-Original Message-
From: mimedefang-boun...@lists.roaringpenguin.com
[mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of Nigel Allen
In retrospect I don't think the subject will cause any problems at all.
For example, if the subject is set to ../../hello world then the
-Original Message-
From: Matt Garretson
On 2/17/2010 5:55 PM, Les Mikesell wrote:
not add a Received: header for the browser client IP. Likewise when
sending from outlook 2003 or 2007 (much more believable as mail
clients)
through exchange, the first Received: header is the
-Original Message-
From: David F. Skoll
Sent: Tue 9/15/2009 3:09 PM
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Firewalls and Mimedefang
Well, why don't you get a list of listening ports:
TCP ports: netstat -a -t -n | grep LISTEN
UDP ports: netstat -a -u -n |
-Original Message-
From: Yizhar Hurwitz
So I would still like to know if/how I can preserve this
information in the quarantine directory, and try to do it
efficiently as well by minimizing system calls from my custom filter.
Here's what I do.
-Original Message-
From: Kevin A. McGrail
Can anyone confirm if this is expected so that something like
this in filter_end would be guaranteed to work?
if ($Sender =~ /^[EMAIL PROTECTED]?$/) {
$spamtest_enabled--;
}
I played with this a few months ago, so I'm going
-Original Message-
From: Whit Blauvelt
Alternately you could use $RelayAddr to recognize what's come
in by the secondary MX and segregate it somehow - assuming
that that system's not also sending you stuff as a normal
relay from the ISP or whatever - and then only go through
-Original Message-
From: Joseph Brennan
The lower Received header is faked. columbia.edu resolves to
external-smtp-multi-vif.cc.columbia.edu, but that's a virtual
interface, not a host.
Received: from [212.251.108.145] (port=40748
helo=ppp25-145.adsl.forthnet.gr)
-Original Message-
From: Joseph Brennan
The lower Received header is faked. columbia.edu resolves to
external-smtp-multi-vif.cc.columbia.edu, but that's a virtual
interface, not a host.
Received: from [212.251.108.145] (port=40748
helo=ppp25-145.adsl.forthnet.gr)
-Original Message-
From: Damrose, Mark
After a couple of false starts with false positives, here's
the rules that seem to be working
header __ECC_FORGED_SMTPGATE3_RCVD1 Received =~
/(?!via\ssmtpd\s\(for\s)smtpgate3\.elgin\.edu\s(?!\(MIMEDefan
g\)\swith\
sESMTP)/
header
-Original Message-
From: Joseph Brennan
# check it
my $resolver = new Net::DNS::Resolver;
$resolver-tcp_timeout(10);
$resolver-port(530);
my $query = $resolver-query($domainname);
Quick question.
Why is the port 530? Are you running a local rsync of surbl
-Original Message-
From: John Rudd
Shouldn't that last bit be:
[12456789]\d$/
As you've got it, it will reject an offset of xx30, which, as
you pointed out, is valid.
Actually, the vast majority would be caught with [2468]0$/
I've quarantined thousands of these since I put
-Original Message-
From: Gary Funck
I have run into the same problem on an FC5 upgrade, and am
wondering what is the recommended fix?
See also
http://lists.roaringpenguin.com/pipermail/mimedefang/2006-November/03114
9.html
It appears your choices are to modify mimedefang.pl to
-Original Message-
From: Jim McCullars
I feel your pain. I have gotten to where I check my work
email at night to see what the latest pump-and-dump stock
spam is and update SA accordingly. Ugh.
I've found that most of the stock spam have a unique Received header.
Some
-Original Message-
From: Kelson
I NEVER reject message because they might have words that
are legit or
possibly mispelled.
Not to mention legit words that contain blacklisted words.
Looking for cialis will trigger on specialist, for instance.
Or words that have different
-Original Message-
From: Philip Prindeville
We were running FC3 on an x86_64 platform (good bang for the
buck) and decided to finally upgrade to FC5...
Lastly, I noticed that (you were probably wondering when this
was going to actually be relevant to MdF, weren't you?) all
of
-Original Message-
From: David F. Skoll
Kevin A. McGrail wrote:
If I had to guess, a way to get around max message sizes
which at the
time were plaguing usenet.
Well, system administrators generally have a good reason for
setting the maximum message size, and for RFC authors
-Original Message-
From: David F. Skoll
attachments. There were even clients that would attempt to
understand
the part 1/5, part 2/5, etc. subject lines and re-assemble/uudecode
for you.
