> I thought I understood that qmail-scanner would call spamAssassin
> so that I
> would not need to call spamAssassin from Maildrop. Am I wrong? If I am
> right, can I ignore the message above and qmail-scanner will still call
> spamAssassin? If I am wrong, what do I need to do to get qmail-sca
>
> hmmm, I don't have to run -D and mine's logging to syslog and
> supervised.
>
It does for my system. I don't know why. I am running Solaris 8 x86 and
sophie 1.39. Anyone else see this?
--
Ed.
---
This sf.net email is sponsored by:
>
> Since you run sophie under supervise, you dont need to put -D
> (daemon mode).
>
> mulyadi wrote:
>
You do if you want to use logging in syslog. Here is what I use:
exec softlimit -m 1000 fghack /usr/local/bin/sophie -D
the fghack allows it to run under supervise in daemon mode and I
> > a quick-n-dirty start might be:>
>> > cat mailstats.csv|cut -f2,6|grep -v "Clear:"|uniq
-c|sort -rn>> or something more fancy-schmancy> (yet still
crude enough to be of interest ;)>Many thanks to some of the
tips that I received for creating a Virus Report that I can run periodically t
>
>
> I use "H+BEDV's antivir scanner: OpenBSD Version 2.0.3" for virus
> scanning. When I run the command "qmail-scanner-queue.pl -z" where does
> qmail-scanner get the information to generate the
> qmail-scanner-queue-version.txt?
>
> Does anyone know?
>
> Thanks,
>
> Darley
>
Here are the con
> a blank line followed by
> . Clear:. Processed in 0.310092 secs); 29 Jul 2002
> 16:38:26 -
>
> and the message is not displayed correctly. When I
> edit those lines out of my message spool eveything is
> fine. I have tried just getting the blank line out and
> taht did not work , I have trie
> I'm using Qmail with QS, SA and Sophie together with SMTP-POPlock from
> http://www.davideous.com/smtp-poplock/
> This program is a neat piece of software, and it always worked the way I
> installed it. After upgrading to QS 1.13 yesterday, I found out QS
> doesn't scan anything, since QMAILQUEU
> Hi all
> I've work in an ISP where we have 1000 mailboxes. I'd like to know if
> there is a way to calculate how many memory I have to use for the
> qmail-smtpd session softlimit. How many memory do you recommend for 1000
> mailboxes.
> Sorry about my english
> Thanks for this great software
>
>
>
> Try looking Chris Bunnel's (i guess) patch (useful assuming
> that you're running Vpopmail and using MySQL); search messages of this
> list by April '02
> Jason is preparing general solution by version 2.x of Q-S as he posted to
> the list
>
> Regards,
>
>
> --
I am contemplating setting up a second instance of qmail-smtpd to allow some
domains to not have their email run thru Q-S. Do I need to recompile a
second copy of qmail? Or is it adequate to just start another server
process bound to a different IP? For instance on my qmail server I have two
in
>
> Vpopmail shows up regularly as a problem here.
>
> It's a Qmail addon that I don't use, and appears to alter things quite
> dramatically from how Qmail normally operates.
>
> This should be mentioned in the FAQ as a warning. Can some vpopmail user
> come up with a paragraph for me that explain
>
> Just a thouhgt...
> perhaps virtualdomains are to "blame" for 127.0.0.1 "interferance"?
> More complete picture of the setup would be helpful.
>
Yes, I do use virtual domains and vpopmail. Could that be it? All domains
that I handle are virtual...(long pause as Ed looks into the vpopmail
ro
Just curious if anyone has a script available that they use to produce virus
reports for individual accounts? What I would like is to run a script
periodically that would tell each customer how many viruses were stopped for
their account. Right now I have Q-S notify each recipient when a virus h
>
> Well there's no way settings for 127.0.0.1 could affect anything unless
> they'r used. So the next question must be: *how* do you get mail onto your
> box? fetchmail perhaps...? Fetchmail defaults to delivering via SMTP to
> 127.0.0.1...
