no problem, but still have no clue what this error means from chrootkit:
Checking `bindshell'... warning, got bogus unix line.
Full Version: HOW-TO: Easy Mailscanner + Clam Antivirus + SpamAssassin
I'm still recieving these MailScanner messages every time an infected email is delievered even though I added Sobig to the silent virus list and restarted MailScanner. Actually I stopped Mailscanner, stopped sendmail and then started MailScanner.
Any ideas? Am I just being impatient? I thought that I should be seeing the messages stop by now....
Any ideas? Am I just being impatient? I thought that I should be seeing the messages stop by now....
QUOTE
Originally posted by Doobla
I'm still recieving these MailScanner messages every time an infected email is delievered even though I added Sobig to the silent virus list and restarted MailScanner. Actually I stopped Mailscanner, stopped sendmail and then started MailScanner.
Any ideas? Am I just being impatient? I thought that I should be seeing the messages stop by now....
I'm still recieving these MailScanner messages every time an infected email is delievered even though I added Sobig to the silent virus list and restarted MailScanner. Actually I stopped Mailscanner, stopped sendmail and then started MailScanner.
Any ideas? Am I just being impatient? I thought that I should be seeing the messages stop by now....
Check what time the message that bounced was originally sent. I got a bounce just now to a virus warning sent at 11:00 am yesterday.. So it will take a while to get over all the bounces.
If the time is recent, can we see your recent maillog entries?
grep "MailScanner" /var/log/maillog
Actually, in the mess of this I stopped paying attention to the MailScanner emails and so I just now realized that it reports the client address.
Is the IP address listed above that of the person who sent the virus or the email client who recieved it? :confused:
If it's who sent it then I could just have a word with APF and block the IP address right?
Jon
QUOTE
Is the IP address listed above that of the person who sent the virus or the email client who recieved it? :confused:
If it's who sent it then I could just have a word with APF and block the IP address right?
Jon
QUOTE
Originally posted by ArtieMcD
Check what time the message that bounced was originally sent. I got a bounce just now to a virus warning sent at 11:00 am yesterday.. So it will take a while to get over all the bounces.
If the time is recent, can we see your recent maillog entries?
grep "MailScanner" /var/log/maillog
Check what time the message that bounced was originally sent. I got a bounce just now to a virus warning sent at 11:00 am yesterday.. So it will take a while to get over all the bounces.
If the time is recent, can we see your recent maillog entries?
grep "MailScanner" /var/log/maillog
Wow, that file is huge to grep, that command alone almost brought my server down, maybe a tail is a better choice?
QUOTE
Originally posted by webspace1
Wow, that file is huge to grep, that command alone almost brought my server down, maybe a tail is a better choice?
Wow, that file is huge to grep, that command alone almost brought my server down, maybe a tail is a better choice?
good point... how about
tail -1000 /var/log/maillog | grep "MailScanner"
BTW, don't post all the lines that result.. just the last 20 or so are enough.
QUOTE
Originally posted by ArtieMcD
Check what time the message that bounced was originally sent. I got a bounce just now to a virus warning sent at 11:00 am yesterday.. So it will take a while to get over all the bounces.
If the time is recent, can we see your recent maillog entries?
grep "MailScanner" /var/log/maillog
Check what time the message that bounced was originally sent. I got a bounce just now to a virus warning sent at 11:00 am yesterday.. So it will take a while to get over all the bounces.
If the time is recent, can we see your recent maillog entries?
grep "MailScanner" /var/log/maillog
thanks for the help, but I'm not talking about bounces. I'm talking about the MailScanner "warning email virus detected" messages that are sent to me as system administrator (i.e. postmaster@my.server.name).
Jon
QUOTE
Originally posted by Doobla
thanks for the help, but I'm not talking about bounces. I'm talking about the MailScanner "warning email virus detected" messages that are sent to me as system administrator (i.e. postmaster@my.server.name).
