View Single Post
  #9  
Old 4th June 2008, 23:45
Thomas_Powers Thomas_Powers is offline
Junior Member
 
Join Date: Jun 2008
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Could be????

Now is it possible I have the actions hosed up? I look in the logs and see stuff being blocked

entries such as

Jun 4 16:39:47 spam postfix/smtpd[27616]: NOQUEUE: reject: RCPT from unknown[85.104.12.29]: 554 5.7.1 Service unavailable; Client host [85.104.12.29] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=85.104.12.29; from=<petgord34truew@onlyinternet.net> to=<murray@ksfuel.com> proto=SMTP helo=<dsl85-104-3101.ttnet.net.tr>
Jun 4 16:39:47 spam postfix/smtpd[27417]: connect from unknown[200.127.131.151]
Jun 4 16:39:47 spam postfix/smtpd[27616]: disconnect from unknown[85.104.12.29]
Jun 4 16:39:48 spam postfix/smtp[27448]: 3526F394094: to=<jaana-naakniis@4esyt.com>, relay=smtp.secureserver.net[208.109.80.149]:25, delay=3.6, delays=0.02/0/3.5/0.09, dsn=5.0.0, status=bounced (host smtp.secureserver.net[208.109.80.149] said: 553 sorry, relaying denied from your location [65.211.156.114] (#5.7.1) (in reply to RCPT TO command))
Jun 4 16:39:48 spam postfix/qmgr[27394]: 3526F394094: removed
Jun 4 16:39:48 spam postfix/smtpd[27412]: connect from unknown[190.41.36.129]
Jun 4 16:39:49 spam postfix/smtpd[27409]: NOQUEUE: reject: RCPT from static-72-87-113-34.prvdri.fios.verizon.net[72.87.113.34]: 554 5.7.1 Service unavailable; Client host [72.87.113.34] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=72.87.113.34; from=<ehuyapjspq@bradbury.com.sg> to=<joseph@ksfuel.com> proto=ESMTP helo=<static-72-87-113-34.prvdri.fios.verizon.net>
Jun 4 16:39:49 spam postfix/smtpd[27409]: lost connection after DATA (0 bytes) from static-72-87-113-34.prvdri.fios.verizon.net[72.87.113.34]
Jun 4 16:39:49 spam postfix/smtpd[27409]: disconnect from static-72-87-113-34.prvdri.fios.verizon.net[72.87.113.34]
Jun 4 16:39:49 spam postfix/smtpd[27413]: connect from host86-149-182-199.range86-149.btcentralplus.com[86.149.182.199]
Jun 4 16:39:49 spam postfix/smtpd[27417]: NOQUEUE: reject: RCPT from unknown[200.127.131.151]: 554 5.7.1 Service unavailable; Client host [200.127.131.151] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.127.131.151; from=<Rinelda-enicyerf@Fard.com> to=<fleming@ksfuel.com> proto=ESMTP helo=<200-127-140-34.dsl.prima.net.ar>
Jun 4 16:39:50 spam postfix/smtpd[27416]: connect from host121-211-dynamic.10-87-r.retail.telecomitalia.it[87.10.211.121]
Jun 4 16:39:50 spam postfix/smtpd[27413]: NOQUEUE: reject: RCPT from host86-149-182-199.range86-149.btcentralplus.com[86.149.182.199]: 554 5.7.1 Service unavailable; Client host [86.149.182.199] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=86.149.182.199; from=<juugekis_1960@LubyPublishing.com> to=<deann@ksfuel.com> proto=ESMTP helo=<host86-149-182-199.range86-149.btcentralplus.com>
Jun 4 16:39:50 spam postfix/smtpd[27413]: disconnect from host86-149-182-199.range86-149.btcentralplus.com[86.149.182.199]
Jun 4 16:39:50 spam postfix/smtpd[27412]: NOQUEUE: reject: RCPT from unknown[190.41.36.129]: 554 5.7.1 Service unavailable; Client host [190.41.36.129] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=190.41.36.129; from=<ksjsrvqvnub@bonniebethel.com> to=<fslnyq@ksfuel.com> proto=ESMTP helo=<[190.41.36.129]>
Jun 4 16:39:50 spam postfix/smtpd[27412]: NOQUEUE: reject: RCPT from unknown[190.41.36.129]: 554 5.7.1 Service unavailable; Client host [190.41.36.129] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=190.41.36.129; from=<ksjsrvqvnub@bonniebethel.com> to=<crwamr@ksfuel.com> proto=ESMTP helo=<[190.41.36.129]>


So I notice it's blocking using zen.spamhaus but I have told it to use the spamcop stuff...see configuration below. It's like I didn't get a setting to commit somewhere eh? And the stuff that it is blocking is not showing up in the Mailwatch window.


