[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Eric Shubert

Bingo! That's it all right. Nice bit of sleuthing, Michael.

My apologies to CJ as he was on the right track. I missed the bit about 
your local lan addresses being whitelisted though.


Spamdyke's documentation at 
http://www.spamdyke.org/documentation/README.html#RELAYING says: 
Authenticated and whitelisted connections will be allowed to relay.


So my question now is, why do you have your LAN whitelisted?

--
-Eric 'shubes'

On 01/11/2011 07:37 PM, Michael Colvin wrote:

Eric..  Check this thread out...  I think this may be pointing me in the
right direction...

http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html

The 2nd paragraph...  Because relay client is set, simscan doesn’t run the
message through SpamAssassin (Since it's supposedly from a trusted source).

Could spamdyke be passing a value for RELAYCLIENT?  I've got the
192.168.100.0/24 (The private network my mail cluster is on) Whitelisted
in spamdyke...

Any place else that might be passing RELAYCLIENT?  It's not in my tcp.smtp
file.



Michael J. Colvin
NorCal Internet Services
www.norcalisp.com





-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 11:06 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

I'm at a loss Michael. I think I'd look closer into spamassassin at this
point. Can you invoke SA 'manually'?

On 01/11/2011 11:13 AM, Michael Colvin wrote:

Here you go Eric.  Both servers had identical outputs, other than one

being

installed the day after this one.  :-)

Name: simscan-toaster  Relocations: (not

relocatable)

Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Fri 29 Oct 2010
02:28:37 AM PDT
Install Date: Fri 29 Oct 2010 02:30:25 AM PDT  Build Host:
mail-1.norcalisp.com
Group   : Networking/Other  Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickersj...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin.  It also supports

attachment

blocking by extension.  Simscan is written entirely in C to ensure

maximum

speed.  There are several options to allow simscan to scan per domain,

and

reject spam mail.


  Current settings
   ---
   user  = clamav
   qmail directory   = /var/qmail
   work directory= /var/qmail/simscan
   control directory = /var/qmail/control
   qmail queue program   = /var/qmail/bin/qmail-queue
   clamdscan program = /usr/bin/clamdscan
   clamav scan   = ON
   trophie scanning  = OFF
   attachement scan  = ON
   ripmime program   = /usr/bin/ripmime
   custom smtp reject= ON
   drop message  = OFF
   regex scanner = OFF
   quarantine processing = OFF
   domain based checking = ON
   add received header   = ON
   spam scanning = ON
   spamc program = /usr/bin/spamc
   spamc arguments   =
   spamc user= OFF
   authenticated users scanned = OFF
   spam passthru = OFF
   spam hits = 40

  Current simcontrol config
   --
   :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com




-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 8:36 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA
still scans. Authenticated submissions aren't scanned though.

Michael, can you post your
# rpm -qi simscan-toaster
(just double checking)

--
-Eric 'shubes'

On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:

Isn't there something about LAN addresses not being scanned?

Quoting Michael J. Colvinmcol...@norcalisp.com:


OK. Tcp.smtp now looks like:





:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va

r/


qmail/bin/simscan,NOP0FCHECK=1

Header information is still the same:

Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -

0800

Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
Clear:RC:1(192.168.100.122):.
Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Ummm...  Mainly I think it was laziness so that the web hosting servers
could send via these servers.  (Instead of listing just the specific
internal IP's, since I add servers occasionally...) 

I think there was another reason involving how my outbound mail is working,
but now that I'm trying to explain it in an e-mail, I'm not sure *that*
reason is valid, so I'll need to think about that one.  :-)

The particular servers we're looking at hear, handle inbound e-mail
filtering only, then forward the mail to another cluster that's customer
facing.

So... Ok, now I need to figure out where it's getting that from, because,
I'm not sure you saw the other message, but I removed the internal network
from the whitelisting, and still nothing.

And, now that I think about it, the e-mail isn't coming from an internal IP
at the point we're looking at...  The server has an internal IP, but it is
the first server to handle the e-mail, so it's not getting it from another
server with an internal IP.  It has an internal IP because it's behind a
load balancer.

I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your
comment is what got me looking in this direction) was the *second* cluster,
which is getting the e-mail from the first cluster via internal IP's...I'm
not concerned with that server not scanning w/spamassassin, since it should
be scanned with the first cluster.  :-)  Besides, that second cluster is an
older QMR server that I want to pull out, once I get it replaced with QMT
servers...

Here's the header from your e-mail.  Notice the first few lines, with one
containing qmail-scanner.  Obviously, this isn't a Toaster.  Further down,
we see the Toaster's headers, which is still the area we were looking at
with the simscan entries.

(Continued after header!)

-


Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800
Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from
qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com, uid
1008) with qmail-scanner-1.25-st-qms 
 (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.  
 Clear:RC:1(192.168.100.121):. 
 Processed in 0.058344 secs); 12 Jan 2011 17:04:54 -
X-Antivirus-NorCalISP-Mail-From:
qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):. Processed
in 0.058344 secs Process 10085)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121)
  by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800
Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 -
Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509
Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157)
  by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 -
Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 -
Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by ezmlm
Precedence: bulk
List-Post: mailto:qmailtoaster-list@qmailtoaster.com
List-Help: mailto:qmailtoaster-list-h...@qmailtoaster.com
List-Unsubscribe: mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
List-Subscribe: mailto:qmailtoaster-list-subscr...@qmailtoaster.com
Reply-To: qmailtoaster-list@qmailtoaster.com
Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com
Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 -
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.qmailtoaster.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,
DK_POLICY_SIGNALL autolearn=ham version=3.2.5
Received-SPF: pass (mail.qmailtoaster.com: SPF record at m.gmane.org
designates 80.91.229.12 as permitted sender)
X-Injected-Via-Gmane: http://gmane.org/
To: qmailtoaster-list@qmailtoaster.com
From: Eric Shubert e...@shubes.net
Date: Wed, 12 Jan 2011 10:03:15 -0700
Organization: Eric Shubert  Associates
Lines: 418
Message-ID: igkmsj$3n...@dough.gmane.org
References: 01fb01cbb05c$cdadf280$6909d7...@com
igdmcu$50...@dough.gmane.org 020301cbb068$a4405d00$ecc117...@com
igdt2h$s1...@dough.gmane.org 020a01cbb07d$5e13af20$1a3b0d...@com
igfcn4$hl...@dough.gmane.org 028301cbb18e$88fac7c0$9af057...@com
20110111081003.52761c20gaaza...@mail.yother.com
igi0to$gn...@dough.gmane.org 000f01cbb1bb$3d1cf620$0200a...@homeoffice
igi9n4$32...@dough.gmane.org 005101cbb201$9785c970$0200a...@homeoffice
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: use...@dough.gmane.org
X-Gmane-NNTP-Posting-Host: rain.gmane.org
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13)
Gecko/20101208 Thunderbird/3.1.7
In-Reply-To: 005101cbb201$9785c970$0200a...@homeoffice
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Eric Shubert
...@homeoffice
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: use...@dough.gmane.org
X-Gmane-NNTP-Posting-Host: rain.gmane.org
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13)
Gecko/20101208 Thunderbird/3.1.7
In-Reply-To:005101cbb201$9785c970$0200a...@homeoffice
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro


-

So... I've checked my Spamdyke config, and don't see anything that would
cause it to pass RELAYCLIENT...  No whitelisted e-mails, domains, and I
removed the IP's (Or narrowed them down to just the servers).  Same
result...

But I think we might be on the right track...


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com





-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Wednesday, January 12, 2011 9:03 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

Bingo! That's it all right. Nice bit of sleuthing, Michael.

My apologies to CJ as he was on the right track. I missed the bit about
your local lan addresses being whitelisted though.

Spamdyke's documentation at
http://www.spamdyke.org/documentation/README.html#RELAYING says:
Authenticated and whitelisted connections will be allowed to relay.

So my question now is, why do you have your LAN whitelisted?

--
-Eric 'shubes'

On 01/11/2011 07:37 PM, Michael Colvin wrote:

Eric..  Check this thread out...  I think this may be pointing me in the
right direction...

http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html

The 2nd paragraph...  Because relay client is set, simscan doesn’t run

the

message through SpamAssassin (Since it's supposedly from a trusted

source).


Could spamdyke be passing a value for RELAYCLIENT?  I've got the
192.168.100.0/24 (The private network my mail cluster is on)

Whitelisted

in spamdyke...

