Re: Email / Inbox Speed Problems

[Jay Plesset]

Geez, unless your users are into the millions of messages, maybe you 
need a more scalable mail server.   My day job is support of the Sun 
comms suite.  I only get these when there are litterally tens of 
millions of messages in an inbox.


jay

Ted Mittelstaedt wrote:

Sean Leinart wrote:

-Original Message-
From: Sean Leinart [mailto:slein...@fscarolina.com] Sent: Friday, 
October 23, 2009 2:04 PM

To: TJ Russ
Cc: allison.ays...@lonesource.com; Spamassassin Mailing List
Subject: Email / Inbox Speed Problems

Hi TJ,

Looking over your Inbox situation, you suffer from the same problem 
as most here do. You have too much email stored on the server. Can 
you give me a rundown of the folders that can be eliminated in your 
Inbox, we can archive them off then delete them from your folders 
that are online, this will help a great deal.


Thank you,

Sean Leinart
Network Systems Engineer
First Service Carolina Inc.
Raleigh, North Carolina
United States
slein...@fscarolina.com
919-832-5553



DOH!!
 
List, please disregard the erroneous CC: post to the list.




I had to look twice since it was the identical problem to what
we deal with every week around here.

Ted

Re: Email / Inbox Speed Problems

[Jay Plesset]

Many of my users use the various quota settings in Messaging Server.  
You can set quotas on message number and/or mailbox size.  Notifications 
are sent to the user, even if they're over quota. . .


You can set quota individually, by "class of service", or globally.

Yes, it'll run on the same hardware you're running now.  On Redhat 4 or 
5, or Solaris.


jay

Ted Mittelstaedt wrote:

Jay Plesset wrote:
Geez, unless your users are into the millions of messages, maybe you 
need a more scalable mail server.   My day job is support of the Sun 
comms suite.  I only get these when there are litterally tens of 
millions of messages in an inbox.




Where we generally get these problems is when users are running MacOS X
and using the included free Apple Mail as a POP3 client, because one
of the DEFAULTS of that client is to leave a copy of the mail message
on the server.  The typical scenario is that we get one of these users
who runs it this way for a couple months, then one day their relative
starts e-mailing them 50MB pictures of their latest vacation, and once
their e-mail box exceeds 800MB in size, popper (qpopper) starts getting
really slow in downloading the message ID list and their client starts
running like a dog.

There's probably many ways I could fix it, from replacing qpopper to
going to faster disks or more powerful hardware, or running a nightly
script that squawks about the bad citizens, but I frankly don't
feel compelled to allocate all of our POP3 users a gigabyte of disk 
space for their mailbox, and if did fix it then I'd have to setup

quotas on /var/mail

Doing it this way penalizes only the users who engage in the 
objectionable behavior, and it penalizes them in such a way that it 
doesn't cause them to lose mail, or cause the server to reject 
incoming mail messages to them, or causes mail they have to be 
truncated.  And

it also doesn't do it in a way that is sudden - the user just starts
noticing things getting slower and slower and slower over time - so
they have plenty of time to contact us at their leisure.

I suppose that one of these days the author of qpopper will rewrite
the search logic in the qpopper program to fix this and then I'll have
to find some other way to gently enforce this.

Ted


jay

Ted Mittelstaedt wrote:

Sean Leinart wrote:

-Original Message-
From: Sean Leinart [mailto:slein...@fscarolina.com] Sent: Friday, 
October 23, 2009 2:04 PM

To: TJ Russ
Cc: allison.ays...@lonesource.com; Spamassassin Mailing List
Subject: Email / Inbox Speed Problems

Hi TJ,

Looking over your Inbox situation, you suffer from the same 
problem as most here do. You have too much email stored on the 
server. Can you give me a rundown of the folders that can be 
eliminated in your Inbox, we can archive them off then delete them 
from your folders that are online, this will help a great deal.


Thank you,

Sean Leinart
Network Systems Engineer
First Service Carolina Inc.
Raleigh, North Carolina
United States
slein...@fscarolina.com
919-832-5553



DOH!!
 
List, please disregard the erroneous CC: post to the list.




I had to look twice since it was the identical problem to what
we deal with every week around here.

Ted

Re: Email / Inbox Speed Problems

[Jay Plesset]

right, and you are wrong.  For us to win at the game we must
educate the users, and the most ignorant of the users will only
open their minds for knowledge for a very short time, before it
snaps closed like a steel trap, and they will never believe
there's a problem unless they see it for themselves.

After all, just think of your average conservative Republican's
reaction to Global Warming.  It's not something they can see and
their brains are (apparently) incapable of imagination so they cannot
imagine that Global Warming is real, that's why they make silly
arguments like "global warming must not be happening because
we are having a pretty cold winter"  It's the same principle in 
operation here.
Well, it's the devil you know vs the one you don't.  I was offereing a 
solution that doesn't slow down.  If you don't think it would help you, 
then you don't have to look at it.


jay


Ted


Jay Plesset wrote:
Many of my users use the various quota settings in Messaging Server.  
You can set quotas on message number and/or mailbox size.  
Notifications are sent to the user, even if they're over quota. . .