MailScanner Configuration
%org-name% Keylink Technologies
%org-long-name% Keylink Technologies
%web-site% www.klinktech.net
%etc-dir% /etc/MailScanner
%report-dir% /etc/MailScanner/reports/en
%rules-dir% /etc/MailScanner/rules
%mcp-dir% /etc/MailScanner/mcp
Max Children 1
Run As User postfix
Run As Group postfix
Queue Scan Interval 6
Incoming Queue Dir /var/spool/postfix/hold
Outgoing Queue Dir /var/spool/postfix/incoming
Incoming Work Dir /var/spool/MailScanner/incoming
Quarantine Dir /var/spool/MailScanner/quarantine
PID file /var/run/MailScanner/MailScanner.pid
Restart Every 7200
MTA postfix
Sendmail /usr/sbin/sendmail
Sendmail2 /usr/sbin/sendmail -DOUTGOING
Incoming Work Permissions 0600
Quarantine User root
Quarantine Group www-data
Quarantine Permissions 0660
Max Unscanned Bytes Per Scan 100m
Max Unsafe Bytes Per Scan 50m
Max Unscanned Messages Per Scan 30
Max Unsafe Messages Per Scan 30
Max Normal Queue Size 800
Scan Messages yes
Reject Message no
Maximum Attachments Per Message 200
Expand TNEF yes
Use TNEF Contents replace
Deliver Unparsable TNEF no
TNEF Expander /usr/bin/tnef --maxsize=100000000
TNEF Timeout 120
File Command /usr/bin/file
File Timeout 20
Gunzip Command /bin/gunzip
Gunzip Timeout 50
Unrar Command /usr/bin/unrar
Unrar Timeout 50
Find UU-Encoded Files no
Maximum Message Size /etc/MailScanner/rules/max.message.size.rules
Maximum Attachment Size -1
Minimum Attachment Size -1
Maximum Archive Depth 2
Find Archives By Content yes
Zip Attachments no
Attachments Zip Filename MessageAttachments.zip
Attachments Min Total Size To Zip 100k
Attachment Extensions Not To Zip .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
Virus Scanning yes
Virus Scanners clamav
Virus Scanner Timeout 300
Deliver Disinfected Files no
Silent Viruses HTML-IFrame All-Viruses
Still Deliver Silent Viruses no
Non-Forging Viruses Joke/ OF97/ WM97/ W97M/ eicar
Block Encrypted Messages no
Block Unencrypted Messages no
Allow Password-Protected Archives no
Check Filenames In Password-Protected Archives yes
Sophos IDE Dir /opt/sophos-av/lib/sav
Sophos Lib Dir /opt/sophos-av/lib
Monitors For Sophos Updates /opt/sophos-av/lib/sav/*.ide
Monitors for ClamAV Updates /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd
ClamAVmodule Maximum Recursion Level 8
ClamAVmodule Maximum Files 1000
ClamAVmodule Maximum File Size 10000000
ClamAVmodule Maximum Compression Ratio 250
Clamd Port 3310
Clamd Socket /var/run/clamav/clamd.ctl
Clamd Lock File /var/run/clamav/clamd.pid
Clamd Use Threads no
ClamAV Full Message Scan yes
Fpscand Port 10200
Dangerous Content Scanning yes
Allow Partial Messages no
Allow External Message Bodies no
Find Phishing Fraud yes
Also Find Numeric Phishing yes
Use Stricter Phishing Net yes
Highlight Phishing Fraud yes
Phishing Safe Sites File /etc/MailScanner/phishing.safe.sites.conf
Phishing Bad Sites File /etc/MailScanner/phishing.bad.sites.conf
Country Sub-Domains List /etc/MailScanner/country.domains.conf
Allow IFrame Tags disarm
Allow Form Tags disarm
Allow Script Tags disarm
Allow WebBugs disarm
Ignored Web Bug Filenames spacer pixel.gif pixel.png gap shim
Known Web Bug Servers msgtag.com
Web Bug Replacement http://www.mailscanner.tv/1x1spacer.gif
Allow Object Codebase Tags disarm
Convert Dangerous HTML To Text no
Convert HTML To Text no
Filename Rules /etc/MailScanner/filename.rules.conf
Filetype Rules /etc/MailScanner/filetype.rules.conf
Quarantine Infections yes
Quarantine Silent Viruses no
Quarantine Modified Body no
Quarantine Whole Message yes
Quarantine Whole Messages As Queue Files no
Keep Spam And MCP Archive Clean no
Language Strings /etc/MailScanner/reports/en/languages.conf
Rejection Report /etc/MailScanner/reports/en/rejection.report.txt
Deleted Bad Content Message Report /etc/MailScanner/reports/en/deleted.content.message.txt
Deleted Bad Filename Message Report /etc/MailScanner/reports/en/deleted.filename.message.txt