Any place else that might be passing RELAYCLIENT?  It's not in my

tcp.smtp

file.



Michael J. Colvin
NorCal Internet Services
www.norcalisp.com





-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 11:06 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

I'm at a loss Michael. I think I'd look closer into spamassassin at

this

point. Can you invoke SA 'manually'?

On 01/11/2011 11:13 AM, Michael Colvin wrote:

Here you go Eric.  Both servers had identical outputs, other than one

being

installed the day after this one.  :-)

Name: simscan-toaster  Relocations: (not

relocatable)

Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Fri 29 Oct

2010

02:28:37 AM PDT
Install Date: Fri 29 Oct 2010 02:30:25 AM PDT  Build Host:
mail-1.norcalisp.com
Group   : Networking/Other  Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickersj...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin.  It also supports

attachment

blocking by extension.  Simscan is written entirely in C to ensure

maximum

speed.  There are several options to allow simscan to scan per domain,

and

reject spam mail.


   Current settings
---
user  = clamav
qmail directory   = /var/qmail
work directory= /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program   = /var/qmail/bin/qmail-queue
clamdscan program = /usr/bin/clamdscan
clamav scan   = ON
trophie scanning  = OFF
attachement scan  = ON
ripmime program   = /usr/bin/ripmime
custom smtp reject= ON
drop message  = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = ON
add received header   = ON
spam scanning = ON
spamc program = /usr/bin/spamc
spamc arguments   =
spamc user= OFF
authenticated users scanned = OFF
spam passthru = OFF
spam hits = 40

   Current simcontrol config
--
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com




-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 8:36 AM
To: qmailtoaster-list@qmailtoaster.com

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Agreed (With the authenticating hosting servers part).  This was a quick
(And I thought ok) way of getting these toasters up...  I'm obviously going
to have to go back through and tweak some stuff.

I'll pull spamdyke down, test again, and let you know.  I'm going to re-read
the link you included to the Relaying portion of SpamDykes config first, to
see if I have a Duh moment.

I'll keep you posted!

Thanks again.

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Wednesday, January 12, 2011 9:53 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 I think I understand. I did notice the QMR server further down the line
 and wondered a little about it.
 
 I'd remove spamdyke temporarily at this point and test. Then you'll know
 for sure if spamdyke setting RELAYCLIENT is the cause or not.
 
 P.S. I realize that web hosting servers are a pita, but configuring them
 to authenticate is a good practice imo. Then you don't need any open
 relaying.
 --
 -Eric 'shubes'
 
 On 01/12/2011 10:35 AM, Michael Colvin wrote:
  Ummm...  Mainly I think it was laziness so that the web hosting servers
  could send via these servers.  (Instead of listing just the specific
  internal IP's, since I add servers occasionally...)
 
  I think there was another reason involving how my outbound mail is
 working,
  but now that I'm trying to explain it in an e-mail, I'm not sure *that*
  reason is valid, so I'll need to think about that one.  :-)
 
  The particular servers we're looking at hear, handle inbound e-mail
  filtering only, then forward the mail to another cluster that's customer
  facing.
 
  So... Ok, now I need to figure out where it's getting that from,
 because,
  I'm not sure you saw the other message, but I removed the internal
 network
  from the whitelisting, and still nothing.
 
  And, now that I think about it, the e-mail isn't coming from an internal
 IP
  at the point we're looking at...  The server has an internal IP, but it
 is
  the first server to handle the e-mail, so it's not getting it from
 another
  server with an internal IP.  It has an internal IP because it's behind a
  load balancer.
 
  I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your
  comment is what got me looking in this direction) was the *second*
 cluster,
  which is getting the e-mail from the first cluster via internal
 IP's...I'm
  not concerned with that server not scanning w/spamassassin, since it
 should
  be scanned with the first cluster.  :-)  Besides, that second cluster is
 an
  older QMR server that I want to pull out, once I get it replaced with
 QMT
  servers...
 
  Here's the header from your e-mail.  Notice the first few lines, with
 one
  containing qmail-scanner.  Obviously, this isn't a Toaster.  Further
 down,
  we see the Toaster's headers, which is still the area we were looking at
  with the simscan entries.
 
  (Continued after header!)
 
  -
 
 
  Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800
  Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from
  qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com,
 uid
  1008) with qmail-scanner-1.25-st-qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
Clear:RC:1(192.168.100.121):.
Processed in 0.058344 secs); 12 Jan 2011 17:04:54 -
  X-Antivirus-NorCalISP-Mail-From:
  qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com via
  mail.norcalisp.com
  X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):.
 Processed
  in 0.058344 secs Process 10085)
  Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121)
 by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800
  Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 -
  Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509
  Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157)
 by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 -
  Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 -
  Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by
 ezmlm
  Precedence: bulk
  List-Post:mailto:qmailtoaster-list@qmailtoaster.com
  List-Help:mailto:qmailtoaster-list-h...@qmailtoaster.com
  List-Unsubscribe:mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
  List-Subscribe:mailto:qmailtoaster-list-subscr...@qmailtoaster.com
  Reply-To: qmailtoaster-list@qmailtoaster.com
  Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com
  Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 -
  X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
  mail.qmailtoaster.com
  X-Spam-Level:
  X-Spam-Status: No, score=-1.4

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Eric,

I've checked all the places I can think of that it might be getting
RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip
and tcp.smtp) and I've removed any reference to my internal network...
Still no luck.

Any place else you can think of before I write the RELAYCLIENT flag as being
the issue?

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
OK...  So, I pulled spamdyke out of the picture, and what do you know,
suddenly the simscan line shows what we'd expect:

Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.norcalisp.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX,
HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5

So...  I've got something in SpamDyke that's likely setting RELAYCLIENT.

I'm pretty certain it's not whitelist_ip, since I pulled the internal range
out.  I also pulled it out of the relay file that access-file in the
spamdyke.conf file points too.

Here's my spamdyke.conf

log-level=info
access-file=/var/qmail/control/relay
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=20
idle-timeout-secs=180
greeting-delay-secs=0
graylist-level=always
graylist-dir=/var/spamdyke/graylist
graylist-min-secs=300
graylist-max-secs=1814400
#policy-url=http://www.norcalisp.com/nospam?reason=
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
ip-whitelist-file=/etc/spamdyke/whitelist_ip
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
reject-missing-sender-mx
reject-ip-in-cc-rdns
ip-blacklist-file=/etc/spamdyke/blacklist_ip
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
#ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
#rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d
reject-empty-rdns
#reject-unresolvable-rdns
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=list.dsbl.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=bogons.cymru.com
#
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

Here's the whitelist_ip file:

127.0.0.1
69.224.211.10

All other whitelist_X files are empty.

The relay file has:

69.224.211.10

This entry is a specific client I needed to relay...But I don't see how that
would be causing any issues, since the e-mail isn't coming from them.  :-)

I can't find anything else that might be causing spamdyke to set the
RELAYCLIENT flag...

At this point, it looks like this is more SpamDyke related than QMT, so I
should probably move this over there...  Unless you have any parting
thoughts, maybe we can pick this up over there.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Michael Colvin [mailto:mcol...@norcalisp.com]
 Sent: Wednesday, January 12, 2011 9:59 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
 SimContro
 
 Agreed (With the authenticating hosting servers part).  This was a quick
 (And I thought ok) way of getting these toasters up...  I'm obviously
 going
 to have to go back through and tweak some stuff.
 
 I'll pull spamdyke down, test again, and let you know.  I'm going to re-
 read
 the link you included to the Relaying portion of SpamDykes config first,
 to
 see if I have a Duh moment.
 
 I'll keep you posted!
 
 Thanks again.
 
 
 Michael J. Colvin
 NorCal Internet Services
 www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Eric Shubert [mailto:e...@shubes.net]
  Sent: Wednesday, January 12, 2011 9:53 AM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
  I think I understand. I did notice the QMR server further down the line
  and wondered a little about it.
 
  I'd remove spamdyke temporarily at this point and test. Then you'll know
  for sure if spamdyke setting RELAYCLIENT is the cause or not.
 
  P.S. I realize that web hosting servers are a pita, but configuring them
  to authenticate is a good practice imo. Then you don't need any open
  relaying.
  --
  -Eric 'shubes'
 
  On 01/12/2011 10:35 AM, Michael Colvin wrote:
   Ummm...  Mainly I think it was laziness so that the web hosting
 servers
   could send via these servers.  (Instead of listing just the specific
   internal IP's, since I add servers occasionally...)
  
