[xmail] Suggestion: bypass filter execution in case of "whitelisted ip"
Hello Davide, hello list, I think a flag for (SMTP)-filters which disables filter execution for whilelisted Ips (listed in smtp.ipprop.tab with "Whitelist=1") would be very helpful (similar to "aex"). Something like: "!ipprop(Whitelist=1)"[TAB]"command"[TAB]"arg-or-macro"[TAB]...[NEWLINE] This would be usefull for a lot of custom scripts like greylisting or other spamfilters. What do you think? Regards, Manuel Martin - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Suggestion: bypass filter execution in case of "whitelisted ip"
On 04.08.2005 18:06, Manuel Martin wrote: > Hello Davide, hello list, > > I think a flag for (SMTP)-filters which disables filter execution for > whilelisted Ips (listed in smtp.ipprop.tab with "Whitelist=1") would be very > helpful (similar to "aex"). > > Something like: > "!ipprop(Whitelist=1)"[TAB]"command"[TAB]"arg-or-macro"[TAB]...[NEWLINE] > > This would be usefull for a lot of custom scripts like greylisting or other > spamfilters. Vote +1. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error sending message with 553 5.7.1 code
On 02.08.2005 16:46, Kevin Williams wrote: > I must be missing something here, but I don't see it. I have a mailing > list, and one member says they can't send to the list. XMail bounced the > message with this reason: > > 553 5.7.1 <[EMAIL PROTECTED]> Sender address rejected: not logged in > > As I've never had this error before and I don't require SMTP auth for > members to send to the list, I'm stumped. If anyone has a suggestion, I > would greatly appreciate it. I guees that error message isn't one from XMail. IMHO it's a XMail Bounce message with the Error of the _REMOTE_ server. Could you please post the complete bounce message so we can analyze it. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Suggestion: bypass filter execution in case of "whitelisted ip"
At 18.06 04/08/05 +0200, you wrote: >I think a flag for (SMTP)-filters which disables filter execution for >whilelisted Ips (listed in smtp.ipprop.tab with "Whitelist=3D1") would = >be very >helpful (similar to "aex"). > >Something like: >"!ipprop(Whitelist=3D1)"[TAB]"command"[TAB]"arg-or-macro"[TAB]...[NEWLINE= >] > >This would be usefull for a lot of custom scripts like greylisting or = >other >spamfilters. Vote +2 Ciao, Francesco - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Suggestion: bypass filter execution in case of "whitelisted ip"
Manuel Martin wrote: >I think a flag for (SMTP)-filters which disables filter execution for >whilelisted Ips (listed in smtp.ipprop.tab with "Whitelist=1") would >be very helpful (similar to "aex"). > >Something like: >"!ipprop(Whitelist=1)"[TAB]"command"[TAB]"arg-or-macro"[TAB]...[NEWLINE] > >This would be usefull for a lot of custom scripts like greylisting or >other spamfilters. Vote +3 I've been trying to hack an AV script of ours to have an IP whitelist, but my Perl is pretty rudimentary, so I haven't had a lot of success. I'd love to see this functionality in XMail itself. Kirk - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Xmail filter with ClamAV
Anyone else scanning mail with ClamAV? With just telling ClamAV to scan the "message file" supplied by Xmail, It'll miss a number of the test from http://www.webmail.us/testvirus If I build a new temp file to scan doing the following: - Strip "<>" and everything before - Add a "Return-Path: " header to the top. - Detect and fix a bad EOH (no double "CRLF" before the start of the message body) I can then get ClamAV to pass all of the tests that contain a virus. (#24 and #24 get past, but they contain no virus). Is it possible to get ClamAV to hit the target without all of this? I'd like to avoid the overhead of building a new file every time I want to scan it. Thanks, --John - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
Hi John - I use clamSMTP - it is c based proxy that is very lightweight and easy to use. I also use ASSP in front of this for anti-spam (so sender -> ASSP -> clamSMTP -> XMail -> sendee). As it turns out, after testing, the emails didn't even reach my anti-virus because ASSP blocked all of the attachments, but I am reasonably certain that it would have caught all of them regardless - I have had great success with clamSMTP. Jeff John Kielkopf wrote: >Anyone else scanning mail with ClamAV? > >With just telling ClamAV to scan the "message file" supplied by Xmail, >It'll miss a number of the test from http://www.webmail.us/testvirus > >If I build a new temp file to scan doing the following: > - Strip "<>" and everything before > - Add a "Return-Path: " header to the top. > - Detect and fix a bad EOH (no double "CRLF" before the start of the >message body) > >I can then get ClamAV to pass all of the tests that contain a virus. >(#24 and #24 get past, but they contain no virus). > >Is it possible to get ClamAV to hit the target without all of this? I'd >like to avoid the overhead of building a new file every time I want to >scan it. > >Thanks, >--John > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error sending message with 553 5.7.1 code
