RE: [Mimedefang] Content filtering

going to stop intentional leaks. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQBXic231OrleHxvOEQLMnACfZvM2Pa4SqYCJXlwSKl7g5XTh7YkAni93 K8cZa+4LTbRFw9dL/mW3ao8q =/WGt -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org

RE: [Mimedefang] Using more than one virus scanner is a good idea.

. Any reason for suggesting that File::Scan run after the daemonized ones? Is it because File::Scan doesn't catch that many viruses compared to the others? Or is it because it's not updated as quickly in case of outbreaks? Otherwise, it's faster than the daemonized virus scanners isn't it? Richard

RE: [Mimedefang] over quota message

to the Perl filter (though I bet I'll get requests for it. :-)) Yes, this is something I've been meaning to ask about. Currently I'm doing quota checks in filter_begin. However, I could probably bounce a significant amount of mail earlier if this was implemented. Richard Laager Wikstrom Telecom

[Mimedefang] LANG Environment Variable

in /etc/sysconfig/mimedefang or /etc/init.d/mimedefang (as created by the RPM)? It seems a little overreaching to change this universally. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQC8Ilm31OrleHxvOEQIJrQCggU/a+T72Xjx0ulm48TYqpFSpnZUAoNcv 9BVhH5XiEe3zuYnRG/1wxKs4 =HKfA

[Mimedefang] Re: HELO + PTR countr-code TLD matching

they use to simplify the MN Senate addressing. I've just coded an exception for this domain. Otherwise, the check is working great. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQDpmDG31OrleHxvOEQLIHACgpZSU4BbkHUusnwmi9L/U+awizY0An0rX oU

RE: [Mimedefang] Invalid mimedefang.pl -structure output and virus scanning behaviour

signatures? It sounds like a good idea, but I'm afraid of potential downsides. Thanks, Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA

RE: [Mimedefang] email wire tap

if statement yourself. In either case, you'll want to add this code to either filter_begin or filter_end. (Probably in filter_end, but it depends on your needs.) Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA

RE: [Mimedefang] Re: email wire tap

); } # Make other modifications to the message such as inserting X-WireTap- headers, etc. } Then you would probably avoid doing later modification (spam filtering, virus filtering) on these messages by checking to see that $RelayAddr ne '127.0.0.1'. Richard Laager -BEGIN PGP SIGNATURE- Version

[Mimedefang] md_graphdefang_log in filter_relay, etc.

be able to handle that? Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQGsorm31OrleHxvOEQK1vgCgxEWPyxez2wSnp3Ezd/Cjs890os4AnRvQ D5WDDQ+IGab6SJr98rTQe6+i =p6VK -END PGP SIGNATURE

RE: [Mimedefang] MIMEDefang 2.42 is released

. I don't know if it's worth adding a paragraph for filter_cleanup that is similar to the one for filter_end or not. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQGsoM231OrleHxvOEQI8rgCgoWJN+yVtog3aiOy

RE: [Mimedefang] What is wrong with this filter

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At a bare minimum, you have commented out the closing curly brace for filter_bad_filename and filter_begin but not the initial sub line that includes the opening curly brace. There may be other errors. Richard Laager -BEGIN PGP SIGNATURE

RE: [Mimedefang] surbl

if this SUBL stuff does that or not.) And, the URIs aren't going into a database based off messages, so there is no danger of joe jobs. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA

RE: [Mimedefang] MXCommand: read: Connection reset by peer

of physical memory and no swap. I'm running the embedded perl interpreter with 50 slaves set as the MX_MINIMUM. I have MX_MAXIMUM set to 110. (By the way, what do you think of these values?) Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you

RE: [Mimedefang] MXCommand: read: Connection reset by peer

for the reread problems? I'm running version 2.43. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNjOxG31OrleHxvOEQKrrwCg7DmerSksokdbKLOBvHqMTA05YVkAn0R2 0cWy0Q/H7+/oGc6lpKM2c8QP =+IlS

RE: [Mimedefang] MIMEDefang embedded perl stability issues

filter as long as I remember. David, I still haven't gotten around to running the gdb commands you suggested in the other thread a few days back. I hope to get to that soon if I have time. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you

RE: [Mimedefang] Using Mail::GPG in filter to examine PGP attachments and messagebody

subkey setup -- size 2048, never expires. Especially for a long-life corporate key, you should setup multiple encryption subkeys with expiration dates. That way, the compromise of one subkey will only compromise messages that were encrypted to that subkey. Richard Laager -BEGIN PGP SIGNATURE

