You can subscribe to this list here.
2005 |
Jan
|
Feb
(1) |
Mar
(7) |
Apr
(2) |
May
(14) |
Jun
(1) |
Jul
|
Aug
(3) |
Sep
(2) |
Oct
(4) |
Nov
|
Dec
(2) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2006 |
Jan
(3) |
Feb
(5) |
Mar
(2) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(8) |
Dec
(13) |
2007 |
Jan
(15) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(15) |
Jul
(2) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(21) |
2008 |
Jan
(3) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Trebor F. <tre...@go...> - 2012-06-14 11:50:27
|
Hello all, I am using IPCop 2.0.4 with Copfilter 2.0.90 and have an wan-1:alias on RED NATed to port 80 on ORANGE. I read somewhere, that Copfilter supports NATing RED alias interfaces for Email, but I need HTTP. Can someone possibly give me a tip, as to how I may best achieve this? Best Regards TF |
From: Markus M. <cop...@gm...> - 2009-12-07 09:26:54
|
Simply edit the mailscanner.sh script to create a copy of the current email to a new folder :) Markus On Fri, Dec 4, 2009 at 13:35, Volkan ALTUNTAS <val...@gm...> wrote: > Is there any way to make a copy of all incoming and outgoing mails on the > network. > > -- > Sincerely > Volkan ALTUNTAŞ > > ------------------------------------------------------------------------------ > Join us December 9, 2009 for the Red Hat Virtual Experience, > a free event focused on virtualization and cloud computing. > Attend in-depth sessions from your desk. Your couch. Anywhere. > http://p.sf.net/sfu/redhat-sfdev2dev > _______________________________________________ > Copfilter-main mailing list > Cop...@li... > https://lists.sourceforge.net/lists/listinfo/copfilter-main > > |
From: Volkan A. <val...@gm...> - 2009-12-04 12:35:32
|
Is there any way to make a copy of all incoming and outgoing mails on the network. -- Sincerely Volkan ALTUNTAŞ |
From: Kerry E. <ke...@ke...> - 2009-06-18 18:25:42
|
On Wed, June 17, 2009 07:10, Jeremy Ramsavak wrote: > Hi all, please bear with me as I am still quite new to > linux/ipcop/copfilter......... > > Almost two months ago, I installed IPCOP 1.4.21 along with Copfilter > 0.84beta4. > > A priority for me was the spam filtering, therefore I decided to try > SpamAssassin with Copfilter. However I suspect I have not set it up > correctly since the spamassassin logs are showing nothing and spam is > getting through and being blocked at my server level. Can you please help > me to get this working? Can anyone provide me with a good guide to go > through? I can also provide me with any information you need in order for > you to assist me. > > [cid:image003.jpg@01C9EF55.5072F6E0] > > [cid:image004.png@01C9EF55.5072F6E0] > > [cid:image005.png@01C9EF55.5072F6E0] > > Thanks so much, > > > Hello Jeremy, You have enabled Spamassasin, but have not configured the other services to use it in their filtering process. It is not enough to just enable Spamassasin in Copfilter, but you also need to tell which filtering process to use it. You will need to check the box that enables filtering in both the POP3 filter and the SMTP filter and of course set the other items on those screens as is appropriate for your setup. I would suggest you subscribe to the Copfilter list for future needs/questions as it is more appropriate for things related to Copfilter. To subscribe to the Copfilter list go here. https://lists.sourceforge.net/lists/listinfo/copfilter-main Of course, if you haven't already, I recommend reading through the copfilter documentation and searching the forums and mailing-list archives for other information. Kerry |
From: lists <mr....@gm...> - 2008-09-09 17:19:19
|
Hi, i installed latest copfilter beta, but clamav doesnt get updates with freshclam. if i click update now it says done after less than 1 second. If i have a look at the log i see there are 2 freshclam errors. how to fix that? is it a good idea to compile my own version of clamav? does it work with copfilter without problems? greetings. |
From: Mike E. <mik...@ma...> - 2008-03-05 20:19:35
|
On Wed, 05 Mar 2008, Kerry Erb might have said: > On Wed, March 5, 2008 13:48, Mike Eggleston said: > > I have a user today that is reporting that his emails sent from outside > > the company to inside the company are intermittently being delayed up to > > an > > hour. This user has a workstation, sending messages to a sendmail local > > to him, that sendmail sends over the internet through Copfilter to my > > sendmail. The user is receiving '421 Sever busy, ...' messages. Searching > > copfilter on my ipcop I see that the binary of proxsmtpd matches the > > pattern '421 Server busy'. > > > > I currently have the MaxConnections in my proxsmtpd.conf file set to 12. > > > > This is on a fairly new box with a 'AMD Sempron(tm) Processor 3000+' > > CPU, 512MB RAM, and four ethernet cards. > > > > The comment above the MaxConnections line says: > > > > # The maximum number of connection allowed at once. > > # Be sure that clamd can also handle this many connections > > > > We are a small development shop (21 people max). Any guess where I can > > increase the number to safely? > > > > Mike > > > > I don't think I've changed anything in the proxsmtp.conf file for any of > my IPCOP boxes. I checked a couple and MaxConnections is 48, however a > MaxConnections: 64 is commented out. > > I've never had any connection problems one way or the other. > > Kerry Thanks for the reply. I also noticed that 64 was the default, so I moved it back to 64 and restarted proxsmtpd. Mike |
