[Mimedefang] on the fly s/mime signing
Hi, is there an easy way to sign outgoing emails from a single user with s/mime on the fly? I found https://signing-milter.org/ milter, but don't want to set up another milter. Did someone implemented this with mimedefang? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header from display name
Am Montag, den 26.11.2018, 13:02 -0500 schrieb Dianne Skoll: > On Mon, 26 Nov 2018 17:55:57 +0100 > Marcus Schopen wrote: > > > is always the same, but I can't catch it with blacklist_from. Can I > > get > > that from $entity->head->get('From') or any better ideas? > > That should work, or you can open and read the file ./HEADERS, which > contains the message headers (unwrapped, so exactly one header per > line.) I use a spamassassin rule now header MY_HEADER_1 From =~ /^.*\@spammer\.com.*/ describe MY_HEADER_1Header-Spam-Rule 1 score MY_HEADER_1 100 Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter on header from display name
Hi, I see a spammer, who sends with different envelope from and header from, but the "display name" in header from always contains the same substring, e.g.: From: "Spammer " The part From: "Spammer " is always the same, but I can't catch it with blacklist_from. Can I get that from $entity->head->get('From') or any better ideas? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning and refuse to sender
Hi, Am Freitag, den 24.08.2018, 10:50 -0400 schrieb Dianne Skoll: > On Fri, 24 Aug 2018 12:10:41 +0200 > Marcus Schopen wrote: > > > That's why I want to reject it, but inform the recipient - > > not the sender - about the rejection. > > I think this is a terrible idea for two reasons: > > 1) What is the recipient supposed to do with the notification? Most > recipients are not technically savvy and are more likely to panic > than > do anything else. That might me right in most of the cases. But if you do a "silent" reject, this has to be communicated very clearly to the recipient, as well as rejecting at a spamassassin score of >= 5. This is nothing you can decide on your own as postmaster, just because it makes sense. > 2) Unless you do some sort of rate-limiting, a poor recipient may > find > herself swamped with emails to the effect "You almost received a > virus, but we cleverly stopped it!" > > IMO, REJECT is the way to go. In the 99.99% of cases where it was a > virus, > nobody will see the failure notification... but nobody needs to. In > the > rare case of a false-positive, the sender will see the failure > notification > and can pursue further action. I agree that most detected virus mails (I use clamav) are virus mails. But I myself got some valid emails from Amazon, which were marked as "Heuristics.Phishing.Email.SpoofedDomain" and therefore those emails were rejected. My mimedefang-milter configuration was set to bounce, so I didn't know I got these false-positives. It was just luck that I found those emails when checking "/var/spool/MD-Quarantine/". Cheers, m ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning and refuse to sender
Am Freitag, den 24.08.2018, 08:42 + schrieb Paul Murphy: > > > a REJECT is not a bounce, its a denied to accept it > > A REJECT is potentially likely to cause a bounce, but yeah... it > > won't > > be backscatter from your machine. > > Plus a REJECT is only possible if you don't stream by recipient. If > you have streamed, it becomes a bounce. Either way, nobody cares any > more what you do with it - they're not scanning their logs to see > which emails failed and why, because there's no return code for "Your > user tried to send us a virus, please investigate". Plus false > positives still happen, which is part of the reason they can't be > bothered to follow up even if you tell them that you've found what > you think is a virus. I don't agree. Rejecting a virus email means not receiving it from the law side. If you accept an email or just drop it, the problem is on your side. That's why I want to reject it, but inform the recipient - not the sender - about the rejection. I agree, that most of the senders will ignore the rejection, don't scan their logs, or the sender ignores bounces from the sending smtp. But again, this is not my problem then. Ciao! m ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning and refuse to sender
Am Donnerstag, den 23.08.2018, 19:50 +0200 schrieb Benny Pedersen via MIMEDefang: > Paul Murphy skrev den 2018-08-23 18:49: > > Yes, but pointless - either just drop the attachment, or drop the > > whole message with action_discard. Don't bounce it > > a REJECT is not a bounce, its a denied to accept it right, "554 5.7.1" does not accept the email, no back scatter problem. It's like: - [...] data 354 Enter mail, end with "." on a line by itself Subject: Spam Test This is the GTUBE -- the Generic Test for Unsolicited Bulk Email. [...] . 554 5.7.1 Recipient refuses mail due to high spam probability quit Connection closed by foreign host. - > > - back scatter is > > more likely to get you blacklisted than just about anything else > > short > > of mega-spamming, as the sender is likely to have been spoofed or > > is > > not a valid address. > > i dont use mimedefang, its not very good examples of doing anything > good > with it :( H ;) Cheers m ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] action_drop_with_warning and refuse to sender
Hi, in case of a virus I'd like to refuse with a "554 5.7.1" and send a warning email to the recipiet with "action_drop_with_warning". A mixture of "action_bounce" and "action_drop_with_warning". Is that possible? Cheers m ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] score USER_IN_WHITELIST_TO
Am Dienstag, den 21.11.2017, 10:32 -0500 schrieb Bill Cole: > On 20 Nov 2017, at 16:41 (-0500), Kris Deugau wrote: > > > USER_IN_WHITELIST_TO applies to all mail for a given recipient; IMO > > it's a crude hack to work around cases where whatever is calling SA > > can't use the SA userprefs system to just change the threshold > > instead. > > It is very useful for protecting role aliases (e.g. abuse, postmaster) > that are mapped to targets (e.g. root or an off-system address) that > should not generally be left unprotected. This is what I want to use it for: postmaster@ and abuse@ Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] score USER_IN_WHITELIST_TO
Hi, setting whitelist_to in sa-mimedefang.cf seems to hit score USER_IN_WHITELIST_TO -6.0 # they want some spam spamassassin score, so the score is reduced by a value of 6.0. How do I hit the -100 score score USER_IN_WHITELIST-100.0 using sa-mimedefang.cf? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header From:
Hi Dianne, Am Dienstag, den 09.05.2017, 09:46 -0400 schrieb Dianne Skoll: [...] > No, because the filter_recipient and filter_begin/filter_end functions > may not be called in the same process. > > You can define a function called filter_initialize() that will get called > once when a new scanning process is started. > > See the section MAINTAINING STATE in the mimedefang-filter(5) man page. Okay. So if I rebuild the hash file I have the reread mimedefang to kill idle slaves and forcing reread filter rules or wait until all processes are restarted itself by multiplexor, right? Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header From:
Am Dienstag, den 09.05.2017, 14:45 +0200 schrieb Marcus Schopen: > The hash file is created with > > makemap hash testhash.db < testhash.txt Just found out, that I can use the -e option using makemap to allow empty value on right hand side, so the format now is just one email address per line. Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header From:
Hi Kris, Am Dienstag, den 09.05.2017, 10:51 +0200 schrieb Marcus Schopen: > Is there a way to load the key-value hash table file only at > start/reread/reload of mimedefang and not read it on each incoming email > in filter_end? Haha, we had a similar discussion three years a ago ;) http://lists.roaringpenguin.com/pipermail/mimedefang/2014-March/037274.html This is my mimedefang-filter now: sub filter_initialize { require DB_File; use Fcntl; tie %testhash_list, "DB_File", "/etc/mail/testhash.db", O_RDONLY; } sub filter_cleanup { untie %testhash_list; } sub filter_end { [...] # get header From and compare to hash my $fromaddr = $entity->head->get('From'); $fromaddr =~ s/.+<([^>]+)>/$1/; $fromaddr =~ s/\s+$//; if(exists $testhash_list{lc $fromaddr}) { action_add_header("X-SpecialHeader", "$fromaddr is in testhast_list"); } The hash file is created with makemap hash testhash.db < testhash.txt The format of the hash file is just myemailaddr...@domain.de1 What I don't understand is, why there is an ending white space on the header From variable $fromaddr, so I have to trim it with $fromaddr =~ s/\s+$//; Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header From:
Hi Kris, Am Montag, den 08.05.2017, 17:27 -0400 schrieb Kris Deugau: > You would have to fill it in first, by extracting it from the > MIME::Entity passed to the filter_end sub; something like (untested, > check MIME::Tools documentation): > > $fromaddr = $entity->head->get('From'); > $fromaddr =~ s/.+<([^>]+)>/$1/; [...] Ah, yes. This is working. I thought "fromaddr" is a globally available variable. Sorry for misunderstanding. Is there a way to load the key-value hash table file only at start/reread/reload of mimedefang and not read it on each incoming email in filter_end? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header From:
Hi Kris, Am Montag, den 08.05.2017, 11:13 -0400 schrieb Kris Deugau: > if ($hashfile{$fromaddr}) { >action_add_header("SpecialHeader", "$fromaddr found in list"); > } > Ah, good idea. Thanks! But if I just add this to filter_end action_add_header("X-SpecialHeader", "$fromAddr test"); to read out $fromAddr, the variable is empty in my case. Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter on header From:
Hei, I have a text base list of email addresses (one email per line). Where would I best filter on header "From: " (not envelope from) in mimedefang-filter and add an additional mail header in case of a hit? At the moment I use spamassassin rules to tag such mails in filter_end, but spamassassin catches only mails if their "./INPUTMSG" smaller than the global given message size, which I don't want to increase. Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Empty Variables in filter_recipient
Hi Jente, see man page of mimedefang-filter "In filter_recipient, it is set to the single recipient currently under consideration." There is also a good "sub filter_recipient" example in that man page. Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] action_drop_with_warning with recipient depending message
Hi, depending on the recipient I'd like to drop with different warning messages using action_drop_with_warning e.g. when a virus is found. As I understand action_drop_with_warning, it drops with the same message at one go for each recipient in case of multiple recipients, so calling action_drop_with_warning within e.g. "foreach ... (@Recipients)" to get the recipients one after another in sub filter would put as many warnings as recipients to the message. Any ideas how to solve that? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] resending mails from quarantine, modify Message-ID or use Resent-Headers?