RE: [Mimedefang] Using Mail::GPG in filter to examine PGPattachmentsand messagebody

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any ideas on my implementation problem? I don't have any ideas on the Perl MIME issues. I know more about the MIMEDefang API and PGP encryption in general than the details of the Perl MIME stuff. Richard Laager -BEGIN PGP SIGNATURE

RE: [Mimedefang] Deadline for SPF records

completely invalid addresses. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQRgPY231OrleHxvOEQLVvACg6r68vySTWULpxAWhEAghQ94yHJoAnRB3 Enn6ldflDqBL4/xP9Sc9w9r9 =q69y -END PGP

RE: [Mimedefang] Deadline for SPF records

be subject to additional checks, but not outright rejected, it will be accepted and the SpamAssassin score increased. The behavior is exactly per their setup. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely

RE: [Mimedefang] roaringpenguin.com is listed in rfc-ignorant

makes sense) usage of the null sender and I speculated that you (David) did not send mail from postmaster, and thus had no reason to expect DSNs for that address. I imagine you put the block in place to stop bounces from joe jobs. The rfc-ignorant.org admin said: most common != only. Richard

Re: [Mimedefang] add boilerplate not working as expected

On Sat, 2004-10-02 at 16:35, J.D. Bronson wrote: if ($RelayAddr =~ ^192\.168\.1 or ^127\.0\.0\.1) { Try this instead: if ($RelayAddr =~ ^192\.168\.1 or $RelayAddr eq 127.0.0.1) { The error is that or binds two conditional statements. In your example, it was seeing this as: statement 1:

RE: [Mimedefang] Scary... Filtering on the outbound.

be used to ensure that the archived messages could only be read when authorized by the appropriate person(s). If you're using GnuPG or something else, then secret sharing isn't really available, but there are other ways of accomplishing much the same thing. Richard Laager signature.asc Description

Re: [Mimedefang] OT: New Sendmail spam block

authenticated. MUAs do a lot of stupid things, so I have a lot of exceptions for local users. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang

Re: [Mimedefang] OT: New Sendmail spam block

in what you send philosophy. How much that philosophy applies in today's hostile Internet (especially with regard to e-mail) is a question for another day. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org

Re: [Mimedefang] OT: New Sendmail spam block

because the domain you're sending *doesn't resolve to the IP address of your machine*, he's broken. You *might* also be broken. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca

Re: [Mimedefang] OT: New Sendmail spam block

On Fri, 2005-03-25 at 16:42 -0600, Les Mikesell wrote: On Thu, 2005-03-24 at 18:34, Richard Laager wrote: If he's blocking because the domain you're sending *doesn't resolve to the IP address of your machine*, he's broken. You *might* also be broken. Or you might be multi-homed

[Mimedefang] resend_message fails

resend_message has been failing lately in my filter, it seems. I get the following error message: sendmail non-zero exit status in resend_message: 16384 Any thoughts on what this might be? -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet

Re: [Mimedefang] resend_message fails

that I could log what command MIMEDefang is running so I could check the syntax? -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang

Re: [Mimedefang] PING - PONG support for mimedefang socket

On Wed, 2005-04-13 at 16:26 +0200, Martin Blapp wrote: What about this little nice patch :-) ? What is PING/PONG support useful for? Richard Laager ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang

Re: [Mimedefang] use strict

with mimedefang.pl? Nope. I have use strict and use warnings in my filter. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca

Re: [Mimedefang] Adding footers or signatures to all outgoing email

On Fri, 2005-07-08 at 22:03 -0400, Lisa Casey wrote: I'm also open to ideas about drawbacks to this idea (i.e., why I shouldn't do it!). It's obnoxious. Also, as e-mails are replied to and forwarded, they acquire many copies of the message. Richard Laager

Re: [Mimedefang] Please review: new Spamc feature

On Tue, 2005-10-25 at 11:01 -0700, [EMAIL PROTECTED] wrote: I do all sorts of things w/ MIMEDefang besides spam-scan, and while the MIMEDefang threads are doing all these things, that SpamAssassin module is sitting there idle, but taking up space. Use the embedded Perl feature of MIMEDefang

Re: [Mimedefang] Patch for Clam 0.88

On Wed, 2006-01-11 at 12:36 -0500, David F. Skoll wrote: So I found my way out of the twisty passasges. The following patch appears to fix ClamAV 0.88 so it works properly on deflate64-compressed ZIP files, if you have UNIX unzip installed. Cool! Have you submitted this to the ClamAV folks?