   I think there was another reason involving how my outbound mail is
  working,
   but now that I'm trying to explain it in an e-mail, I'm not sure
 *that*
   reason is valid, so I'll need to think about that one.  :-)
  
   The particular servers we're looking at hear, handle inbound e-mail
   filtering only, then forward the mail to another cluster that's
 customer
   facing.
  
   So... Ok, now I need to figure out where it's getting that from,
  because,
   I'm not sure you saw the other message, but I removed the internal
  network
   from the whitelisting, and still nothing.
  
   And, now that I think about it, the e-mail isn't coming from an
 internal
  IP
   at the point we're looking at...  The server has an internal IP, but
 it
  is
   the first server to handle the e

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Eric Shubert

On 01/11/2011 08:03 PM, Michael Colvin wrote:

Eric,

I've checked all the places I can think of that it might be getting
RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip
and tcp.smtp) and I've removed any reference to my internal network...
Still no luck.

Any place else you can think of before I write the RELAYCLIENT flag as being
the issue?


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com

-


This just showed up. Is it old, or is the time on your computer off?

--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
It's old...  I sent it last night while changing some of the relay stuff,
and apparently cause some mail to start queuing on the customer facing
servers...  So, when I put everything back (This morning), the queue dumped.
:-)

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Wednesday, January 12, 2011 11:11 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 On 01/11/2011 08:03 PM, Michael Colvin wrote:
  Eric,
 
  I've checked all the places I can think of that it might be getting
  RELAYCLIENT set at (/var/qmail/control/relay ,
 /etc/spamdyke/whitelist_ip
  and tcp.smtp) and I've removed any reference to my internal network...
  Still no luck.
 
  Any place else you can think of before I write the RELAYCLIENT flag as
 being
  the issue?
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
  
 -
 
 This just showed up. Is it old, or is the time on your computer off?
 
 --
 -Eric 'shubes'
 
 
 --
 ---
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 --
 ---
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 
   To unsubscribe, e-mail: qmailtoaster-list-
 unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-
 h...@qmailtoaster.com
 



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Eric Shubert
I've been using the tcp.smtp file in lieu of spamdyke's access file. I 
don't think the access file is useful in QMT, since qmail has the SMTP 
AUTH patch. I'm not certain of this though, and would like to know Sam's 
take on this. I think taking this to the spamdyke list is a good idea.


It appears to me from the documentation that spamdyke's access-file 
should be formatted like:

69.224.211.10:ACCESS
not just the IP address. I wonder if this is causing the problem. If 
there is no : in that file, I would expect spamdyke to throw an error 
or warning of some kind though. Have you run spamdyke in test mode to 
check for errors? See the qtp-install-spamdyke script for how to do this.


--
-Eric 'shubes'

On 01/12/2011 12:08 PM, Michael Colvin wrote:

OK...  So, I pulled spamdyke out of the picture, and what do you know,
suddenly the simscan line shows what we'd expect:

Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
  scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.norcalisp.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX,
HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5

So...  I've got something in SpamDyke that's likely setting RELAYCLIENT.

I'm pretty certain it's not whitelist_ip, since I pulled the internal range
out.  I also pulled it out of the relay file that access-file in the
spamdyke.conf file points too.

Here's my spamdyke.conf

log-level=info
access-file=/var/qmail/control/relay
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=20
idle-timeout-secs=180
greeting-delay-secs=0
graylist-level=always
graylist-dir=/var/spamdyke/graylist
graylist-min-secs=300
graylist-max-secs=1814400
#policy-url=http://www.norcalisp.com/nospam?reason=
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
ip-whitelist-file=/etc/spamdyke/whitelist_ip
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
reject-missing-sender-mx
reject-ip-in-cc-rdns
ip-blacklist-file=/etc/spamdyke/blacklist_ip
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
#ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
#rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d
reject-empty-rdns
#reject-unresolvable-rdns
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=list.dsbl.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=bogons.cymru.com
#
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

Here's the whitelist_ip file:

127.0.0.1
69.224.211.10

All other whitelist_X files are empty.

The relay file has:

69.224.211.10

This entry is a specific client I needed to relay...But I don't see how that
would be causing any issues, since the e-mail isn't coming from them.  :-)

I can't find anything else that might be causing spamdyke to set the
RELAYCLIENT flag...

At this point, it looks like this is more SpamDyke related than QMT, so I
should probably move this over there...  Unless you have any parting
thoughts, maybe we can pick this up over there.

Michael J. Colvin
NorCal Internet Services
www.norcalisp.com





-Original Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Wednesday, January 12, 2011 9:59 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
SimContro

Agreed (With the authenticating hosting servers part).  This was a quick
(And I thought ok) way of getting these toasters up...  I'm obviously
going
to have to go back through and tweak some stuff.

I'll pull spamdyke down, test again, and let you know.  I'm going to re-
read
the link you included to the Relaying portion of SpamDykes config first,
to
see if I have a Duh moment.

I'll keep you posted!

Thanks again.


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com





-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Wednesday, January 12, 2011 9:53 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

I think I understand. I did notice the QMR server further down the line
and wondered a little about it.

I'd remove spamdyke temporarily at this point and test. Then you'll know
for sure if spamdyke setting RELAYCLIENT is the cause or not.

P.S. I realize that web hosting servers are a pita, but configuring them
to authenticate is a good practice imo. Then you don't need any open
relaying.
--
-Eric 'shubes'

On 01/12/2011 10:35 AM, Michael Colvin wrote:

Ummm...  Mainly I think it was laziness so that the web hosting

servers

could send via these servers.  (Instead of listing just the specific
internal IP's, since I add servers occasionally...)

I think there was another reason involving how my outbound mail is

working,

but now that I'm trying

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Ok...  I've got it narrowed down to the relay file...

I remarked out the access-file line, and e-mail gets scanned now...  So,
it must be how I have the info entered...

Not sure where I got that just the IP was sufficient...  The documentation
obviously lists the : and second value criteria...

So, let me play around with that file and see if I can get the relaying I
need, without the bailing out on SpamAssassin.

I'll let you know.

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Wednesday, January 12, 2011 12:08 PM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 I've been using the tcp.smtp file in lieu of spamdyke's access file. I
 don't think the access file is useful in QMT, since qmail has the SMTP
 AUTH patch. I'm not certain of this though, and would like to know Sam's
 take on this. I think taking this to the spamdyke list is a good idea.
 
 It appears to me from the documentation that spamdyke's access-file
 should be formatted like:
 69.224.211.10:ACCESS
 not just the IP address. I wonder if this is causing the problem. If
 there is no : in that file, I would expect spamdyke to throw an error
 or warning of some kind though. Have you run spamdyke in test mode to
 check for errors? See the qtp-install-spamdyke script for how to do this.
 
 --
 -Eric 'shubes'
 
 On 01/12/2011 12:08 PM, Michael Colvin wrote:
  OK...  So, I pulled spamdyke out of the picture, and what do you know,
  suddenly the simscan line shows what we'd expect:
 
  Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam:
 3.2.5
  X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
  mail.norcalisp.com
  X-Spam-Level: ***
  X-Spam-Status: No, score=3.5 required=5.0
 tests=DK_SIGNED,FH_DATE_PAST_20XX,
  HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5
 
  So...  I've got something in SpamDyke that's likely setting RELAYCLIENT.
 
  I'm pretty certain it's not whitelist_ip, since I pulled the internal
 range
  out.  I also pulled it out of the relay file that access-file in the
  spamdyke.conf file points too.
 
  Here's my spamdyke.conf
 
  log-level=info
  access-file=/var/qmail/control/relay
  local-domains-file=/var/qmail/control/rcpthosts
  max-recipients=20
  idle-timeout-secs=180
  greeting-delay-secs=0
  graylist-level=always
  graylist-dir=/var/spamdyke/graylist
  graylist-min-secs=300
  graylist-max-secs=1814400
  #policy-url=http://www.norcalisp.com/nospam?reason=
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
  rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
  reject-missing-sender-mx
  reject-ip-in-cc-rdns
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
  #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d
  reject-empty-rdns
  #reject-unresolvable-rdns
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=b.barracudacentral.org
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=list.dsbl.org
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=bogons.cymru.com
  #
  tls-certificate-file=/var/qmail/control/servercert.pem
  tls-level=smtp
 
  Here's the whitelist_ip file:
 
  127.0.0.1
  69.224.211.10
 
  All other whitelist_X files are empty.
 
