ant to continue with blocking PUA except for this email id
(for the time being).
Please let me know, how can I achieve this.
zip it with a password.
Sounds like 'incomtaxindiafiling' should be encrypted anyway.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SE
Q what are he differences?, why two versions?
(and, Mark: for FreeBSD ports, do we need two different versions in ports?)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrus
added mine, the mailing list adds theirs, aol
adds theres, and one email out might have three.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Comp
rs came in from yahoo
and there was nothing interesting in the score.
call local law enforcement, get them to order the logs of their mail
servers.
are you a federally protected entity? call the FBI.
put the idiot behind bars so he can get new special friend.
--
Michael Scheidell, CTO
o: 561-999-
of *.pid files.
p@rick
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SN
they probably won't be smart enough
to rename that exe inside the password protected zip file.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company
.
Simon
with the spammy domain names tagged as ham?
whitelist the sender, use a different policy for sending ip, whitelist
the subjectline, anything but auto learn spammy domains as ham.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* B
On 5/2/12 8:45 AM, Marko Weber wrote:
or do i have to do this by custom script?
thanks
marko
custom script.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Prod
[CONTENT] in Subject line on inbound (like
[SPAM] in subject in inbound)
can I share EXACTLY how I did it?
no, not really. but this should get you started.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Pr
Sorry, one clue rule.
You are on your own now.
--
Michael Scheidell, CTO
>|SECNAP Network Security
-Original message-
From: "loc...@mm.st"
To: Michael Scheidell , "amavis-users@amavis.org"
Sent: Fri, Apr 6, 2012 20:03:16 GMT+00:00
Subject: Re:
cal/etc/mail/spamassassin/*
/usr/local/etc/mail/spamassassin/aa_scores.cf:uridnsbl_skip_domain
mailchimp.com list-manage.com rule18.com ionspam.net com.ionspam.net
net.ionspam.net secnap.com hackertrap.net spammertrap.com
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP
deliver the email without the attachment. amavisd-new does not
have any code that would enable it to do this.
Since it can't strip out attachments, then it didn't strip out the
attachment.
These are not the droids you are looking for.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 56
On 2/1/12 10:23 AM, Mark Martinec wrote:
Indeed. The SEGV (signal 11) crash on a smtpd service needs
to be investigated and resolved.
good chance OP is using a different db for transport/aliases/, etc and
needs to recompile the *.db files
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561
use
email address reference: scheid...@freebsd.org)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Sec
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.1 RDNS_NONE Delivered to internal network by a host with no
rDNS
/auser.txt or such..
Tom
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNO
her way?
How does a domain w/b list affect that domain's recipients? How can we
know the priority order in the case we have both domain w/b lists and
recipient's w/b lists?
Thanks!
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corpora
tcpflow and see if you can catch it?
being actually BOUNCED to/from the exchange server?
are they spam or legit?
Thanks, Andi
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusi
Freebsd SA port.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certifie
clustering is REALLY hard if you go past two.
Regards,
Tobias
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Secur
e clamdscan {filename}'
then type 'time clamscan {filename}'
if you use clamscan as your backup, your cpu will peg with just 3 or for
processes, and amavisd will timeout anyway.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corpora
= qw( 127.0.0.0 [::1] [FE80::]/10 [FEC0::]/10 10.8.0.0/24)
shell might be 'special'. try adding 0.0.0.0/32
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Preventio
Well, if they were delivered, they wernt blocked, they were quarantined either .
Looks like you were trying to implement something that is not supported by
amavis so, I suspect you're not going to get your patch applied.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original me
nvelope-To-Blocked in it?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNO
a=rsa-sha256, c=relaxed/relaxed, s=mail,
i=@jobmensa.de, invalid (public key: OpenSSL error: too long)
What are those errors?
sender has a borked dkim public key.
<http://dkimcore.org/c/keycheck>
put in 'mail' for selector
put in jobmensa.de for domain.