Re: [Mimedefang] Patch to mimedefang...

On Fri, 2006-01-13 at 15:54 -0700, Philip Prindeville wrote: I'd like to propose the following patch, as a prequel to the posting of an amended mimedefang-filter on the Wiki... If your changes are only going on the Wiki, then adding a Requires to the mimedefang package is incorrect. Richard

RE: [Mimedefang] Anyone noticing...

On Tue, 2006-01-17 at 17:30 +, Paul Murphy wrote: For more background, search the mailing list archives for Blocking spam senders using IPTables?. Before I spend a lot of time searching... Did you post the script, or just notes on the idea? Thanks, Richard

Re: [Mimedefang] OT: Don't let this happen to you

On Thu, 2006-02-16 at 11:50 -0800, Atanas wrote: a sendmail log monitoring script that shuts down web sites immediately (notifying both parties - the web site owner and the shared server administrator) in case a web site starts sending suspicious amounts of outgoing emails for a given

Re: [Mimedefang] Double From: lines in email

On Tue, 2006-02-21 at 11:08 +0100, Sleeuwenhoek J. wrote: This doesn't stop emails with double From: headers from forging internal emailaddresses. Does anyone know of a method to stop this from happening. Currently I'm preventing this with a custom spamassassin rule, but I like to log this

Re: [Mimedefang] Mimedefang 2.56 and SA 3.1.1 - Idle slaves

On Wed, 2006-03-15 at 14:28 -0500, David F. Skoll wrote: (Oh, and by the way: If any SpamAssassin developers are on the list, could you please fire whoever wrote this in Dns.pm: package Mail::SpamAssassin::Dns; 1; package Mail::SpamAssassin::PerMsgStatus; Thanks!) Has this

Re: [Mimedefang] New to MIMEDEFANG

On Wed, 2006-03-29 at 10:19 +0530, R.Linga Reddy wrote: I am new to MIMEDEFANG, I am planing to install on FEDORA CORE 3 or CORE 4, will it support, and is there any problem, It'll work fine. I run it on Fedora Core 4. The only piece of advice that comes to mind immediately is to make sure you

Re: [Mimedefang] Image validator/OCR SA plugin

On Fri, 2006-04-14 at 18:42 +0200, Martin Blapp wrote: Anyone interested should keep an eye on it - it really helps with the image only spam we get today. But problably the spammers will soon change their tricks to different images which are more difficult to read :-( Interesting... What's

Re: [Mimedefang] milter smorgas board

On Mon, 2006-05-01 at 10:29 -0700, Gary Funck wrote: http://www.snertsoft.com/solutions.php Above, a list of milters, many of them open source, some not. Thought it might be useful for ideas of add-ons/improvements to MdF. Here's one I thought interesting:

Re: [Mimedefang] milter smorgas board

On Mon, 2006-05-01 at 14:12 -0400, Jeff Rife wrote: The milter-sender description reminded me... ... Does anybody have any experiences with this sort of callback check? We use it, including a database cache to lighten the load. Since we do reject on it, I can't say how efficient it is compared

Re: [Mimedefang] MIMEDefang 2.57 is Released

On Tue, 2006-06-20 at 10:48 -0400, David F. Skoll wrote: The main change from 2.56 is a new scheduling algorithm that tries to reuse the same set of slaves for a given command. That is, it will do it's best to run all filter_relays on one set of slaves, filter_senders on another, etc. Does

RE: [Mimedefang] MIMEDefang 2.57 is Released

On Sun, 2006-06-25 at 11:04 -0700, Gary Funck wrote: gcc -ansi -pedantic-errors -Wall -Werror t.c t.c: In function 'main': t.c:8: error: ISO C90 forbids mixed declarations and code Here -Wdeclaration-after-statement is useful. It's not supported by all versions of GCC, so it might not be a

Re: [Mimedefang] sendmail and filter_helo interaction

On Thu, 2006-11-09 at 23:06 -0500, Dirk the Daring wrote: # Check #3 # HELO should not contain localhost How effective is this for you? Do you run into false positives? # Check #4 # If the HELO is an FQDN, the index and rindex of . will