From: Kerry E. <ke...@ke...> - 2008-03-05 20:03:27
|
On Wed, March 5, 2008 13:48, Mike Eggleston said: > I have a user today that is reporting that his emails sent from outside > the company to inside the company are intermittently being delayed up to > an > hour. This user has a workstation, sending messages to a sendmail local > to him, that sendmail sends over the internet through Copfilter to my > sendmail. The user is receiving '421 Sever busy, ...' messages. Searching > copfilter on my ipcop I see that the binary of proxsmtpd matches the > pattern '421 Server busy'. > > I currently have the MaxConnections in my proxsmtpd.conf file set to 12. > > This is on a fairly new box with a 'AMD Sempron(tm) Processor 3000+' > CPU, 512MB RAM, and four ethernet cards. > > The comment above the MaxConnections line says: > > # The maximum number of connection allowed at once. > # Be sure that clamd can also handle this many connections > > We are a small development shop (21 people max). Any guess where I can > increase the number to safely? > > Mike > I don't think I've changed anything in the proxsmtp.conf file for any of my IPCOP boxes. I checked a couple and MaxConnections is 48, however a MaxConnections: 64 is commented out. I've never had any connection problems one way or the other. Kerry |
From: Mike E. <mik...@ma...> - 2008-03-05 19:49:05
|
I have a user today that is reporting that his emails sent from outside the company to inside the company are intermittently being delayed up to an hour. This user has a workstation, sending messages to a sendmail local to him, that sendmail sends over the internet through Copfilter to my sendmail. The user is receiving '421 Sever busy, ...' messages. Searching copfilter on my ipcop I see that the binary of proxsmtpd matches the pattern '421 Server busy'. I currently have the MaxConnections in my proxsmtpd.conf file set to 12. This is on a fairly new box with a 'AMD Sempron(tm) Processor 3000+' CPU, 512MB RAM, and four ethernet cards. The comment above the MaxConnections line says: # The maximum number of connection allowed at once. # Be sure that clamd can also handle this many connections We are a small development shop (21 people max). Any guess where I can increase the number to safely? Mike |
From: Riccardo C. <ric...@al...> - 2008-01-28 21:57:32
|
I'm using BOT and I think it's wonderfull product. I use Ipcop 1.4.18 Ftp proxy service (transparent mode) is running and it's listen to 2121 port. I can see the iptables rule which redirects all traffic toward destination port 21 to localhost (ipcop) on 2121 port. I add rule in BOT for accepting all connections on port 2121 of ipcop server. When I run ftp client I noted that after several exchanged packets among client and ftp server on port 21, some packets from client to ipcop (on unprivileged port) are dropped ! Green Drop ... TCP client:59242 --> ipcop:50250 so connection is closed. I don't understand because client does this request on UNPRIVILEGED port ! When it should have using port 21 (or 20 for data)- I'm going to close all ports which are not usefull services for my company. |
From: Mees de R. <mee...@ti...> - 2008-01-27 14:20:48
|
Since the IPCop list is not reacting, I will retry posting my problem in = this list (probably a better idea anyway). I installed the latest (home) version of F-prot (6.0.1) on the latest = version of IPcop (1.4.18) with the latest stable beta of Copfilter = (0.84beta3a). I followed the standard procedure (including directory = locations and naming) from the Copfilter PDF document. The script says = (at the bottom) that it installed ok, but gives many errors/warnings = about "too many symbolic links" in relation to file/directory/path = names. After the installation the GUI is ok but F-prot does not work and = when I try to "cd" to certain directories bsh is warning for too many = symbolic links again. While searching previous items I found a reference, that these symbolic = links might be leftovers from (many previous) IPCop updates; my IPCop = installation is fairly old hence being updated often. I try to avoid = doing a new installation; there have been many list-items where = backup/restore failed to function, certificates got lost, and I have = many personal adjustments (more than a day typing when restored by = hand). What is the limitation on symbolic links (I read 8?), can (superfluous) = symbolic links be found and removed, and/or how can I raise the allowed = number of symbolic links (within reasonable limits) to circumvent this = problem? (Other solutions are welcome too, but I would greatly prefer = using the documented directory layout). Thanks, Mees de Roo --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 080127-1, 01/27/2008 Tested on: 1/27/2008 3:20:40 PM avast! - copyright (c) 1988-2008 ALWIL Software. http://www.avast.com |