Jon
thanks for the help, but I'm not talking about bounces. I'm talking about the MailScanner "warning email virus detected" messages that are sent to me as system administrator (i.e. postmaster@my.server.name).
Jon
Ah, yeah... We have admin notification of viruses disabled... I don't need to know.
Here's how:
Change the setting in
/etc/MailScanner/MailScanner.conf
for
Send Notices
to no.
Save and restart mailscanner
here is the end of mine
Aug 20 12:26:39 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:26:39 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
Aug 20 12:26:47 secure MailScanner[19160]: New Batch: Scanning 1 messages, 4908 bytes
Aug 20 12:26:49 secure MailScanner[19124]: New Batch: Found 2 messages waiting
Aug 20 12:26:49 secure MailScanner[19124]: New Batch: Scanning 1 messages, 3994 bytes
Aug 20 12:26:50 secure MailScanner[19160]: Spam Checks: Found 1 spam messages
Aug 20 12:26:50 secure MailScanner[19160]: Virus and Content Scanning: Starting
Aug 20 12:26:51 secure MailScanner[19160]: Uninfected: Delivered 1 messages
Aug 20 12:26:51 secure MailScanner[19124]: Spam Checks: Found 1 spam messages
Aug 20 12:26:51 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:26:52 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:27:01 secure MailScanner[19160]: New Batch: Scanning 1 messages, 2903 bytes
Aug 20 12:27:03 secure MailScanner[19160]: Virus and Content Scanning: Starting
Aug 20 12:27:03 secure MailScanner[19160]: Uninfected: Delivered 1 messages
Aug 20 12:27:32 secure MailScanner[19124]: New Batch: Scanning 1 messages, 4364 bytes
Aug 20 12:27:32 secure MailScanner[19124]: Spam Checks: Found 1 spam messages
Aug 20 12:27:32 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:27:33 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:27:53 secure MailScanner[19124]: New Batch: Scanning 1 messages, 101918 bytes
Aug 20 12:27:53 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:27:53 secure MailScanner[19124]: /var/spool/MailScanner/incoming/19124/./h7KHRj925895/movie0045.pif: Worm.Sobig.F FOUND
Aug 20 12:27:53 secure MailScanner[19124]: Virus Scanning: clamav found 1 infections
Aug 20 12:27:53 secure MailScanner[19124]: Virus Scanning: Found 1 viruses
Aug 20 12:27:53 secure MailScanner[19124]: Filename Checks: Possible MS-Dos program shortcut attack (movie0045.pif)
Aug 20 12:27:53 secure MailScanner[19124]: Other Checks: Found 1 problems
Aug 20 12:27:53 secure MailScanner[19124]: Saved infected "movie0045.pif" to /var/spool/MailScanner/quarantine/20030820/h7KHRj925895
Aug 20 12:27:53 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
Aug 20 12:26:39 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:26:39 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
Aug 20 12:26:47 secure MailScanner[19160]: New Batch: Scanning 1 messages, 4908 bytes
Aug 20 12:26:49 secure MailScanner[19124]: New Batch: Found 2 messages waiting
Aug 20 12:26:49 secure MailScanner[19124]: New Batch: Scanning 1 messages, 3994 bytes
Aug 20 12:26:50 secure MailScanner[19160]: Spam Checks: Found 1 spam messages
Aug 20 12:26:50 secure MailScanner[19160]: Virus and Content Scanning: Starting
Aug 20 12:26:51 secure MailScanner[19160]: Uninfected: Delivered 1 messages
Aug 20 12:26:51 secure MailScanner[19124]: Spam Checks: Found 1 spam messages
Aug 20 12:26:51 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:26:52 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:27:01 secure MailScanner[19160]: New Batch: Scanning 1 messages, 2903 bytes
Aug 20 12:27:03 secure MailScanner[19160]: Virus and Content Scanning: Starting
Aug 20 12:27:03 secure MailScanner[19160]: Uninfected: Delivered 1 messages
Aug 20 12:27:32 secure MailScanner[19124]: New Batch: Scanning 1 messages, 4364 bytes