Re: [Mimedefang] URIBL/SURBL support

On Tue, 2006-11-21 at 10:13 -0500, Joseph Brennan wrote: --On Monday, November 20, 2006 12:56 -0800 Kelsey Cummings [EMAIL PROTECTED] wrote: Has anyone written up generic URIBL or SURBL specific support for MD outside of using SpamAssassin? Mind sharing? First you have to parse

[Mimedefang] OT: RBL checking in Sendmail

Currently, we check a couple of RBLs right away in filter_sender(). I've been thinking that it'd be nice to move those checks from MIMEDefang into Sendmail, for the following two reasons: 1) If the message ends up being blocked, we avoid a milter call and all of MIMEDefang's setup overhead. 2)

Re: [Mimedefang] Overcoming RPM stupidity

On Sun, 2006-12-17 at 20:46 -0500, Jeff Rife wrote: In the Fedora 6 RPM for MIMEDefang, mimedefang.pl was created using no Features at all. For most of them, this isn't a big deal, as I can put $Features{'whatever'} = 1 in mimedefang-filter and it works. But, this isn't true for

Re: [Mimedefang] MIMEDefang 2.59-BETA-2 is Available

On Fri, 2007-01-19 at 11:21 +1000, Bill Maidment wrote: 2. Entering the ssh passwords for multiple servers is a bit confusing. I work around it by starting only one server initially and then adding the others one by one. Use public key authentication and the ssh-agent. Richard

Re: [Mimedefang] regex filter unwanted words

On Tue, 2007-01-23 at 08:51 -0500, [EMAIL PROTECTED] wrote: John Rudd wrote on 01/22/2007 06:17:48 PM: As many as you can fit. But I would be very careful about it. Plus, I would make sure to use \b around the words, so that you're not getting sub-string matches. For example:

Re: [Mimedefang] Greylisting netmask

On Sat, 2007-02-03 at 21:48 -0500, Jeff Rife wrote: Of course, I do use a whitelist for the well-known large providers (Yahoo, AOL, MSN, etc.). Would you be willing to share this whitelist? Richard signature.asc Description: This is a digitally signed message part

Re: [Mimedefang] Rejecting Cyrillic

On Wed, 2009-03-25 at 12:46 -0700, Kenneth Porter wrote: I've noticed a lot of spam lately in codepage Windows-1251 (Cyrillic). I'd like to reject it with a Cyrillic not understood; please resubmit as Unicode. Is there a canonical MIMEDefang idiom for doing that? I wanted to do largely the

Re: [Mimedefang] PGP encyption of outging email

On Thu, 2009-05-07 at 09:17 +0100, Paul Murphy wrote: Steffan wrote: I wonder why you don't want to encrypt/sign in the MUA. It is more flexible and, well, works most of the time. Because users are incapable of getting it right, and the time they forget to encrypt the message may also

Re: [Mimedefang] Greylisting post-data (was Re: [PATCH] filter_data implementation)

On Thu, 2009-05-28 at 13:17 -0700, - wrote: Then again, I kill messages that have improperly formatted Received: header lines. (Those that claim with *smtp*(wildcarded) must conform to 5321 instead of the looser syntax in 5322 and as such, they must have from and by clauses that are domain

Re: [Mimedefang] mimedefang+postfix on debian lenny

On Tue, 2009-11-10 at 13:00 -0500, David F. Skoll wrote: ADNET Ghislain wrote: strange, resintalling postfix does not remove sendmail completly.. anyway it seems to work that way Please file a bug with the Debian mimedefang maintainer. Installing MIMEDefang should never force the

Re: [Mimedefang] mimedefang+postfix on debian lenny

On Tue, 2009-11-10 at 13:35 -0500, David F. Skoll wrote: I think that's a bug. It should be suggests, because AFAIK apt-get now pulls in recommends packages unless you tell it otherwise. As an aside, I was never a fan of this change, as it seems to lead to exactly this. There are at least

Re: [Mimedefang] mimedefang+postfix on debian lenny

On Tue, 2009-11-10 at 22:30 +0100, ADNET Ghislain wrote: i will try to contact him. I run also in another issue. Postfix runs as the user posfix and i do not found any way to configure mimedefang to have a socket that let the postfix user to communicate with it. Is there any parameters i

[Mimedefang] [OT?] Random Word Spam

We've got a customer who is receiving 1 message per second! that consists solely of random English words stuck together (both subject and body). This has been happening for 24-36 hours. As far as I can see, it's coming from hijacked accounts all over the place (hundreds or thousands of servers)