Am Dienstag, den 03.01.2017, 19:58 +0100 schrieb Peter Bonivart: > On Tue, Jan 3, 2017 at 7:19 PM, Marcus Schopen wrote: > > Hi, > > > > I'm playing around with resending quarantined emails, if the user wants > > them to be delivered and check locally. I set Resent-Headers in those > > resent messages, so that cyrus delivers and doesn't drop them as > > duplicates. Some users users pop their mailboxes with exchange or > > popcon. Any experiences out there, if those messages get dropped by pop > > clients because of the same Message-ID or should I better change the > > original Message-ID header to something like X-Orig-Message-ID and set a > > new Message-ID header? > > Exchange has had a duplicate message protection looking at the message > ID for a long time. I generate a new message ID to avoid that. Thanks Peter! I will set a new Message-ID too then. Do remove the old Message-ID header or do you change it to X-Orig-Message-ID to keep it? And do you set Resent-Date, Resent-From, Resent-To, Resent-Message-ID headers too? Ciao Marcus -- , [ Marcus Schopen ] | (0> | //\ | V_/_ D-33602 Bielefeld | ` ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] resending mails from quarantine, modify Message-ID or use Resent-Headers?
Hi, I'm playing around with resending quarantined emails, if the user wants them to be delivered and check locally. I set Resent-Headers in those resent messages, so that cyrus delivers and doesn't drop them as duplicates. Some users users pop their mailboxes with exchange or popcon. Any experiences out there, if those messages get dropped by pop clients because of the same Message-ID or should I better change the original Message-ID header to something like X-Orig-Message-ID and set a new Message-ID header? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] calling external shell script without waiting for its end
Hi Dianne, Thanks for your time. Am Montag, den 02.01.2017, 15:45 -0500 schrieb Dianne Skoll: > On Mon, 02 Jan 2017 19:26:44 +0100 > Marcus Schopen wrote: > > > When calling an external bash script in filter_end like > > > system("/usr/local/bin/skript.sh $QueueID > /dev/null &"); > > I hope you trust the contents of $QueueID implicitly... I use the QuarantineSubdir value, not QueueID, sorry for confusion. I played with both of them. > The MIMEDefang working directory gets deleted when the filter finishes. > You most likely also want to be a little more careful with the standard > file descriptors, so: > > system("cd / && /usr/local/bin/skript.sh $QueueID < /dev/null > /dev/null > 2>&1 &") Ah, thanks! > but more importantly... ask yourself what you need that for and whether it > would be better to rewrite skript.sh in Perl and integrated it into > your filter directly. Okay, I understand. I found another way to trigger the external script by iwatch just touch'ing a file from within mimedefang to a directory which is watched by iwatch. This is quite fast and keeps the script separate from mimedefang. Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] calling external shell script without waiting for its end
Hi, happy new year to all! :) When calling an external bash script in filter_end like system("/usr/local/bin/skript.sh $QueueID > /dev/null &"); I get the following error from time to time (mostly on receiving many simultaneously mails): Jan 2 18:38:13 serv mimedefang-multiplexor[7447]: v02HcBAF023342: Slave 1 stderr: shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory Sending the command not into background with an ampersand avoids this error, but I'm looking for something which triggers on an external script and mimedefang should not wait for its finishing. Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] add_header all RelaysUntrusted _RELAYSUNTRUSTED_
Hi Dianne, thanks for your time. Am Mittwoch, den 14.12.2016, 09:42 -0500 schrieb Dianne Skoll: > On Wed, 14 Dec 2016 12:54:38 +0100 > Marcus Schopen wrote: > > > > I'd like to set a "add_header all RelaysUntrusted > > > _RELAYSUNTRUSTED_" to my headers, to see in case of IPs in > > > trusted_networks on which IPs dnsrbl and dnswl checks run on. But > > > putting this to sa-mimedefang.cf has no effect. > > > Any ideas? > > MIMEDefang only uses SpamAssassin's analysis portion. It does **NOT** > permit SpamAssassin to make any message modifications. To add headers, > you need to use MIMEDefang's built-in action_add_header function. Yes, I use action_change_header and action_delete_header to set X-Spam headers in mimedefang-filter. What I don't understand is how the get the value from SA's _RELAYSUNTRUSTED_ inside mimedefang-filter to put it to action_add_header function. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] add_header all RelaysUntrusted _RELAYSUNTRUSTED_
Am Montag, den 12.12.2016, 23:30 +0100 schrieb Marcus Schopen: > Hi, > > I'd like to set a "add_header all RelaysUntrusted _RELAYSUNTRUSTED_" to > my headers, to see in case of IPs in trusted_networks on which IPs > dnsrbl and dnswl checks run on. But putting this to sa-mimedefang.cf has > no effect. Any ideas? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] add_header all RelaysUntrusted _RELAYSUNTRUSTED_
Am Montag, den 12.12.2016, 17:46 -0500 schrieb Kevin A. McGrail: > On 12/12/2016 5:30 PM, Marcus Schopen wrote: > > I'd like to set a "add_header all RelaysUntrusted _RELAYSUNTRUSTED_" to > > my headers, to see in case of IPs in trusted_networks on which IPs > > dnsrbl and dnswl checks run on. But putting this to sa-mimedefang.cf has > > no effect. > My first thought is if you have restarted MD. Darxus on the SA Mailing > List might also have some input if it's not something simple because > that is the right command. Hmmm ... I did a reread and after your email a stop/start, but the header doesn't come up. Ciao! -- Hobbes : Well, you still have afternoons and weekends Calvin : That's when I watch TV. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] add_header all RelaysUntrusted _RELAYSUNTRUSTED_
Hi, I'd like to set a "add_header all RelaysUntrusted _RELAYSUNTRUSTED_" to my headers, to see in case of IPs in trusted_networks on which IPs dnsrbl and dnswl checks run on. But putting this to sa-mimedefang.cf has no effect. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang-Problem
Hi Sauraj, Am Mittwoch, den 07.12.2016, 16:38 +0545 schrieb sauraj: > Dear all, > > I have been using mimedefang for long time with sendmail as the MTA but when > I try to change the MTA to postfix and use mimedefang it seems to be not > working. Could you please help me with this. Hmmm, hard to say. Could you post any logs or error messages? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Connecting Clamd via inet socket?
