On Wed, 30 Sep 2009, Cliff Hayes wrote:
I think I've found the problem but I've never seen anything like it so I
don't know how to solve it.
The code below from mimedefang-filter sets the values for $hits, $req,
$names, $report. Debug1a shows the values are set properly. But just a few
So in the mc file I put
define(`confSUPERSAFE', `PostMilter')dnl
However when I create the cf file, this gets translated to SuperSafe=True
What do I need to modify in that line about to get the cf to be
SuperSafe=PostMilter ?
Thanks
-Original Message-
From: [EMAIL PROTECTED]
;
To filter_initialize() where you open the handles if you need to make sure
they are consistently closed on exit in filter_cleanup.
--
Ray Ferguson
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You
Hi,
I have a problem that started May 1 at 00:00:03 .
Since that time, I get the following error code in the logs:
Perhaps mimedefang took the day off in protest.
Ray Spinhirne
___
NOTE: If there is a disclaimer or other legal boilerplate
rule sets are 'no brainers, definitely you should
use these' and which ones might be a little more iffy or questionable.
Thanks for any info.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems
address to the rbldnsd server for
every list, i'd rather just have rbldnsd listen on a differet port for
each list. Anyone doing this? thanks for any ideas...
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http
through the maillog and
makes some rrdtool graphs, and i want stats on the number of hits for
each rbl. So i need sendmail to log a different entry for each rbl.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http
started putting image validation on
their sites, just like ticketmaster or yahoo. I don't know about your
users, but mine are dumb enough to type in the right word, right next to
their credit card number haha.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
environment
variable. See http://fedora.redhat.com/docs/release-notes/fc3/x86/ the
section on glibc (search for MALLOC_CHECK_).
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
address
add_recipient([EMAIL PROTECTED]);
}
ray
On Thu, 16 Mar 2006, Ashley M. Kirchner wrote:
Over the years, sendmail+MD+spamassassin+clamav has worked well for us.
However, lately we're starting to notice more and more legitimate e-mail
getting a rather high score
. But assumed a bad rcpt bounce
would be returned to the original sender, right?
Any other ideas, that aren't big ugly hacks?
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
if your DNS servers are in the same rack, on the same switch as mail
servers. Network latency is 200 usecs. In that case is there much
advantage to a caching server on the same box as mail?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
. :)
ray
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
a 220 welcome,
and more than 10 seconds for the mail from and rcpt to to succeed. Really
thought it was DNS, but DNS seemed ok...
The problem cleared up all by itself in the midst of my
troubleshooting...which is scary cause it may happen again at any time,
haha.
ray
sub filter_recipient
slaveinfo 53
Slave 53
State Busy
PID 13356
NumRequests 77
NumScans 18
Age 1101
StatusTag recipok [EMAIL PROTECTED]
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
Anyone have a copy of
http://www.roaringpenguin.com/dastardly.html
It seems to be gone (google cache gone too). I'd always use it to show
people how evil html mail is. Thanks.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
and also try lsof -ni to see if md is actually listening on that socket.
ray
On Wed, 13 Jul 2005, James Ebright wrote:
Try an iptables -L and see if yer blocking the port? I believe FC3 by default
has some firewalling enabled.
Jim
On Wed, 13 Jul 2005 12:01:46 +0300, Murat Isik wrote
at it yet...
Also any suggestions for an anti-virus (commercial or not) to supplement
ClamAV?
(PS i'm not trying to discredit clam, it's a great tool and we use it a
lot. i do submit the samples when i come across them. defense in layers
is always better though...)
ray
the difference.
Perhaps someone can tell me the stupid mistake I cannot see.
Thanks
Ray Spinhirne
St. Edward's University
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http
Ray Spinhirne wrote:
We are in the process of updated an HPUX server and MIMEDefang.
I'm pretty sure this is a sendmail problem and not a MIMEDefang
problem but perhaps someone could give me a pointer. (It's late
and I'm not thinking were well.)
At any rate here is what's
it unreasonable to let
MIMEDefang pay some bills. However it may also attract some otherwise
potential CanIt customers.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
seen 1.5 points? I saw 0 (!).
No, but I have seen 2.5 points before. :) Silly question, where would i
put a new rule like that? I'm already changing some scores in
/etc/mail/mimedefang/sa-mimedefang.cf, but not sure where to add a new
rule.
ray
to
clean it up?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX Administration, AIX
just run it from cron though...