You can set quota individually, by "class of service", or globally.

Yes, it'll run on the same hardware you're running now.  On Redhat 4 
or 5, or Solaris.


jay

Ted Mittelstaedt wrote:

Jay Plesset wrote:
Geez, unless your users are into the millions of messages, maybe 
you need a more scalable mail server.   My day job is support of 
the Sun comms suite.  I only get these when there are litterally 
tens of millions of messages in an inbox.




Where we generally get these problems is when users are running MacOS X
and using the included free Apple Mail as a POP3 client, because one
of the DEFAULTS of that client is to leave a copy of the mail message
on the server.  The typical scenario is that we get one of these users
who runs it this way for a couple months, then one day their relative
starts e-mailing them 50MB pictures of their latest vacation, and once
their e-mail box exceeds 800MB in size, popper (qpopper) starts getting
really slow in downloading the message ID list and their client starts
running like a dog.

There's probably many ways I could fix it, from replacing qpopper to
going to faster disks or more powerful hardware, or running a nightly
script that squawks about the bad citizens, but I frankly don't
feel compelled to allocate all of our POP3 users a gigabyte of disk 
space for their mailbox, and if did fix it then I'd have to setup

quotas on /var/mail

Doing it this way penalizes only the users who engage in the 
objectionable behavior, and it penalizes them in such a way that it 
doesn't cause them to lose mail, or cause the server to reject 
incoming mail messages to them, or causes mail they have to be 
truncated.  And

it also doesn't do it in a way that is sudden - the user just starts
noticing things getting slower and slower and slower over time - so
they have plenty of time to contact us at their leisure.

I suppose that one of these days the author of qpopper will rewrite
the search logic in the qpopper program to fix this and then I'll have
to find some other way to gently enforce this.

Ted


jay

Ted Mittelstaedt wrote:

Sean Leinart wrote:

-Original Message-
From: Sean Leinart [mailto:slein...@fscarolina.com] Sent: 
Friday, October 23, 2009 2:04 PM

To: TJ Russ
Cc: allison.ays...@lonesource.com; Spamassassin Mailing List
Subject: Email / Inbox Speed Problems

Hi TJ,

Looking over your Inbox situation, you suffer from the same 
problem as most here do. You have too much email stored on the 
server. Can you give me a rundown of the folders that can be 
eliminated in your Inbox, we can archive them off then delete 
them from your folders that are online, this will help a great 
deal.


Thank you,

Sean Leinart
Network Systems Engineer
First Service Carolina Inc.
Raleigh, North Carolina
United States
slein...@fscarolina.com
919-832-5553



DOH!!
 
List, please disregard the erroneous CC: post to the list.




I had to look twice since it was the identical problem to what
we deal with every week around here.

Ted

Re: Email / Inbox Speed Problems

[Jay Plesset]

Ted Mittelstaedt wrote:

Jay Plesset wrote:



Ted Mittelstaedt wrote:


What is the point of a quota system that does not limit the
received mail?  And if it does limit it then we get irate calls from
people complaining that sally sue sent them a message and got it
returned.  Of course, sally sue never reads the error message
and tells our user that their e-mail box is too large - or if
she did, then irate user thinks it's our problem.

Um, well, that's not exactly how it works.

System messages and "guranteed delivery" messages always get through.
Messages that will take a user over quota are held for a configurable 
"grace" period, and the user is warned that they are over quota at a 
configurable repeat rate.  Messages are returned to the sender after 
a configurable hold period.  there are plenty of knobs for you to 
turn. . .


I can understand that, and in a corporate environment where you
have more control over the userbase (and the users are much more
inclined to listen to you, after all it's not their money on the line)
I am sure it would work well.  Of course, if I was using a
-standards- based method of handling mail in such an environment
(ie: NOT MS Exchange) then I wouldn't be using POP3 in the first
place, I'd be using IMAP and I'd also setup a set of shared
e-mail folders accessible from the IMAP client.  I'd also probably
run some scripts that warned me when people were letting their
inbox get too large, so I could go train them in how to drag the
mail messages they want to save into private or shared folders
on the server.  But, that's my style - other admins might go out
and buy software to do this.  Ultimately it works the same way.

This discussion really illustrates the disconnect between people who
write e-mail systems for a living and what ISP's need.  While I've
not looked at the Sun comm suite your talking about, I'm sure it's
not that much different from many other commercial e-mail systems
I've been pitched over the years from people wanting to make my
life easier as an ISP admin (in exchange for some money, of course)
Just to be clear, the software I'm offering is designed not to "replace 
Exchange", but for ISP's or large corp accounts.  One of the customers 
I'm assigned to support has 100 "store" systems, each with 500,000 
mailboxes and typically sees 30,000 simultaneous imap connections.


We often see systems with a million mailboxes.

You like webmail?  Our webmail interface also talks to our Calendar 
Server, our IM server, and should shortly include gateways into other IM 
systems.  It's all pretty open, based on standard protocols, and no, 
there isn't a gui admin interface.  Maybe later.  The MTA has been 
around for 25 years, previously called, "PMDF". 