>
> --
> Cheers
>
> Jason Haar
No fetchmail. I use an
>
> Huh? I'm sorry, but I do expect you to understand how Qmail works before
> using Qmail-Scanner! That is an EXAMPLE of how you can use it.
>
Ouch!
> As it says:
>
> /etc/tcpserver/smtp.rules
> #
> # No Qmail-Scanner at all for mail from 127.0.0.1
> 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQ
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Anthony Baratta
> Sent: Monday, July 22, 2002 4:25 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Qmail-scanner-general]tcp.smtp question
>
>
> At 12:56 PM 7/22/2002, Cert
I'm trying to convert to the Q-S standard of setting QMAILQUEUE from
tcp.smtp file. According to the Q-S website:
# No Qmail-Scanner at all for mail from 127.0.0.1
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue
"
When I do this my outgoing mail (relayed from a dia
With the current version of Q-S is there any way to exclude a domain from
virus scanning? (Believe it or not they don't want the service!).
Thanks,
Ed.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek
>
> If you are simply blocking attachments using qmail-scanner, it's doing
> exactly what you asked.
>
> So it's stopping illegal attachments, despite they have viruses
> or not, and
> telling it has found an illegal attachment.
>
> More than an antivirus, blocking attachment may be seen as a comp
>
> hi,
>
> i have qmail-scanner set up to block .com,.pif,.exe,.bat files, etc. this
> happens, lickety-split with no problems.
>
> however, is there any way to get it to scan the attachments and
> report on what
> kind of infection it carries as well? i just get "illegal attachment".
>
> thanks
Check out "./configure --unzip no" option. This should do it.
Ed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
landon
Sent: Tuesday, July 16, 2002 12:41 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]scanner works, but zips with denied
e
> What are typical scan times for QS and SA? I know they can be all over
> the map depending on the size of the email/attachments, etc. But, in
> general. Reason is, I'm seeing almost all of them over a second and lots
> of them > 2 seconds. Seems pretty long to me. Fortunately, my server is
> not
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Ron Culler
> Sent: Tuesday, July 02, 2002 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]Qmail-Scanner and Spamassassin not
> working together
>
>
> I followed the FAQ and setup my local.cf file like the examp
>
> Hi all,
>
> I tried several versions of qmail-scanner-queue.pl (1.10, 1.12) with
> Sophos sweep (3.58, 3.59): in every case I got an "Error
> initialising detection engine" error message;
>
> With prior version of sweep I've running this scheme with no problems;
> Is there any clue for th
> Can someone help me out with loading sophie. I can use supervise
> scripts if
> anyone has it working this way.
>
> Also I would like to check if spamassassin is working. Anyone
> know how? My
> email headers have:
>
> Received: from [EMAIL PROTECTED] by gw.zoltak.com by uid 401 with qmail-
> s
> Hi all,
>
> I have my external MXes setup to use qmail scanner. Suppose I
> want to put in
> a rule to stop all external email coming to the address
> "[EMAIL PROTECTED]". Is there a way to do that in Qmail scanner. I tried
> to do this:
>
> [EMAIL PROTECTED]Virus-To: Mail to this
> Whilst upgrading my qmail-scanner installation to 1.12 recently I
> decided to
> check the quarantine-attachments.txt file and found the line:
> .{100,} Virus-Date: Date Buffer Overflow trojan
> had been replace with the following:
> .{100,} Virus
> I can't see the point in distinguishing them? If these viruses
> are making up
> the From address, I'd say your patch should limit itself to notifying the
> admin address - no recips or senders - ever.
>
> Any downside?
>
> --
> Cheers
>
> Jason Haar
I like for my recips to get a notice for al
> On Fri, 2002-06-07 at 09:54, Philip Chase wrote:
> > Miranda Gomez Miguel Angel <[EMAIL PROTECTED]>
> 06/07/02 09:40AM >>>
> > >Hi,
> > >i would like to know how to notify the recipient instead of
> the sender, i
> > >mean some email with virus doesnt have a valid address, so the
> qmail se
> 1. What do I put in my .qmail file to invoke procmail.