  The relay file has:
 
  69.224.211.10
 
  This entry is a specific client I needed to relay...But I don't see how
 that
  would be causing any issues, since the e-mail isn't coming from them.
 :-)
 
  I can't find anything else that might be causing spamdyke to set the
  RELAYCLIENT flag...
 
  At this point, it looks like this is more SpamDyke related than QMT, so
 I
  should probably move this over there...  Unless you have any parting
  thoughts, maybe we can pick this up over there.
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Michael Colvin [mailto:mcol...@norcalisp.com]
  Sent: Wednesday, January 12, 2011 9:59 AM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
  SimContro
 
  Agreed (With the authenticating hosting servers part).  This was a
 quick
  (And I thought ok) way of getting these toasters up...  I'm obviously
  going
  to have to go back through and tweak some stuff.
 
  I'll pull spamdyke down, test again, and let you know.  I'm going to
 re-
  read
  the link you included to the Relaying portion of SpamDykes config
 first,
  to
  see if I have a Duh moment.
 
  I'll keep you posted!
 
  Thanks again.
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Eric

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Ok...  Just to follow-up...

I set the entries in the relay file as described in SpamDyke's
documentation, same result.

I remarked out the lines in the relay file, effectively making it Empty.
SpamAssassin is still not called.

Now, I'm not sure if calling an empty file is causing an issue

When I ran the spamdyke tests, I didn't get any errors...  I'm going to move
over to SpamDyke's list now, and see what Sam thinks...

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Michael Colvin [mailto:mcol...@norcalisp.com]
 Sent: Wednesday, January 12, 2011 12:45 PM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
 SimContro
 
 Ok...  I've got it narrowed down to the relay file...
 
 I remarked out the access-file line, and e-mail gets scanned now...  So,
 it must be how I have the info entered...
 
 Not sure where I got that just the IP was sufficient...  The documentation
 obviously lists the : and second value criteria...
 
 So, let me play around with that file and see if I can get the relaying I
 need, without the bailing out on SpamAssassin.
 
 I'll let you know.
 
 
 Michael J. Colvin
 NorCal Internet Services
 www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Eric Shubert [mailto:e...@shubes.net]
  Sent: Wednesday, January 12, 2011 12:08 PM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
  I've been using the tcp.smtp file in lieu of spamdyke's access file. I
  don't think the access file is useful in QMT, since qmail has the SMTP
  AUTH patch. I'm not certain of this though, and would like to know Sam's
  take on this. I think taking this to the spamdyke list is a good idea.
 
  It appears to me from the documentation that spamdyke's access-file
  should be formatted like:
  69.224.211.10:ACCESS
  not just the IP address. I wonder if this is causing the problem. If
  there is no : in that file, I would expect spamdyke to throw an error
  or warning of some kind though. Have you run spamdyke in test mode to
  check for errors? See the qtp-install-spamdyke script for how to do
 this.
 
  --
  -Eric 'shubes'
 
  On 01/12/2011 12:08 PM, Michael Colvin wrote:
   OK...  So, I pulled spamdyke out of the picture, and what do you know,
   suddenly the simscan line shows what we'd expect:
  
   Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam:
  3.2.5
   X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
   mail.norcalisp.com
   X-Spam-Level: ***
   X-Spam-Status: No, score=3.5 required=5.0
  tests=DK_SIGNED,FH_DATE_PAST_20XX,
 HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5
  
   So...  I've got something in SpamDyke that's likely setting
 RELAYCLIENT.
  
   I'm pretty certain it's not whitelist_ip, since I pulled the internal
  range
   out.  I also pulled it out of the relay file that access-file in the
   spamdyke.conf file points too.
  
   Here's my spamdyke.conf
  
   log-level=info
   access-file=/var/qmail/control/relay
   local-domains-file=/var/qmail/control/rcpthosts
   max-recipients=20
   idle-timeout-secs=180
   greeting-delay-secs=0
   graylist-level=always
   graylist-dir=/var/spamdyke/graylist
   graylist-min-secs=300
   graylist-max-secs=1814400
   #policy-url=http://www.norcalisp.com/nospam?reason=
   sender-blacklist-file=/etc/spamdyke/blacklist_senders
   sender-whitelist-file=/etc/spamdyke/whitelist_senders
   ip-whitelist-file=/etc/spamdyke/whitelist_ip
   rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
   reject-missing-sender-mx
   reject-ip-in-cc-rdns
   ip-blacklist-file=/etc/spamdyke/blacklist_ip
   recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
   #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
   #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d
   reject-empty-rdns
   #reject-unresolvable-rdns
   dns-blacklist-entry=zen.spamhaus.org
   dns-blacklist-entry=b.barracudacentral.org
   dns-blacklist-entry=cbl.abuseat.org
   dns-blacklist-entry=list.dsbl.org
   dns-blacklist-entry=bl.spamcop.net
   dns-blacklist-entry=bogons.cymru.com
   #
   tls-certificate-file=/var/qmail/control/servercert.pem
   tls-level=smtp
  
   Here's the whitelist_ip file:
  
   127.0.0.1
   69.224.211.10
  
   All other whitelist_X files are empty.
  
   The relay file has:
  
   69.224.211.10
  
   This entry is a specific client I needed to relay...But I don't see
 how
  that
   would be causing any issues, since the e-mail isn't coming from them.
  :-)
  
   I can't find anything else that might be causing spamdyke to set the
   RELAYCLIENT flag...
  
   At this point, it looks like this is more SpamDyke related than QMT,
 so
  I
   should probably move this over there...  Unless you have any parting
   thoughts, maybe we can pick this up over there.
  
   Michael J. Colvin

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-12 Thread Michael Colvin
Ok...Just to wrap this thread up on this list, in case anyone searches this
list

The issue is apparently a known issue without an elegant solution currently.
We pretty much nailed it down though on here...

You can find Sam's response and description of the issue in the thread here:
http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg03033.html with a
reference to the thread here:
http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg02032.html

Reader's Digest version...If you're going to use the relay file, you'll
have to patch SpamDyke, at least for now.  The alternative is to put what
you'd put in the relay file into tcp.smtp, and don't use the access-file
in SpamDyke.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Michael Colvin [mailto:mcol...@norcalisp.com]
 Sent: Wednesday, January 12, 2011 1:15 PM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
 SimContro
 
 Ok...  Just to follow-up...
 
 I set the entries in the relay file as described in SpamDyke's
 documentation, same result.
 
 I remarked out the lines in the relay file, effectively making it
 Empty.
 SpamAssassin is still not called.
 
 Now, I'm not sure if calling an empty file is causing an issue
 
 When I ran the spamdyke tests, I didn't get any errors...  I'm going to
 move
 over to SpamDyke's list now, and see what Sam thinks...
 
 
 Michael J. Colvin
 NorCal Internet Services
 www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Michael Colvin [mailto:mcol...@norcalisp.com]
  Sent: Wednesday, January 12, 2011 12:45 PM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
  SimContro
 
  Ok...  I've got it narrowed down to the relay file...
 
  I remarked out the access-file line, and e-mail gets scanned now...
 So,
  it must be how I have the info entered...
 
  Not sure where I got that just the IP was sufficient...  The
 documentation
  obviously lists the : and second value criteria...
 
  So, let me play around with that file and see if I can get the relaying
 I
  need, without the bailing out on SpamAssassin.
 
  I'll let you know.
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
 
   -Original Message-
   From: Eric Shubert [mailto:e...@shubes.net]
   Sent: Wednesday, January 12, 2011 12:08 PM
   To: qmailtoaster-list@qmailtoaster.com
   Subject: [qmailtoaster] Re: SpamAssassin not being invoked by
 SimContro
  
   I've been using the tcp.smtp file in lieu of spamdyke's access file. I
   don't think the access file is useful in QMT, since qmail has the SMTP
   AUTH patch. I'm not certain of this though, and would like to know
 Sam's
   take on this. I think taking this to the spamdyke list is a good idea.
  
   It appears to me from the documentation that spamdyke's access-file
   should be formatted like:
   69.224.211.10:ACCESS
   not just the IP address. I wonder if this is causing the problem. If
   there is no : in that file, I would expect spamdyke to throw an
 error
   or warning of some kind though. Have you run spamdyke in test mode to
   check for errors? See the qtp-install-spamdyke script for how to do
  this.
  