Right, as in alt.binaries.pictures.erotica.* :-)
I'll have to take your word for
-Original Message-
From: David F. Skoll
You'd then have a mailertable entry routing canit.letu.edu to
the CanIt machine. And the final piece of the puzzle is to
convince your Exchange server to accept [EMAIL PROTECTED] as
a local recipient.
Or, have canit.letu.edu set up as
I'm playing with MIMEDefang 2.57 on Fedora Core 5 using the RPM build from
Fedora Extras. The md_syslog function doesn't work. Fedora C5 includes
version 0.13 of Sys::Syslog.
I've poked around a bit, and figured out that mimedefang.pl seems to be
forcing Sys::Syslog to use 'setlogsock inet;'.
-Original Message-
From: Kayne Kruse
# Begin auto generated section
domain.comTABREJECT
To:[EMAIL PROTECTED]tabRELAY
This doesn't work (as you found out).
With per user rules, you need to put domain.com in /etc/mail/relay-domains.
Then in /etc/mail/access, write:
-Original Message-
From: Kayne Kruse
On Fri, 2006-07-07 at 14:42 -0400, Damrose, Mark wrote:
With per user rules, you need to put domain.com
in /etc/mail/relay-domains.
One would think logically, that since those are allowed to relay,
wouldnt that seem irrelevant to have to put
-Original Message-
From: netguy
Am getting *lots* of what looks like spam from the following.
arin.net reports:
WholesaleBandwidth, Inc. WHOLE-2 (NET-69-6-0-0-1)
69.6.0.0 - 69.6.79.255
OptinRealBig.com ORB-BLK-69-6-10-0 (NET-69-6-10-0-1)
-Original Message-
From: Kevin A. McGrail
I'm aware that it marks any email that has digits in the
body. My plan is to change it to {3,6} because my theory is
that the number emails all have numbers greater than 3. If
you or others have input on this fact, I'd like it to hear
-Original Message-
From: Paul Whittney
and thanks to the sendmail log, based on Mark's reply, I can
now check all the logs, not just the ones I added the MD logging to:
k398tDXj013286,notspam, 1.893, [EMAIL PROTECTED]
k398tHm7013291,notspam, 1.433, [EMAIL PROTECTED]
-Original Message-
From: Jeff Rife
On 28 Apr 2006 at 9:18, [EMAIL PROTECTED] wrote:
Export the list of valid email addresses from your destination MTA
periodically, build an access map, and sendmail takes care of
rejecting invalid recipients before MIMEDefang is called.
-Original Message-
From: Kenneth Porter
--On Tuesday, March 21, 2006 2:17 PM +0100 Steffen Kaiser
[EMAIL PROTECTED] wrote:
during filter_begin() or filter_end(), you'll have a local file
'./ENTIRE_MESSAGE' holding the entire message. Append a newline, a
From $Sender\n and
-Original Message-
From: Paul Murphy
I've finally found what I think is the cause of the problem -
MySQL drops idle client connections if nothing has been heard
from them in 8 hours (28800 seconds).
What about doing a query in filter_tick every 2 hours?
-Original Message-
From: Jan Pieter Cornet
On Tue, Feb 21, 2006 at 09:35:46AM -0600, Richard Laager wrote:
This makes me thing... Are double From: headers a good indicator of
spam?
I'd guess it is.
I agree. The only question is - does it occur often enough to warrant
a check
-Original Message-
From: Philip Prindeville
On the other hand, if, like me, your local address *is*
unroutable, then it means that you're behind a firewall, and
need to do a gethostbyname() on your own name to figure out
what your outside address is (i.e. what the address of your
-Original Message-
From: Philip Prindeville
Damrose, Mark wrote:
since
the internal and external DNS for my namespace are maintained on
separate servers.
Not if you query one of the root name servers...
Ignoring for the moment, that even if the root name servers would
do
-Original Message-
From: [EMAIL PROTECTED]
the internal and external DNS for my namespace are maintained on
separate servers.
Hence services like www.whatismyip.com
http runs through a proxy server, so I would get a different public
IP than SMTP sessions use to reach the mail
-Original Message-
From: Jason Gurtz
I've never heard of that extension. Is it a windows
executable or outlook script of some kind?
I hadn't either. Google found this:
http://www.seniormag.com/compcorner/definitions/ext/biglistm.htm
Which says:
MIM
A multipart file in the
-Original Message-
From: [EMAIL PROTECTED]
That sounds like a good idea, if you have the IP addresses
to spare...
if not you'll need to do some SWIPing.
I may be able to get them. How well does RHEL 3 handle 50
addresses bound to one NIC?