> 2. What do I put in my /etc/procmailrc file to look for the *
> ^X-Spam-Status: Yes , move spam to a spam dir and then deliver the rest to
> ~/Maildir/.
>
> Thanks
> Doug
>
This assumes that Q-S has already run SA upstream of delivery.
When I first setup Q-S and Sophos I also setup an automated virus
definitions update script that would pull down the latest definitions from
Sophos whenever a new alert was sent out by Sophos. The idea being that my
virus defs would be updated within a few minutes of Sophos alerting me of
any cha
> I monitor my firewall and I noticed number of connections to port 7 of
> several machines. Port 7 is generally a TCP "echo" service, but I
> forgot the
> last time I've seen anyone use it. SoI traced the source to one of our
> mail servers. This server has recently had qmail-scanner installe
> Hi!
> That should work fine I think... I also think that this would work:
>
> domain.net.IN MX10 mail1.domain.net.
> domain.net.IN MX10 mail2.domain.net.
>
> I wonder what will happend if one of the servers go down
> (hardware problems,
> maintance, power outage). Will the other
>
> Details are as follows:
>
> 1. Hardware
> - 2 x 2U Intel Barberra Dual PIII-450 Mhz with 1GB RAM.
> - Internal 18GB SCSI for queue and mail store on NFS mount.
> - Alteon Ace Director 3 L4 load balancing switch.
>
Thanks for the detail on your setup. Helps me alot. I have been ponderi
If
you read a later thread in that original message he admitted that he left
out the patch command step after the "cd qmail-1.03" step. Probably
something like "patch -p0 < qmailqueue.patch"
---
Ed.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Beh
EMAIL PROTECTED]]On Behalf Of
> Trey Nolen
> Sent: Thursday, May 23, 2002 9:15 AM
> To: CertaintyTech - Ed Henderson;
> [EMAIL PROTECTED]
> Subject: Re: [Qmail-scanner-general]poor smtp response
>
>
>
>
> > Whenever I hear a problem like this it is usually a DNS p
> > If you telnet to the mail server at
> > port 25, it will sometimes take over a minute to respond. Then,
> it will seem
> > to fix itself after a few minutes. During the time of slow
> response, load
>
> There's a problem for a start. Q-S isn't invoked by qmail-smtpd until the
> DATA call occur
> Hi Ed,
>
> My qmail-scanner didn't puke. :-)
>
Thats good! No fun to have a sick Q-S :-)
> What if somebody sends a big file attachment, say 30mb. How does
> qmail-scanner deal
> with it?
>
>
I set the limit on message size in qmail. I created a
/var/qmail/control/databytes file containing
> Hi. It's fixed now, hopefully. I made it from 6mb to 8mb. :-)
>
One way to test for sure is to send a tarred and gzipped EICAR test virus as
an attachment. This combination (tar and gzip) seems to use the greatest
amount of memory and will test if your softlimit is set high enough. I
found t
>
> X-Qmail-Scanner-1.12:[mail.screamingmonkey.com10216545374083008]
> corrupt or unknown Sophos scanner/resource problems - exit status 32
>
> How do I fix that error?
>
> Thanks.
>
> Neil
It usually is an indication that you have set the softlimit too low in your
/service/qmail-smtpd/run file.
net','b.com',c.org');
my $NOTIFY_ADDRS='sender,admin,recips';
This is correct? If it is, the report did not go to
the recips.
Please help
- Original Message -
From: "CertaintyTech - Ed Henderson"
<[EMAIL PROTECTED]>
To: "Am
> I've been looking at archives for the list for about 4 months but haven't
> found anything to help here.
>
> 1. Followed the instructions to the best of my abilities, everything
> seemed to work properly.