   --
   -Eric 'shubes'
  
   On 01/12/2011 12:08 PM, Michael Colvin wrote:
OK...  So, I pulled spamdyke out of the picture, and what do you
 know,
suddenly the simscan line shows what we'd expect:
   
Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
  scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam:
   3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.norcalisp.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0
   tests=DK_SIGNED,FH_DATE_PAST_20XX,
HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5
   
So...  I've got something in SpamDyke that's likely setting
  RELAYCLIENT.
   
I'm pretty certain it's not whitelist_ip, since I pulled the
 internal
   range
out.  I also pulled it out of the relay file that access-file in
 the
spamdyke.conf file points too.
   
Here's my spamdyke.conf
   
log-level=info
access-file=/var/qmail/control/relay
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=20
idle-timeout-secs=180
greeting-delay-secs=0
graylist-level=always
graylist-dir=/var/spamdyke/graylist
graylist-min-secs=300
graylist-max-secs=1814400
#policy-url=http://www.norcalisp.com/nospam?reason=
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
ip-whitelist-file=/etc/spamdyke/whitelist_ip
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
reject-missing-sender-mx
reject-ip-in-cc-rdns
ip-blacklist-file=/etc/spamdyke/blacklist_ip
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
#ip-in-rdns-keyword

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Michael J. Colvin
OK.  Tcp.smtp now looks like:

:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/
qmail/bin/simscan,NOP0FCHECK=1

Header information is still the same:

Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms 
 (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.  
 Clear:RC:1(192.168.100.122):. 
 Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed
in 0.066093 secs Process 28558)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -
Received: by iwn38 with SMTP id 38so21353335iwn.36
for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-id
 :subject:from:to:content-type;
bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM
 
KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
 cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY
 
jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
 M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs=
MIME-Version: 1.0
Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840;
Tue,
 11 Jan 2011 04:40:29 -0800 (PST)
Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
Date: Tue, 11 Jan 2011 04:40:29 -0800
Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com
Subject: Testing
From: NorCal Internet norcalinter...@gmail.com
To: Michael Colvin mcol...@norcalisp.com
Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea


No change on the simscan line...  I still don't see anything in qmlog
spamd, other than the Startup stuff that was there from my last post...
In fact, there's nothing but what I posted last time, since the server
hasn't restarted...  There's been no log entries in spamd since 1/9/2011...

SpamAssassin is On in the default QMT, right?  I mean, it's obviously
installed on the system, and SimScan is running...  It just seems like
something is missing, and it's on both servers...  I know this is going to
end in one of those Duh! moments...  :-)

Mike


-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: Monday, January 10, 2011 8:39 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

On 01/09/2011 09:17 PM, Michael J. Colvin wrote:

 Have you run
 # qmailctl cdb
 recently?

 Several times, and even rebooted the whole server (Both of them) to make
 sure the new cdb files were loaded.  The cdb file's date stamp is being
 updated when I run qmailctl cdb.

 Again, what I think is the strangest part is, this is happening on two
 totally separate machines, both with basically Stock ISO installs on
 them...  If it was happening to just one, I'd lean towards a config
error...
 But with two of them, it's either something I did too both of them
 (Possible, of course) or something else...  And, like I said, I haven't
 changed much from the stock install...  Just the rcpthosts, smtproutes,
 tcp.smtp (As posted) and I think that's about it..

 (Shrug)...

 Mike


Here's my tcp.smtp entry:
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG
RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro
l/domainkeys/%/private,NOP0FCHECK=1

You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you 
really need that. I don't recall what happens w/out it, but I'd put it 
in and see if that fixes things.

-- 
-Eric 'shubes'



-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Cecil Yother, Jr

Isn't there something about LAN addresses not being scanned?

Quoting Michael J. Colvin mcol...@norcalisp.com:


OK.  Tcp.smtp now looks like:

:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/
qmail/bin/simscan,NOP0FCHECK=1

Header information is still the same:

Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
 (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
 Clear:RC:1(192.168.100.122):.
 Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed
in 0.066093 secs Process 28558)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -
Received: by iwn38 with SMTP id 38so21353335iwn.36
for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-id
 :subject:from:to:content-type;
bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM

KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
 cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY

jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
 M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs=
MIME-Version: 1.0
Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840;
Tue,
 11 Jan 2011 04:40:29 -0800 (PST)
Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
Date: Tue, 11 Jan 2011 04:40:29 -0800
Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com
Subject: Testing
From: NorCal Internet norcalinter...@gmail.com
To: Michael Colvin mcol...@norcalisp.com
Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea


No change on the simscan line...  I still don't see anything in qmlog
spamd, other than the Startup stuff that was there from my last post...
In fact, there's nothing but what I posted last time, since the server
hasn't restarted...  There's been no log entries in spamd since 1/9/2011...

SpamAssassin is On in the default QMT, right?  I mean, it's obviously
installed on the system, and SimScan is running...  It just seems like
something is missing, and it's on both servers...  I know this is going to
end in one of those Duh! moments...  :-)

Mike


-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Monday, January 10, 2011 8:39 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

On 01/09/2011 09:17 PM, Michael J. Colvin wrote:



Have you run
# qmailctl cdb
recently?


Several times, and even rebooted the whole server (Both of them) to make
sure the new cdb files were loaded.  The cdb file's date stamp is being
updated when I run qmailctl cdb.

Again, what I think is the strangest part is, this is happening on two
totally separate machines, both with basically Stock ISO installs on
them...  If it was happening to just one, I'd lean towards a config

error...

But with two of them, it's either something I did too both of them
(Possible, of course) or something else...  And, like I said, I haven't
changed much from the stock install...  Just the rcpthosts, smtproutes,
tcp.smtp (As posted) and I think that's about it..

(Shrug)...

Mike



Here's my tcp.smtp entry:
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG
RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro
l/domainkeys/%/private,NOP0FCHECK=1

You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you
really need that. I don't recall what happens w/out it, but I'd put it
in and see if that fixes things.

--
-Eric 'shubes'



-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Eric Shubert
I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA 
still scans. Authenticated submissions aren't scanned though.


Michael, can you post your
# rpm -qi simscan-toaster
(just double checking)

--
-Eric 'shubes'

On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:

Isn't there something about LAN addresses not being scanned?

Quoting Michael J. Colvin mcol...@norcalisp.com:


OK. Tcp.smtp now looks like:

:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/

qmail/bin/simscan,NOP0FCHECK=1

Header information is still the same:

Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
Clear:RC:1(192.168.100.122):.
Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):.
Processed
in 0.066093 secs Process 28558)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177)
by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -
Received: by iwn38 with SMTP id 38so21353335iwn.36
for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-id
:subject:from:to:content-type;
bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM

KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY

jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs=
MIME-Version: 1.0
Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840;
Tue,
11 Jan 2011 04:40:29 -0800 (PST)
Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
Date: Tue, 11 Jan 2011 04:40:29 -0800
Message-ID:
aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com
Subject: Testing
From: NorCal Internet norcalinter...@gmail.com
To: Michael Colvin mcol...@norcalisp.com
Content-Type: multipart/alternative;
boundary=20cf305496a9c27d9b04999163ea


No change on the simscan line... I still don't see anything in qmlog
spamd, other than the Startup stuff that was there from my last post...
In fact, there's nothing but what I posted last time, since the server
hasn't restarted... There's been no log entries in spamd since
1/9/2011...

SpamAssassin is On in the default QMT, right? I mean, it's obviously
installed on the system, and SimScan is running... It just seems like
something is missing, and it's on both servers... I know this is going to
end in one of those Duh! moments... :-)

Mike


-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Monday, January 10, 2011 8:39 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

On 01/09/2011 09:17 PM, Michael J. Colvin wrote:



Have you run
# qmailctl cdb
recently?


Several times, and even rebooted the whole server (Both of them) to make
sure the new cdb files were loaded. The cdb file's date stamp is being
updated when I run qmailctl cdb.

Again, what I think is the strangest part is, this is happening on two
totally separate machines, both with basically Stock ISO installs on
them... If it was happening to just one, I'd lean towards a config

error...

But with two of them, it's either something I did too both of them
(Possible, of course) or something else... And, like I said, I haven't
changed much from the stock install... Just the rcpthosts, smtproutes,
tcp.smtp (As posted) and I think that's about it..

(Shrug)...

Mike



Here's my tcp.smtp entry:
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG

RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro

l/domainkeys/%/private,NOP0FCHECK=1

You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you
really need that. I don't recall what happens w/out it, but I'd put it
in and see if that fixes things.