From: Twanny A. <leo...@ma...> - 2008-01-25 22:19:20
|
How do I enable imspector? Best regards, Twanny. |
From: Mike E. <mik...@ma...> - 2007-12-25 16:14:59
|
Is one of the black listing servers having problems again? Seems like this same thing happened a year or so ago. I removed one of the black list services used in Copfilter because they were under DoS attack. Mike |
From: Kerry E. <ke...@ke...> - 2007-12-10 19:24:25
|
On Mon, December 10, 2007 11:58, Mike Eggleston said: > On Mon, 10 Dec 2007, Kerry Erb might have said: > >> I don't have access to look at the mailscanner.sh logic right now, but >> will pose these questions. >> Perhaps since copfilter is a pass-thru mode, what if the message has >> already been forwarded to the server before the domain is rejected by >> Copfilter? >> >> Why don't you let your email server handle the domain validation? >> Doesn't >> sendmail reject any non-existent email addresses and invalid domains? I >> know I usually see a lot of "sender domain does not exist" or something >> to >> that effect on my email servers maillog. It also rejects unknown users. >> >> I am curious, however, what version of copfilter are you using? >> >> With .84beta I only worry about copfilter filtering for spam and >> viruses/phishing and the email server does the account validation. I >> think it is the .84 XCLIENT that allows the originating server >> information >> to be forwarded that is finally making this work for me. On the .82 >> version my email server always allowed emails since this functionality >> was >> broken because the IPCOP address was passed to the server instead of the >> originating IP. > > I have the modifications to mailscanner.sh working, though mailscanner.sh > is leaving some files behind probably due to I'm exiting early to make > sure the message is rejected. > > I'd love to not have this hack in place on Copfilter 0.83beta3. My > sendmail > seems to be accepting everything and rejecting nothing (open relay). > > Do you have a few minutes to help me with my sendmail configuration? > > Mike What does sendmail do when you turn off proxsmtp and port forward directly to the email server? tail -f /var/log/maillog (or something to that effect, I know Fedora and other distros are a little different than Slackware) to see what is happening with sendmail. You may try changing the sendmail.cf file LogLevel=9 (that's my default) to LogLevel=15 for more information while testing. I use http://www.abuse.net/relay.html to check for open relay. If you have an open relay using the server directly, then it is not setup correctly, however if it blocks open relay attempts, then put copfilter back in place and test again. If this time it is open, then problem is with copfilter and not your email server. Give that a try then perhaps we can move on. I am sending this one to the list as it may help someone else, but feel free to email me directly since this may get off topic. Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 17:59:43
|
On Mon, 10 Dec 2007, Kerry Erb might have said: > I don't have access to look at the mailscanner.sh logic right now, but > will pose these questions. > Perhaps since copfilter is a pass-thru mode, what if the message has > already been forwarded to the server before the domain is rejected by > Copfilter? > > Why don't you let your email server handle the domain validation? Doesn't > sendmail reject any non-existent email addresses and invalid domains? I > know I usually see a lot of "sender domain does not exist" or something to > that effect on my email servers maillog. It also rejects unknown users. > > I am curious, however, what version of copfilter are you using? > > With .84beta I only worry about copfilter filtering for spam and > viruses/phishing and the email server does the account validation. I > think it is the .84 XCLIENT that allows the originating server information > to be forwarded that is finally making this work for me. On the .82 > version my email server always allowed emails since this functionality was > broken because the IPCOP address was passed to the server instead of the > originating IP. I have the modifications to mailscanner.sh working, though mailscanner.sh is leaving some files behind probably due to I'm exiting early to make sure the message is rejected. I'd love to not have this hack in place on Copfilter 0.83beta3. My sendmail seems to be accepting everything and rejecting nothing (open relay). Do you have a few minutes to help me with my sendmail configuration? Mike |
From: Kerry E. <ke...@ke...> - 2007-12-10 17:48:11
|