Oops! I forgot to post back to the list. Sorry. Yes, it is the error from the other person's server. They have it set to reject messages where the MAIL_FROM resolves to a local account but no SMTP AUTH is given. I suspect this configuration will cause grief to lots of Postfix users who subscribe to mailing lists that don't munge the From: header. Sönke Ruempler wrote: > On 02.08.2005 16:46, Kevin Williams wrote: > >>I must be missing something here, but I don't see it. I have a mailing >>list, and one member says they can't send to the list. XMail bounced the >>message with this reason: >> >>553 5.7.1 <[EMAIL PROTECTED]> Sender address rejected: not logged in >> >>As I've never had this error before and I don't require SMTP auth for >>members to send to the list, I'm stumped. If anyone has a suggestion, I >>would greatly appreciate it. > > > I guees that error message isn't one from XMail. IMHO it's a XMail > Bounce message with the Error of the _REMOTE_ server. Could you please > post the complete bounce message so we can analyze it. > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
Are you using my Python filter or writing your own? I tested with file attachments, and it caught them quite well, but that was all I had to test with. Improvements are welcome. John Kielkopf wrote: > Anyone else scanning mail with ClamAV? > > With just telling ClamAV to scan the "message file" supplied by Xmail, > It'll miss a number of the test from http://www.webmail.us/testvirus > > If I build a new temp file to scan doing the following: > - Strip "<> X-ClamAV-Scan: clean > X-ClamAV-Scan: clean > Received-SPF: unknown ([69.30.125.51]: domain of [EMAIL PROTECTED] uses > unknown mechanism: no SPF record)" and everything before > - Add a "Return-Path: " header to the top. > - Detect and fix a bad EOH (no double "CRLF" before the start of the > message body) > > I can then get ClamAV to pass all of the tests that contain a virus. > (#24 and #24 get past, but they contain no virus). > > Is it possible to get ClamAV to hit the target without all of this? I'd > like to avoid the overhead of building a new file every time I want to > scan it. > > Thanks, > --John > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
I'm using my own script, currently running from "filters.post-data.tab" (this may change). It'll catch many attachments without the changes to the message, just not all of them. --John Kevin Williams wrote: >Are you using my Python filter or writing your own? I tested with file >attachments, and it caught them quite well, but that was all I had to >test with. Improvements are welcome. > >John Kielkopf wrote: > > >>Anyone else scanning mail with ClamAV? >> >>With just telling ClamAV to scan the "message file" supplied by Xmail, >>It'll miss a number of the test from http://www.webmail.us/testvirus >> >>If I build a new temp file to scan doing the following: >> - Strip "<> >> >> >X-ClamAV-Scan: clean > > >>X-ClamAV-Scan: clean >>Received-SPF: unknown ([69.30.125.51]: domain of [EMAIL PROTECTED] uses >>unknown mechanism: no SPF record)" and everything before >> - Add a "Return-Path: " header to the top. >> - Detect and fix a bad EOH (no double "CRLF" before the start of the >>message body) >> >>I can then get ClamAV to pass all of the tests that contain a virus. >>(#24 and #24 get past, but they contain no virus). >> >>Is it possible to get ClamAV to hit the target without all of this? I'd >>like to avoid the overhead of building a new file every time I want to >>scan it. >> >>Thanks, >>--John >> >> >>- >>To unsubscribe from this list: send the line "unsubscribe xmail" in >>the body of a message to [EMAIL PROTECTED] >>For general help: send the line "help" in the body of a message to >>[EMAIL PROTECTED] >> >> >> >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
Jeff Buehler wrote: > Hi John - > >I use clamSMTP - it is c based proxy that is very lightweight and easy >to use. I also use ASSP in front of this for anti-spam (so sender -> >ASSP -> clamSMTP -> XMail -> sendee). As it turns out, after testing, >the emails didn't even reach my anti-virus because ASSP blocked all of >the attachments, but I am reasonably certain that it would have caught >all of them regardless - I have had great success with clamSMTP. > >Jeff > Are you stripping all attachments with ASSP? If not, how does clamSMTP react to large (>5MB) attachments? Does it just not scan them, or does it risk a time-out? I currently use a combination of blacklisting and greylisting (and of course some white listing) in a pre-data filter, so actually very few viruses do make it to the scanner. Though some aggressive viruses have managed to pound their way through the greylist before they end up on a blacklist. clamSMTP would require me to do all my antispam with something like ASSP, as you've suggested, and possibly complicate things like shutting off antispam and/or antivirus at a per user level (something we do quite often) - but it is something to think about. Still, the perfectionist in me still wants to get my script working well (and fast - many of our users tend to send large attachments via email). Moving AV back to a mailproc.tab filter and scanning off-line may be what I have to do. --John - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