Hi Benoît, Am Freitag, den 02.12.2016, 16:57 +0100 schrieb Benoit Panizzon: > Hi all > > Does anyone know, if it's possible to use > > ClamdSock = "host:port"; > > in MIMEDefang? > > I found very old posts stating, that clamd can only scan local files, > thus has to be called on the machine the file resides. > > Is still this the case, or can the content to be scanned streamed via > inet socket to a clamd host? As I understand it, clamav needs access to local /var/spool/MIMEDefang/ and I don't see any lines in /usr/bin/mimedefang.pl hat point to a tcp/ip socket for clamav. What about moving clamav scans to a second mimedefang instance running on a different host, which is only responsible for scanning and calling this mimdefang afterwards? Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Multiple MIMEDefang instances (was Re: strip down mimedefang-filter to sub filter_recipient for md_check_against_smtp_server checks)
Hi Dianne, Am Dienstag, den 11.10.2016, 13:10 -0400 schrieb Dianne Skoll: > On Tue, 11 Oct 2016 18:07:42 +0200 > Marcus Schopen wrote: > > > I run milter-greylist and I don't want to run messages into > > greylisting before I checked if recipients are valid (fills up > > greylisting database with non existing recipients). > > You can do greylisting from within MIMEDefang. I'm sure there's some sample > code in the archives. That's the way I'd do it. Hmmm, to be honest I'm not the perl guru to implement all features I use from milter-greylist in mimedefang. So, running two mimedefang instances is the solution then? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Multiple MIMEDefang instances (was Re: strip down mimedefang-filter to sub filter_recipient for md_check_against_smtp_server checks)
Hi Dianne, Am Dienstag, den 11.10.2016, 10:50 -0400 schrieb Dianne Skoll: > Hi, > > While in principle, you can run multiple MIMEDefang instances, I really > don't see the point. MIMEDefang lets you write your policy in Perl, > so I cannot see a use case that requires more than one instance of > MIMEDefang. I run milter-greylist and I don't want to run messages into greylisting before I checked if recipients are valid (fills up greylisting database with non existing recipients). My milter order in sendmail.mc looks like this: mimedefang-beforegreylist -> S=inet:6@scanner (recipient check) milter-greylist (greylisting and some DNSBL checks) mimedefang -> S=inet:60010@scanner (Spamassassin, Clamav etc.) My idea is to point the socket of both socketnames (mimedefang-beforegreylist, mimedefang) to the same socket (S=inet:6@scanner) and then inside mimedefang-filter to check by which socketname - mimedefang-beforegreylist or mimedefang - mimedefang is connected, so that mimedefang-beforegreylist does only do recpient checks. How do I do that? Could you push me into the right direction? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] strip down mimedefang-filter to sub filter_recipient for md_check_against_smtp_server checks
Hi, Am Freitag, den 07.10.2016, 14:49 +0200 schrieb Marcus Schopen: > Hi, > > I'd like to start a second mimedefang instance, which is called before > milter-greylist. This mimedefang should only check if recipients on > internal hosts exist, so incoming emails for non existing recipients > don't run into milter-greylist. > I striped down the mimedefang-filter example to "sub filter_recipient" > where I run some "md_check_against_smtp_server"-checks against internals > host and removed all other subs (= filter_bad_filename, filter_begin, > filter, filter_multipart, defang_warning, filter_end). Seems to work, > but anything wrong about this? I've started a second mimedefang instance, which mimedefang-filter is striped down to sub filter_recipient for md_check_against_smtp_server (nothing more). This works fine, but it's a complete second mimedefang with own spooldir, socket, pids just for recipient checking. Today read about SOCKETMAP option, what I didn't unterstand fully. Is there a way to call the same mimedefang by different socket names, but same socket and then check inside mimedefang by which socketname it is called? At the moment two mimedefang instances on the internal scan host are listening on different ports and are connected from the relay host. If I change both calls to the same inet port how do I figure out inside mimedefang-filter, which socketname is used? The idea is to check recipients in sub filter_recipient only if the socketname is set to "mimedefang-beforegreylist" and exclude all other subs from further filtering. - INPUT_MAIL_FILTER(`mimedefang-beforegreylist', `S=inet:6@scanner, F=T, T=S:5m;R:5m;E:10m')dnl milter-greylist INPUT_MAIL_FILTER(`mimedefang', `S=inet:6@scanner, F=T, T=S:5m;R:5m;E:10m')dnl - Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] strip down mimedefang-filter to sub filter_recipient for md_check_against_smtp_server checks
Hi, I'd like to start a second mimedefang instance, which is called before milter-greylist. This mimedefang should only check if recipients on internal hosts exist, so incoming emails for non existing recipients don't run into milter-greylist. I striped down the mimedefang-filter example to "sub filter_recipient" where I run some "md_check_against_smtp_server"-checks against internals host and removed all other subs (= filter_bad_filename, filter_begin, filter, filter_multipart, defang_warning, filter_end). Seems to work, but anything wrong about this? Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] check header for X- entry
Am Mittwoch, den 05.10.2016, 20:22 +0200 schrieb Marcus Schopen: > Am Mittwoch, den 05.10.2016, 20:02 +0200 schrieb Marcus Schopen: > > Hi, > > > > I'd like to check the header for "X-Greylist" entry in filter_end and if > > it exists with an expected contend write a message to maillog > > (md_graphdefang_log). But I can't find a function for parsing headers. > > Do I have to parse the entire message? > > Found an old mail form 2006 on the list, which pushed me in this > direction: > > my $greylisthdr = $entity->head->get('X-Greylist'); > md_graphdefang_log("greylist", "$greylisthdr", ""); > > Problem is now, that I have two "X-Greylist" headers and I need the > second one. Above grabs the first one and then quits. Answering myself: my $greylisthdr = $entity->head->get('X-Greylist', 1); Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] check header for X- entry
Am Mittwoch, den 05.10.2016, 20:02 +0200 schrieb Marcus Schopen: > Hi, > > I'd like to check the header for "X-Greylist" entry in filter_end and if > it exists with an expected contend write a message to maillog > (md_graphdefang_log). But I can't find a function for parsing headers. > Do I have to parse the entire message? Found an old mail form 2006 on the list, which pushed me in this direction: my $greylisthdr = $entity->head->get('X-Greylist'); md_graphdefang_log("greylist", "$greylisthdr", ""); Problem is now, that I have two "X-Greylist" headers and I need the second one. Above grabs the first one and then quits. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] check header for X- entry
Hi, I'd like to check the header for "X-Greylist" entry in filter_end and if it exists with an expected contend write a message to maillog (md_graphdefang_log). But I can't find a function for parsing headers. Do I have to parse the entire message? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SA autolearn, missing bayes_journal file
Ah, got it. bayes_journal is just a temp file before synchronized into the databases. The server where I see it, is very low volume, so it takes some time until bayes_journal_max_size is reached. I thought it's a mimedefang permission problem. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] SA autolearn, missing bayes_journal file