--
-Eric 'shubes'




-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers

Re: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Cecil Yother, Jr.
Name: simscan-toaster  Relocations: (not relocatable)
Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Tue 21 Dec 2010
09:54:47 AM PST
Install Date: Tue 21 Dec 2010 10:04:51 AM PST  Build Host:
laetitia.area510.net
Group   : Networking/Other  Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickers j...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin.  It also supports attachment
blocking by extension.  Simscan is written entirely in C to ensure maximum
speed.  There are several options to allow simscan to scan per domain, and
reject spam mail.


Current settings
 ---
 user  = clamav
 qmail directory   = /var/qmail
 work directory= /var/qmail/simscan
 control directory = /var/qmail/control
 qmail queue program   = /var/qmail/bin/qmail-queue
 clamdscan program = /usr/bin/clamdscan
 clamav scan   = ON
 trophie scanning  = OFF
 attachement scan  = ON
 ripmime program   = /usr/bin/ripmime
 custom smtp reject= ON
 drop message  = OFF
 regex scanner = OFF
 quarantine processing = OFF
 domain based checking = ON
 add received header   = ON
 spam scanning = ON
 spamc program = /usr/bin/spamc
 spamc arguments   =
 spamc user= OFF
 authenticated users scanned = OFF
 spam passthru = OFF
 spam hits = 40

Current simcontrol config
 --
 :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
[r...@laetitia ~]#


On 01/11/2011 08:36 AM, Eric Shubert wrote:
 rpm -qi simscan-toaster 

-- 
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787 | http://yother.com
Check out the new Volvo classified resource http://www.volvoclassified.com


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Michael Colvin
Here you go Eric.  Both servers had identical outputs, other than one being
installed the day after this one.  :-)

Name: simscan-toaster  Relocations: (not relocatable)
Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Fri 29 Oct 2010
02:28:37 AM PDT
Install Date: Fri 29 Oct 2010 02:30:25 AM PDT  Build Host:
mail-1.norcalisp.com
Group   : Networking/Other  Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickers j...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin.  It also supports attachment
blocking by extension.  Simscan is written entirely in C to ensure maximum
speed.  There are several options to allow simscan to scan per domain, and
reject spam mail.


Current settings
 ---
 user  = clamav
 qmail directory   = /var/qmail
 work directory= /var/qmail/simscan
 control directory = /var/qmail/control
 qmail queue program   = /var/qmail/bin/qmail-queue
 clamdscan program = /usr/bin/clamdscan
 clamav scan   = ON
 trophie scanning  = OFF
 attachement scan  = ON
 ripmime program   = /usr/bin/ripmime
 custom smtp reject= ON
 drop message  = OFF
 regex scanner = OFF
 quarantine processing = OFF
 domain based checking = ON
 add received header   = ON
 spam scanning = ON
 spamc program = /usr/bin/spamc
 spamc arguments   =
 spamc user= OFF
 authenticated users scanned = OFF
 spam passthru = OFF
 spam hits = 40

Current simcontrol config
 --
 :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 


 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Tuesday, January 11, 2011 8:36 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA
 still scans. Authenticated submissions aren't scanned though.
 
 Michael, can you post your
 # rpm -qi simscan-toaster
 (just double checking)
 
 --
 -Eric 'shubes'
 
 On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:
  Isn't there something about LAN addresses not being scanned?
 
  Quoting Michael J. Colvin mcol...@norcalisp.com:
 
  OK. Tcp.smtp now looks like:
 
 
 :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va
 r/
 
  qmail/bin/simscan,NOP0FCHECK=1
 
  Header information is still the same:
 
  Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800
  Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
  norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
  (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
  Clear:RC:1(192.168.100.122):.
  Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
  X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
  mail.norcalisp.com
  X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):.
  Processed
  in 0.066093 secs Process 28558)
  Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
  Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
  Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
  scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
  Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -
  Received: by iwn38 with SMTP id 38so21353335iwn.36
  for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=gmail.com; s=gamma;
  h=domainkey-signature:mime-version:received:received:date:message-id
  :subject:from:to:content-type;
  bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
  b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM
 
  KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
  cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
  DomainKey-Signature: a=rsa-sha1; c=nofws;
  d=gmail.com; s=gamma;
  h=mime-version:date:message-id:subject:from:to:content-type;
  b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY
 
  jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
  M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs=
  MIME-Version: 1.0
  Received

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Eric Shubert
I'm at a loss Michael. I think I'd look closer into spamassassin at this 
point. Can you invoke SA 'manually'?


On 01/11/2011 11:13 AM, Michael Colvin wrote:

Here you go Eric.  Both servers had identical outputs, other than one being
installed the day after this one.  :-)

Name: simscan-toaster  Relocations: (not relocatable)
Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Fri 29 Oct 2010
02:28:37 AM PDT
Install Date: Fri 29 Oct 2010 02:30:25 AM PDT  Build Host:
mail-1.norcalisp.com
Group   : Networking/Other  Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickersj...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin.  It also supports attachment
blocking by extension.  Simscan is written entirely in C to ensure maximum
speed.  There are several options to allow simscan to scan per domain, and
reject spam mail.


 Current settings
  ---
  user  = clamav
  qmail directory   = /var/qmail
  work directory= /var/qmail/simscan
  control directory = /var/qmail/control
  qmail queue program   = /var/qmail/bin/qmail-queue
  clamdscan program = /usr/bin/clamdscan
  clamav scan   = ON
  trophie scanning  = OFF
  attachement scan  = ON
  ripmime program   = /usr/bin/ripmime
  custom smtp reject= ON
  drop message  = OFF
  regex scanner = OFF
  quarantine processing = OFF
  domain based checking = ON
  add received header   = ON
  spam scanning = ON
  spamc program = /usr/bin/spamc
  spamc arguments   =
  spamc user= OFF
  authenticated users scanned = OFF
  spam passthru = OFF
  spam hits = 40

 Current simcontrol config
  --
  :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com




-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 8:36 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA
still scans. Authenticated submissions aren't scanned though.

Michael, can you post your
# rpm -qi simscan-toaster
(just double checking)

--
-Eric 'shubes'

On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:

Isn't there something about LAN addresses not being scanned?

Quoting Michael J. Colvinmcol...@norcalisp.com:


OK. Tcp.smtp now looks like:



:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va
r/


qmail/bin/simscan,NOP0FCHECK=1

Header information is still the same:

Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
Clear:RC:1(192.168.100.122):.
Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):.
Processed
in 0.066093 secs Process 28558)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177)
by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -
Received: by iwn38 with SMTP id 38so21353335iwn.36
formcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-id
:subject:from:to:content-type;
bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM

KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY

jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ

RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-11 Thread Michael Colvin
Eric..  Check this thread out...  I think this may be pointing me in the
right direction...

http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html

The 2nd paragraph...  Because relay client is set, simscan doesn’t run the
message through SpamAssassin (Since it's supposedly from a trusted source).

Could spamdyke be passing a value for RELAYCLIENT?  I've got the
192.168.100.0/24 (The private network my mail cluster is on) Whitelisted
in spamdyke...

Any place else that might be passing RELAYCLIENT?  It's not in my tcp.smtp
file.


 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Tuesday, January 11, 2011 11:06 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 I'm at a loss Michael. I think I'd look closer into spamassassin at this
 point. Can you invoke SA 'manually'?
 
 On 01/11/2011 11:13 AM, Michael Colvin wrote:
  Here you go Eric.  Both servers had identical outputs, other than one
 being
  installed the day after this one.  :-)
 
  Name: simscan-toaster  Relocations: (not
 relocatable)
  Version : 1.4.0 Vendor: (none)
  Release : 1.3.8 Build Date: Fri 29 Oct 2010
  02:28:37 AM PDT
  Install Date: Fri 29 Oct 2010 02:30:25 AM PDT  Build Host:
  mail-1.norcalisp.com
  Group   : Networking/Other  Source RPM:
  simscan-toaster-1.4.0-1.3.8.src.rpm
  Size: 113364   License: GPL
  Signature   : (none)
  Packager: Jake Vickersj...@qmailtoaster.com
  URL : http://www.inter7.com/vpopmail
  Summary : Simscan for qmail-toaster
  Description :
 
  SimScan is a simplified scanner for qmail similar to qmail-scanner and
  qscand.
  It uses clamav, trophie, and/or spamassassin.  It also supports
 attachment
  blocking by extension.  Simscan is written entirely in C to ensure
 maximum
  speed.  There are several options to allow simscan to scan per domain,
 and
  reject spam mail.
 