--
Michael Scheidell, CTO
PIxE4d0Qfw5i/3h63/wRal6XoJq5OqE+QIO0LxwGXRpMa5fiiEVwWeqmR70FmFUwTFK4NN"
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company
uickly, ip addresses that
start to send out bulk email).
example: your ip, looks 100% clean.
<http://www.rhyolite.com/cgi-bin/reps.cgi?tgt=76.74.238.135>
vs one of the 'ESP' s. (exact target)
<http://www.rhyolite.com/cgi-bin/reps.cgi?tgt=207.250.68.26>
68% bulk email.
wrong. it his RCVD_IN_PBL rule.
since you neglected to include any header information at all, #2 is just
a guess.
concentrate on #2, google, see FAQ's on amavisd and SA web sites.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
SEND THE EMAIL HERE.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SN
if a spam scores < 6.3, the sender gets a 'bounce' (you might be a
spammer if)
if it also has valid spf or dkim, and its under 18, the sender also gets
a bounce.
so, forged spammers < 6.3 will create backscatter.
spammers who spam from valid accounts will get bounces till
clamd.log.
is there a reason you want the virus name in the mail log? and that the
clamd.log isn't good enough?
no need to see who virus went TO, its quarantined. no need to know who
virus came FROM, since its almost always forged.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2
tmp/amavis-20110822T144646-26543/parts/p004:
*Eicar-Test-Signature *
look again
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
ssassin --lint'
Aug 12 14:06:00.917 [8635] warn: netset: cannot include 127.0.0.0/8 as
it has already been included
so, question begs: I think this is in default local.cf:
grep networks local.cf
internal_networks 192.168/16 172.16/12 10/8
should SA add 169.254/8 by default for completen
amavisd-release doesn't care.
look at mail logs, see where it went.
put a packet trace on (tcpdump/wireshark) see if /where it went.
look at logs on receiving mail server.
if spam is in filesystem, look at it there. zmore
/var/virus/spam/s/spam-mail.gz
--
Michael Scheidell, CTO
o
On 8/10/11 10:33 AM, Michael Orlitzky wrote:
On 08/10/11 10:26, Michael Scheidell wrote:
so, what brain decided it would be ok to use 169.* addresses for their
internal ip's?
was it microsoft? (var says that ms uses these for their internal
clustering ip's for clustered exchange ser
-0400 (EDT)
received:from MBX1.client.local ([169.254.1.69]) by MBX2.client.local
([169.254.2.63]) with mapi id 14.01.0289.001; Wed, 10 Aug 2011 09:57:51
-0400
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
our custom rules, make sure they are uniq names.
SPAM_CAT_X (sex
SPAM_CAT_P (porn
SPAM_CAT_D (drugs)
in amavisd.custom, scan the rules triggered and set a new flag in your
new field in the msgs table.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Securit
27;local.cf' and change scored there.
That didn't change anything.
I also tried to copy that v330.pre file to
/var/lib/amavis/.spamassassin/ , making sure that the file belongs to
the amavis user and group.
That didn't give any more result...
What do I miss?
Thanks by advance :)
heads up: mostly to those who had problems with clamav 0.97.1 hanging.
also, heads up on the (soon to be missing .UNOFFICIAL suffix on thrd
party sigs.. in case you have amavisd-rules to treat these as spam and
viruses)
Original Message
Subject:[Clamav-announce] ann
group.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integra
3-11-12
Ref:http://whois.arin.net/rest/net/NET-205-162-40-0-1
OrgName:Omeda Communications
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
hecks in SpamAssassin and in amavisd fail.
Also fixed in the Crypt-OpenSSL-RSA 0.27 release.
Very good! Thank you for the information.
Mark
Q, is 0.27 needed for ANY version of perl to fix this bug? or just perl
>= 501400 (5.14.0)?
does amavisd-new also need this minimum version?
--
On 7/20/11 5:30 PM, Benny Pedersen wrote:
On Wed, 20 Jul 2011 17:17:49 -0400, Michael Scheidell wrote:
for failure to stop stupid ooo messages to an email list.
yes its not helping to cry here, only frederik can excuse for not drop
ooo msgs on bulk mails
unless someone with admin
for failure to stop stupid ooo messages to an email list.
