mail from a xDSL connection (public ip: 1.2.3.4). Master server is behind a public firewall who nat all email to master server from primary xDSL line. Now i have a second DSL connection and i want receive email from this connection (public ip 5.6.7.8) when primary xDSL is down. Now master server has - server name: box1.mydomain.xxx - domain mydomain.xxx: Mx preference = 10, mail exchanger = box1.mydomain.xxx - qmail controls files - me: box1.mydomain.xxx - rcpthosts: box1.mydomain.xxx, mydomain.xxx If i've understand for receive email from second dsl lines i need to - add to mydomain.xxx Mx preference = 20, mail exchanger = box2.mydomain.xxx on ip - add nat for smtp second xDSL line (smtp traffic from public ip 5.6.7.8 to master server). It's correct or i need particular configuration in qmailtoaster? For example i've problems (like spam control) if an email arrive to box2.mydomain.xxx and my server response with box1.mydomain.xxx thank you -- Michele Federici