On Mon, December 10, 2007 10:59, Mike Eggleston said: > I found mailscanner.sh at > /var/log/copfilter/default/tools/bin/mailscanner.sh > and it looks like I can modify that script to reject messages that > I'm concerned about and do not want inside my firewall. I have added > the code below, but it doesn't seem to be rejecting the messages. > > The script addition does seem to work. I get my log file in /tmp and > the log file(s) show the message being selected for rejection. However, > the message still gets to my internal mail server. > > Any ideas? > > Mike > > ------------------------------------------------------ > # mikee 071209 checking for the To: is not in our domain > #echo ------------------------------------------------------------------ > mrefile=/tmp/mailscanner.mre.$$ > cp $EMAIL $mrefile > echo ------------ >> $mrefile > date >> $mrefile > grep '^To: ' $EMAIL | head -1 >> $mrefile > grep '^From: ' $EMAIL | head -1 >> $mrefile > rc=`grep -c To:.*@example.com $EMAIL` > echo "rc=$rc" >> $mrefile > if [ "$rc" -eq 0 ] ; then > echo "550 Content Rejected: message is not addressed to my domain" > echo "550 Content Rejected: message is not addressed to my domain" > >&2 > echo "550 Content Rejected: message is not addressed to my domain" > >> $mrefile > IS_SPAM=99 > fi > rc=`grep To: $EMAIL | egrep -c > 'ac...@ex...|ac...@po...|ac...@ex...|ac...@ex...|sa...@ex...|in...@ex...|jo...@ex..." > echo "rc=$rc" >> $mrefile > if [ "$rc" -eq 0 ] ; then > echo "550 Content Rejected: no valid user addressed" > echo "550 Content Rejected: no valid user addressed" >&2 > echo "550 Content Rejected: no valid user addressed" >> $mrefile > IS_SPAM=99 > fi > echo ------------end >> $mrefile > I don't have access to look at the mailscanner.sh logic right now, but will pose these questions. Perhaps since copfilter is a pass-thru mode, what if the message has already been forwarded to the server before the domain is rejected by Copfilter? Why don't you let your email server handle the domain validation? Doesn't sendmail reject any non-existent email addresses and invalid domains? I know I usually see a lot of "sender domain does not exist" or something to that effect on my email servers maillog. It also rejects unknown users. I am curious, however, what version of copfilter are you using? With .84beta I only worry about copfilter filtering for spam and viruses/phishing and the email server does the account validation. I think it is the .84 XCLIENT that allows the originating server information to be forwarded that is finally making this work for me. On the .82 version my email server always allowed emails since this functionality was broken because the IPCOP address was passed to the server instead of the originating IP. Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 16:59:14
|
I found mailscanner.sh at /var/log/copfilter/default/tools/bin/mailscanner.sh and it looks like I can modify that script to reject messages that I'm concerned about and do not want inside my firewall. I have added the code below, but it doesn't seem to be rejecting the messages. The script addition does seem to work. I get my log file in /tmp and the log file(s) show the message being selected for rejection. However, the message still gets to my internal mail server. Any ideas? Mike ------------------------------------------------------ # mikee 071209 checking for the To: is not in our domain #echo ------------------------------------------------------------------ mrefile=/tmp/mailscanner.mre.$$ cp $EMAIL $mrefile echo ------------ >> $mrefile date >> $mrefile grep '^To: ' $EMAIL | head -1 >> $mrefile grep '^From: ' $EMAIL | head -1 >> $mrefile rc=`grep -c To:.*@example.com $EMAIL` echo "rc=$rc" >> $mrefile if [ "$rc" -eq 0 ] ; then echo "550 Content Rejected: message is not addressed to my domain" echo "550 Content Rejected: message is not addressed to my domain" >&2 echo "550 Content Rejected: message is not addressed to my domain" >> $mrefile IS_SPAM=99 fi rc=`grep To: $EMAIL | egrep -c 'ac...@ex...|ac...@po...|ac...@ex...|ac...@ex...|sa...@ex...|in...@ex...|jo...@ex..." echo "rc=$rc" >> $mrefile if [ "$rc" -eq 0 ] ; then echo "550 Content Rejected: no valid user addressed" echo "550 Content Rejected: no valid user addressed" >&2 echo "550 Content Rejected: no valid user addressed" >> $mrefile IS_SPAM=99 fi echo ------------end >> $mrefile ------------------------------------------------------ |
From: Kerry E. <ke...@ke...> - 2007-12-10 03:14:55
|