Re: [Mimedefang] [OT?] Random Word Spam

On Wed, 2012-02-08 at 10:03 +0100, Juergen Kleff wrote: Do you use greylisting? Yes. Do the mails indeed come from real mailservers or do they come from compromised dial-in computers? Real mail servers Feeding the mails to spamassassin's bayes database could perhaps help, in spite of

Re: [Mimedefang] Like action_replace_with_url(), but not quite

On Thu, 2012-08-30 at 13:39 -0600, Philip Prindeville wrote: I can't use stream_by_recipient() because I don't know which attachments need to be removed until I hit filter() and not filter_begin(). I don't use the function, but I think the point of stream_by_recipient() is to ensure that

Re: [Mimedefang] Email injection and the android 'email' app

On Tue, 2013-03-05 at 17:59 -0500, David F. Skoll wrote: There's no way you should break your setup to comply with a brain-dead Android app. As a result of this thread, we discussed and tested this in-house (on just one phone). I believe we did get a notification that the message didn't send,

Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log

On Mon, 2013-03-25 at 13:53 -0700, kd6...@yahoo.com wrote: Although this will issue a QUIT when an error is returned, it does NOT do so when the transaction succeeds to the point where 'DATA' is normally issued. I'm not seeing that. I have MIMEDefang 2.71-2build1 on Ubuntu Precise. I see code

Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log

On Mon, 2013-03-25 at 17:00 -0700, kd6...@yahoo.com wrote: This is what I saw: if ($retval ne 'CONTINUE') { $sock-print(QUIT\r\n); Looks pretty conditional to me. If the return value is the continue literal, no quit is issued. I've now pulled mimedefang.pl.in from the 2.73 tarball

[Mimedefang] md_check_against_smtp_server() returned an empty response

This is unrelated to the other thread. I'm troubleshooting an issue where md_check_against_smtp_server() intermittently hangs for 5 minutes. It's *always* 300 seconds exactly (ignoring sub-second precision). The error is always the returned an empty response from get_smtp_return_code(). I'm

Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log

On Wed, 2013-03-27 at 19:45 +0100, Tilman Schmidt wrote: Am 27.03.2013 15:59, schrieb Matt Garretson: Note that md_graphdefang_log should not be used in filter_relay, filter_sender or filter_recipient. The global variables it relies on are not valid in that context. [...]

Re: [Mimedefang] How to change envelope sender?

How are you getting on the Spamcop block list? Are you doing any outbound filtering? -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it

[Mimedefang] Debugging MIME Parsing Errors

We have a user who is forwarding a Delta airlines email. They've forwarded it several times for testing. Sometimes it gets bounced with the Message contained too many MIME parts. message, while other times it goes through. I have $MaxMIMEParts set to 100. I've looked at the code and it seems to

Re: [Mimedefang] Perl DBI problem stops mimedefang from loading?

On Fri, 2013-12-06 at 07:44 -0500, Scott Galambos wrote: I was using these on an older 32 bit single processor server without a problem for years. I'm now trying to migrate to a 64 bit SMP server and I can't specify these max values without it failing with the following error. 64 bits 32

Re: [Mimedefang] )What AV scanners do you use? (was Re: Any Sophie users out there?

On Thu, 2014-03-20 at 15:04 -0400, David F. Skoll wrote: Post-Cisco, ClamAV seems to have greatly declined in usefulness. It catches hardly anything anymore... anyone else experiencing this? Are you using clamav-unofficial-signatures? We are. I have no idea how much we should be catching. But

Re: [Mimedefang] Access to sendmail marco client_addr

On Mon, 2014-05-05 at 11:03 -0600, Mark Costlow wrote: We've found that this approach works and is valuable, although it has been tricky to determine what a safe number of IPs is to allow. In particular, smartphones roaming around the city tend to look like they are connecting from many IPs.

Re: [Mimedefang] Relayed emails can't be filter!