Aug 20 12:27:32 secure MailScanner[19124]: Spam Checks: Found 1 spam messages
Aug 20 12:27:32 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:27:33 secure MailScanner[19124]: Uninfected: Delivered 1 messages
Aug 20 12:27:53 secure MailScanner[19124]: New Batch: Scanning 1 messages, 101918 bytes
Aug 20 12:27:53 secure MailScanner[19124]: Virus and Content Scanning: Starting
Aug 20 12:27:53 secure MailScanner[19124]: /var/spool/MailScanner/incoming/19124/./h7KHRj925895/movie0045.pif: Worm.Sobig.F FOUND
Aug 20 12:27:53 secure MailScanner[19124]: Virus Scanning: clamav found 1 infections
Aug 20 12:27:53 secure MailScanner[19124]: Virus Scanning: Found 1 viruses
Aug 20 12:27:53 secure MailScanner[19124]: Filename Checks: Possible MS-Dos program shortcut attack (movie0045.pif)
Aug 20 12:27:53 secure MailScanner[19124]: Other Checks: Found 1 problems
Aug 20 12:27:53 secure MailScanner[19124]: Saved infected "movie0045.pif" to /var/spool/MailScanner/quarantine/20030820/h7KHRj925895
Aug 20 12:27:53 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
Aug 20 12:27:53 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
HUH? why did it deliver it? I have this set to no...
HUH? why did it deliver it? I have this set to no...
QUOTE
Originally posted by webspace1
Aug 20 12:27:53 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
HUH? why did it deliver it? I have this set to no...
Aug 20 12:27:53 secure MailScanner[19124]: Silent: Delivered 1 messages containing silent viruses
HUH? why did it deliver it? I have this set to no...
Ok, from the log you have succesfully disabled the sending of the "Sender Warning" email.
The cleaned email is still deivered to the sender however. The setting to control this is:
Still Deliver Silent Viruses =
is it safe to assume that most emails that contain silent viruses were nothing more then the virus sending the email? So telling it not to deliver, even when cleaned would be ok, right?
Due to the way that Sobig F and other viruses now spoof sender addresses, just wanted to note that you should turn off sender notification in MailScanner.conf
Notify Senders = no
(is the setting it should be at)
Notify Senders = no
(is the setting it should be at)
QUOTE
Originally posted by gpan
Due to the way that Sobig F and other viruses now spoof sender addresses, just wanted to note that you should turn off sender notification in MailScanner.conf
Notify Senders = no
(is the setting it should be at)
Due to the way that Sobig F and other viruses now spoof sender addresses, just wanted to note that you should turn off sender notification in MailScanner.conf
Notify Senders = no
(is the setting it should be at)
Isn't it better to just add viruses that spoof into the silent viruses list? The sender won't be notified that way but on other viruses they would be.
Your opinion gpan?
Also, I just tried ading the main IP address that is sending me all of these viruses to APF for blocking. Hopefully that will help. (Hopefully I did it right.
)
Jon
QUOTE
Originally posted by gpan
Due to the way that Sobig F and other viruses now spoof sender addresses, just wanted to note that you should turn off sender notification in MailScanner.conf
Notify Senders = no
(is the setting it should be at)
Due to the way that Sobig F and other viruses now spoof sender addresses, just wanted to note that you should turn off sender notification in MailScanner.conf
Notify Senders = no
(is the setting it should be at)
But this would disable all virus notifications. Of course, I agree if you have no desire of notifying the sender of the fact a message was not delivered, then I agree set this value. However, we cant justify blocking a clients outgoing email (thats not sobig, kelz, etc) without providing them with some sort of notice.