On Sun, December 9, 2007 20:57, Mike Eggleston said: > On Sun, 09 Dec 2007, Kerry Erb might have said: > >> On Sun, December 9, 2007 20:45, Mike Eggleston said: >> --snip-- >> >> >> >> Actually it is the right list to post to. I cannot seem to find >> where I >> >> saw the XCLIENT thing, oh it is on the main copilter.org page. Do a >> >> search on xclient. There is a mention that 2005 09 16 >> >> update: turned XClient off in ProxSMTP >> >> >> >> I know I saw someplace else that XCLIENT was turned back on in .84 I >> >> just >> >> can't locate it. Anyway, I have actually had less problems with >> .84beta >> >> than with the stable version. I always had a lot of mailscanner >> files >> >> int /tmp directory with .82 >> >> I like the page in .84 that shows how many items are in quarantine >> >> without >> >> having to load the quarantine page. >> >> I also like the ability to reject emails. In my opinion, this is >> better >> >> than spam digest and email whitelist modifications and checking the >> >> quarantine. This way at least a legitimate user will get a rejection >> >> notice and not have an email sitting in apparent limbo. At least it >> >> might >> >> prompt them to contact the person and make them aware of the >> situation. >> >> >> >> Can you think of any drawbacks to the reject (SMTP 550) option >> instead >> >> of >> >> discarding or quarantining emails? >> >> >> >> Kerry >> >> >> > >> > The only drawback I can think of is more messages, but how to tell >> real >> > from fake user in a program....? In general I see no issues with the >> 550 >> > codes. >> > >> > I issued a 'setup_util -b $FILE' to backup my Copfilter configuration, >> > but got an error. I'm tempted to go back to open relay for tonight, >> > the upgrade Copfilter to 0.84beta3 when I get to work in the morning. >> > >> > Thoughts on that approach? >> > >> > Mike >> > >> I am not certain it generates more messages, just gives a reject 550 to >> upstream server, thus it isn't storing and forwarding, or bouncing back. >> The rejection actually is part of the existingemail transaction, albeit >> the end of it. >> >> I was leery about doing a backup and restore between versions. It >> actually doesn't really take that long to go through each screen, so I >> just key everything back in from scratch. At least I know no problems >> can >> come from the previous config. >> >> Kerry >> >> > > What about putting back the spam assassin database? > > What I was thinking about the rejects is a spammer sends you a message > that has > lots of To:s. When you reject, do you reject the individual To:s or just > the From: > > Mike > The reject is to the upstream server, so however it handles a 550 is what happens. I don't use the Bayesian scoring anymore. I have had good results with Razor On, Rules DuJour or Sare Rules On and setting score to 5. I tried having users dump email into a spam folder, but to be honest I never really saw any better results. so now I just restrict alot at 5 and allow whitelist to be modified on outgoing emails. That with the 550 reject has worked fine. If someone cannot get an email through, they usually end up calling the recipient and the recipient can send them an email, which adds the sender to the whitelist. It's been working well so far. We'll see how it goes over time. I guess the backup should work for you, or I suppose you could always manually restore just the spamassasin files. The largest organization I have to worry about has around 100 email accounts. Are you working with larger numbers? Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 02:57:37
|
On Sun, 09 Dec 2007, Kerry Erb might have said: > On Sun, December 9, 2007 20:45, Mike Eggleston said: > --snip-- > >> > >> Actually it is the right list to post to. I cannot seem to find where I > >> saw the XCLIENT thing, oh it is on the main copilter.org page. Do a > >> search on xclient. There is a mention that 2005 09 16 > >> update: turned XClient off in ProxSMTP > >> > >> I know I saw someplace else that XCLIENT was turned back on in .84 I > >> just > >> can't locate it. Anyway, I have actually had less problems with .84beta > >> than with the stable version. I always had a lot of mailscanner files > >> int /tmp directory with .82 > >> I like the page in .84 that shows how many items are in quarantine > >> without > >> having to load the quarantine page. > >> I also like the ability to reject emails. In my opinion, this is better > >> than spam digest and email whitelist modifications and checking the > >> quarantine. This way at least a legitimate user will get a rejection > >> notice and not have an email sitting in apparent limbo. At least it > >> might > >> prompt them to contact the person and make them aware of the situation. > >> > >> Can you think of any drawbacks to the reject (SMTP 550) option instead > >> of > >> discarding or quarantining emails? > >> > >> Kerry > >> > > > > The only drawback I can think of is more messages, but how to tell real > > from fake user in a program....? In general I see no issues with the 550 > > codes. > > > > I issued a 'setup_util -b $FILE' to backup my Copfilter configuration, > > but got an error. I'm tempted to go back to open relay for tonight, > > the upgrade Copfilter to 0.84beta3 when I get to work in the morning. > > > > Thoughts on that approach? > > > > Mike > > > I am not certain it generates more messages, just gives a reject 550 to > upstream server, thus it isn't storing and forwarding, or bouncing back. > The rejection actually is part of the existingemail transaction, albeit > the end of it. > > I was leery about doing a backup and restore between versions. It > actually doesn't really take that long to go through each screen, so I > just key everything back in from scratch. At least I know no problems can > come from the previous config. > > Kerry > > What about putting back the spam assassin database? What I was thinking about the rejects is a spammer sends you a message that has lots of To:s. When you reject, do you reject the individual To:s or just the From: Mike |