Deleted Virus Message Report /etc/MailScanner/reports/en/deleted.virus.message.txt
Deleted Size Message Report /etc/MailScanner/reports/en/deleted.size.message.txt
Stored Bad Content Message Report /etc/MailScanner/reports/en/stored.content.message.txt
Stored Bad Filename Message Report /etc/MailScanner/reports/en/stored.filename.message.txt
Stored Virus Message Report /etc/MailScanner/reports/en/stored.virus.message.txt
Stored Size Message Report /etc/MailScanner/reports/en/stored.size.message.txt
Disinfected Report /etc/MailScanner/reports/en/disinfected.report.txt
Inline HTML Signature /etc/MailScanner/reports/en/inline.sig.html
Inline Text Signature /etc/MailScanner/reports/en/inline.sig.txt
Signature Image Filename /etc/MailScanner/reports/en/sig.jpg
Signature Image Filename signature.jpg
Inline HTML Warning /etc/MailScanner/reports/en/inline.warning.html
Inline Text Warning /etc/MailScanner/reports/en/inline.warning.txt
Sender Content Report /etc/MailScanner/reports/en/sender.content.report.txt
Sender Error Report /etc/MailScanner/reports/en/sender.error.report.txt
Sender Bad Filename Report /etc/MailScanner/reports/en/sender.filename.report.txt
Sender Virus Report /etc/MailScanner/reports/en/sender.virus.report.txt
Sender Size Report /etc/MailScanner/reports/en/sender.size.report.txt
Hide Incoming Work Dir yes
Include Scanner Name In Reports yes
Mail Header X-Keylink Technologies-MailScanner:
Spam Header X-Keylink Technologies-MailScanner-SpamCheck:
Spam Score Header X-Keylink Technologies-MailScanner-SpamScore:
Add Envelope From Header yes
Add Envelope To Header no
Envelope From Header X-Keylink Technologies-MailScanner-From:
Envelope To Header X-Keylink Technologies-MailScanner-To:
Spam Score Character s
SpamScore Number Instead Of Stars no
Minimum Stars If On Spam List 0
Clean Header Value Found to be clean
Infected Header Value Found to be infected
Disinfected Header Value Disinfected
Information Header Value Please contact the ISP for more information
Detailed Spam Report yes
Include Scores In SpamAssassin Report yes
Always Include SpamAssassin Report no
Multiple Headers append
Hostname the Keylink Technologies ($HOSTNAME) MailScanner
Sign Messages Already Processed no
Sign Clean Messages yes
Attach Image To Signature no
Attach Image To HTML Message Only yes
Mark Infected Messages yes
Mark Unscanned Messages yes
Unscanned Header Value Not scanned: please contact your Internet E-Mail Service Provider for details
Remove These Headers X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages yes
Notify Senders no
Notify Senders Of Viruses no
Notify Senders Of Blocked Filenames Or Filetypes yes
Notify Senders Of Blocked Size Attachments no
Notify Senders Of Other Blocked Content yes
Never Notify Senders Of Precedence list bulk
Scanned Modify Subject no
Scanned Subject Text {Scanned}
Virus Modify Subject start
Virus Subject Text {Virus?}
Filename Modify Subject start
Filename Subject Text {Filename?}
Content Modify Subject start
Content Subject Text {Dangerous Content?}
Size Modify Subject start
Size Subject Text {Size}
Disarmed Modify Subject start
Disarmed Subject Text {Disarmed}
Phishing Modify Subject no
Phishing Subject Text {Fraud?}
Spam Modify Subject start
Spam Subject Text {Spam?}
High Scoring Spam Modify Subject start
High Scoring Spam Subject Text {Spam?}
Warning Is Attachment yes
Attachment Warning Filename Keylink Technologies-Attachment-Warning.txt
Attachment Encoding Charset ISO-8859-1
Send Notices yes
Notices Include Full Headers yes
Hide Incoming Work Dir in Notices no
Notice Signature --
MailScanner
Email Virus Scanner
www.mailscanner.info
Notices From MailScanner
Notices To postmaster
Local Postmaster postmaster
Spam List Definitions /etc/MailScanner/spam.lists.conf
Virus Scanner Definitions /etc/MailScanner/virus.scanners.conf
Spam Checks yes