On Fri, 2014-06-13 at 14:35 +0700, Cương Bùi wrote: submit.mc has this line (ubuntu distro default). I've commented out it. Don't comment it out. You want that line. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

If you still have problems, make sure you run MIMEDefang with the -G option. If your MIMEDefang is packaged like mine, set MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang. This causes MIMEDefang to use a umask that allows group readability. -- Richard signature.asc Description: This is a

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote: I tried your idea. I updated the following in clamd.conf: LocalSocket /var/run/clamav/clamd.socket PidFile /var/run/clamav/clamd.pid User clamav Now I get this error when starting clamd: ERROR: Can't open/parse the config file

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

On Mon, 2014-10-13 at 17:00 -0500, Cliff Hayes wrote: Did what you said and I can't touch a new temp file in /var/spool/MIMEDefang ... permission denied ... but clamd appears to be running as clamav Your tests below should be expected to fail. mimedefang.pid is not group-readable. And the

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

I think you should make sure mimedefang is actually being started with the -G option. Like, look at output from `ps`. Also, stick a sleep(60) in the filter or something to slow it down. That way, you can catch the Work directories live and see what their permissions look like. If the directory is

Re: [Mimedefang] Any way to get MD to accept a Postfix queue ID at RCPT time?

On 04/28/2015 02:53 PM, Dianne Skoll wrote: Actually, this is a more thought-through patch. I don't use Postfix, but if any Postfix users would care to give this a try, I'd appreciate it. I can confirm this patch, plus smtpd_delay_open_until_valid_rcpt = no result in $MsgID having a real

Re: [Mimedefang] Permissions on /varspool/MIMEDefang

On 02/10/2016 11:01 PM, Bill Maidment wrote: Hi After your most recent release I have had problems with the permissions on /var/spool/MIMEDefang being reset to 0750 after a reboot. I need the permission to be 0770 to allow for clamd scanner to use the directory. I eventually discovered this

Re: [Mimedefang] Sendmail SOCKETMAP

I don't use either feature. On 04/27/2016 02:20 PM, Dianne Skoll wrote: I most likely won't delete the features. It's the curse of software development... published APIs must live forever. :( If killing the features is the right move, just call it MIMEDefang 3. Seriously! Don't be afraid of

Re: [Mimedefang] reread mimedefang after sa-update

On 09/14/2016 11:12 AM, Marcus Schopen wrote: > Am Mittwoch, den 14.09.2016, 11:51 -0400 schrieb Dianne Skoll: >> On Wed, 14 Sep 2016 17:46:07 +0200 >> Marcus Schopen wrote: >> >>> Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Cannot destroy >>> and recreate a Perl

Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient

On 09/21/2016 07:16 AM, Vieri Di Paola wrote: > Suppose I have an email that's being sent To: u...@domain.org, > u...@domain.com. > > @Recipients will hold both addresses. > I'd like mimedefang to add a boilerplate only for the message being sent to > u...@domain.com. > > Is that possible? >

Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient

On 09/21/2016 09:09 AM, Vieri Di Paola wrote: >> You can stream_by_recipient() so MIMEDefang resends the message for each >> recipient. In this way, your filter code can handle recipients >> differently. Note the warnings in the mimedefang-filter man page, though. > > The man page isn't too

Re: [Mimedefang] clamav-unofficial-sigs and pyzor

On 09/19/2016 12:46 AM, Marcus Schopen wrote: > my be a little bit off topic, but are there any experience with the > efficiency of pyzor and clamav-unofficial-sigs We use clamav-unofficial-sigs. If clamd triggers, it's a hard fail for us, regardless of whether it was a virus or spam rule. We do

Re: [Mimedefang] clamav-unofficial-sigs and pyzor

On 09/19/2016 01:48 AM, Marcus Schopen wrote: > Did you activate all signatures > or just e.g. sanesecurity sigs? I read activating all signatures turns > clamav into an evil memory monster, while only activating sanesecurity > sigs catches most and doesn't need that much resources. I don't

Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient

On 09/22/2016 11:54 AM, Vieri Di Paola wrote: >> From: "Richard Laager" <rlaa...@wiktel.com> >>> It's a typo, I presume? In my example, u...@domain.com wants the >>> boilerplate and u...@domain.org doesn't. So I guess you meant "resend to

Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient

On 09/21/2016 05:13 PM, Vieri Di Paola wrote: >> From: "Richard Laager" <rlaa...@wiktel.com> >> So in your case, you would resent to u...@domain.org, >> delete_recipient(u...@domain.org), and then add the boilerplate. > > It's a typo, I presu

Re: [Mimedefang] Sender Address Verification

We have been doing sender address verification for years. Looking through the code... We use custom MIMEDefang code around DNS::Resolver and md_check_against_smtp_server(). We wrap the md check in a block and use alarm() to timeout, as MD's timeout doesn't always work (e.g. if the server is