 
   Current settings
---
user  = clamav
qmail directory   = /var/qmail
work directory= /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program   = /var/qmail/bin/qmail-queue
clamdscan program = /usr/bin/clamdscan
clamav scan   = ON
trophie scanning  = OFF
attachement scan  = ON
ripmime program   = /usr/bin/ripmime
custom smtp reject= ON
drop message  = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = ON
add received header   = ON
spam scanning = ON
spamc program = /usr/bin/spamc
spamc arguments   =
spamc user= OFF
authenticated users scanned = OFF
spam passthru = OFF
spam hits = 40
 
   Current simcontrol config
--
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
  -Original Message-
  From: Eric Shubert [mailto:e...@shubes.net]
  Sent: Tuesday, January 11, 2011 8:36 AM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
  I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA
  still scans. Authenticated submissions aren't scanned though.
 
  Michael, can you post your
  # rpm -qi simscan-toaster
  (just double checking)
 
  --
  -Eric 'shubes'
 
  On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:
  Isn't there something about LAN addresses not being scanned?
 
  Quoting Michael J. Colvinmcol...@norcalisp.com:
 
  OK. Tcp.smtp now looks like:
 
 
 
 :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va
  r/
 
  qmail/bin/simscan,NOP0FCHECK=1
 
  Header information is still the same:
 
  Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -
 0800
  Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
  norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
  (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
  Clear:RC:1(192.168.100.122):.
  Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -
  X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
  mail.norcalisp.com
  X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):.
  Processed
  in 0.066093 secs Process 28558)
  Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
  by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
  Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-10 Thread Eric Shubert

On 01/09/2011 09:17 PM, Michael J. Colvin wrote:



Have you run
# qmailctl cdb
recently?


Several times, and even rebooted the whole server (Both of them) to make
sure the new cdb files were loaded.  The cdb file's date stamp is being
updated when I run qmailctl cdb.

Again, what I think is the strangest part is, this is happening on two
totally separate machines, both with basically Stock ISO installs on
them...  If it was happening to just one, I'd lean towards a config error...
But with two of them, it's either something I did too both of them
(Possible, of course) or something else...  And, like I said, I haven't
changed much from the stock install...  Just the rcpthosts, smtproutes,
tcp.smtp (As posted) and I think that's about it..

(Shrug)...

Mike



Here's my tcp.smtp entry:
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you 
really need that. I don't recall what happens w/out it, but I'd put it 
in and see if that fixes things.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-10 Thread Michael Colvin
Ok.  Will do later today/this evening and let you know.

Thanks for the suggestion!

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Eric Shubert [mailto:e...@shubes.net]
 Sent: Monday, January 10, 2011 8:39 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
 
 On 01/09/2011 09:17 PM, Michael J. Colvin wrote:
 
  Have you run
  # qmailctl cdb
  recently?
 
  Several times, and even rebooted the whole server (Both of them) to make
  sure the new cdb files were loaded.  The cdb file's date stamp is being
  updated when I run qmailctl cdb.
 
  Again, what I think is the strangest part is, this is happening on two
  totally separate machines, both with basically Stock ISO installs on
  them...  If it was happening to just one, I'd lean towards a config
 error...
  But with two of them, it's either something I did too both of them
  (Possible, of course) or something else...  And, like I said, I haven't
  changed much from the stock install...  Just the rcpthosts, smtproutes,
  tcp.smtp (As posted) and I think that's about it..
 
  (Shrug)...
 
  Mike
 
 
 Here's my tcp.smtp entry:
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/co
 ntrol/domainkeys/%/private,NOP0FCHECK=1
 
 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you
 really need that. I don't recall what happens w/out it, but I'd put it
 in and see if that fixes things.
 
 --
 -Eric 'shubes'
 
 
 --
 ---
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 --
 ---
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 
   To unsubscribe, e-mail: qmailtoaster-list-
 unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-
 h...@qmailtoaster.com
 



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-09 Thread Eric Shubert

On 01/09/2011 05:24 PM, Michael J. Colvin wrote:

I did some checking in the archives, but didn’t find a solution,
although I found some similar items, none of them seemed to point me in
the right direction…

I just realized that, for some reason, mail on two newly created servers
is not being scanned by SpamAssassin, or at least it appears as though
it isn’t…

E-mails arrive with the following contained in the headers:

Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s

scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497

Which leads me to believe that only “attach” and “clamav” are being invoked.

Here’s my tcp.smtp:

127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private

:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/qmail/bin/simscan

Here’s simcontrol:

:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

I’ve got two servers, both new builds using the ISO, that are behaving
identical. Obviously, I made some changes to tcp.smtp, but other than
that, I haven’t made any changes to any files that I’m aware of, that
effect invoking simscan, and then spamassassin….

Any thoughts?

Additional info:

qtp-whatami v0.3.7 Sun Jan 9 16:18:36 PST 2011

DISTRO=CentOS

OSVER=5.5

QTARCH=i686

QTKERN=2.6.18-194.8.1.el5

BUILD_DIST=cnt50

BUILD_DIR=/usr/src/redhat

Thanks in advance!

Mike



The Received: by simscan information won't show when a message is 
scanned by spamassassin. Look for X-Spam-* headers for an indication of 
this.


You should check the spamd log (qmlog spamd) to verify the condition of 
spamassassin. Any errors will show there, as well as messages pertaining 
to scans.


Also, all messages aren't scanned by SA. Intra-host messages (more 
specifically, messages submitted with authentication) are not scanned, 
nor are messages above a certain size. I don't recall off hand what that 
size limit is, or where it's specified. It'd be nice if that were 
documented on the wiki if it's not already.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-09 Thread Michael J. Colvin
Thanks for the replay Eric.  Here's the full header:

Received: (qmail 11511 invoked by uid 1010); 9 Jan 2011 16:09:23 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
michael.col...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms 
 (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.  
 Clear:RC:1(192.168.100.122):. 
 Processed in 0.094059 secs); 10 Jan 2011 00:09:23 -
X-Antivirus-NorCalISP-Mail-From: michael.col...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed
in 0.094059 secs Process 11504)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
  by mail.norcalisp.com with SMTP; 9 Jan 2011 16:09:23 -0800
Received: (qmail 2795 invoked by uid 89); 10 Jan 2011 00:09:21 -
Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s
 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497
Received: from unknown (HELO mail-yi0-f49.google.com) (209.85.218.49)
  by mail.norcalisp.com with SMTP; 10 Jan 2011 00:09:21 -
Received: by yib2 with SMTP id 2so5429037yib.36
for mcol...@norcalisp.com; Sun, 09 Jan 2011 16:08:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-id
 :subject:from:to:content-type;
bh=GMPLCtUDsw0tenqLVZLtyBTLSH7m83E9a36NIFIzX9g=;
b=bWDAXb5wt2YuhvYKE7ro9LDiNbkPOGFqmKDyzpOJjorI1+fPSMQeg4O9y8xKt2WXRM
 
dUeOdL8G59F79xUsHPTDODYlT1pL6/PCDS9dONYO4LRce/OACwGjn+sn+vA1xrOMcasi
 45mLzT4w+UxhAjN474zs8TBauKQtTxYJwoXPI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=Tai3/7m8KcMRAUo7vQvthAx35Er2+qbRq+OsI548wcn3rH9m/3wvFrP3MPhkShqa35
 
Zhv9HOjRaxuw4w+afZhYWdwF53IkzI77UYQ5UZTIgVvpDSAfP61wmAOwSS7PcMdBOT25
 NOxzSWtxSdbj9D9wFQ+ULFH5OAUp5P85IBvOQ=
MIME-Version: 1.0
Received: by 10.100.48.4 with SMTP id v4mr488017anv.47.1294618130674; Sun,
09
 Jan 2011 16:08:50 -0800 (PST)
Received: by 10.100.120.20 with HTTP; Sun, 9 Jan 2011 16:08:50 -0800 (PST)
Date: Sun, 9 Jan 2011 16:08:50 -0800
Message-ID: aanlkti=tmjszfszjr7ngoxjhcar4meaorua2jxhz1...@mail.gmail.com
Subject: Testing
From: Michael Colvin michael.col...@gmail.com
To: Michael Colvin mcol...@norcalisp.com
Content-Type: multipart/alternative; boundary=0016e642d6a8cc75ba049972c53e


This message is sent, obviously, from Gmail, so it's not an intra-host
e-mail, and no authentication is involved...