Hi, I'm wondering about missing bayes_journal file using mimedefang 2.78 and Spamassassin 3.4.1. On another instance with (what I see) same configuration this file is created. Because upgrading from a SA version < 3.4.0 I wiped its database "sa-learn -dbpath /var/spool/MIMEDefang/.spamassassin --clear" as considered in SA upgrade path. Anything misconfigured here? -- sa-mimedefang.cf: use_bayes 1 bayes_auto_learn 1 -- -- $ /usr/bin/sa-learn --dbpath /var/spool/MIMEDefang/.spamassassin --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 57 0 non-token data: nspam 0.000 0 5484 0 non-token data: nham 0.000 0 162297 0 non-token data: ntokens 0.000 0 1475388662 0 non-token data: oldest atime 0.000 0 1475574294 0 non-token data: newest atime 0.000 0 1475572767 0 non-token data: last journal sync atime 0.000 0 1475561433 0 non-token data: last expiry atime 0.000 0 172800 0 non-token data: last expire atime delta 0.000 0 35010 0 non-token data: last expire reduction count -- -- ls -al /var/spool/MIMEDefang/.spamassassin insgesamt 4708 drwx-- 2 defang defang4096 Okt 4 11:19 . drwxr-x--- 437 defang defang 65536 Okt 4 10:53 .. -rw--- 1 defang defang2490 Okt 4 11:47 bayes.mutex -rw--- 1 defang defang 655360 Okt 4 11:47 bayes_seen -rw--- 1 defang defang 5406720 Okt 4 11:47 bayes_toks -- Btw: what's are good values for bayes_auto_learn_threshold_nonspam and bayes_auto_learn_threshold_spam? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.79 is released
Hi Thomas, Am Montag, den 26.09.2016, 17:32 + schrieb Thomas Kristensen: > Hey > > Any ETA on the ubuntu apt release? Or isnt it you that are releasing to those > repos? I built an upstream release for Ubuntu. You can download binary and source package here: https://binux.de/debian/trusty/mimedefang/ Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Domain canonifying and RFCs
Am Donnerstag, den 13.10.2011, 10:57 +0200 schrieb Ernst du Plooy: > I posted the following on the sendmail (comp.mail.sendmail) newsgroup, > but I don't get any reaction. I realise this is not a mimedefang > problem, but I'm sure some of you have also run into this issue. > > RFC 821 section 3.7 states "Whenever domain names are used in SMTP > only the official names are used, the use of nicknames or aliases is > not allowed.". This however changed in RFC 2821 section 3.6 where is > states that CNAME RRs may be used. > > Currently Sendmail still rewrites the sender domain. Does this mean > that the default behaviour of Sendmail is not RFC compliant or are > there other RFCs that still limits the use of CNAMEs with MX records > (maybe RFC 1034 section 3.6.2)? > > Thanks > > P.S. I know the setting confDONT_EXPAND_CNAMES will disable this > behaviour, but I would prefer not to implement this. Also I cannot > modify the DNS records since it is an external DNS server. > They insist their DNS settings are RFC compliant. > > Their DNS records looks like this: > c.domain.com IN A 1.1.1.1 > a.b.domain.com. IN CNAME c.domain.com. > c.domain.com.IN MX 10 mail.domain2.com > c.domain.com.IN MX 20 mail2.domain2.com > > u...@a.b.domain.com will be rewitten to u...@c.domain.com Old thread, but I ran into the same problem on Ubuntu 14.04 LTS (sendmail 8.14.4) today. Setting confDONT_EXPAND_CNAMES to True fixed it. Shouldn't that be put to default sendmail.mc? Took me three beer to figure out the problem, because I never looked into that dark corner. Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] %2C instead of whitspaces in sendmail log
Am Dienstag, den 20.09.2016, 11:59 -0400 schrieb Joseph Brennan: > > --On September 20, 2016 at 11:48:17 -0400 Joseph Brennan > wrote: > > > The function takes only 3 arguments. Try > > > > md_graphdefang_log('spam_full_report',"$hits $names", $RelayAddr); > > > Oh! I forgot that just before this we do: > > $names =~ s/,/ /g; > > to change the commas to spaces! Joseph, thanks. I substituted "%2C" instead of ",". Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] %2C instead of whitspaces in sendmail log
Hi, when I try to log the spam score names to sendmail log using md_graphdefang_log('spam_full_report', $hits, $names, $RelayAddr); all whitespaces are replaced by "%2C" e.g.: BAYES_40%2CDIGEST_MULTIPLE%2CFREEMAIL_FORGED_FROMDOMAIN%2CFREEMAIL_FROM I tried to substitute %2C with whitespaces, but that doesn't work. Any ideas? Thanks Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter_bad_filename based on recipient
Am Montag, den 19.09.2016, 08:57 -0400 schrieb Dianne Skoll: > On Mon, 19 Sep 2016 14:48:16 +0200 > Marcus Schopen wrote: > > > is it possible to define $bad_exts in sub filter_bad_filename based on > > domain name? I'd like to filter ".docm"-attachments, but not globally > > for all domains on that server, just for my private domain. Seems to > > be that $recipient is not known in sub filter_bad_filename? > > The sample filter is just a sample... all the information is available > for you in various global variables and/or parameters passed to the > various filter functions. However, you do need to be fairly comfortable > programming in Perl to make the sort of adjustment you seek; you can start > by reading the mimedefang-filter man page. Thanks, I will give my very best. My mimedefang setup is basically very vanilla, expect of md_check_against_smtp_server checks and some other small changes in mimedefang-filter. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav-unofficial-sigs and pyzor
Am Montag, den 19.09.2016, 08:36 -0400 schrieb Dianne Skoll: > On Mon, 19 Sep 2016 07:46:11 +0200 > Marcus Schopen wrote: > > > my be a little bit off topic, but are there any experience with the > > efficiency of pyzor and clamav-unofficial-sigs [1]. > > No comment on pyzor because I don't use it, but some of the > clamav-unofficial-sigs are useful. We use the following data sets: > >phish.ndb >rogue.hdb >sanesecurity.ftm >winnow_malware.hdb >winnow_malware_links.ndb > > We find the others have unacceptably-high false-positive rates, and > even the ones above occasionally get a bad signature that produces annoying > false-positives. Dianne and Richard, thanks for your feedback! I will get those a try. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter_bad_filename based on recipient
Hi, is it possible to define $bad_exts in sub filter_bad_filename based on domain name? I'd like to filter ".docm"-attachments, but not globally for all domains on that server, just for my private domain. Seems to be that $recipient is not known in sub filter_bad_filename? Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav-unofficial-sigs and pyzor
Hi Richard, Am Montag, den 19.09.2016, 01:23 -0500 schrieb Richard Laager: > On 09/19/2016 12:46 AM, Marcus Schopen wrote: > > my be a little bit off topic, but are there any experience with the > > efficiency of pyzor and clamav-unofficial-sigs > > We use clamav-unofficial-sigs. If clamd triggers, it's a hard fail for > us, regardless of whether it was a virus or spam rule. We do > differentiate them for logging and SMTP rejection messages. > > I can't say how much spam would have been blocked anyway by later > processing (e.g. SpamAssassin), but we have very few (but non-zero over > the years) false positives. And in our filter, whitelisting does not > bypass this test; maybe it should, but that's the current setup. Thank you for your interesting feedback. Did you activate all signatures or just e.g. sanesecurity sigs? I read activating all signatures turns clamav into an evil memory monster, while only activating sanesecurity sigs catches most and doesn't need that much resources. What about pyzor or razor integration? Do they help or just burn performance? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] clamav-unofficial-sigs and pyzor
Hi, my be a little bit off topic, but are there any experience with the efficiency of pyzor and clamav-unofficial-sigs [1]. I used pyzor years ago and didn't follow it since then. And a lot of locky mails passed my filter, therefore I tought clamav-unofficial-sigs with turning on sanesecurity sigs might help here. Ciao Marcus [1] https://github.com/extremeshok/clamav-unofficial-sigs ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