From: Kerry E. <ke...@ke...> - 2007-12-10 02:55:47
|
On Sun, December 9, 2007 20:45, Mike Eggleston said: --snip-- >> >> Actually it is the right list to post to. I cannot seem to find where I >> saw the XCLIENT thing, oh it is on the main copilter.org page. Do a >> search on xclient. There is a mention that 2005 09 16 >> update: turned XClient off in ProxSMTP >> >> I know I saw someplace else that XCLIENT was turned back on in .84 I >> just >> can't locate it. Anyway, I have actually had less problems with .84beta >> than with the stable version. I always had a lot of mailscanner files >> int /tmp directory with .82 >> I like the page in .84 that shows how many items are in quarantine >> without >> having to load the quarantine page. >> I also like the ability to reject emails. In my opinion, this is better >> than spam digest and email whitelist modifications and checking the >> quarantine. This way at least a legitimate user will get a rejection >> notice and not have an email sitting in apparent limbo. At least it >> might >> prompt them to contact the person and make them aware of the situation. >> >> Can you think of any drawbacks to the reject (SMTP 550) option instead >> of >> discarding or quarantining emails? >> >> Kerry >> > > The only drawback I can think of is more messages, but how to tell real > from fake user in a program....? In general I see no issues with the 550 > codes. > > I issued a 'setup_util -b $FILE' to backup my Copfilter configuration, > but got an error. I'm tempted to go back to open relay for tonight, > the upgrade Copfilter to 0.84beta3 when I get to work in the morning. > > Thoughts on that approach? > > Mike > I am not certain it generates more messages, just gives a reject 550 to upstream server, thus it isn't storing and forwarding, or bouncing back. The rejection actually is part of the existingemail transaction, albeit the end of it. I was leery about doing a backup and restore between versions. It actually doesn't really take that long to go through each screen, so I just key everything back in from scratch. At least I know no problems can come from the previous config. Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 02:45:26
|
On Sun, 09 Dec 2007, Kerry Erb might have said: > > > On Sun, December 9, 2007 20:27, Mike Eggleston said: > > On Sun, 09 Dec 2007, Kerry Erb might have said: > > > >> --snip-- > >> > > >> > I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to > >> my > >> > servers at work. I thought this is the copfilter list? My sendmail is > >> on > >> > Fedora Core 5, for all that matters, and is version 8.13.8. > >> > > >> > Thanks for the help. > >> > > >> > Mike > >> > > >> > >> LOL at myself as I get a message that states I already subscribe to > >> copfilter list. > >> > >> My bad, I guess I already was subscribed to the list. There isn't much > >> activity on this list, so I guess I forgot I was on it. I am used to > >> getting loads of IPCOP-User stuff that I never paid attention to where > >> these were coming from. I think most start off on IPCOP-USER since it > >> has > >> a larger user base and activity that someone most likely has some input. > >> > >> perhaps you could post to that list if you still have problems. > >> > >> I'm feeling quite stupid right now... > > > > I posted to that list once about a Copfilter issue, not knowing if it was > > Copfilter or IPCop. Some folks were not amused that I used their list to > > ask the question. As I know this is either a Copfilter or sendmail issue, > > I'm posting here. > > > > Mike > > > > Actually it is the right list to post to. I cannot seem to find where I > saw the XCLIENT thing, oh it is on the main copilter.org page. Do a > search on xclient. There is a mention that 2005 09 16 > update: turned XClient off in ProxSMTP > > I know I saw someplace else that XCLIENT was turned back on in .84 I just > can't locate it. Anyway, I have actually had less problems with .84beta > than with the stable version. I always had a lot of mailscanner files > int /tmp directory with .82 > I like the page in .84 that shows how many items are in quarantine without > having to load the quarantine page. > I also like the ability to reject emails. In my opinion, this is better > than spam digest and email whitelist modifications and checking the > quarantine. This way at least a legitimate user will get a rejection > notice and not have an email sitting in apparent limbo. At least it might > prompt them to contact the person and make them aware of the situation. > > Can you think of any drawbacks to the reject (SMTP 550) option instead of > discarding or quarantining emails? > > Kerry > The only drawback I can think of is more messages, but how to tell real from fake user in a program....? In general I see no issues with the 550 codes. I issued a 'setup_util -b $FILE' to backup my Copfilter configuration, but got an error. I'm tempted to go back to open relay for tonight, the upgrade Copfilter to 0.84beta3 when I get to work in the morning. Thoughts on that approach? Mike |