Received: from www.fc.norrkoping.se (nksupport.fc.norrkoping.se
[194.68.142.18]) by smtprelay1.norrkoping.se (Postfix) with ESMTP id
7C3DB12721 for; Wed, 20 Jul 2011 23:12:00
+0200 (CEST)
Message-ID:
X-FC-Thread-ID: 3b9aca00-e
{
if(! $already_quarantined && $clean_quarantine_method =~ /sql:/) {
do_log(0, "CUSTOM: UNWANTED = $msg_size"."k >
".($sa_mail_body_size_limit/1024)."k");
# I want to NOT archive if it hits here.
}
}
--
Michael Scheidell, CTO
o: 561-999-5000
you would think email admins would know better than adding to the
spam/backscatter.
Original Message
Subject:Re: Fwd: mx1 amavis-logwatch
Date: Sun, 17 Jul 2011 12:43:57 +0200
From: Fredrik Andersson
To:
Detta är ett automatsvar. Jag har semester och komm
.conf, which
points to the backup clamd scanner.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security
s you know of it, maybe you can be of assistance.
Hi Lars,
For me it seems a bit strange to have this on the master.cf. But I have
no idea how your configuration is like.
I have it in my main.cf together with all other restriction classes.
HTH,
Mikael
--
Michael Scheidell, CTO
o: 561-999-5000
table.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT In
ly.cvd for 0.97.1 builds?)
This mean no action needs to be taken for 0.97.1, and I assume a 0.97.2
is in the works?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Pro
What version of perl ?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certifie
interesting hack to only archive the first two chunks might work.
but, you need to make sure you only limit the archive, and still store
anything quarantined.
might be able to do it with a amavisd.custom hack.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Secur
nning one gest me this:
30351 clamav 3 440 181M 159M ucond 1 0:00 0.00% clamd
(yes, brackets must be something freebsd does every now and than)
its the RES of 0K and umtxn when hung, and 159M when NOT hung that is
intertesting.
where did the ram go?
and, no, I didn't run
Yeah, same here.
I still want to put a timeout in amavisd so that my secondary takes over.
anyone help?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
otally kill clamd with a
sigsegv.
Yeah, same here.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Se
--- Original Message
Subject: Re: [clamav-users] 0.97.1 rumor pile? bad safebrowsing update
file?
Date: Tue, 28 Jun 2011 22:23:20 +0300
From: Török Edwin
Reply-To: ClamAV users ML
To:
On 06/28/2011 10:01 PM, Michael Scheidell wrote:
On 6/28/11 2:49 PM, Török Edw
4_8,1 (amavisd new 2.6.4 with freebsd
patches from ports)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security
you loaded the pre-official port from our web site, you are advised
to install the official port.
Remember that SA does not come with current rules, so while installing
the port you must run sa-update, or you must run sa-update after you
install the port.
Happy Hunting!
--
Michael Scheidell
t did this with 2.6.5, advice welcome.
diff your amavisd.conf vs the stock one. you might have something set
strange.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention
ake PR's or support requests for older versions, but
it looks like it still compiles on 6.4 and 7.3
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
On 6/22/11 11:28 AM, Michael Reincke wrote:
Hello,
is it possible to soft blacklist mails sent from certain IP-ranges.
www.xxx.yyy.zzz/aa
just make an SA rule on received, score high enough that it is
blacklisted (70? 100?)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
e scanning giving the attachment and image type spams we
see periodically these days?
so, you want the spammers to just attach a 500K pdf, or image and you
give them a free pass?
Just curious, what advantage do you think this will give you?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 56
queues drop quickly.
Any idea's where to start looking would be appreciated.
disable auto expire bayes:
bayes_auto_expire 0
use mysql bayes and innodb tables.
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>
e level at which
it is KILLED.
if you want suspected spam sent to your MTA to process the headers, then
look for the x-spam-flag header.
if you want email like this quarantined, then adjust your settings so
that anything > 4.5 is quarantined, not just flagged.