Hi Richard, Am Donnerstag, den 15.09.2016, 00:48 -0500 schrieb Richard Laager: [...] > So configure.in has a check for this pthread flag, but does not use > $PTHREAD_FLAG as part of the $CFLAGS for the SAFE_EMBED_PERL test. Patch > attached, which results in SAFE_EMBED_PERL set and reread working for me > on Ubuntu 16.04. > > The patch is for configure.in. You'll need to either regenerate > configure, or apply the same change to configure. > > Thanks for catching this. I just upgraded my mail servers a couple days > ago and I hadn't actually tested the reread operation. Thanks for your patch, great. I built a Ubuntu/trusty backport for version 2.78. Anyone feel free to use it [1] (no mimedefang code changes expect Richard's patch and change package format for better patch handling). Ciao Marcus [1] https://www.binux.de/debian/trusty/mimedefang/ ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
Hi Richard, Am Donnerstag, den 15.09.2016, 00:48 -0500 schrieb Richard Laager: [...] > > I'm digging into it right now. The problem seems to be that Perl outputs > > -lpthread as a required LDFLAG, but gcc needs -pthread (with no "l"), or > > else it fails linking to the symbol pthread_setspecific. > > So configure.in has a check for this pthread flag, but does not use > $PTHREAD_FLAG as part of the $CFLAGS for the SAFE_EMBED_PERL test. Patch > attached, which results in SAFE_EMBED_PERL set and reread working for me > on Ubuntu 16.04. > > The patch is for configure.in. You'll need to either regenerate > configure, or apply the same change to configure. > > Thanks for catching this. I just upgraded my mail servers a couple days > ago and I hadn't actually tested the reread operation. Patched configure.in and configure (line 4234) and built a package on Ubuntu 12.04 LTS and 14.04 LTS and everything seems fine: -- checking whether x86_64-linux-gnu-gcc accepts -pthread... yes checking if we can embed a Perl interpreter in C... yes checking if it is safe to destroy and recreate a Perl interpreter... yes checking for res_init in -lresolv... no -- and I can reread config: -- Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Re-initialized embedded Perl interpreter Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Killing idle slave 0 (pid 4225): Forcing reread of filter rules Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Killing idle slave 1 (pid 4216): Forcing reread of filter rules Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Reap: slave 1 (pid 4216) exited normally with status 0 Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Slave 1 resource usage: req=0, scans=0, user=0.000, sys=0.006, nswap=0, majflt=0, minflt=343, maxrss=27128, bi=0, bo=0 Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Reap: slave 0 (pid 4225) exited normally with status 0 Sep 16 18:13:07 vorlage1204 mimedefang-multiplexor[3772]: Slave 0 resource usage: req=0, scans=0, user=0.006, sys=0.000, nswap=0, majflt=0, minflt=343, maxrss=27128, bi=0, bo=0 -- Ciao Marcus -- I'm looking for something that can deliver a 50-pound payload of snow on a small feminine target. Can you suggest something? Hello...? --- Calvin ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
Am Mittwoch, den 14.09.2016, 13:08 -0400 schrieb Dianne Skoll: > On Wed, 14 Sep 2016 18:12:39 +0200 > Marcus Schopen wrote: > > > Okay, but this might harm a mail which is in process. Any ideas how to > > fix above error? > > No... no idea. If you don't use embedded Perl (ie, leave the -E flag off > of the mimedefang-multiplexor command line) then you will be able to > use md-mx-ctrl reread. Hmmm, what's the performance loss if not using embedded Perl? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
Am Mittwoch, den 14.09.2016, 11:51 -0400 schrieb Dianne Skoll: > On Wed, 14 Sep 2016 17:46:07 +0200 > Marcus Schopen wrote: > > > Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Cannot destroy > > and recreate a Perl interpreter safely on this platform. Filter rules > > will NOT be reread. > > Huh! That is very weird. I don't get anything like that on Debian Jessie. Hmmm, I get this error on Ubuntu 12.04 LTS too, mimedefang 2.71, perl 5.14.2. > If you get that message, then you'll need to do restart instead of reread. Okay, but this might harm a mail which is in process. Any ideas how to fix above error? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
Am Mittwoch, den 14.09.2016, 09:35 -0400 schrieb Dianne Skoll: > On Wed, 14 Sep 2016 07:54:50 +0200 > Marcus Schopen wrote: > > > do I need to reread or reload mimedefang after sa-update e.g. > > /etc/cron.daily/spamassassin to get the changes in spamassassin rules > > recognized by mimedefang? > > Yep. "md-mx-ctrl reread" is a pretty non-invasive operation, so it's > quite safe. Dianne! Thanks. Then one should add something like "/etc/init.d/mimedefang reread > /dev/null" to /etc/cron.daily/spamassassin in the section where when updates are found, right? /etc/cron.daily/spamassassin: [...] # got updates! su - debian-spamd -c "spamassassin --lint" || die_with_lint do_compile reload # Mimedefang neu laden /etc/init.d/mimedefang reread > /dev/null ;; [...] Btw I get an error on reread, Is this to worried about? - Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Cannot destroy and recreate a Perl interpreter safely on this platform. Filter rules will NOT be reread. Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Re-initialized embedded Perl interpreter Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Killing idle slave 1 (pid 26628): Forcing reread of filter rules Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Killing idle slave 0 (pid 26627): Forcing reread of filter rules Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Reap: slave 0 (pid 26627) exited normally with status 0 Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Slave 0 resource usage: req=0, scans=0, user=0.004, sys=0.004, nswap=0, majflt=0, minflt=199, maxrss=36992, bi=0, bo=0 Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Reap: slave 1 (pid 26628) exited normally with status 0 Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Slave 1 resource usage: req=0, scans=0, user=0.007, sys=0.001, nswap=0, majflt=0, minflt=199, maxrss=36992, bi=0, bo=0 Sep 14 17:39:58 scansrv mimedefang-multiplexor[24029]: Starting slave 1 (pid 26690) (1 running): Bringing slaves up to minSlaves (2) Sep 14 17:40:01 scansrv mimedefang-multiplexor[24029]: Starting slave 0 (pid 26715) (2 running): Bringing slaves up to minSlaves (2) - System is Ubuntu 14.04 LTS, mimedefang 2.73 Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] reread mimedefang after sa-update
Hi, do I need to reread or reload mimedefang after sa-update e.g. /etc/cron.daily/spamassassin to get the changes in spamassassin rules recognized by mimedefang? Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] SRS with mimedefang
Hi, is there a way to implement SRS using mimedefang? GMX set SPF to "-all" and forwarded mails to gmx accounts get blocked. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] long dns timeouts when first dns in /etc/resolv.conf is down
Am Montag, den 14.03.2016, 16:08 + schrieb G.W. Haywood: > Hi there, > > On Mon, 14 Mar 2016, Marcus Schopen wrote: > > > ... It shouldn't make a difference to mimedefang if one of the dns > > server is down. Any ideas? > > Run a nameserver of your own? An own dns can go down too. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] long dns timeouts when first dns in /etc/resolv.conf is down
Hi, I had a strange behaviour this weekend: the first of two dns server of my hoster in /etc/resolv.conf was down. The second dns server was working. Mimedefang/Spamassassin didn't like that. I had very long dns time outs for remote checks. It took over a minute for an email to run through mimedefang. System wide dns worked fine, eg. like pinging domains. After removing the "down" dns server from /etc/resolv.conf and restarting sendmail and mimedefang emails went through within a second again. It shouldn't make a difference to mimedefang if one of the dns server is down. Any ideas? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] quarantine bad_filename messages