From: Kerry E. <ke...@ke...> - 2007-12-10 02:41:11
|
On Sun, December 9, 2007 20:27, Mike Eggleston said: > On Sun, 09 Dec 2007, Kerry Erb might have said: > >> --snip-- >> > >> > I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to >> my >> > servers at work. I thought this is the copfilter list? My sendmail is >> on >> > Fedora Core 5, for all that matters, and is version 8.13.8. >> > >> > Thanks for the help. >> > >> > Mike >> > >> >> LOL at myself as I get a message that states I already subscribe to >> copfilter list. >> >> My bad, I guess I already was subscribed to the list. There isn't much >> activity on this list, so I guess I forgot I was on it. I am used to >> getting loads of IPCOP-User stuff that I never paid attention to where >> these were coming from. I think most start off on IPCOP-USER since it >> has >> a larger user base and activity that someone most likely has some input. >> >> perhaps you could post to that list if you still have problems. >> >> I'm feeling quite stupid right now... > > I posted to that list once about a Copfilter issue, not knowing if it was > Copfilter or IPCop. Some folks were not amused that I used their list to > ask the question. As I know this is either a Copfilter or sendmail issue, > I'm posting here. > > Mike > Actually it is the right list to post to. I cannot seem to find where I saw the XCLIENT thing, oh it is on the main copilter.org page. Do a search on xclient. There is a mention that 2005 09 16 update: turned XClient off in ProxSMTP I know I saw someplace else that XCLIENT was turned back on in .84 I just can't locate it. Anyway, I have actually had less problems with .84beta than with the stable version. I always had a lot of mailscanner files int /tmp directory with .82 I like the page in .84 that shows how many items are in quarantine without having to load the quarantine page. I also like the ability to reject emails. In my opinion, this is better than spam digest and email whitelist modifications and checking the quarantine. This way at least a legitimate user will get a rejection notice and not have an email sitting in apparent limbo. At least it might prompt them to contact the person and make them aware of the situation. Can you think of any drawbacks to the reject (SMTP 550) option instead of discarding or quarantining emails? Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 02:27:14
|
On Sun, 09 Dec 2007, Kerry Erb might have said: > --snip-- > > > > I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to my > > servers at work. I thought this is the copfilter list? My sendmail is on > > Fedora Core 5, for all that matters, and is version 8.13.8. > > > > Thanks for the help. > > > > Mike > > > > LOL at myself as I get a message that states I already subscribe to > copfilter list. > > My bad, I guess I already was subscribed to the list. There isn't much > activity on this list, so I guess I forgot I was on it. I am used to > getting loads of IPCOP-User stuff that I never paid attention to where > these were coming from. I think most start off on IPCOP-USER since it has > a larger user base and activity that someone most likely has some input. > > perhaps you could post to that list if you still have problems. > > I'm feeling quite stupid right now... I posted to that list once about a Copfilter issue, not knowing if it was Copfilter or IPCop. Some folks were not amused that I used their list to ask the question. As I know this is either a Copfilter or sendmail issue, I'm posting here. Mike |
From: Mike E. <mik...@ma...> - 2007-12-10 02:25:57
|
On Sun, 09 Dec 2007, Mike Eggleston might have said: > On Sun, 09 Dec 2007, Kerry Erb might have said: > > > I haven't really had time to learn more about it since everything has been > > working for all of my customer email services. I just see "server didn't > > accept XCLIENT" in the > > /var/log/copfilter/default/opt/proxsmtp/var/log/proxsmtpd.log on IPCOP. I > > am using Slackware sendmail and configured just like your /etc/mail/access > > above. The servers reject anything but what is destined for the domain > > itself. > > > > I am pretty sure when I was using .82 it was always open relay. I am > > pretty sure it was because IPCOP sent its IP address and not the upstream > > ip address. > > > > Are you using the .84 version? > > > > Perhaps someone can confirm the difference in Copfilter version in more > > detail. > > > > Of course this whole topic might be better suited for the copfilter > > mailing list, of which I haven't subbed to or looked at. > > > > Perhaps I'll join right now. > > > > Ahhh done. I always wanted to sub to that list, just never did it. > > Thanks for the prompt. > > I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to my > servers at work. I thought this is the copfilter list? My sendmail is on > Fedora Core 5, for all that matters, and is version 8.13.8. I looked into the log you mention above for proxsmtp and I find no XCLIENT errors. Mike |