(read amavis documentation)
point to a perl script
that can notify the user when first one is sent. maybe limit 1 per hour.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
ks so we can blacklist you now
for backscattering all those forged viruses back to people who didn't
send them.
it will save us the trouble of reporting you to your ISP and having you
blacklisted at backscatter.org.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN:
qr'.*' => 0 ]),
);
amavisd does know its protected, the subject line gets changed to ***
UNCHECKED ***
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Produ
using sql/policy based attachment quarantining in amavisd-new.
want to add blocking UNDECIPHERABLE to sql based policy.
what is best way to do it? I think I can have clamav do it, or
amavisd-do it, right?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SEC
On 5/13/11 9:04 AM, Mark Martinec wrote:
, bypassing of spam checks,
white and blacklisting (basic and DKIM-based),
something new? this isn't sql based, is it using mailaddr and wb tables,
is it?
how does amavis dkim based whitelisting differ from SA
whitelist_from_auth? (ish)
--
Mi
r and gets quarantined as spam; however, the
mail is legitimate.
use SA, 'whitelist_rcvd_from' or something like that, in local.cf.
or, you whitelist the email address spammers will use.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP N
pamd, you start amavis.
#2, look for (more config info) in ../etc/amavisd.conf
#3, you say 'not using system conf files'.. why do you say that?
#4, look for postfix integration docs on amavis web site also.
(look for 'filter' in main.cf also)
--
Michael Scheidell, CTO
o: 561-999-
On 4/27/11 3:52 PM, Alex wrote:
eval code: rawbody, priority 0
Apr 27 15:49:57.236 [9943] dbg: rules: compiled rawbody tests
delete the compiled directory, disable the complied plugin, run again.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Netw
How do I debug this?
get a 'msg' version of the email (not a postfix, postcat version)
so 'spamassassin -D < {msg}' and watch it.
are you running caching dns servers?
Thanks for any suggestions.
Alex
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*13
to parse an email isn't too bad, especially
when 54% of it is 'learn'
(I assume you are using default db4 plugin for bayes?). if so, switch
to mysql plugin.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
On 4/25/11 12:18 PM, david touzeau wrote:
We can found that tests_pri_0 rule take 90% of time, is it possible to
disable this rule ?
than it is one of your rules.
disable compiled rules, and run again, see if you can find out which one.
search recent archives for this issue.
--
Michael
ry to identify the rules and email that are causing the problem
run spamassassin -D against one of the emails.
look at timing. identify which part of sa is causing problem and fix it.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Cor
ch part needs a defined start and
end boundary: this one did not have a proper end boundary.
send a link to the email RFC's on mime attachments to the sender.
, 'part did not end with expected boundary'
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SE
%
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Netw
lay...@gmail.com>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best
/SPF.pm
/usr/lib/perl5/site_perl/5.12.3/Mail/SPF.pm
you have vendor_perl and site_perl.. your perl install is borked.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Gu
On 3/21/11 8:28 AM, Michael Scheidell wrote:
On 3/21/11 8:20 AM, Ralf Hildebrandt wrote:
fetch_modules: error loading optional module Mail/SPF.pm:
Can't locate version/vpp.pm in @INC (@INC contains: lib
interesting.. what version of Mail::SPF do you have?
did you just upgrade to perl
on any of our systems.
and a grep of Mail/SPF.pm doesn't show it looking for it.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT I
ght have more fields I need
to populate.
my($conn,$msginfo,$hdr_edits_inherited,$recips_ref,
$quarantine_method,@snmp_id) = @_;
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product
On 3/11/11 11:54 AM, Mark Martinec wrote:
f ($msginfo->msg_size< 1024*1024) {
Amavis::do_quarantine($conn,$msginfo, undef,
['archive-quarantine'], 'sql:');
}
interesting... ok, so than it just won't archive it. thanks. that
should work.
--
Mi
limit what was archived in the sql-archive? yes, I guess I
could add a trigger that deleted everything with chunk_id > 10. but, is
there an easier way?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
*| *SECNAP Network Security Corporation
* Best Intrusion
85 matches
Mail list logo