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX
to combat this? Obviously we have to allow SMTP for
internal legit clients on our network. Is SMTP AUTH the answer? Or pop
before SMTP? (currently not using these). Some kind of rate limiting per
IP? Just looking for any ideas...
ray
is restarted
every night for log rotation so worst case i'd lose a day of Bayes if the
server crashed. Since SA is nailing bayes db on every message, i figured
it can't hurt to have it on the ramdisk as well.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
all your problems!
Especially if your problem is a large excess of $$$ in your budget... a
few pSeries machines would fix that!!!
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
problems
of html mail? A little googling turned up some of the minor problems like
bandwidth, rendering, speed, etc, which IMO are all secondary to security.
Thanks.
ray
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
. Most likely they want an actual user count.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX
than 6hrs to a 6hr
queue, older than 1 day to a 1d queue. 1hr queue runs every 15 minutes,
6hr once per hour, 1d once every 2 hours.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
greylist entries? I think 5 days.
How long to whitelist for? 30 days?
I know to greylist the from/to/ip tuple, but do you whitelist the entire
tuple, or just the IP address?
Do you whitelist just the IP, or the IP's /24 network? (for the mailfarm
problem).
ray
, but not sure if it'll work now. If anyone has any ideas, let me
know.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM
to avoid editing files in
/usr/share/spamassassin directly. If the score on a network test is
already zero, then spamassassin will just skip it. Correct?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r
On Mon, 28 Feb 2005, -ray wrote:
So just to confirm. For all the rules with 'tflag net' set, i should set
their score to zero in local.cf to avoid editing files in
/usr/share/spamassassin directly. If the score on a network test is already
zero, then spamassassin will just skip it. Correct
howto create ldap objects, haha.
I also added ConnControl limit of 15. I don't think there's a legit
reason for any one host to open more than 15 tcp connections. Comments?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
from the thread was the default will be Exim, so the newbies
aren't so confused by Sendmail. I don't totally disagree with this. But
hopefully they'll still package sendmail so it's easy to replace exim
(like debian).
ray
I have max daemon children set to 250. Occasionally one machine will open
250 connections, probably spamming, so sendmail stops new connections.
Is there a sendmail way to limit # of connections by ip address?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray
know about.
That's what i need. I don't know the IP/network beforehand... it's a
seemingly random address. So the 8.13.x features would help...time to
upgrade i guess.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
but respect legit servers? Can you disable greet_pause for the local
network?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
heard of any
false positives. (15k users, 100k msgs/day).
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist
. A legit host that happens to connect will of course try again
later (hopefully to primary MX). The author claims this reduced spam
intake by 10%.
Anyone done anything similar? Any thoughts? Seems like a simple way to
catch a lot of spam...
ray
retries, you whitelist that IP for 30 days regardless of
other sender/recipient pairs?
Do you whitelist the entire IP or the first 3 octets?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems
On Tue, 9 Nov 2004 [EMAIL PROTECTED] wrote:
Or Please reply if you did not recieve this message.
I always like when one of our operator emails me to let me know the mail
server is down.
ray
___
Visit http://www.mimedefang.org and http
= '\.' . 'vcs' . '\.*([^-A-Za-z0-9_.,]|$)';
if ((re_match($entity, $revcs)) ($RelayAddr =~ /^192\.168\./)) {
md_graphdefang_log(allowing .vcs from $RelayAddr);
return 0;
} else {
return re_match($entity, $re);
}
ray
)) {
return md_check_against_smtp_server($sender, $recip,
smtp.selu.edu,
mailstore.selu.edu);
}
return('CONTINUE', OK); # accept recipient if dont find relay
}
ray
___
Visit
On Mon, 20 Sep 2004, David F. Skoll wrote:
Also, somewhat off-topic, if you could avoid giving Sophos free
advertising, I'd appreciate it -- they have a product that's a major
competitor to our CanIt products. :-)
Really? I'll have to check that out :-)
ray
when IPv6 is widely
used. :-)
Normally i'd view the hostname/port syntax to be a network/cidr
address. Might cause some confusion for people who don't RTFM...
ray
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
spammers are actively
registering their SPF records.
But we've said before, then SPF will NOT stop SPAM. It will help prevent
email forgery though.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
system.
Any help would be appreciated.
Thanks
Ray Spinhirne
Director Computer Services
St. Edward's University
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman
On Wed, 1 Sep 2004, Ray Spinhirne wrote:
With several of these sessions active the CPU load goes to 100% and
the system is really slow. We usually have to stop the qpopper deamon to
recover and then hope we don't get another load peak which cause a
repeat of the action.
Do people have pop
Qpopper Version 4.0.5 downloaded last month.
how old is it?? (What ver?)
Download a new one if you're not just...
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
for action_rebuild()?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX Administration, AIX
:
if (($mailip eq $internal_net1) || ($mailip eq $internal_net2)) {
ray
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
? With the SpamCopURI SA plugin? With
SALocalTestsOnly set, should i remove the tflags net entry on the SA
surbl rules so SA will run them (against a local dnsrbl, of course)?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http
remove the db and let is start collecting triples again. After a
few 10-thousand records, it would get corrupt and stop adding data. I
was unable to resolve the problem sorry i can't be more help.
ray
___
Visit http://www.mimedefang.org and http
. Is this no longer a
good thing to do?
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems EngineerSoutheastern Louisiana University
IBM Certified Specialist AIX
516 1186
ray
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Andrea,
Thanks for the info. I switched to DB_File::Lock and things seem to be
running fine. How many records are in your greylistdb? I accumulated a
little over 38,000 in the past 12 hours, and i'm wondering if i'm
stretching the limitations of the DB_File format.
ray
a day. Is this too much for a dbm file? I'd imagine i'd have 10's of
thousands of triplets in the db. Should i look at implementing it in
mysql or postgres?
And just for my curiousity, is there a way to repair a corrupt dbm file?
ray
___
Visit http
this is a feature of Can-It Pro?
ray
On Sat, 10 Apr 2004, Gordon Henderson wrote:
This is probably a dumb question, but I can't find an obvious answer...
I've been using MD+SA for some time with good effect, but I want to use
the Bayesian tests in SA. But which 'user' do I load up its database
On Mon, 5 Apr 2004, Ray Spinhirne wrote:
Apr 5 11:21:28 acad mimedefang[21024]: Could not create mdefang
directory in /var/spool/MIMEDefang: File exists
We are running a pretty old (2.16) version of Mimedefang in
[cut]
You should upgrade! 2.16 is old, and fairly buggy. Perhaps you
Can-It Pro does not require anything out of the ordinary except for
PostgreSQL.
- Original Message -
From: Justin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 5:16 PM
Subject: [Mimedefang] Latest MIME-Tools
Does anyone know if MIME-tools-6.200_02 has the RP
it to yourself when you send it.
.
.
Ray Spinhirne
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
same log enable line in mimedefang-filter
md_graphdefang_log_enable('mail', 1);
Check your MILTER_LOG_LEVEL in your sendmail.mc files:
define(`confMILTER_LOG_LEVEL', `9')dnl
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
... :-)
Reminds me of the time one of our operators emailed me, to tell me the
email server was down. :)
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer
On Fri, 6 Feb 2004, David F. Skoll wrote:
On Fri, 6 Feb 2004, -ray wrote:
Attached is the strace output file when the system was wedged. I'm not
very good at reading strace files, so hopefully you can make sense of it.
I ran the md-mx-ctrl scan / command a few times also while strace
bursts 100 new connections/sec/MTA.)
Dumb question, but how are you determining your ConnectionRate? I'm
hesitant to throttle it before i know what a good number for our system
is. thanks.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean
until i restarted MD, 9 minutes later.
Any ideas why the multiplexor decides to quit spawning slaves? My next
step is to turn on multiplexor debugging. Hopefully it doesn't kill the
box... i am logging to a ramdisk though. BTW, this is MD 2.35.
ray
if this is a sendmail or a MD (or spamassassing or clamav) problem.
Is sendmail reaching MaxDaemon because the milters start backing up, or
vice versa? I tried turning on mimedefang debugging, but the load was too
great and the system couldn't keep up. Any other ideas?
ray
Jan 31 20:51:03 norm sm-mta[27815
at the perl manpages for Mail::Box and Mail::Box::Manager. That's
what we use for stuff like that. It is pretty simple to use, even if you
don't know perl that well.
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http
70 matches
Mail list logo