MailScanner provides a mechanism to deal with viruses like Sobig and that is the "Silent Viruses" option
If it is set to:
Silent Viruses = HTML-IFrame HTML-Form Klez Yaha-E Bugbear Braid-A WinEvar Palyh Sobig Fizzer
MailScanner will not send mail to invalid email addresses.
=====================================
Editing: Mailscanner will not send mail to Sender for viruses where it is known the "From" email is not the actual originator.
QUOTE
Also, I just tried ading the main IP address that is sending me all of these viruses to APF for blocking. Hopefully that will help. (Hopefully I did it right. )
Jon
)
Jon
We did that too for the ips that are currently infected and continuously sending out the mail. We set it in the ensim control panel sendmail block. I would however be carefull. Usually the sender is actually a legitamate emailer whom happens to be infected and are now seeing the virus emailing everyone on thier address book. You want to be carefully you don't blacklist a legitamate user, especially after the finally resolve thier virus situation.
QUOTE
Originally posted by gpan
The problem is; that the spoofed emails are valid.
http://isc.incidents.org if you want for info.
The problem is; that the spoofed emails are valid.
http://isc.incidents.org if you want for info.
Sorry, I should have said.... Mailscanner will not send mail to Sender for viruses where it is known the "From" email is not the actual originator.
It's not checking incoming e-mail. I get this when I call status:
# /etc/init.d/MailScanner status
Checking MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [FAILED]
outgoing sendmail: [ OK ]
# /etc/init.d/MailScanner status
Checking MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [FAILED]
outgoing sendmail: [ OK ]
QUOTE
Originally posted by William_I
It's not checking incoming e-mail. I get this when I call status:
# /etc/init.d/MailScanner status
Checking MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [FAILED]
outgoing sendmail: [ OK ]
It's not checking incoming e-mail. I get this when I call status:
# /etc/init.d/MailScanner status
Checking MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [FAILED]
outgoing sendmail: [ OK ]
try the following:
QUOTE
service MailScanner stop
service sendmail stop
service MailScanner start
service MailScanner status
service sendmail stop
service MailScanner start
service MailScanner status
If necessary do the service sendmail stop several times until it says failed.
this should clean up the processes.
Jon
I got the service to run without errors by uninstalling, and reinstalling... but now I get this in the mail log:
Aug 21 03:30:31 srv01 MailScanner[16183]: Error in line 84, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
Aug 21 03:30:31 srv01 MailScanner[16183]: Error in line 84, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read)
I think since I have installed this I am somehow getting more spam ... I am getting like 30-40 spam messages an hour, what the heck is going on?
Subject : {Spam?} Thank you for your order
Help How can i fix it? it send back to my customer mail with subject like that it just autoemail to send back to my customer when order my Host
Help How can i fix it? it send back to my customer mail with subject like that it just autoemail to send back to my customer when order my Host
When customers sign up for the first time, they are not using an email that is located on YOUR server. So when they receive an email with a subject like that, it is because of the system where their email is located at! right?
Hmm it modify in/out email How can i setting it's not SPAM mail?
it's modify with {spam?} subject Any one can help me by paste ur whole config here i dont know about config
it's modify with {spam?} subject Any one can help me by paste ur whole config here i dont know about config
QUOTE
Originally posted by ISVY
Hmm it modify in/out email How can i setting it's not SPAM mail?
it's modify with {spam?} subject Any one can help me by paste ur whole config here i dont know about config
Hmm it modify in/out email How can i setting it's not SPAM mail?
it's modify with {spam?} subject Any one can help me by paste ur whole config here i dont know about config
Figure out the email address that the server is sending from. Then add it to the whitelist.
1) go into /etc/MailScanner/MailScanner.conf and make sure this line says
Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules
2) edit /etc/MailScanner/rules/spam.whitelist.rules to look something like this...
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
FromOrTo: signup@domain.com yes
FromOrTo: default no
That means email to or from signup@domain.com will never be marked as spam.
what exactly is the name for the virus sobig?
in the warning email, I receive like this Worm.Sobig.F. should that be the name? I have added in the silent viruses, but I still receive those emails. Is there anything I can do to just delete this type of viruses right away?
in the warning email, I receive like this Worm.Sobig.F. should that be the name? I have added in the silent viruses, but I still receive those emails. Is there anything I can do to just delete this type of viruses right away?
QUOTE
Originally posted by ArtieMcD
But this would disable all virus notifications. Of course, I agree if you have no desire of notifying the sender of the fact a message was not delivered, then I agree set this value. However, we cant justify blocking a clients outgoing email (thats not sobig, kelz, etc) without providing them with some sort of notice.
MailScanner provides a mechanism to deal with viruses like Sobig and that is the "Silent Viruses" option
If it is set to:
Silent Viruses = HTML-IFrame HTML-Form Klez Yaha-E Bugbear Braid-A WinEvar Palyh Sobig Fizzer
MailScanner will not send mail to invalid email addresses.
=====================================
Editing: Mailscanner will not send mail to Sender for viruses where it is known the "From" email is not the actual originator.
But this would disable all virus notifications. Of course, I agree if you have no desire of notifying the sender of the fact a message was not delivered, then I agree set this value. However, we cant justify blocking a clients outgoing email (thats not sobig, kelz, etc) without providing them with some sort of notice.
MailScanner provides a mechanism to deal with viruses like Sobig and that is the "Silent Viruses" option
If it is set to:
Silent Viruses = HTML-IFrame HTML-Form Klez Yaha-E Bugbear Braid-A WinEvar Palyh Sobig Fizzer
MailScanner will not send mail to invalid email addresses.
=====================================
Editing: Mailscanner will not send mail to Sender for viruses where it is known the "From" email is not the actual originator.
Is there an easy way to remove all items from the quarantine?
Thanks.
/Marcus
Thanks.
/Marcus
rm -f /full/path/to/quarentine/*
This will do it.
This will do it.
QUOTE
Originally posted by BoiTaiTui
what exactly is the name for the virus sobig?
in the warning email, I receive like this Worm.Sobig.F. should that be the name? I have added in the silent viruses, but I still receive those emails. Is there anything I can do to just delete this type of viruses right away?
what exactly is the name for the virus sobig?
in the warning email, I receive like this Worm.Sobig.F. should that be the name? I have added in the silent viruses, but I still receive those emails. Is there anything I can do to just delete this type of viruses right away?
Putting Sobig in the Silent Viruses list should be sufficient. It will cover all variants and different forms of the name from the different virus scanners.
QUOTE
--------------------------------------
Checking for a new database - started at Sun Aug 24 04:05:14 2003
ERROR: Can't connect to port 80 of host clamav.elektrapro.com
ERROR: Connection with clamav.elektrapro.com failed.
Checking for a new database - started at Sun Aug 24 04:05:14 2003
ERROR: Can't connect to port 80 of host clamav.elektrapro.com
ERROR: Connection with clamav.elektrapro.com failed.
May i know what's up? I cannot get the updated database?
I'm using clamav-0.54-ct3.
QUOTE
Originally posted by i2umi
May i know what's up? I cannot get the updated database?
I'm using clamav-0.54-ct3.
May i know what's up? I cannot get the updated database?
I'm using clamav-0.54-ct3.
Create a file /var/lib/clamav/mirrors.txt and insert:
CODE
clamav.elektrapro.com
clamav.ozforces.com
clamav.essentkabel.com
clamav.linux-sxs.org
clamav.ozforces.com
clamav.essentkabel.com
clamav.linux-sxs.org
...or update to Gpan's latest version (.60).
QUOTE
Is there an easy way to remove all items from the quarantine?
rm -rf /var/spool/MailScanner/quarantine/*
How do I know if I get the updated database? or is there a command for me to execute so it can download the lastest database?
QUOTE
Originally posted by Catalyst
Create a file /var/lib/clamav/mirrors.txt and insert:
...or update to Gpan's latest version (.60).
Create a file /var/lib/clamav/mirrors.txt and insert:
CODE
clamav.elektrapro.com
clamav.ozforces.com
clamav.essentkabel.com
clamav.linux-sxs.org
clamav.ozforces.com
clamav.essentkabel.com
clamav.linux-sxs.org
...or update to Gpan's latest version (.60).
Ok i followed this and it screwed my mail All up, can anyone tell me how to completely reverse this install, ie re add the sendmail to chkconfig, fix the cron line, and get rid of this kit PLEASE
How did it screw up your mail?
the post says:
This package installs:
Mailscanner 4.22
Clam Antivirus 0.60
SpamAssassin 2.55
I checked and the ensim 3.5 package has older versions in it..
This package installs:
Mailscanner 4.14
Clam Antivirus 0.54
SpamAssassin 2.53
:confused: :confused: :confused: :confused: :confused:
GPAN, HELP!!!!!
This package installs:
Mailscanner 4.22
Clam Antivirus 0.60
SpamAssassin 2.55
I checked and the ensim 3.5 package has older versions in it..
This package installs:
Mailscanner 4.14
Clam Antivirus 0.54
SpamAssassin 2.53
:confused: :confused: :confused: :confused: :confused:
GPAN, HELP!!!!!
Will update the post - I fixed the 3.1 package earlier.
thx...
I am just wanting to keep up to date.. with all the virus mess goin around..
I am just wanting to keep up to date.. with all the virus mess goin around..
I dont know ive did lots of update on the ensim server over the last month, and yes ive used lots of your rpm's, but for some reason now the mail WILL NOT work, im using outlook express to test sending/receiving mail and i get this.
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'Trigunflame@charter.net'. Subject 'Testing Mail', Account: 'mail.kiji-anime.com', Server: 'mail.kiji-anime.com', Protocol: SMTP, Server Response: '550 5.7.1... Relaying denied', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
And with 20 pages of stuff, i honestly dont wanna read through everyones idea on how to remove this thing, so I did it myself, basically I did this
At first i thought your rpm as usual would make a list in the rpm -qa and i could easily uninstall, but dumb me didnt check if i had mailscanner already installed etc...
Anyway i did this
rpm -e mailscanner
rpm -e spamassasin
changed sendmail.start to this
#!/bin/sh
#
# Copyright © Ensim Corporation 2000, 2001 All Rights Reserved.
#
# This software is furnished under a license and may be used and copied
# only in accordance with the terms of such license and with the
# inclusion of the above copyright notice. This software or any other
# copies thereof may not be provided or otherwise made available to any
# other person. No title to and ownership of the software is hereby
# transferred.
#
# The information in this software is subject to change without notice
# and should not be construed as a commitment by Ensim Corporation.
# Ensim assumes no responsibility for the use or reliability of its
# software on equipment which is not supplied by Ensim.
#
# Startup script for Sendmail server
/sbin/chkconfig MailScanner off > /dev/null 2>&1
daemon=/etc/rc.d/init.d/sendmail
if $daemon stop > /dev/null 2>&1 | grep FAILED > /dev/null 2>&1
then
exit 1
fi
exit 0
And then changed sendmail.stop to this
#!/bin/sh
#
# Copyright © Ensim Corporation 2000, 2001 All Rights Reserved.
#
# This software is furnished under a license and may be used and copied
# only in accordance with the terms of such license and with the
# inclusion of the above copyright notice. This software or any other
# copies thereof may not be provided or otherwise made available to any
# other person. No title to and ownership of the software is hereby
# transferred.
#
# The information in this software is subject to change without notice
# and should not be construed as a commitment by Ensim Corporation.
# Ensim assumes no responsibility for the use or reliability of its
# software on equipment which is not supplied by Ensim.
#
# Startup script for Sendmail server
/sbin/chkconfig MailScanner off > /dev/null 2>&1
daemon=/etc/rc.d/init.d/sendmail
if $daemon stop > /dev/null 2>&1 | grep FAILED > /dev/null 2>&1
then
exit 1
fi
exit 0
Next thing i did was, chkconfig --level 2345 sendmail on
then service sendmail restart
then /sbin/service webppliance restart
And i still get that error message in Outlook..
and yes im running perl 5.6.0
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'Trigunflame@charter.net'. Subject 'Testing Mail', Account: 'mail.kiji-anime.com', Server: 'mail.kiji-anime.com', Protocol: SMTP, Server Response: '550 5.7.1
And with 20 pages of stuff, i honestly dont wanna read through everyones idea on how to remove this thing, so I did it myself, basically I did this
At first i thought your rpm as usual would make a list in the rpm -qa and i could easily uninstall, but dumb me didnt check if i had mailscanner already installed etc...
Anyway i did this
rpm -e mailscanner
rpm -e spamassasin
changed sendmail.start to this
#!/bin/sh
#
# Copyright © Ensim Corporation 2000, 2001 All Rights Reserved.
#
# This software is furnished under a license and may be used and copied
# only in accordance with the terms of such license and with the
# inclusion of the above copyright notice. This software or any other
# copies thereof may not be provided or otherwise made available to any
# other person. No title to and ownership of the software is hereby
# transferred.
#
# The information in this software is subject to change without notice
# and should not be construed as a commitment by Ensim Corporation.
# Ensim assumes no responsibility for the use or reliability of its
# software on equipment which is not supplied by Ensim.
#
# Startup script for Sendmail server
/sbin/chkconfig MailScanner off > /dev/null 2>&1
daemon=/etc/rc.d/init.d/sendmail
if $daemon stop > /dev/null 2>&1 | grep FAILED > /dev/null 2>&1
then
exit 1
fi
exit 0
And then changed sendmail.stop to this
#!/bin/sh
#
# Copyright © Ensim Corporation 2000, 2001 All Rights Reserved.
#
# This software is furnished under a license and may be used and copied
# only in accordance with the terms of such license and with the
# inclusion of the above copyright notice. This software or any other
# copies thereof may not be provided or otherwise made available to any
# other person. No title to and ownership of the software is hereby
# transferred.
#
# The information in this software is subject to change without notice
# and should not be construed as a commitment by Ensim Corporation.
# Ensim assumes no responsibility for the use or reliability of its
# software on equipment which is not supplied by Ensim.
#
# Startup script for Sendmail server
/sbin/chkconfig MailScanner off > /dev/null 2>&1
daemon=/etc/rc.d/init.d/sendmail
if $daemon stop > /dev/null 2>&1 | grep FAILED > /dev/null 2>&1
then
exit 1
fi
exit 0
Next thing i did was, chkconfig --level 2345 sendmail on
then service sendmail restart
then /sbin/service webppliance restart
And i still get that error message in Outlook..
and yes im running perl 5.6.0
Try
rm /etc/sendmail.cf
m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/sendmail.cf
then restart sendmail
rm /etc/sendmail.cf
m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/sendmail.cf
then restart sendmail
Did what you said, still get the relaying denied error.
Im pretty new to linux, "about a year" and updated/conf'd 4-5 servers in the last few months, including updating kernels, etc.. but usually i could fix it, this is like woah..
Gpan if you AIM me at Trigunflame, MSN me at Trigunflame@msn.com or email Trigunflame@charter.net ill give you root if you have time to try and fix it real quick, maybe i can find some way to make it back up to you, if you need php/mysql coding for something etc?
Update i was testing:
I sent an email from Trigunflame@charter.net to Trigunflame@kiji-anime.com and got the email
So apparently ingoing works, but outgoing is still not accepting..
Im pretty new to linux, "about a year" and updated/conf'd 4-5 servers in the last few months, including updating kernels, etc.. but usually i could fix it, this is like woah..
Gpan if you AIM me at Trigunflame, MSN me at Trigunflame@msn.com or email Trigunflame@charter.net ill give you root if you have time to try and fix it real quick, maybe i can find some way to make it back up to you, if you need php/mysql coding for something etc?
Update i was testing:
I sent an email from Trigunflame@charter.net to Trigunflame@kiji-anime.com and got the email
So apparently ingoing works, but outgoing is still not accepting..
make sure you have "My Outgoing mailserver requiers Authentication" enabled in Outlook (in the account properties under the server tab)
that may be all it is.. maybe not.. its worth a look
that may be all it is.. maybe not.. its worth a look
Woot that worked, the odd thing is before I didnt have to use that..and it worked, how come i have to have it on now?
Could u tell me how to protect them to use my smtp
if some site in my server use smtp to spam. how do i know who spam and How can i protect it with spam assassin
if some site in my server use smtp to spam. how do i know who spam and How can i protect it with spam assassin
QUOTE
Originally posted by Trigunflame
Woot that worked, the odd thing is before I didnt have to use that..and it worked, how come i have to have it on now?
Woot that worked, the odd thing is before I didnt have to use that..and it worked, how come i have to have it on now?
not sure.. when I had my first 3.0 box I never had to either.. but after updates, I always needed to.. its a security thing.. and its a good thing.. cuz if some one does spam through you you can see who it was via the message header.. ( the little warning youll get when a complaint it made) his/her username would be right in there... ha cha cha cha
Thanks hilliked & doug357.
/Marcus
/Marcus
After reinstalling milscanner for the first time since my sever was upgraded to ensim 3.5 I find that all outgoing emails get lost.
In the logs is the following (I've changed the server name and domain etc)
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: forward /root/.forward.servername: Permission denied
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: forward /root/.forward: Permission denied
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: from=root, size=444, class=0, nrcpts=1, msgid=<200308240002.h7O021v10961@servername.domain.com>, relay=root@localhost
Anyone got any ideas on how to fix this?
In the logs is the following (I've changed the server name and domain etc)
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: forward /root/.forward.servername: Permission denied
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: forward /root/.forward: Permission denied
Aug 24 01:02:01 servername sendmail[10961]: h7O021v10961: from=root, size=444, class=0, nrcpts=1, msgid=<200308240002.h7O021v10961@servername.domain.com>, relay=root@localhost
Anyone got any ideas on how to fix this?
Some time after midnight last night, the same thing happened here ... I disabled SpamAssassin in the /etc/MailScanner.conf file and everything's good again. Looks like the RBLs are timing out.
Hello,
I've searched the forum on how to ban sender's IP address or domain using MailScanner, probably has been discussed somewhere but I couldn't find it.
Anyway, I've tried playing with the whitelist configuration but I am still receiving emails from the offending sender now with the subject tagged with the text '{Spam?}'.
I am getting over 1000 emails from the sobig email virus from this one sender daily. I've added Sobig into the Silent Viruses entry and set 'no' to 'Still Deliver Silent Viruses' but still receiving the Sobig emails without the attachement. They don't say they have been disinfected by MailScanner though so I suspect those emails are sent without attachements now?
Could anyone tell me how to ban sender's IP address? Any help is greatly appreciated.
Borneon
I've searched the forum on how to ban sender's IP address or domain using MailScanner, probably has been discussed somewhere but I couldn't find it.
Anyway, I've tried playing with the whitelist configuration but I am still receiving emails from the offending sender now with the subject tagged with the text '{Spam?}'.
I am getting over 1000 emails from the sobig email virus from this one sender daily. I've added Sobig into the Silent Viruses entry and set 'no' to 'Still Deliver Silent Viruses' but still receiving the Sobig emails without the attachement. They don't say they have been disinfected by MailScanner though so I suspect those emails are sent without attachements now?
Could anyone tell me how to ban sender's IP address? Any help is greatly appreciated.
Borneon
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.