Yes, we'd like you to license it, and pay for support.  You can download 
and use at no cost. . .


jay


The problem though is when I've drilled into them, I've always found
issues like this.  Those systems are written first as competitors to
Exchange, and make a boatload of assumptions about the users, and
the admin's skill level.  Usually they assume the users are smarter
and the admins are dumber.  That's about right for the corporate
networks I've admined.  But ISPs don't survive unless the admin is
a lot smarter - because the users in general are a lot dumber.

Oh, there's exceptions - but most of the time it's customers who
work in office environments and come home and want the same level of
support they get at the office.  Those people are in a minority.
The majority of customers quite obviously don't understand very much,
and with a surprising number of them they don't even understand the
accepted nomenclature.

If I had a nickel for every time I've told a user "OK now open your
web browser" and gotten back "what's a web browser" I'd be a rich
man.  I've learned to refer to web browsers with phrases like
"go to google" or "click on the Internet".  This is the level of
skill we deal with regularly.  After all, it's not the new-technology
embracers who are calling in for ISP support.  It's the people
who were left behind years ago, who are only on the Internet because
the rest of their family won't spend the time to communicate with
them unless they are on facebook or e-mail.  At least once a week
I and the other admins get someone who we just shake our head over
and wonder why in the world this person is even wasting their money
and time with a computer at all - they are like the old grandmother
who never drives on the highway and never drives faster than 45Mph
who owns a Lamborghini.  It's really a sad thing, to be honest.



Not to mention the user thinks their inbox is -on their mac-
not on our mailserver, since of course they

Re: [OT?] Web Form Spam

[Jay Plesset]

I've been getting 2 or 3 of these daily.  The mail address typically 
matches the "name" put in, it's always a gmail address, and so far, it's 
always been a bad mail address.


It's more an annoyance than a problem, my mailing program sends out a 
confirm, and when it bounces, I remove the bogus entry from the db.


jay plesset
IT, dp-design.com

Jason Bertoch wrote:

On 1/29/2010 12:44 PM, te...@cnysupport.com wrote:


Really, I was just trying to figure out what the point would be for 
someone to fill out the form with obviously invalid data.




My guess is that it's a spammer's bot looking for a broken web form to 
abuse.

Re: [OT] Filter Server Specs

[jay plesset]

Clifton Royston wrote:


On Fri, Oct 27, 2006 at 02:42:49PM +, Duane Hill wrote:
 

Currently, we are looking to install a server that will be doing content 
filtering for our main e-mail server. I thought I would toss this out to 
everyone to get some feedback on if the server would be adequate.


The server is a Dell PowerEdge 6850 with the following:

- Four 2.6 GHz/800Mhz/4mb Cache Dual-Core Intel Zeon 7110M processors
- Eight GB DDR2 400Mhz ram
- Four 300GB, 3Gbps, SAS, 10K RPM Hard Drives running Raid-5 on a 
PERC5/i controller


Our main e-mail server services over 500 domains with an account total 
of around 40,000.


The current filter server we have can not do any content filtering 
outside of itself (i.e. the MTA) because of CPU load (i.e. 
SpamAssassin). Any message scanning where the message size is over 1.5K 
will kill the CPU. The current filter server we have in place is 
rejecting an average 2.4 million per day with just the common 
blacklisting and some other things that are set in place.
   



 I *think* this should handle your load.  Personally from my years of
ISP experience, I'd strongly favor going the road of multiple identical
servers in parallel rather than putting all your eggs in one basket. 
E.g. use two 4 CPU servers rather than one 8 CPU (4x dualcore) server.

The difference is that if it comes up just short, or if load jumps up
again, it's easier to add a 3rd server and cut it into the mail path
than to upgrade a server which is handling all your filtering.

 You also don't need fast hard drives on a filtering server; it's
almost all gonna be pushing the CPU and RAM.
 



Totally agreed!

I support mail servers for a living. . . .

 

The other thing I would like to know is what kind of an operating system 
would one install on this new server?
   



 This'll get you into a religious war for sure...  I would favor
FreeBSD latest (6.x), but any version of Linux with a good package
system and a recent 2.6 kernel is a good choice - maybe better than
FreeBSD at using 8 CPUs.  Reasonable possibilities include CentOS,
Gentoo, Debian.  I'm not a big Linux head, others may have stronger
opinions on that front.
 



Have a look at Solaris 10.  It's free, and very well tested.  SA runs 
very, very will on it.  It handles multi cpu well, and gets patched well.


jay plesset
sr. support engineer, sun microsystems.