Re: [Mimedefang] Sender Address Verification

On 11/22/2016 12:55 PM, Bill Cole wrote: > the SAV rule was never decisive in a correct SA 'spam' determination Thanks for sharing. This is good information. I've made a note to re-evaluate my SAV rules after the holiday. I have some test harnesses to determine whether an individual rule "made a

Re: [Mimedefang] Sender Address Verification

On 11/23/2016 12:22 PM, Richard Laager wrote: > On 11/22/2016 12:55 PM, Bill Cole wrote: >> the SAV rule was never decisive in a correct SA 'spam' determination > > Thanks for sharing. This is good information. > > I've made a note to re-evaluate my SAV rules after the h

Re: [Mimedefang] action_drop_with_warning with recipient depending message

You have to understand that MIMEDefang is operating on one message. It may have multiple recipients, but anything you do happens to that message. If you want different per-recipient behavior for the same message, somewhere along the line you need to resend the message. You can do this up-front

Re: [Mimedefang] Block internal messages

On 12/26/2016 03:35 PM, Marcelo Machado wrote: > I am new to Mimedefang and I would like to know if it is possible to > block internal messages, (from my domain to my domain) if the number > of recipients is greater than 10. Anything is possible if you write the custom Perl code required. What

Re: [Mimedefang] Get recipients

On 03/20/2017 10:52 AM, Stagiair 2. Cisa wrote: > Now coming to the point: I always had a fixed value for the email adress > to test my functions but now I want to get the email address(es) from > the incoming mails. Look at the @Recipients array. Obviously, a single message may have multiple

Re: [Mimedefang] Get recipients

On 04/11/2017 10:09 AM, Stagiair 2. Cisa wrote: > I've checked on capitals and this was fine. It looked like a non-existing or > empty array. > > After some testing I've found out the array actually really exists and I can > access it. > The only problem is that the values (the different

Re: [Mimedefang] Get recipients

On 04/12/2017 04:12 AM, Stagiair 2. Cisa wrote: > Could this be the result of using an EFA-server? > (https://efa-project.org/about/) > It uses postfix instead of sendmail. I use postfix. The first argument to filter_recipient() is the recipient. The same value is also put into the first

Re: [Mimedefang] Anti-spam breakthrough from Roaring Penguin

On 04/05/2017 04:20 AM, Jan-Pieter Cornet wrote: > Funny thing is, this method of both accepting AND rejecting Speaking of both accepting and rejecting... On a serious note, I wonder if anyone has built this: if (greylisting says to tempfail) { # add a header, such that this message will be

Re: [Mimedefang] Get recipients

On 04/07/2017 03:25 AM, Stagiair 2. Cisa wrote: > I've tried getting the recipients out of the @recipients array but it seems > to be empty. Note the first letter is capitalized. It's @Recipients, not @recipients. > Should I call it on a specific time or in a specific function? It is available

Re: [Mimedefang] Anti-spam breakthrough from Roaring Penguin

On 04/07/2017 08:59 AM, Dianne Skoll wrote: > The part about reaching into Dovecot > to move the message is slightly worrying; it implies that the scanning > process has significant privileges. It could be limited. For the simplest example, assume the same machine... The defang user could have a

Re: [Mimedefang] [postfix] $QueueId not defined

Make sure you have this set in your Postfix configuration: smtpd_delay_open_until_valid_rcpt = no -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit

Re: [Mimedefang] Message-ID

On 09/11/2017 03:30 PM, Dianne Skoll wrote: > On Mon, 11 Sep 2017 16:26:38 -0400 > Joseph Brennan wrote: > >> When a message comes in with no Message-ID header, and MD passes it to >> SpamAssassin, what is in the Message-ID that SA sees? > > Nothing at all. There's no

Re: [Mimedefang] REVISED: postfix/mimedefang socket

On 09/22/2017 12:47 PM, Michael Fox wrote: > Option 3: Use unix socket in Postfix chroot jail This looks to be what I do. I'm running Postfix and MIMEDefang on Ubuntu, both from packages. Postfix runs as the postfix user, and there's a defang group. I run Postfix in a chroot. These appear to be

Re: [Mimedefang] Message-ID

On 09/14/2017 07:44 PM, Joseph Brennan wrote: > So, back to where we started. What will be in that generated Message-ID? See mimedefang.pl: sub gen_msgid_header { my ($ss, $mm, $hh, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); # Generate a "random" message ID

  1   2   >