I simply disallow email of greater than 5 mb (that was my cutoff exactly!) - email is not ideal for large file transfers for a number of reasons, so I discourage it. However, if you need to allow larger emails, then I'm not certain how different your situation is - ASSP does a significant amount of filtering (greylisting, etc.) and can actually do virus scanning as well and much more efficiently since it only scans the first X number of bytes of an email (but not compressed archives). Any thorough anti-virus scan (that I am aware of) will risk time outs for really large files that get to them. ClamSMTP is very thorough (using clamAV to do the scanning, including archives and so on) so it needs to be carefully configured and has the potential to cause problems. ASSP is great for anti-spam since it scans the first X bytes (I have mine set to 15k) of a mail and then simply refuses it (sending a SPAM error to the sender) if it is determined to be SPAM, significantly lowering the overhead associated with SPAM scanning. The accuracy I have had once properly configured is exceptional (98-99%) - in ASSP whitelisting is very important and automated which helps a lot. I prefer it over Spam Assassin myself. Jeff John Kielkopf wrote: >Jeff Buehler wrote: > > > >> Hi John - >> >>I use clamSMTP - it is c based proxy that is very lightweight and easy >>to use. I also use ASSP in front of this for anti-spam (so sender -> >>ASSP -> clamSMTP -> XMail -> sendee). As it turns out, after testing, >>the emails didn't even reach my anti-virus because ASSP blocked all of >>the attachments, but I am reasonably certain that it would have caught >>all of them regardless - I have had great success with clamSMTP. >> >>Jeff >> >> >> >Are you stripping all attachments with ASSP? If not, how does clamSMTP >react to large (>5MB) attachments? Does it just not scan them, or does >it risk a time-out? > >I currently use a combination of blacklisting and greylisting (and of >course some white listing) in a pre-data filter, so actually very few >viruses do make it to the scanner. Though some aggressive viruses have >managed to pound their way through the greylist before they end up on a >blacklist. > >clamSMTP would require me to do all my antispam with something like >ASSP, as you've suggested, and possibly complicate things like shutting >off antispam and/or antivirus at a per user level (something we do quite >often) - but it is something to think about. > >Still, the perfectionist in me still wants to get my script working well >(and fast - many of our users tend to send large attachments via email). > Moving AV back to a mailproc.tab filter and scanning off-line may be >what I have to do. > >--John > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
Jeff Buehler wrote: >I simply disallow email of greater than 5 mb (that was my cutoff >exactly!) - email is not ideal for large file transfers for a number of >reasons, so I discourage it. > > I agree, however some of my users may say otherwise ;) I was thinking about scanning all messages <2MB durring the SMTP session, and then scanning the few larger ones off-line at low priority. Currently I just don't scan anything > 5MB. >The accuracy I >have had once properly configured is exceptional (98-99%) - in ASSP >whitelisting is very important and automated which helps a lot. I >prefer it over Spam Assassin myself. > > Do you get many complaints about false positives? Roughly how many users do you have? I prefer to do most of my antispam in the SMTP envelope, before the DATA phase. It's just a waste of bandwidth otherwise. Do you know if greylisting in ASSP does this? Thanks, --John - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
As far as I know, it does. ASSP greylisting is a bit of a mystery to me, though, to be honest, so this aspect you should research. I don't think it is using greylisting in the same way as XMail does but I am not really certain (there is some sort of a greylist download that occurs and is used, rather than the refuse/send mechanism that is the kind of greylisting XMail uses). As far as I know all of the scanning takes place during the SMTP session, as I mentioned - 15K (or whatever you specify - many users swear by just using 5k) is allowed through then the Bayesian filter makes a determination. I am pretty certain that the greylisting mechanism is actually invoked prior to this, so it is more or less the first thing that happens. There is also SPF checking, RBL checking, proper header construct verification, verification against an LDAP lookup (if desired) and other stuff. After training ASSP, users have the option to receive SPAM marked (which I discourage since the entire mail has to be dealt with then, which is inefficient) or to have it refused, or to not have it scanned at all if outside corporate policy on that. Because the whitelisting mechanism is so robust, and the Bayesian filter quite solid, I have had almost no complaints about false positives. I presently have about 4000 emails go through a day with something like 90 users, all remote - I provide filtering for a small corporation and operate as a web/email host as well. Inevitably with this number of users some people want mail from Costco and some people don't, so there is no perfect solution. Jeff John Kielkopf wrote: >Jeff Buehler wrote: > > > >>I simply disallow email of greater than 5 mb (that was my cutoff >>exactly!) - email is not ideal for large file transfers for a number of >>reasons, so I discourage it. >> >> >> >> >I agree, however some of my users may say otherwise ;) > >I was thinking about scanning all messages <2MB durring the SMTP >session, and then scanning the few larger ones off-line at low >priority. Currently I just don't scan anything > 5MB. > > > >>The accuracy I >>have had once properly configured is exceptional (98-99%) - in ASSP >>whitelisting is very important and automated which helps a lot. I >>prefer it over Spam Assassin myself. >> >> >> >> >Do you get many complaints about false positives? Roughly how many >users do you have? > >I prefer to do most of my antispam in the SMTP envelope, before the DATA >phase. It's just a waste of bandwidth otherwise. Do you know if >greylisting in ASSP does this? > >Thanks, >--John > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