> 2. Inserted:
> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
> export QMAILQUEUE
>
> Sent: Thursday, May 09, 2002 6:08 PM
> To: CertaintyTech - Ed Henderson
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Qmail-scanner-general]almost done
>
>
> I must be missing something.. Whenever I send e-mail from my other box,
> nothing gets loged into qmail-queue.log
>
> --
>
> Perlscanner is blocking all those illegal attachments. It send emails to
> root and the sender. But i would like it a email to the recipent too. Is
> there a way to do it?
./configure --help is your friend. It will show you all of the options with
one being the ability to notify recips. Or
>
> Hi,
>
> since I have installed qmail-scanner, I have experienced severe problems
> with some mails. Apparently, qmail-scanner _bounces_ mails instead of
> forwarding them. Attached is a mail that went through my local qmail+qs
> isntallation, including headers. Note the "From" envelope in the
>
> Is it possible to let thru email body, but drop the infected
> attachment with QS ?
> Thx
>
> Nick.
>
>
>
Not in Q-S.
--
Ed.
___
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get
>
> How do i add Klez into the perlscanner?
>
> - Original Message -----
> From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
> To: "Nicholas Chua" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, May 07, 2002
> Sending standard test message - no viruses...
> Script is not setuid/setgid in suidperl
> qmail-inject: fatal: qq temporary problem (#4.3.0)
> Bad error. qmail-inject died
>
> How do i solve this error?
>
>
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl
chown qmailq:qmail /var/qmail/bin/qm
>
> I am using using using daemontools. Do i need to do
> echo "/var/qmail/bin/qmail-scanner-queue.pl" >
> /service/smtpd/env/QMAILQUEUE too?
>
No. Just add the environment variable QMAILQUEUE to the run file. Make
sure it is before the line that starts qmail-smtpd.
---
Ed.
___
> What should i edit? the /etc/rc.d/init.d/qmail or the
> /var/qmail/supervise/qmail-smtpd/run?
>
> My /var/qmail/supervise/qmail-smtpd/run as follow:-
>
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> exec /usr/lo
The "qmail-smtpd/run" file is the one that MUST have the QMAILQUEUE variable
in it.
--
Ed.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Nicholas Chua
> Sent: Monday, May 06, 2002 11:20 AM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-gener
> How to get complete name of founded virus correctly ?
> I used this line in Q-S:
>
> if ($DD =~ /\w(.*) infected with (.*)\n/) {
>
> With this I only get the first part of name on first line.
> So I get only 'Wi', which is not good...
> I don't know how to get the second part from the second l
> Since the From: and To: addresses are considered un-trustworthy, is it
> reasonable to have a 'local addresses only' notification option? For
> example, notify the recipient based on the actual delivery
> mailbox, and/or
> notify the sender if the virus is delivered from an internal IP address
>
>
>
> Well I'm not sure of what you guys do (haven't been watching this
> thread too closely), but I just hacked up the is_replyable_email()
> function to return 1 on certain viruses like Illegal MIME Headers
> (which just turn out to be spam from address that don't work any
> way), and certain vi
Does
the dir "working" exist? It should. "ls -la" should
show:
drwxr-xr-x 5 qmailq
qmail 512 Jul 3 2001
archives-rwxr-xr-x 1 qmailq qmail
40443965 May 2 17:41 mailstats.csv-rwxr-xr-x 1
qmailq qmail 1745199 Apr 24 15:09
qmail-queue.log-rwxr-xr-x 1 qmailq
> Yeah... Klez is a real serious pain...
>
> It will randomly grab email addresses from an infected person's
> addressbook, OR it will grab email addresses from ANY file on ANY
> drive it has access to. It then will use these random addresses
> for the TO: field, and for the FROM field both in th
I see that Klez changes the MAIL_FROM as compared to the "From:" address. I
assume the From: is the correct one but of course Q-S sends a notice to the
MAIL_FROM. Where does it get the MAIL_FROM address from? Are the notices
being sent to the wrong person?
THanks for any enlightenment,
Ed.
57 matches
Mail list logo