Spam List spamcop.net SBL+XBL
Spam Lists To Be Spam 1
Spam Lists To Reach High Score 3
Spam List Timeout 10
Max Spam List Timeouts 7
Spam List Timeouts History 10
Is Definitely Not Spam @SQLWhitelist
Is Definitely Spam @SQLBlacklist
Definite Spam Is High Scoring no
Ignore Spam Whitelist If Recipients Exceed 20
Max Spam Check Size 200k
Use Watermarking no
Add Watermark yes
Check Watermarks With No Sender yes
Treat Invalid Watermarks With No Sender as Spam nothing
Check Watermarks To Skip Spam Checks yes
Watermark Secret Keylink Technologies-Secret
Watermark Lifetime 604800
Watermark Header X-Keylink Technologies-MailScanner-Watermark:
Use SpamAssassin yes
Max SpamAssassin Size 200k
Required SpamAssassin Score 6
High SpamAssassin Score 10
SpamAssassin Auto Whitelist yes
SpamAssassin Timeout 75
Max SpamAssassin Timeouts 10
SpamAssassin Timeouts History 30
Check SpamAssassin If On Spam List yes
Include Binary Attachments In SpamAssassin no
Spam Score yes
Cache SpamAssassin Results yes
SpamAssassin Cache Database File /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every 0
Wait During Bayes Rebuild no
Use Custom Spam Scanner no
Max Custom Spam Scanner Size 20k
Custom Spam Scanner Timeout 20
Max Custom Spam Scanner Timeouts 10
Custom Spam Scanner Timeout History 20
Spam Actions store deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions store
Non Spam Actions store deliver header "X-Spam-Status: No"
Sender Spam Report /etc/MailScanner/reports/en/sender.spam.report.txt
Sender Spam List Report /etc/MailScanner/reports/en/sender.spam.rbl.report.txt
Sender SpamAssassin Report /etc/MailScanner/reports/en/sender.spam.sa.report.txt
Inline Spam Warning /etc/MailScanner/reports/en/inline.spam.warning.txt
Recipient Spam Report /etc/MailScanner/reports/en/recipient.spam.report.txt
Enable Spam Bounce /etc/MailScanner/rules/bounce.rules
Bounce Spam As Attachment no
Syslog Facility mail
Log Speed no
Log Spam no
Log Non Spam no
Log Permitted Filenames no
Log Permitted Filetypes no
Log Permitted File MIME Types no
Log Silent Viruses no
Log Dangerous HTML Tags no
Log SpamAssassin Rule Actions no
SpamAssassin Temporary Dir /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir /var/spool/MailScanner/spamassassin
SpamAssassin Site Rules Dir /etc/mail/spamassassin
MCP Checks no
First Check spam
MCP Required SpamAssassin Score 1
MCP High SpamAssassin Score 10
MCP Error Score 1
MCP Header X-Keylink Technologies-MailScanner-MCPCheck:
Non MCP Actions deliver
MCP Actions deliver
High Scoring MCP Actions deliver
Bounce MCP As Attachment no
MCP Modify Subject start
MCP Subject Text {MCP?}
High Scoring MCP Modify Subject start
High Scoring MCP Subject Text {MCP?}
Is Definitely MCP no
Is Definitely Not MCP no
Definite MCP Is High Scoring no
Always Include MCP Report no
Detailed MCP Report yes
Include Scores In MCP Report no
Log MCP no
MCP Max SpamAssassin Timeouts 20
MCP Max SpamAssassin Size 100k
MCP SpamAssassin Timeout 10
MCP SpamAssassin Prefs File /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf
MCP SpamAssassin Local Rules Dir /etc/MailScanner/mcp
MCP SpamAssassin Default Rules Dir /etc/MailScanner/mcp
MCP SpamAssassin Install Prefix /etc/MailScanner/mcp
Recipient MCP Report /etc/MailScanner/reports/en/recipient.mcp.report.txt
Sender MCP Report /etc/MailScanner/reports/en/sender.mcp.report.txt
Use Default Rules With Multiple Recipients no
Spam Score Number Format %d
MailScanner Version Number 4.68.8
SpamAssassin Cache Timings 1800,300,10800,172800,600
Debug no
Debug SpamAssassin no
Run In Foreground no
Always Looked Up Last &MailWatchLogging
Always Looked Up Last After Batch no
Deliver In Background yes
Delivery Method batch
Split Exim Spool no
Lockfile Dir /var/lock/subsys/MailScanner
Custom Functions Dir /etc/MailScanner/CustomFunctions
Automatic Syntax Check yes
Minimum Code Status supported
Reply With Quote