I haven't run that many, but I
If your filter example post to the Wiki requires Net-CIDR-Lite, state that in
your Wiki entry. Those who want to use your code can load the module.
IMHO, the spec file, should only require packages that are truly required by
MIMEDefang, not packages that are popular extras in local filters.
-Original Message-
From: David F. Skoll
[EMAIL PROTECTED] wrote:
1. There is only one ptr record per IP.
Not true. I was testing that on my internal DNS:
Try adding 150 PTR records for a given IP address and watch
all hell break loose. :-)
Of course, since most
FYI: I added an example of using Net::CIDR::Lite to the Helo testing
wiki at http://www.mimedefang.org/kwiki/index.cgi?UseHeloToCatchSpam
-Original Message-
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Tue 1/10/2006 7:07 PM
To: mimedefang@lists.roaringpenguin.com
-Original Message-
From: Paul Whittney
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
I'm a little worried on the effect of the
confMILTER_MACROS_CONNECT macro, but it hasn't hurt
MIMEDefang (that I can notice), so I need to do some
background reading on it.
Here's a
-Original Message-
From: Jon Fullmer
body PORN_SPAM /(?:porn.com|porn-site.com|pr0n.com)/I
describe PORN_SPAM Some jerk sending me porn spam
score PORN_SPAM 10.0
I've noticed that when I do this, though, if the e-mail is a multipart
MIME message (with, say, one
-Original Message-
From: Ian Mitchell
Oh, and no, I don't get legitimate email from APNIC. And
since my user base is very very small, they don't either.
I am not able to do that. My network is a public college
that has international students.
I suspect that most institutions
I've been getting a bunch of spam from zombied hosts in the 222.x.x.x range.
Much of it get blocked by spamhaus and other lists, but there's been enough
left that it's noticeable. Whois says that this netblock is assigned to
Air Force Logistics Command. The senders of the spam vary, but none of
-Original Message-
From: Jan Pieter Cornet
The 222/8 netblock is assigned to APNIC, the Asian Pacific
region, where it is distributed further to individual ISPs or
customers. You can verify this from:
http://www.iana.org/assignments/ipv4-address-space
I got the AF assignment from
-Original Message-
From: Kevin A. McGrail
In fact, if I ever snap, I will be known as the Sendmail
Killer and I'll
write all my letters to newspappers with this syntax.
Well, there goes plausible deniability on premeditation!
___
Visit
-Original Message-
From: Kevin A. McGrail
Minor nit.
If I have a zone like this:
imacompany.com86400INA1.2.3.4
imacompany.com86400INMX51.2.3.5
mx1.imacompany.com86400INA1.2.3.5
Then 1.2.3.5 is the only MX destination and
-Original Message-
From: David Erickson
I was just doing the following before:
sendmail -f `cat SENDER` `cat RECIPIENTS` ENTIRE_MESSAGE
So what mechanisms are available to me to release an email back into
wild from quarnatine without having the 127.0.0.1 allowed globally
in the
-Original Message-
From: Ben Kamen
You need to start mimedefang with -U defang. Am I not
understanding something about your install?
Did you edit rc.mimedefang?
With the RedHat script, settings in the rc script will be
overridden by /etc/mail/mimedefang.conf if that file exists.
-Original Message-
From: Keith Patton
We are getting complaints that email is being returned.. Not
by MD but by the destination with the error
554 5.7.1 bad address syntax:
If the mail had an address error, I would have thought it
would have been caught in both places..
-Original Message-
From: Lisa Casey
Put this before your action_bounce():
action_quarantine_entire_message($report);
Where would the message be quarantined to??
From man mimedefang-filter:
DISPOSITION
...
quarantine
The part is deleted and a warning is added to the
-Original Message-
From: Roland Pope
I am running mimedefang-2.51 and I have a requirement to copy
selected emails that traverse my mail gateway, onto a
seperate archive mail server.
Option 1:
Use quarantine_entire_message(Unique Text) to store the file locally, then
use a cron
-Original Message-
From: Benoit Panizzon
Hi all
I just noticed that md_check_against_smtp_server seams to be
failing checking an IPv6 only destination server.
(Not sure if $ip contains only IPv4 but in other routines the
IPv6 address is correctly returned...)
If you look
-Original Message-
From: [EMAIL PROTECTED]
Can I setup a way to
accept mail for
only a list of e-mail addresses?
Answers my previous question. Yes, you sure can. What I do
is generate an access database of the form
To:[EMAIL PROTECTED] RELAY
To:[EMAIL PROTECTED] RELAY
-Original Message-
From: [EMAIL PROTECTED]
I want to be able to add the disclaimer only if the domain =
abc.com I can get the whole mail address from $sender but I
do not know how to use perl to strip just the domain from
this. Or is there another way?