Hi, I'd like to use "action_quarantine_entire_message" for messages containing attachments with bad_filename, but not sure where to place the quarantine command. Is "sub filter_bad_filename" the right place? Something like this? # This procedure returns true for entities with bad filenames. sub filter_bad_filename { my($entity) = @_; my($bad_exts, $re); $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt| dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi| msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs| vxd|wmd|wms|wmz|wsc|wsf|wsh| \{[^\}]+\})'; # Do not allow: # - CLSIDs {foobarbaz} # - bad extensions (possibly with trailing dots) at end $re = '\.' . $bad_exts . '\.*$'; # quarantine message if (re_match($entity, $re)) { action_quarantine_entire_message("bad_filename queueid= $QueueID,relayaddr=$RelayAddr,name=bad_filename"); }; return 1 if (re_match($entity, $re)); # Look inside ZIP files if (re_match($entity, '\.zip$') and $Features{"Archive::Zip"}) { my $bh = $entity->bodyhandle(); if (defined($bh)) { my $path = $bh->path(); if (defined($path)) { return re_match_in_zip_directory($path, $re); } } } return 0; } Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] redirect spam for a single domain to another recipient
Hi Steffen, Am Donnerstag, den 03.04.2014, 08:10 +0200 schrieb Steffen Kaiser: > On Wed, 2 Apr 2014, Marcus Schopen wrote: > > > I use stream_by_domain and like to redirect/move spam for a single > > domain to a special recipient/mailbox and collect it there. Any better > > code possible? > > > > sub filter_end { > > [...] > >if ($Domain eq 'mydomain.de' && $hits >= 5) { > > foreach $recip (@Recipients) { > > delete_recipient($recip); > > } > > add_recipient('spambox'); > >} > > Looks good for me. About "$Domain": I'm not sure, whether or not the > domain is always lower-case and never has a dot at the end, therefore I > always lower-case domains names and accept an additional final dot, e.g.: > > $Domain =~ /\Amydomain\.de\.?\z/i That's a good point! > Cosmetic: foreach my $recip ... > or delete_recipient($_) for @Recipients; Thanks, Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] redirect spam for a single domain to another recipient
Hi, I use stream_by_domain and like to redirect/move spam for a single domain to a special recipient/mailbox and collect it there. Any better code possible? sub filter_end { [...] if ($Domain eq 'mydomain.de' && $hits >= 5) { foreach $recip (@Recipients) { delete_recipient($recip); } add_recipient('spambox'); } [...] Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] read domain list from config file
Hi, for some of my domains I'd like to reject mails at a given spamscore of >=5. For some other domains at a higher score. Is it a good idea to read those domain names from different "external" config file instead of coding them hard into mimedefang-milter? sub filter_end { [...] if (($Domain eq 'exmaple1.org' || $Domain eq 'example2.org' || $Domain eq 'example3.org') && $hits >= 5) { if ($WasResent) { action_discard(); } else { action_bounce("Recipient refuses mail due to ..."); } } [...] Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reject a message if listed on more than one DNSBL
Am Dienstag, den 18.03.2014, 17:16 +0100 schrieb Steffen Kaiser: > On Tue, 18 Mar 2014, Marcus Schopen wrote: > > > is it possible to reject a message if it's sending server is listed in > > use the Net::DNS resolver and query the blacklists. mimedefang.pl has the > skeleton how to query. Okay, any working examples out there ;) Ciao! Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] reject a message if listed on more than one DNSBL
Hi, is it possible to reject a message if it's sending server is listed in more than one given DNS-blacklists before the message is running into further resource hungry spamassassin content filtering? I'd like to reject messages from a server if its IP is found in at least _two_ of four given DNSBLs. If there is no hit in these given DNSBL lists or only in one of four lists, in a next step the message should be scanned by Spamassassin. Cheers Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] move SPOOLDIR to tmpfs - how to keep bayes and qdir files at reboot?
Hi Kees, I put $Features{'Path:QUARANTINEDIR'} to mimedefang.pl.conf and in my case (Ubuntu 12.04 LTS) .spamassassin is automatically located under /var/spool/MD-Quarantine without changing home in passwd or changing HOME=/var/spool/MD-Quarantine in /etc/init.d/mimedefang. Kind of strange, but it seems to work. Socket and pid files are still in the tmpfs under /var/spool/MIMEDefang so I think clamav uses the tmpfs to write and check Mails because I see this in clamav.log /var/spool/MIMEDefang/mdefang-s1LIHX6s005741/Work/msg-5718-2.txt: Eicar-Test-Signature(02e592f7b2929ea31bdd2564a2f19810:75) FOUND Ciao! -- I think we dream so we don't have to be apart so long. If we're in each other's dreams, we can play together all night. -- Calvin ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] move SPOOLDIR to tmpfs - how to keep bayes and qdir files at reboot?
Hi, I'm planning to move SPOOLDIR (/var/spool/MIMEDefang) to tmps. My /etc/fstab tmpfs /var/spool/MIMEDefang tmpfs defaults,size=128m,mode=750,uid=ofdefanguser,gid=ofdefanggroup 0 0 This works fine, but mimedefang stores quarantinedir and spamassassin bayes files in /var/spool/MIMEDefang too. How to handle this. Copy /var/spool/MIMEDefang/.spamassassin at stop/start of mimedefang to another directory outside tmpfs. And what about quarantinedir files. Those fill up the ramdisk. Move them by cronjob? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] rate-limiting for outbound mails per sender
Hi, what would be a good way to implement rate-limiting for outbound mails per sender e.g. 50 recipients per smtp_auth sender per hour? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Stream by recipient and sendmail
Hi, I'd like to use mimedefang to split up incoming emails on a single domain with multipe envelope recipients to single emails having only one envelope recipient like Received: from ... for ... http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] changing message-ID to disable cyrus duplicatesuppression feature for a single domain
Hi, I'm using mimedefang in a sendmail/cyrus environment. Cyrus is configured globally to drop duplicate emails. For some circumstances a users needs for all his addresses a single multidrop mailbox which is pop'ed by fetchmail and on user side distributed by local filters to different local mailboxes. Incoming emails with the same message-id are dropped by cyrus on my side e.g. emails with multiple Cc recipients sent separately by the sending mailserver. The user receives just one email in his multidrop mailbox. To my mind this is a good feature, but because of further mailfiltering the user needs these duplicate emails (multiple pop boxes is not an option for him). Because of mailloops, sieve filtering etc. I don't want to disable the duplicatesuppression feature in cyrus and thinking about a workaround with mimedefang to deliver duplicate mails with the same message-ID, but only for his domain. Any ideas? Changing the message-ID for incoming emails to this domain? Sounds evil ... Cheers Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang-multiplexor crash