 -- Clifton

 

Re: Braindeath in the Navy

[jay plesset]

It never fails to amaze me now many mail server admins ask for ways to 
break the RFC's in the interest of "security".  I do tech support on 
mail servers, and get requests to configure out server for this kind of 
thing weekly. . .


jay

Philip Prindeville wrote:


Well, I tried to contact some people responsible for
the servers below that what they were doing was broken,
including citing chapter and verse where in RFC-2822 in
syntax of the Received: lines was spec'd out:

Received: from Gate2-sandiego.nmci.navy.mil (gate2-sandiego.nmci.navy.mil 
[138.163.0.42])
by mail.redfish-solutions.com (8.13.8/8.13.7) with ESMTP id 
kAGNLZHp020689
for <[EMAIL PROTECTED]>; Thu, 16 Nov 2006 16:21:40 -0700
Received: from nawesdnims03.nmci.navy.mil by Gate2-sandiego.nmci.navy.mil
 via smtpd (for mail.redfish-solutions.com [71.36.29.88]) with ESMTP; 
Thu, 16 Nov 2006 23:21:40 +
Received: (private information removed)
Received: (private information removed)
Received: (private information removed)
Received: (private information removed)
Received: (private information removed)

and which fields it requires (like the semi-colon followed by the
timestamp coming after a comment field) [cf: RFC 2822, section 3.6.7:

received=   "Received:" name-val-list ";" date-time CRLF

name-val-list   =   [CFWS ] 
[name-val-pair *(CFWS name-val-pair)]

including the definition of CFWS in 3.2.3.]

It just boggles my mind why anyone would go through that much trouble
to deliberately damage a header line, rather than just delete it.

Well, maybe they'll get a whiff of the errs of their ways in the
Hall of Spam Shame...

-Philip


 

Re: Which Operating Systems Do You Use and Why?

[jay plesset]

Interesting answers.

I'm using Solaris 10/X86.  Sun Java Enterprise Messaging Server. 
Integration is built in.  easy to set up.  Dead stable,  but,then I
work for Sun.

jay

Bowie Bailey wrote:

  Ask List wrote:
  
  
We can not seem to come to an agreement on the best operating system
to run spam assassin. So we have decided to post this question to the
mailing list so we can have other opinions. I realize everyone will
have a different opinion on the subject and some will have none at
all, linux is linux and unix is unix. So I would like to hear users
experiences using different operating systems.
Pros/Cons/Problems/Headaches/etc. The operating systems I'm most
interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and
OpenSolaris.

  
  
Hopefully this doesn't start a flame-war, but it is likely to become a
large thread in any case.  Ah well... here we go! :)

I have been using RedHat and Fedora, but am now in the process of
transferring my servers over to CentOS.  It is a direct rebuild of
RedHat Enterprise Linux, so it has stability and a slower upgrade
cycle which is very nice for a server.  I have run Courier-MTA,
Apache, Bind, SpamAssassin, ClamAV, Samba, etc and it has been very
easy to deal with and extremely stable.

  

Re: The Future of Email is SQL

[Jay Plesset]

"fast enough" is a value judgement.

Fast enough may be ok, if you have a few hundred or even a few thousand
users, saving small mailboxes.

In a large scale system, where you have a million users, each of which
has thousands of messages, I doubt any current database, SQL or other
will have that kind of performance.

I regularly use a mail server capable of handling that kind of load. 
It's free, and will eventually be open sourced.  Sun Java System
Messaging Server.  Runs on Solaris, Soaris X86, Linux.

Uses individual files for each message.

jay plesset
sr. tech support engineer.  

Sun Microsystem.

Marc Perkel wrote:

  
  
  After considerable experimenting and thinking things through I thought 
I'd start a thread on the future of email to start planting the seeds of 
where MTA development needs to go. I'm convinced that someday soon we 
will all realize that MBOX and MAILDIR are obsolete technologies and 
that the future is going to be SQL based storage.

First - before everyone starts screaming about speed comparisons, I'm 
not going to go there. Every storage technology has it's advantages and 
disadvantages but I'm just going to say that SQL based mail storage is 
fast enough. The advantages of SQL has to do with power and not with 
speed. Those who would choose it would do so because they want to do new 
things that you can do with a database and can't do without one.

SQL has several advantages. You don't have t deal with the quirks of the 
underlying file system or OS. It takes care of all the locking issues 
and indexing and makes it so that multiple applications can seamlessly 
access the data. With an SQL backend email can be stored from the MTA, 
read from and IMAP client that accesses the same database, and the spam 
filtering engine will have access to the stored email as well.

To give you some examples of what could be done .

Suppose a spammer sends 1000 phishing spams to your users and then you 
figure out that the 1000 spams already delivered is spam. With a 
database you can do a query to retroactively delete spam that was 
already delivered to the mailboxes. This could also be used to 
retroactively delete viruses already delivered.

Spam filtering programs can lookup existing email in existing folders 
and compare it with new email already deliverd to help determine more 
accurately if a message is spam or not. For example, if the host server 
has a reputation for 100% ham then it can deliver new email without 
running it through Spam Assassin. If programs like Spamassassin can 
access existing email in existing folders it can evaluate new email 
using tricks no one has yet considered.

SQL databases allow for multiple masters and slaves and replication that 
lets you create a cluster that never fails under any conditions. It 
would be far easier to create a system that is always on and always 
backed up.

An SQL backend allows you to use a wide variety of tools, programming 
languages, operating systems in order for you to easily integrate more 
easily than non database systems.

And - this is important - once you have a database then new things that 
no one has yet thought of will be possible and new things we've never 
heard of will be developed because the new power will lend to the 
development of more tricks than you can do without database power.

My point here is - think outside the box. I'm going to be lobbying IMAP 
server developers to include SQL backends. exim could pipe data into a 
local delivery agent, or it can have features written to write directly 
to the SQL backend.

Thoughts . ?


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/


  

Re: Should Emails Have An Expiration Date

[Jay Plesset]

How about something that doesn't depend on the SENDER setting 
something?  I've set my system up to automatically "empty the trash" 
after 30 days, and dump the "spam" folder after 2 weeks.  I could easily 
set up an "archive" folder for my users and automatically "expire" their 
inbox at whatever time period I want  If they want to keep something 
forever, move it to the "archive" folder..


jay plesset
IT, dp-design.com
Sr. Support Engineer, Oracle

On 2/28/2011 1:51 PM, Matt wrote:

Looking at top 8 newest messages from my personnel email account:

Newsletter
Magazine Renwal Offer
Ebook Update Notice
Travel Deal of Week
Sales Flyer with weekly specials
Reply to forum thread
Anouther Newsletter
Custommer Service Response.
Etc.

Hmm. All of these could really expire at 30 day mark except custommer
service response in my opinion.  Even if they expired at 365 days its
better then sitting there forever.  I can not honestly think of any
reason to keep any of these past 30 days.  If personnel messages never
expire thats fine but all this other crap can AFAIC.  On personnel
messages perhaps give sender option of choosing option of 30days,
12months or never and default to never.  Seems like new email clients
default to leaving mail on server rather then downloading and
deleting.  Thats fine tell every email user is using 10G+ for email
server space.  Server space is not free and backups take time and even
more space.  Plus this all slows down POP3 etc as everytime you check
email it must return a list of messages and when there are thousands
of messages to look at that this can really load down a server.

I imagine this would be like return receipts.  Yeah its there but that
does not mean all clients or servers are going to honor it.

Re: spamd dns problems

[Jay Plesset]

Does your local server also do reverse lookups?
Jon Dossey wrote:
As per Matthew Romanek's ([EMAIL PROTECTED]) recommendations, I
re-pointed my resolver to a different nameserver (from resolving
locally), and can successfully scan a message in a little under 2.5
seconds (2.3 - 2.4 seconds).  

I already upgraded to perl 5.8.5 and Net::DNS 0.48, which didn't resolve
the problem.
Does anyone have any idea why it fails when attempting to resolve off
the local nameserver?  The resolver works perfectly otherwise.
Any input appreciated.
Thanks,
.jon
__
"The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential, proprietary, and/or 
privileged material.  Any review, retransmission, dissemination or other 
use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited.  
If you received this in error, please contact the sender and delete 
the material from all computers."
 

Re: OT Boincing Spam

[Jay Plesset]

Timeout should not be a problem.

My SA seems to take 3 to 6 seconds to scan a message.  SMTP timeout
should be 10 minutes, for any server that's compliant with rfc.

jay

John Andersen wrote:

  On Friday 24 December 2004 06:59 pm, [EMAIL PROTECTED] wrote:
  
  
Recently, I have set up my account to reject with a 554 SMTP error
code anything that spamassassin flags as spam, using the default
threshold of 5.0,

  
  
>From your web page:

"Bodytest" support - allows you to run filters like spamassassin and clamscan 
on the body of a mail message before replying to the final "." of the SMTP 
DATA command. (See the edinplace(1) man page and the bodytest description in 
the avenger(1) man page.) 


This would imply that you hold the connection open from the sender till
SA has had a look at the mail, (which may entail several network based hits
in the process of checking surbl etc).  Does this not entail some rather
large number of open connections on the mail server, some of which might
time out when SA is working hard?

Also does avenger sit ahead of sendmail or is it called by sendmail?
(Who is listening on 25? Avenger or sendmail/qumail?

  

Problem loading ClamAV plugin

[Jay Plesset]

Usually, I'm pretty good at following instructions.  I have done so, far 
as I can tell.


SA works fine.
ClamAV works, in that clamd starts, listens on the correct port, and 
clamdscan works fine.


but. . .

spamassassin --lint throws this:

# /usr/local/bin/spamassassin --lint
failed to create instance of plugin ClamAV: Can't locate object method 
"new" via package "ClamAV" (perhaps you forgot to load "ClamAV"?) at 
(eval 46) line 1.


Failed to run CLAMAV SpamAssassin test, skipping:
   (Can't locate object method "check_clamav" via package 
"Mail::SpamAssassin::PerMsgStatus" at 
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm 
line 2312.

)
lint: 1 issues detected.  please rerun with debug enabled for more 
information.

# ls


What I did:

Install current stable version clamav, 0-.86.2.  compiles and seems 
happy.  freshclam is happy, too.


install File::Scan::ClamAV through cpan

copy the files, clamav.cf  clamav.pm to the /etc/mail/spamassassin 
directory, and made them readable by the user that spamassassin is 
running as.


The doc on installing the plugin has nothing beyond this:

http://wiki.apache.org/spamassassin/ClamAVPlugin


Have I missed something obvious?  Googling hasn't helped...

thank you!

jay plesset

mail admin for D. P. Design
day job:  Tech Support (Messaging Server, Sun Microsystems)

Re: Postfix/SA/Exchange 2000 'NDR attack' exploit spam and other bad things

[Jay Plesset]

Wow.  I knew I didn't like Exchange.. .

I run Sun's Messaging Server 6.2.  SA integrates right into it, with 
hooks provided by Sun.


Addresses are first verified, even before the sending system gets to the 
"data" part of the conversation.  If the address is bogus, they get a 
550 5.1.1 unkown alias rejection, right there.  Then the message goes to 
SA for processing...


Sun Java Messaging Server runs on many OS's, and is a free download, to 
try.  They'd like you to pay for a license...


jay

Greg Allen wrote:


I have recently been working on the Exchange 2000 NDR attack issue.

For those who are not aware of this issue, I will explain.

It seems there is a certain group of desperate idiot spammers that believe
that bouncing off good Exchange 2000 servers with non-delivery reports is a
good way to deliver spam.

They send tons of email at your Exchange 2000 server, with a different reply
addresses forged for each email.

The spam recipient apparently sees an NDR from your server, with spam
attached. Your server did the delivery. (ooops) Moronic idea, must look like
hell to the spam recipient, but apparently it is being done out there.

There is also apparently little to nothing that can be done for the exchange
server. There are a few third party items that I am looking into, but the
real fix (supposedly) is to upgrade to Exchange 2003. See here:
http://support.microsoft.com/?kbid=886208

The thing that apparently is the tip off for this issue is tons of queued up
email to spam domains in your Exchange queues.

The difficult part, it that it is hard to tell the difference between NDR
attacks on your Exchange server as opposed to some idiot just using your
domain for his reply address in a spam run. It has about the same affect as
far as I can tell with the queues.

Ok, that is the background...

Now onto the problem as I see it. Let's say I do the fix with 2003 (which I
have already done). So, recipient verification is now enabled on Exchange
2003. One small problem however. If I have SpamAssassin kill emails at lets
say...20 points spam score, the email recipient never gets verified on my
front end Postfix/SA server. I am receiving all the various bogus email
addresses and sending them to the trash can where they belong.

What would be better though, is for Postfix/SA to allow recipient
verification to Exchange before Postfix/SA starts going to work at all. I
would rather not make recipient files on the postfix server. Seems like
there should be a better way.

It would seem that ideally, the error "User unknown (in reply to RCPT TO
command)" (or whatever) should be allowed to happen before SA starts testing
the email.

I could just let the high score emails go through without killing it, and
that would probably work correctly as far as recipient verification goes
with the Exchange 2003 server, but I would rather not do that. The legit
users would see a flood of more  ***spam*** tagged emails than they are used
to seeing.

So, I guess my question would be, does anyone know of a way to allow a
natural recipient validation check downstream to the Exchange 2003 server
before SA starts working, so that SA does not start testing on all these
bogus email addresses. Again, I am looking for some solution that does not
involve creating recipient verification maps on the Postfix server.


Thanks in advance for any ideas.











 

Re: Sorta OT - was: RE: Out of Office AutoReply

[Jay Plesset]

No decent MTA should be returning OOO messages to a mailing list.  Any
such should be considered buggy, and fixed.  I know that the MTA I use
(Sun JES Messaginag Server) doesn't return OOO messages to a group. It
only returns OOO messages when the addressed "to" matches the entry in
the user's mail or mailAlternateAddress.

jay

Loren Wilton wrote:

  
Differentiating between personal accounts and company email systems, how

  
  do
  
  
you all classify OOO messages?

  
  
Personally if they are a reply to a mailing list I consider them spam, but
generally not a spam that should be reported, merely one that should be
quietly dropped.  (There are exceptions.)

Why do I consider them not reportable?  Because:

a) It is reasonable in some companies to subscribe from mailing lists at
work

b) Some companies REQUIRE that you have an OOO message if you are OOO.  Some
companies set them up automatically, or the person's boss does the day after
the user goes on vacation.

c) Not all people run Unix mail clients, and thus many either don't know how
to do an OOO that will only respond in-company, or that won't respond to
mailing list messages

d) Most people (sigh) use MS mail "tools" (as I am) and the ffing MS idiots
have never even considered the *possibility* that someone might want a
different auto-response to a list message than a personal message.  Or to a
spam.

The result is OOO messages, even if the person would like that to not
happen.

So I have a moderately decent filter rule in OE that catches most of them
and quietly deletes them.  Seems a reasonable compromise for things that
most people really can't control.


Now, there are eggregious cases that are reportable.  Like the idiots in
customer service at some companies that signed the "customer comments"
mailbox up to a bunch of mailing lists, so anytime a message is posted the
company sends out a "thank you for your inquiry about our wonderful
products; someone will get back to you in several days".  Or the
autoresponders that autorespond to their own OOO messages with another OOO
message.

Loren

  

Re: Ready to throw in the towel on email providing...