From: Kerry E. <ke...@ke...> - 2007-12-10 02:25:16
|
--snip-- > > I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to my > servers at work. I thought this is the copfilter list? My sendmail is on > Fedora Core 5, for all that matters, and is version 8.13.8. > > Thanks for the help. > > Mike > LOL at myself as I get a message that states I already subscribe to copfilter list. My bad, I guess I already was subscribed to the list. There isn't much activity on this list, so I guess I forgot I was on it. I am used to getting loads of IPCOP-User stuff that I never paid attention to where these were coming from. I think most start off on IPCOP-USER since it has a larger user base and activity that someone most likely has some input. perhaps you could post to that list if you still have problems. I'm feeling quite stupid right now... Kerry |
From: Mike E. <mik...@ma...> - 2007-12-10 02:13:29
|
On Sun, 09 Dec 2007, Kerry Erb might have said: > On Sun, December 9, 2007 19:33, Mike Eggleston said: > > On Sun, 09 Dec 2007, Kerry Erb might have said: > > > >> Mike, > >> > >> I had some of the same hassles you are having until I started using > >> copfiltercopfilter-0.84beta3a.tgz. I believe it is because XCLIENT was > >> re-enabled in this version. Basically this lets a passthru device > >> forward > >> the upstream mail servers information. > >> Here is some more info. > >> > >> http://www.postfix.org/XCLIENT_README.html > >> > >> I also like the fact that copfilter .84 has the ability to reject emails > >> above a certain spam score. > >> > >> It reads as if you setup the email server correclty by only allowing > >> local > >> subnet for RELAY and only OK for IPCOP device. You may wish to double > >> check that the IPCOP OK entry is before the local subnet RELAY in the > >> access file. > >> > >> Hope this helps. > >> > >> Kerry > >> > >> > >> > >> On Sun, December 9, 2007 16:00, Mike Eggleston said: > >> > On Sun, 09 Dec 2007, Mike Eggleston might have said: > >> > > >> >> On Sat, 08 Dec 2007, Mike Eggleston might have said: > >> >> > >> >> > I have been using copfilter on my ipcop box for > >> >> > quite a while. I recently made a change from a > >> >> > wierd internal email transport path to simply > >> >> > accepting the email messages on my box that > >> >> > receives the messages from copfilter. Now I > >> >> > am worried that I have an open relay at work. > >> >> > >> >> I'm still having problems. Is there a hack I can > >> >> put in, in spam assassin or someplace like that, > >> >> where if the incoming email is not meant for my > >> >> domain that I can just send a REJECT? > >> > > >> > I have found a way to modify mailscanner.sh to detect > >> > the things I'm having a problem with. Is there a way > >> > to either reject the mail message from directly inside > >> > mailscaner.sh or a way to modify the message envelope? > >> > > >> > I've not found so far a way to do either. > > > > Kerry, > > > > Thanks for the suggestion. Is XCLIENT only a postfix(8) command? > > I use sendmail. Can I use XCLIENT in sendmail? > > > > You mention having the IPCop IP before my subnet. Do you mean like > > this: > > > > -------------------------------- /etc/mail/access > > Connect:10.1.2.1 OK > > Connect:10.1.2 RELAY > > -------------------------------- /etc/mail/access > > > > M > > > > I haven't really had time to learn more about it since everything has been > working for all of my customer email services. I just see "server didn't > accept XCLIENT" in the > /var/log/copfilter/default/opt/proxsmtp/var/log/proxsmtpd.log on IPCOP. I > am using Slackware sendmail and configured just like your /etc/mail/access > above. The servers reject anything but what is destined for the domain > itself. > > I am pretty sure when I was using .82 it was always open relay. I am > pretty sure it was because IPCOP sent its IP address and not the upstream > ip address. > > Are you using the .84 version? > > Perhaps someone can confirm the difference in Copfilter version in more > detail. > > Of course this whole topic might be better suited for the copfilter > mailing list, of which I haven't subbed to or looked at. > > Perhaps I'll join right now. > > Ahhh done. I always wanted to sub to that list, just never did it. > Thanks for the prompt. I'm using 0.83beta3. I'm pulling 0.84beta3 now and transferring it to my servers at work. I thought this is the copfilter list? My sendmail is on Fedora Core 5, for all that matters, and is version 8.13.8. Thanks for the help. Mike |