I need help with the
-Original Message-
From: [EMAIL PROTECTED]
We use confidentiality statements as well, but we split in
and outbound on different servers so we don't have this
particular issue. The issue we haven't solved yet is how to
avoid adding it every time replies go back and forth. If
I've been having a problem with my internal Exchange 5.5 server crashing
randomly.
The cause are messages that the Exchange considers bad. Microsoft's work
around is to delete the problem message from the inbound queue and restart
the
services. Needless to say, this is quite annoying.
I
Thanks. I looked quickly in the MdF distro, but didn't see anything
discussing
greylisting. Is there an implementation already generally available?
Multiple implementations have been discussed.
Search the archives.
http://www.roaringpenguin.com/bin/htsearch?config=listmdmethod=andwords=gr
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I am looking to start using an RBL. In the past, a colegue did some
testing of RBLs and got a lot of false positives.
With RBLs you have to use a different definition of false positives.
Various RBLs have
-Original Message-
From: Alexander Dalloz [mailto:[EMAIL PROTECTED]
Am Di, den 16.11.2004 schrieb [EMAIL PROTECTED] um 1:04:
Hitete wrote:
Or does sendmail rebuild the .mc file at every
/etc/rc.d/init.d/sendmail start command ?.
No.
Unbelievable, but the Fedora init
-Original Message-
From: Marco Supino [mailto:[EMAIL PROTECTED]
Hi,
I am tring to use the $helo var in filter_relay to test some
things, but
it seems its always empty, none of the emails getting past
this filter
have something in the $helo var,
Is this is a bug or am i
-Original Message-
From: Ken Cormack [mailto:[EMAIL PROTECTED]
He's trying to get
the display name to go along with the [EMAIL PROTECTED] in
the MAIL FROM:
portion of the SMTP dialogue. I've tried finding a clear
specific reference
for the syntax, but have come up empty.
-Original Message-
From: Paul Boven [mailto:[EMAIL PROTECTED]
The way I see it, there are these possible actions upon
detecting a virus:
1.) action_discard: *poof*, the virus vanishes without a trace.
2.) action_notify_sender, which I really wouldn't use unless
I am sure
-Original Message-
From: Johann [mailto:[EMAIL PROTECTED]
worms. Verified clean by Sophos Antivirus . /n Legal mumbo-jumbo
Try \n
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
[snip]
would it be difficult to detect
which format the
host was specified?
If there are multiple colons, it would be an IPv6 numeric
address. If
there is only one, it is hostname:port or IPv4:port.
-Original Message-
From: Jason Cullip [mailto:[EMAIL PROTECTED]
How can I configure mimedefang to bypass spam checks on the users who
want to receive spam?
whitelist_to, more_spam_to, or all_spam_to in sa-mimedefang.cf.
___
Visit
-Original Message-
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
I want to reject mail for domains that resolve to 127.0.0.1 or that
have MX records with hostnames that resolve to 127.0.0.1. I have tons
of double bounces due to MX loops back to me because the damn sender
domain
-Original Message-
From: Chris Gauch [mailto:[EMAIL PROTECTED]
Since ClamAV regularly sees updates
to its virus
database (sometimes several times per day), I created a
cron.hourly script
that runs the freshclam script every hour in order to
ensure current DAT
files.
The cron
-Original Message-
From: Lucas Albers [mailto:[EMAIL PROTECTED]
I tried to get read the ldap address book entries from my internal
exchange server (5.5) but I could never get it to work.
I couldn't justify the effort as I'm don't really see it as a
big deal at
this point.
I'm
-Original Message-
From: Peter A. Cole [mailto:[EMAIL PROTECTED]
In Exchange 5.5, probably the easiest way would be to export
your Directory Store as a csv file. In Exchange
Administrator, go to Tools then Directory Export. You can
select all items including mailboxes, custom
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Thread drift:
Does anyone know if xyz.acme.com can have a different SPF record from
abc.acme.com?
Yes.
Or would they all fall under one acme.com SPF
record?
No.
What
if qrz.acme.com does not have a
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
A collegue has heard that there is an October 1, 2004 for
implementing SPF
records. He got this from looking at a report from
http://http://www.dnsreport.com Their message states:
dnsreport.com is a nice
-Original Message-
From: Yanick Quirion [mailto:[EMAIL PROTECTED]
Could you tell me where I have to put these lines into
mimedefang-filter
file? The relay server has always the same address; it's my exchange
server that is behind sendmail.
Just before you call SpamAssassin.
-Original Message-
From: Mike Campbell [mailto:[EMAIL PROTECTED]
Therefore what I want to do is to disable the spam checks for
outgoing
mail. In the filter_end function is where the spam checks are
done. Is
there a way to determine in filter_end if the email is
originating
-Original Message-
From: Marco Berizzi [mailto:[EMAIL PROTECTED]
Sent: Monday, July 19, 2004 8:24 AM
Scalar found where operator expected at (eval 59) line 284, near )
$self
(Missing operator before $self?)
Failed to run header SpamAssassin tests, skipping some:
syntax error at
-Original Message-
From: Yanick Quirion [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 1:59 PM
Using mimefefang-filter I was able to create a similar line,
but I can't
get following data:
Scantime
use Time::HiRes;
$Scantime = Time::HiRes::time;
my($hits, $req,
-Original Message-
From: Ben Kamen [mailto:[EMAIL PROTECTED]
2 config files - run bind 2 times binding the service to each
interface. (that's
the important part - MUST have 2 ethernet interfaces)
No. BIND 9 can run multiple configurations on one interface and
with one daemon.
-Original Message-
From: Jeff Rife [mailto:[EMAIL PROTECTED]
Questions:
1. Does this get the job done?
More or less.
I'd change to
my $MyDomains = '(^|\.)(domain1\.tld|domain2\.tld|domain3\.tld)$';
so it will catch domain1.tld as well as anything.domain1.tld.
Since you
-Original Message-
From: Minica, Nelson (EDS) [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 01, 2004 10:30 AM
#Must set MX_RELAY_CHECK=yes in /etc/init.d/mimedefang
sub filter_relay {
my($ip, $name, $helo) = @_;
if ($helo =~ /mydomain\./i) {
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I need to do a silent discard for all inbound messages to 3
or 4 addresses... just drop em... make em go away forever !
can anyone give me a idea (an example???) on how to do that.
Thanks
sendmail's
-Original Message-
From: Will McCorkle [mailto:[EMAIL PROTECTED]
I just started getting the below errors in my log. Any idea
why the started showing up all of a sudden and why I am getting them?
Slave 0 stderr: Subroutine X_LIBRARY_head_test redefined at
-Original Message-
From: David F. Skoll [mailto:[EMAIL PROTECTED]
And the resulting message was a proper MIME message with MIME boundary
(see below.) So I'm unable to duplicate the problem.
This is a multi-part message in MIME format...
=_1086278340-4966-0
-Original Message-
From: David F. Skoll [mailto:[EMAIL PROTECTED]
On Thu, 3 Jun 2004, Damrose, Mark wrote:
Shouldn't this part have a Content-Type: text/plain header?
Surprisingly, it's not required. According to RFC 2045:
5.2. Content-Type Defaults
Default RFC 822
-Original Message-
From: Bill Maidment [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 10:21 PM
To: [EMAIL PROTECTED]
Subject: [Mimedefang] Mail Bypassing Mimedefang
but unfortunately the powers-that-be insist on allowing
people to access other external mail servers via
-Original Message-
From: Kevin A. McGrail [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 08, 2004 9:50 AM
To: [EMAIL PROTECTED]
Cc: Discussion List for Downloads at http://www.pccc.com/downloads/
Subject: [Mimedefang] Revised Spam Rule for Bad AOL Addresses
After looking at the
-Original Message-
From: Kelsey Cummings [mailto:[EMAIL PROTECTED]
Sent: Monday, May 10, 2004 1:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [Mimedefang] filter based on From/To headers?
The only thing I can figure now is
that the HEADERS
file isn't getting flushed to (ram)disk
-Original Message-
From: Kelsey Cummings [mailto:[EMAIL PROTECTED]
Sent: Friday, May 07, 2004 12:34 PM
David, are there any circumstances when MD will not write out
a HEADERS
file? I've got mail passing through the system that my code in
filter_begin doesn't seem to see.
...
From: Dirk Mueller [mailto:[EMAIL PROTECTED]
On Thursday 29 April 2004 23:51, Damrose, Mark wrote:
Is there a way to turn
this back off?
You really don't want them to be turned off, because then
many spamassassin
checks don't work properly and the scores are generally way too low
Recently upgraded to MD 2.41 from 2.27.
This section of the man page caught my eye.
$AddApparentlyToForSpamAssassin
By default, MIMEDefang tries to pass SpamAssassin a message that
looks exactly like one it would receive via procmail. This
means adding a Received: header,
85 matches
Mail list logo