Qmlog spamd shows:

01-09 16:01:46 [2113] info: spamd: server started on port 783/tcp (running
version 3.2.5)
01-09 16:01:46 [2113] info: spamd: server pid: 2113
01-09 16:01:46 [2113] info: spamd: server successfully spawned child
process, pid 2387
01-09 16:01:46 [2113] info: spamd: server successfully spawned child
process, pid 2388
01-09 16:01:46 [2113] info: prefork: child states: II

These are the only entries since the last reboot...

Shouldn't the header line:  scanners: attach: 1.4.0 clamav:
0.96.3/m:53/d:12497 also show spamd though?  In other posts that I'd found
in the archive, there was a notation on that line that indicated
spamassassin was invoked...

To me, it looks like qmlog spamd doesn't have any errors, but should it show
that messages were scanned too?  I don't think spamassassin isn't running,
it just doesn't look like simscan is sending messages from qmail to
spamassassin...

That's just a guess though...

Thanks again for your input!

Mike


-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: Sunday, January 09, 2011 5:12 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

On 01/09/2011 05:24 PM, Michael J. Colvin wrote:
 I did some checking in the archives, but didn't find a solution,
 although I found some similar items, none of them seemed to point me in
 the right direction.

 I just realized that, for some reason, mail on two newly created servers
 is not being scanned by SpamAssassin, or at least it appears as though
 it isn't.

 E-mails arrive with the following contained in the headers:

 Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s

 scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497

 Which leads me to believe that only attach and clamav are being
invoked.

 Here's my tcp.smtp:

 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private


:allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/
qmail/bin/simscan

 Here's simcontrol:

 :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

 I've got two servers, both new builds using the ISO, that are behaving
 identical. Obviously, I made some changes to tcp.smtp, but other than
 that, I haven't made any changes to any files that I'm aware of, that
 effect invoking simscan, and then spamassassin..

 Any thoughts?

 Additional info:

 qtp-whatami v0.3.7 Sun

[qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-09 Thread Eric Shubert

On 01/09/2011 06:49 PM, Michael J. Colvin wrote:

Thanks for the replay Eric.  Here's the full header:

Received: (qmail 11511 invoked by uid 1010); 9 Jan 2011 16:09:23 -0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
michael.col...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms
  (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
  Clear:RC:1(192.168.100.122):.
  Processed in 0.094059 secs); 10 Jan 2011 00:09:23 -
X-Antivirus-NorCalISP-Mail-From: michael.col...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed
in 0.094059 secs Process 11504)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
   by mail.norcalisp.com with SMTP; 9 Jan 2011 16:09:23 -0800
Received: (qmail 2795 invoked by uid 89); 10 Jan 2011 00:09:21 -
Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s
  scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497
Received: from unknown (HELO mail-yi0-f49.google.com) (209.85.218.49)
   by mail.norcalisp.com with SMTP; 10 Jan 2011 00:09:21 -
Received: by yib2 with SMTP id 2so5429037yib.36
 formcol...@norcalisp.com; Sun, 09 Jan 2011 16:08:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=gamma;
 h=domainkey-signature:mime-version:received:received:date:message-id
  :subject:from:to:content-type;
 bh=GMPLCtUDsw0tenqLVZLtyBTLSH7m83E9a36NIFIzX9g=;
 b=bWDAXb5wt2YuhvYKE7ro9LDiNbkPOGFqmKDyzpOJjorI1+fPSMQeg4O9y8xKt2WXRM

dUeOdL8G59F79xUsHPTDODYlT1pL6/PCDS9dONYO4LRce/OACwGjn+sn+vA1xrOMcasi
  45mLzT4w+UxhAjN474zs8TBauKQtTxYJwoXPI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
 d=gmail.com; s=gamma;
 h=mime-version:date:message-id:subject:from:to:content-type;
 b=Tai3/7m8KcMRAUo7vQvthAx35Er2+qbRq+OsI548wcn3rH9m/3wvFrP3MPhkShqa35

Zhv9HOjRaxuw4w+afZhYWdwF53IkzI77UYQ5UZTIgVvpDSAfP61wmAOwSS7PcMdBOT25
  NOxzSWtxSdbj9D9wFQ+ULFH5OAUp5P85IBvOQ=
MIME-Version: 1.0
Received: by 10.100.48.4 with SMTP id v4mr488017anv.47.1294618130674; Sun,
09
  Jan 2011 16:08:50 -0800 (PST)
Received: by 10.100.120.20 with HTTP; Sun, 9 Jan 2011 16:08:50 -0800 (PST)
Date: Sun, 9 Jan 2011 16:08:50 -0800
Message-ID:aanlkti=tmjszfszjr7ngoxjhcar4meaorua2jxhz1...@mail.gmail.com
Subject: Testing
From: Michael Colvinmichael.col...@gmail.com
To: Michael Colvinmcol...@norcalisp.com
Content-Type: multipart/alternative; boundary=0016e642d6a8cc75ba049972c53e


This message is sent, obviously, from Gmail, so it's not an intra-host
e-mail, and no authentication is involved...

Qmlog spamd shows:

01-09 16:01:46 [2113] info: spamd: server started on port 783/tcp (running
version 3.2.5)
01-09 16:01:46 [2113] info: spamd: server pid: 2113
01-09 16:01:46 [2113] info: spamd: server successfully spawned child
process, pid 2387
01-09 16:01:46 [2113] info: spamd: server successfully spawned child
process, pid 2388
01-09 16:01:46 [2113] info: prefork: child states: II

These are the only entries since the last reboot...


No SA scanning is happening then, as you've said.


Shouldn't the header line:  scanners: attach: 1.4.0 clamav:
0.96.3/m:53/d:12497 also show spamd though?  In other posts that I'd found
in the archive, there was a notation on that line that indicated
spamassassin was invoked...


Yes is should, now that I look back on things. I'm seeing this:
Received: by simscan 1.4.0 ppid: 31845, pid: 31846, t: 2.8534s
 scanners: attach: 1.4.0 clamav: 0.96.5
/m:51/d:10306 spam: 3.2.5

I think it's odd that the 3rd line isn't indented like the 2nd, but I'm 
seeing it now (missed the 3rd line before).



To me, it looks like qmlog spamd doesn't have any errors, but should it show
that messages were scanned too?


Right, it should show messages for each email that's scanned, like this:
01-09 19:39:32 [2535] info: prefork: child states: II
01-09 19:54:10 [30403] info: spamd: connection from tacs-mail.shubes.net 
[127.0.0.1] at port 56763
01-09 19:54:10 [30403] info: spamd: processing message 
20110110025403.60073b708...@web4.breastcancer.org for clamav:89
01-09 19:54:11 [30403] info: spamd: clean message (-2.9/3.7) for 
clamav:89 in 0.8 seconds, 2509 bytes.
01-09 19:54:11 [30403] info: spamd: result: . -2 - AWL,BAYES_00 
scantime=0.8,size=2509,user=clamav,uid=89,required_score=3.7,rhost=tacs-mail.shubes.net,raddr=127.0.0.1,rport=56763,mid=20110110025403.60073b708...@web4.breastcancer.org,bayes=0.00,autolearn=ham

01-09 19:54:11 [2535] info: prefork: child states: II


I don't think spamassassin isn't running,


Right. The child states line in the log indicates that it's running. 
You'll see those processing running (with ps) as well.


FWIW, I think that if spamd wasn't running and simscan tried to invoke 
it, then qmail-smtp would fail with a (quite elusive and nondescript) qq 
softfail message.



it just doesn't look like simscan is sending messages from qmail to
spamassassin...



RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro

2011-01-09 Thread Michael J. Colvin

Have you run
# qmailctl cdb
recently?

-- 
-Eric 'shubes'


Several times, and even rebooted the whole server (Both of them) to make
sure the new cdb files were loaded.  The cdb file's date stamp is being
updated when I run qmailctl cdb.

Again, what I think is the strangest part is, this is happening on two
totally separate machines, both with basically Stock ISO installs on
them...  If it was happening to just one, I'd lean towards a config error...
But with two of them, it's either something I did too both of them
(Possible, of course) or something else...  And, like I said, I haven't
changed much from the stock install...  Just the rcpthosts, smtproutes,
tcp.smtp (As posted) and I think that's about it..

(Shrug)...

Mike


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com