Hi Ghislain, Am Donnerstag, den 01.09.2011, 23:51 +0200 schrieb Kees Theunissen: > On Thu, 1 Sep 2011, Ghislain wrote: > > >hi, > > > >i have from time to time a mimedefang-multiplexor crash. The > >mimedefang process is still here but mimedefang-multiplexor is down. > >Each time we have a : > > > > kernel: mimedefang[10760]: segfault at 130 ip 7faef285c900 sp > >42c200f0 error 4 in libmilter.so.1.0.1[7faef2851000+f000] > > > >(debian lenny 64 bits) > > > > I wonder how we could debug this and have an automatic way to restart > >the system when it triggers. The startup script of debian does not have > >a "status" command i could use for this and using a dumb "mimedefang > >start" do not work as it see the mimedefang process and think that all > >is ok and not down so it does not start. Of course a restart could not > >be used as if it work then restarting will kill performances especialy > >every 30 minutes ^^. > > > > > > Any idea on how to prevent this ? > > As I wrote in my other reply in this thread I think this is the bug > reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527862 . > Message #47 in that thread mentions a patch that can be downloaded > from http://j-chkmail.ensmp.fr/libmilter . > The "debian-lenny/" directory at that site contains patched libmilter > debian packages for "Lenny". I built these debian packages with Jose-Marcio's patch last year and since then my milters are running rock stable. The debian packages is only 32bit. For building the patch on your own: 1. install the following helper packages: aptitude install debhelper fakeroot m4 cdbs patchutils dh-buildinfo groff libdb4.6-dev libldap2-dev libwrap0-dev liblockfile-dev libsasl2-dev libssl-dev procmail 2. download sendmail latest package source package: aptitude source sendmail 3. download workes.c.patch from http://www.j-chkmail.org/download/libmilter/libmilter-workers-8.14.3-1.tgz and modify the frist two lines to let the package builder find the patch: --- sendmail-8.14.3/libmilter/worker.c 2007-12-03 23:06:05.0 +0100 +++ ./debian/patches/8.14/8.14.3/worker.c.patch 2009-06-15 09:46:29.0 +0200 4. copy workes.c.patch to sendmail-8.14.3/debian/patches/8.14/8.14.3 5. modify sendmail-8.14.3/debian/changelog, e.g.: sendmail (8.14.3-5+lenny1.localguru.0) stable-security; urgency=high * Fixed segfault in libmilter (Closes: #527862) -- Marcus Schopen Sat, 06 Mar 2010 02:07:11 +0100 6. rebuild the sendmail package dpkg-buildpackage 7. install the new libmilter package: dpkg -i libmilter1.0.1-dbg_8.14.3-5+lenny1.localguru.0_i386.deb The filename suffix "localguru.0" depends on your changes in debian/changelog 8. restart sendmail and your filters > I didn't test/use those packages as I'm running Debian Squeeze. > > > A quick and dirty workaround is inspecting the mail-logs and restarting > mimedefang in case of errors. > Something like: > >tail -n100 /var/log/mail.log | \ >grep -q 'Milter (mimedefang): to error state' && \ >/etc/init.d/mimedefang restart > > frequently run by cron should do the job (not jet tested). > The regular expression in the grep command is based on my logs after > the last crash a few weeks ago. Check monit for watchdog functionality. Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] error write(L) returned -1, expected 50: Broken pipe
Hi, I started a tcpdump which shows a lot of TCP Retransmission from the sending server, while my server is always answering with an ACK: --- 787 10404.02746283.19.xx.xx 211.xx.xx.xxTCP orbix-locator > smtp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=5 788 10404.027481211.xx.xx.xx83.19.xx.xx TCP smtp > orbix-locator [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 WS=6 789 10404.04422483.19.xx.xx 211.xx.xx.xxTCP orbix- locator > smtp [ACK] Seq=1 Ack=1 Win=1048576 Len=0789 790 10407.046338211.xx.xx.xx83.19.xx.xx SMTPS: 220 mx.mydomain.de ESMTP MyDomain Mailer; Mon, 29 Aug 2011 16:31:31 +0200 (CET) 791 10407.06354083.19.xx.xx 211.xx.xx.xx SMTPC: EHLO domino.senderdomain.de 792 10407.063556211.xx.xx.xx83.19.xx.xx TCP smtp > orbix-locator [ACK] Seq=88 Ack=24 Win=5888 Len=0 793 10407.063748211.xx.xx.xx83.19.xx.xx SMTPS: 250- mx.mydomain.de Hello domino.senderdomain.de [83.19.xx.xx], pleased to meet you | 250-ENHANCEDSTATUSCODES | 250-PIPELINING | 250-8BITMIME | 250-SIZE 41943040 | 250-ETRN | 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN | 250-STARTTLS | 250-DELIVERBY | 250 HELP 794 10407.08258483.19.xx.xx 211.xx.xx.xx SMTPC: MAIL FROM: SIZE=125838 | RCPT TO: | DATA 795 10407.086341211.xx.xx.xx83.19.xx.xx SMTPS: 250 2.1.0 ... Sender ok | 250 2.1.5 ... Recipient ok | 354 Enter mail, end with "." on a line by itself 796 10407.11308283.19.xx.xx 211.xx.xx.xxSMTP[TCP Previous segment lost] C: DATA fragment, 1460 bytes 797 10407.113097211.xx.xx.xx83.19.xx.xx TCP [TCP Dup ACK 795#1] smtp > orbix-locator [ACK] Seq=485 Ack=112 Win=5888 Len=0 SLE=4206 SRE=5666 798 10408.92902183.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes 799 10408.929036211.xx.xx.xx83.19.xx.xx TCP smtp > orbix-locator [ACK] Seq=485 Ack=1572 Win=8768 Len=0 SLE=4206 SRE=5666 800 10408.94896683.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes 801 10408.948981211.xx.xx.xx83.19.xx.xx TCP smtp > orbix-locator [ACK] Seq=485 Ack=3032 Win=11712 Len=0 SLE=4206 SRE=5666 802 10408.95192883.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes803 803 10408.951942211.xx.xx.xx83.19.xx.xx TCP smtp > orbix-locator [ACK] Seq=485 Ack=5666 Win=14656 Len=0 SLE=4206 804 10408.96886083.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes [...] 987 12529.16122683.19.xx.xx 211.xx.xx.xxTCP [TCP Previous segment lost] cesdinv > smtp [PSH, ACK] Seq=90632 Ack=485 Win=1048064 Len=0 988 12557.02584283.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes 989 12557.025861211.xx.xx.xx83.19.xx.xx TCP smtp > gte-samp [ACK] Seq=485 Ack=128592 Win=64128 Len=0 990 12557.04486183.19.xx.xx 211.xx.xx.xxIMF subject: [restricted] 991 12557.082295211.xx.xx.xx83.19.xx.xx TCP smtp > gte-samp [ACK] Seq=485 Ack=129238 Win=64128 Len=0 992 12557.186893211.xx.xx.xx83.19.xx.xx SMTPS: 451 4.3.2 Please try again later 993 12557.186905211.xx.xx.xx83.19.xx.xx TCP smtp > gte-samp [FIN, ACK] Seq=519 Ack=129238 Win=64128 Len=0 994 12557.20352783.19.xx.xx 211.xx.xx.xxTCP gte-samp 995 12557.20365683.19.xx.xx 211.xx.xx.xxTCP gte-samp 996 12640.63209383.19.xx.xx 211.xx.xx.xxSMTP[TCP Retransmission] C: DATA fragment, 1460 bytes --- After 2.5 hours the email is transmitted completely (ending with an ".", checked by follow tcpstream in wireshard), but the sendmail or the milter ignore this and send a "reject=451 4.3.2 Please try again later". Why? It is strange that the sending servers needs up to 120 seconds to respond to an immediately ACK and answers with a Retransmission then. But even if the whole session takes 2.5 hours and I don't want to wait that long for such a small mail to be transmitted, I'd like to know which parameter/option is responsible for the timeout on my side. And is this just a strange network problem (MTU, firefall on sending side) or possibly my problem (as I sayed never seen such an error sind 2000K mails running through this system and only caused by this single server). Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] error write(L) returned -1, expected 50: Broken pipe
Hi, I found the following error many times but only from the same sending server in my sendmail log: --- Aug 19 12:22:17 server milter-greylist: p7JAME8U015316: addr 88.79.xx.xx from rcpt : autowhitelisted for another 768:00:00 Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: from=, size=125990, class=0, nrcpts=1, msgid=<@OF45480D59.66ADE979-ONC12578F1.00339A09-C12578F8.00294A3Adomain.de>, proto=ESMTP, daemon=MTA-v4, relay=domino.domain.de [88.79.xx.xx] Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: Milter (greylist): write(L) returned -1, expected 50: Broken pipe Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: Milter (greylist): to error state Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: Milter (mimedefang): write(L) returned -1, expected 50: Broken pipe Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: Milter (mimedefang): to error state Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: Milter: data, reject=451 4.3.2 Please try again later Aug 19 14:51:45 server sm-mta[15316]: p7JAME8U015316: to=, delay=02:29:28, pri=155990, stat=Please try again later --- my sendmail.mc --- define(`MILTER',1) INPUT_MAIL_FILTER(`greylist',`S=local:/var/run/milter-greylist/milter-greylist.sock, F=, T=S:1m;R:1m')dnl INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:5m;R:5m;E:10m')dnl --- I can see the sending server in the process table hanging on DATA --- 21780 ? S 0:00 sendmail: MTA: p7QMGAME021780 domino.domain.de [88.79.xx.xx]: DATA --- System: sendmail 8.14.3-5+lenny1 mimedefang2.64-6 Is there anything wrong with my milter timeouts or is it just a buggy sending system (the sender is a reliable person) and not my problem? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding Recipients to X-Recipients Header