[Jay Plesset]

My church decided to go with O-365, without even evaluating any 
alternatives. We have an unemployed IT person that talked the staff into 
this, even though I've offered to implement a "real" e-mail solution 
multiple times, and even provide hardware to run it on.


"free" was the biggest draw, then "no administration".  *sigh*.

jay plesset
IT, dp-design.com

On 7/28/2014 3:49 PM, Ian Zimmerman wrote:

On Mon, 28 Jul 2014 12:57:38 -0400
"David F. Skoll"  wrote:

David> 1) Gmail is actually pretty good at filtering spam.  I can't
David> speak for MSFT since I don't use it.

David> 2) Especially in North America, companies are short-sighted and
David> go for quick fixes and things that look cheap up-front without
David> considering the long-term costs.

David> 3) Especially in North America, people don't see the value in
David> learning technology.  They want simple, spoon-fed solutions and
David> they love the word "oursourcing".  Sorry if (2) and (3) are not
David> PC, but the slag against North Americans is based on my personal
David> experience. :) And hey, I'm Canadian so I can dis my own crowd...

David> 4) Most non-technical small businesses equate "Mail Server" with
David> "Microsoft Exchange", and Microsoft has steadily been making
David> Exchange more and more of a PITA to administer.  Each new version
David> of Exchange breaks things and requires learning new procedures.
David> Combine that with (3) and we see that MSFT is using on-premise
David> Exchange as a trojan horse to get people on O-365.  The huge pool
David> of "managed service providers" that recommend MSFT solutions is
David> by-and-large staffed by incompetents who are only too happy to
David> shove their customers onto O-365 and collect kickbacks every
David> month.

Good summary, but I think you forgot (5):

They have prettier icons.

I am not 100% kidding, either.

Re: Ready to throw in the towel on email providing...

[Jay Plesset]

On 7/29/2014 9:33 AM, Ted Mittelstaedt wrote:



On 7/28/2014 4:17 PM, Jay Plesset wrote:

My church decided to go with O-365, without even evaluating any
alternatives. We have an unemployed IT person that talked the staff into
this, even though I've offered to implement a "real" e-mail solution
multiple times, and even provide hardware to run it on.



Apparently they didn't understand if the guy was an unemployed IT person
there was a reason he was unemployed!

Agreed.



"free" was the biggest draw, then "no administration". *sigh*.



But, the "no administration" isn't true at all.  There's still 
administration.


Does Microsoft provide Office 365 free to churches?  I know that they
had ridiculously cheap server license pricing (through their Charity
Pricing program) but I didn't know they had got to Free with Office 365?

That's what they told me.  I said, "Free for now at least. . . "


I did a lot of work for my families church a decade ago in the volunteer
area.  Both on the building committee and IT work for them.

I learned after a year that if your goal is to have people who don't
understand or appreciate what you do for them, and shit all over what
you do for them, volunteer for a church.
Oh, yeah.  My wife and I built a new website for them.  Last summer, the 
staff didn't bother with updating the calendar, and come fall, they 
said, "we forgot how".


The other thing about churches is that the staff runs more than they 
should, and really, truly doesn't understand the reason for a website, 
marketing, etc.


jay


There's a reason most churches constantly solicit for volunteers. A 
church is the only place that a professional tradesperson can 
volunteer his services and during the job be told that he's doing it 
wrong, by people who have never held a wrench, paintbrush, pipe 
threader, network cable, you name it.


I actually saw one time a couple come in and paint a large room in the 
church, used very good paint, excellent coverage, masked off everything,

etc. and when they left the room looked like a pro had done it - no
paint runs or drips where they weren't supposed to be etc.  Then 2 
weeks later the church paid to have a professional come in and paint 
the room - again - same color - same paint.  When I asked why, I was 
told "we had the painters scheduled for that room, they should have 
asked us before painting in there"  This is the kind of politics you 
run into with church volunteering.


Ted


jay plesset
IT, dp-design.com

On 7/28/2014 3:49 PM, Ian Zimmerman wrote:

On Mon, 28 Jul 2014 12:57:38 -0400
"David F. Skoll"  wrote:

David> 1) Gmail is actually pretty good at filtering spam. I can't
David> speak for MSFT since I don't use it.

David> 2) Especially in North America, companies are short-sighted and
David> go for quick fixes and things that look cheap up-front without
David> considering the long-term costs.

David> 3) Especially in North America, people don't see the value in
David> learning technology. They want simple, spoon-fed solutions and
David> they love the word "oursourcing". Sorry if (2) and (3) are not
David> PC, but the slag against North Americans is based on my personal
David> experience. :) And hey, I'm Canadian so I can dis my own 
crowd...


David> 4) Most non-technical small businesses equate "Mail Server" with
David> "Microsoft Exchange", and Microsoft has steadily been making
David> Exchange more and more of a PITA to administer. Each new version
David> of Exchange breaks things and requires learning new procedures.
David> Combine that with (3) and we see that MSFT is using on-premise
David> Exchange as a trojan horse to get people on O-365. The huge pool
David> of "managed service providers" that recommend MSFT solutions is
David> by-and-large staffed by incompetents who are only too happy to
David> shove their customers onto O-365 and collect kickbacks every
David> month.

Good summary, but I think you forgot (5):

They have prettier icons.

I am not 100% kidding, either.



---
This email is free from viruses and malware because avast! Antivirus 
protection is active.

http://www.avast.com

Re: Just a general question

[jay plesset]

At home.  1 domain, 5 users.

At work?  I do tech support for Sun mail servers. . . . . . .

jay

John Rudd wrote:


Jonathan M Metts wrote:


Count me in.  1 domain, 1 user.  Why?  Just because I can.

Evan Platt wrote:


At 01:06 PM 3/23/2007, Gary V wrote:

I've been on this mail list only for a few months now, and am 
wondering if I am the smallest guy here.



No, you're not.




Oh me me me!

1 domain, 1 user. :)




At home: 1 domain, 2 users

At work: 3 domains, 25,000 users

Re: Curious phenomenon with 9-repetitions of each spam...

[Jay Plesset]

If each message is indeed a separate message, then no sane MTA could 
find them the "same" message. Each will have a unique message ID, and 
will have different envelope addresses.  I certainly would not use an 
MTA that would combine such.


jay plesset
Oracle Messaging Server support.

On 9/8/2011 2:53 PM, John Hardin wrote:

On Thu, 8 Sep 2011, Bowie Bailey wrote:


On 9/8/2011 2:26 PM, Steve wrote:


In any case, as it turns out, none of this helps me store a single
inbound spam once - rather than duplicate it for each address in the
envelope... which, to my thinking, remains a sane objective...


Agreed.  Although you would think that a sane MTA would see that all
aliases resolve to a single destination and just deliver the message 
once.


Agreed, but that's probably an issue for the Postfix list...

Re: New virus outbreak with malformed payload

[Jay Plesset]

yes,  saw both the scanner ones and the new ones, too.

jay plesset
IT, dp-design.com
On 6/21/2013 10:40 AM, David F. Skoll wrote:

Hi,

We're seeing a huge rash of viruses with malformed payloads.  They're
supposed to contain a ZIP file, but the MIME part supposedly containing
the ZIP file simply contains:

Error[Base64]

Sample: http://pastebin.com/fkjf9LHR

Yesterday, they were "Scanned Copy" spams from an HP printer.  Today they
are "Invoice Notification for June 2013" spams.

Annoyingly, the envelope sender is no-re...@intuit.com which has an
SPF permerror... FAIL.

$ spfquery --id intuit.com --ip 192.168.1.1
permerror
intuit.com ... spf-ext-a.intuit.com: Maximum DNS-interactive terms limit (10) 
exceeded
intuit.com ... spf-ext-a.intuit.com: Maximum DNS-interactive terms limit (10) 
exceeded
Received-SPF: permerror (intuit.com ... spf-ext-a.intuit.com: Maximum 
DNS-interactive terms limit (10) exceeded) identity=mailfrom; 
envelope-from=intuit.com

*sigh*

Anyone else seeing tons of these?

Regards,

David.

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

[Jay Plesset]

I think this argument is sort of odd.  Here is my take:


You have a right to say what you want.

I have a right to ignore you.

Spam filtering allows me to exercise my right to ignore you.

jay  plesset, IT director. D. P. Design

On 11/20/2020 3:59 PM, Eric Broch wrote:
It's a given people on this side of the argument don't like spam, your 
conclusion being correct, it still comes down to preference. They 
prefer sending spam you prefer they didn't.


They, ERRONEOUSLY, justify sending spam using a political argument 
(*their protected right), our side is rejecting politics and its 
origin, religion; so, it still comes down to preference, and ultimate 
authority rests in man. It comes down to, "Who is to say?"


I argue, and I think the original post argues against their position. 
I also argue that the political (based in the religious) needs to be 
brought bear to refute them.


I agree with the original post that they improperly use the 1st 
Amendment for justification but for the wrong reasons.



*Note: According to the founding documents of the u.S. rights come 
from the Creator.


On 11/20/2020 2:45 PM, Rob McEwen wrote:

On 11/20/2020 4:37 PM, Eric Broch wrote:
It seems spammers are using political arguments to justify their 
actions. I'll give them credit, at least they're trying to justify 
what they do by something greater than (outside of) themselves, 
albeit wrongly.
It seems people on this side of the argument want to jettison 
politics (and religion) and have no justification (only personal 
preference) for what they do. Curious!
At the core spammers seem more logically consistent than those who 
oppose them.



I have extremely large amounts of spams on file in my spamtrap spam 
collection from all various political viewpoints, political parties, 
and moral/ethical/religious viewpoints - MANY of them think that 
THEIR greater good justifies spamming, and ironically their beliefs 
are often in 100% contradiction to OTHER spammers who have opposite 
beliefs, but likewise think that their spam is justified by THEIR 
"greater good". Thankfully, it isn't my job to determine who is 
justified and, instead, I believe that NONE of them are justified in 
sending spam - spam is about *consent* - NOT *content*.