Hi Steffen, Am Mittwoch, den 22.06.2011, 09:14 +0200 schrieb Steffen Kaiser: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wed, 22 Jun 2011, Marcus Schopen wrote: > > >> Correct. You can find out other recipients on YOUR mail server (or > >> downstream), but not recipients which were handled by other servers > >> upstream or in parallel to yours. > > > > I add the following lines to filter_end > > > >foreach $recip(@Recipients) { > > if ($recip =~ /<.*\@test\.com>$/i) { > > action_add_header("X-Orig-Rcpts", "$recip"); > > } > >} > > > > If I send an email from an external MX to BCc t...@test.com and BCc > > te...@test.com I just get an X-Orig-Rcpts for te...@test.com. In my > > config stream_by_domain is activated in filter_begin. > > Hmm, if you use stream_by_domain() already, all recipients should have the > same domain already. Right, it wouldn't be a problem or in my setup it's welcome if only all recipients of one domain are shown in the X-Orig-Rcpts Header. > The man of stream_by_domain() says: > > " > stream_by_domain() looks at all the recipients of the message, >and if they belong to the same domain (e.g., > j...@domain.com, >j...@domain.com and s...@domain.com), it returns 0 and sets > the >global variable $Domain to the domain (domain.com in this > exam‐ >ple.) > " > > - -> > > if($Domain =~ /\A(?:domain1|domain2|...)\z/i) { > #action_delete_all_headers('X-Orig-Rcpts'); # see below > action_add_header('X-Orig-Rcpts', join(', ', @Recipients)); > } I've tested this with action_add_header('X-Orig-Rcpts', join(', ', @Recipients)); But if I send an email e.g. from GMX using Bcc to j...@domain.com and s...@domain.com only one recipient is shown in @Recipients. In my understanding for this domain domain.com both recipients should put to the X-Orig-Rcpts Header by above line. Ideas? > BTW: If someone knows your mail setup or you forward such mails around, > the header may contain more (or not) what you intend. Depending on your > needs you should replace the 'X-Orig-Rcpts' header. If a recipient forwards such a marked email with X-Orig-Rcpts header to someone else outside, it would only be a problem if the new recipient should not see to whom else the mail was addressed to under my domain. I can live with that. Otherwise one should not forward such an Bcc email. But you are right. This is a point one has to think about. Cheers Marcus > Regards, > > - -- > Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iQEVAwUBTgGWbP41+pMevzVSAQKBFwf8DjWFaNSCG1nbJ/+R3l8BGF+S3G6Lqt9A > R0/NPK9BLTeL15brH21Rs/oT/vToRVoUUD/b29H8nyDyJbe5LiuR+nEfpC+UUme0 > lcaV4m3m32h6iDxvlFVBaADd3Do4BzXluk9lLCXk5pUzVtcOBVfHtCLB1OpZK9Ro > DgZwNxnJabJ6Rw6ZW7lnaHPBnLEXdup+eo/BgSPcZ3XlOD12VYOqryJKTM1VJ+jn > 0msfb9pRo8ZSwBy+QmfYzMVZkEZmWXX7TIf/Gqc65N/d9b20hakXJIKzSv/ZFxAu > rh9KifHzxfsGN+9R02QTXMMWD9NvRy7Agqwg+q7wN/x0T0uMG3bf8A== > =aKAE > -END PGP SIGNATURE- > ___ NOTE: If there is a > disclaimer or other legal boilerplate in the above message, it is NULL AND > VOID. You may ignore it. Visit http://www.mimedefang.org and > http://www.roaringpenguin.com MIMEDefang mailing list > MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding Recipients to X-Recipients Header
Am Dienstag, den 21.06.2011, 17:13 -0700 schrieb kd6...@yahoo.com: > --- On Tue, 6/21/11, Marcus Schopen wrote: > > > Maybe the recipient is not supposed to know who else got copies. > > > > This would only be the case if another BCc recipient is handled by my > > mailserver. Or am I wrong? > > Correct. You can find out other recipients on YOUR mail server (or > downstream), but not recipients which were handled by other servers upstream > or in parallel to yours. I add the following lines to filter_end foreach $recip(@Recipients) { if ($recip =~ /<.*\@test\.com>$/i) { action_add_header("X-Orig-Rcpts", "$recip"); } } If I send an email from an external MX to BCc t...@test.com and BCc te...@test.com I just get an X-Orig-Rcpts for te...@test.com. In my config stream_by_domain is activated in filter_begin. Ciao! > ___ > NOTE: If there is a disclaimer or other legal boilerplate in the above > message, it is NULL AND VOID. You may ignore it. > > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding Recipients to X-Recipients Header
Am Dienstag, den 21.06.2011, 18:29 -0400 schrieb Joseph Brennan: > Marcus Schopen wrote: > > >> but it goes against the sender's intention. > > > > I just wan't to add the header for incoming mails not for outgoing. Why > > is it against the sender's intention if the recipient knows to which of > > his addresses the mail was sent to? > > > Maybe the recipient is not supposed to know who else got copies. This would only be the case if another BCc recipient is handled by my mailserver. Or am I wrong? Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding Recipients to X-Recipients Header
Hi Joseph, Am Dienstag, den 21.06.2011, 13:15 -0400 schrieb Joseph Brennan: > Marcus Schopen wrote: > > > if receiving multiple addresses in one and the same mail account (POP3 > > box) is in case of bcc received emails hard to see the real recipient > > and impossible to sort such mails by recipient on client side. Adding a > > "X-Recipients: " line to the header which contains all recipients just > > for incoming emails would be helpful for better sorting on client side. > > I've seen this post by David on the list: > > > > Possible? > > > It's very easily done, How and especially only for incoming mails, not outgoing. > but it goes against the sender's intention. I just wan't to add the header for incoming mails not for outgoing. Why is it against the sender's intention if the recipient knows to which of his addresses the mail was sent to? > A little harder to do, but better policy, would be to split the message > into a copy for each recipient, with only that recipient's address in > the X header. In this special setup not possible. Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding Recipients to X-Recipients Header
Am Dienstag, den 21.06.2011, 18:13 +0200 schrieb Marcus Schopen: > Hi, > > if receiving multiple addresses in one and the same mail account (POP3 > box) is in case of bcc received emails hard to see the real recipient > and impossible to sort such mails by recipient one client side. Adding a > "X-Recipients: " line to the header which contains all recipients just > for incoming emails would be helpful for better sorting on client side. > I've seen this post by David on the list: http://markmail.org/message/hvnct7j54owow7jz but not sure if this is what I'm looking for. I already use stream by domain in filter_begin and don't want to go to stream_by_recipient if not really necessary. Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Adding Recipients to X-Recipients Header
Hi, if receiving multiple addresses in one and the same mail account (POP3 box) is in case of bcc received emails hard to see the real recipient and impossible to sort such mails by recipient one client side. Adding a "X-Recipients: " line to the header which contains all recipients just for incoming emails would be helpful for better sorting on client side. I've seen this post by David on the list: Possible? Ciao Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang