You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by "Corey A. Johnson" <cj...@cniweb.net> on 2004/05/10 16:41:33 UTC
stop scanning of Return Messages
Hello,
I am using the Praxis mailet to virus scan emails... and i notice it is
scanning even the Return to Sender emails generated from a spam
blacklist lookup and rejection.
I am sure this is not specific to Praxis.. just has to do with my
config. Can anyone suggestion how i could stop it from scanning any
bounce/notifysender generated emails?
I have an IsInfected Mailet that routes to a processor block named
"virus." The IsInfected mailet is towards the bottom of my "root"
processor after all the blacklist lookups.
Thanks in advance for any suggestions. I am using version 2.2.0RC3 on
Sun Solaris 8 for SPARC with JDK 1.4.2_04
Cj
--
Corey A. Johnson
Creative Network Innovations
http://www.cniweb.net/
1-800-CNi-5547 ** 1-321-259-1984
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by "Corey A. Johnson" <cj...@cniweb.net>.
thanks again tobe. some good ideas. will give it a go.
tobe wrote:
> As a brief sketch (and I am no expert), I would think that you could
> check first for SenderIs=Postmaster@yourdomain and divert those to a
> postmaster-processor.
>
> In the postmaster-processor you check if the messages originated at
> another machine by RemoteAddrNotInNetwork=127.0.0.1, discarding the
> matches.
>
> The remaining mails should be from your postmaster and can be safely
> delivered remotely.
>
> /tobe
>
> Corey A. Johnson wrote:
>
>> thanks tobe.
>> The server is used for inbound email only. i thought about bypassing
>> the scan based on sender (postmaster@mydomain.com) but since a lot of
>> emails spoof the from address.. didn't think that was a good idea.
>> How can i set an attribute on messages generated from James? The
>> main ones i want to avoid scanning are the tons of return attempts
>> that are generated from the spam blacklist rejections. I have a
>> "spam" processor block (below).. and emails that match any of my
>> InSpammerBlacklist are being sent to:
>>
>> <processor name="spam">
>> <mailet match="All" class="Bounce"/>
>> <mailet match="All" class="Null"/> </processor>
>>
>> The reason i want to stop this.. is because anytime a bounce email is
>> scanned.. i get this exception:
>>
>> 10/05/04 00:03:05 INFO James.Mailet: IsInfected: Exception caught
>> javax.mail.MessagingException: Missing start boundary
>> at
>> javax.mail.internet.MimeMultipart.parse(MimeMultipart.java:297)
>> at
>> javax.mail.internet.MimeMultipart.getCount(MimeMultipart.java:159)
>> at
>> org.apache.james.transport.matchers.IsInfected.dumpPart(IsInfected.java:442)
>>
>> at
>> org.apache.james.transport.matchers.IsInfected.match(IsInfected.java:248)
>>
>> at
>> org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:342)
>>
>> at
>> org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:451)
>>
>> at
>> org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:360)
>>
>> at java.lang.Thread.run(Thread.java:534)
>>
>> Maybe i am not going about this the right way?
>>
>> Thanks again. Appreciate any help on this.
>>
>> Cj
>>
>> tobe wrote:
>>
>>> Corey A. Johnson wrote:
>>>
>>>> Hello,
>>>>
>>>> I am using the Praxis mailet to virus scan emails... and i notice
>>>> it is scanning even the Return to Sender emails generated from a
>>>> spam blacklist lookup and rejection.
>>>>
>>>> I am sure this is not specific to Praxis.. just has to do with my
>>>> config. Can anyone suggestion how i could stop it from scanning
>>>> any bounce/notifysender generated emails?
>>>>
>>>> I have an IsInfected Mailet that routes to a processor block named
>>>> "virus." The IsInfected mailet is towards the bottom of my
>>>> "root" processor after all the blacklist lookups.
>>>>
>>>> Thanks in advance for any suggestions. I am using version 2.2.0RC3
>>>> on Sun Solaris 8 for SPARC with JDK 1.4.2_04
>>>>
>>>> Cj
>>>>
>>> I am assuming that you mean the Return to Sender mails you are
>>> generating as responses.
>>>
>>> I also assume that you actually wish to scan outgoing mail for
>>> viruses (if not, well then send them out before you scan)
>>>
>>> I think the notices generated by James have a specific sender (like
>>> postmaster@yourdomain), this could be used to divert them past the
>>> scan. You could also set a mail-attribute and use that.
>>>
>>> /tobe
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
--
Corey A. Johnson
Creative Network Innovations
http://www.cniweb.net/
1-800-CNi-5547 ** 1-321-259-1984
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by tobe <to...@swipnet.se>.
As a brief sketch (and I am no expert), I would think that you could
check first for SenderIs=Postmaster@yourdomain and divert those to a
postmaster-processor.
In the postmaster-processor you check if the messages originated at
another machine by RemoteAddrNotInNetwork=127.0.0.1, discarding the matches.
The remaining mails should be from your postmaster and can be safely
delivered remotely.
/tobe
Corey A. Johnson wrote:
> thanks tobe.
> The server is used for inbound email only. i thought about bypassing
> the scan based on sender (postmaster@mydomain.com) but since a lot of
> emails spoof the from address.. didn't think that was a good idea.
> How can i set an attribute on messages generated from James? The main
> ones i want to avoid scanning are the tons of return attempts that are
> generated from the spam blacklist rejections. I have a "spam"
> processor block (below).. and emails that match any of my
> InSpammerBlacklist are being sent to:
>
> <processor name="spam">
> <mailet match="All" class="Bounce"/>
> <mailet match="All" class="Null"/> </processor>
>
> The reason i want to stop this.. is because anytime a bounce email is
> scanned.. i get this exception:
>
> 10/05/04 00:03:05 INFO James.Mailet: IsInfected: Exception caught
> javax.mail.MessagingException: Missing start boundary
> at javax.mail.internet.MimeMultipart.parse(MimeMultipart.java:297)
> at
> javax.mail.internet.MimeMultipart.getCount(MimeMultipart.java:159)
> at
> org.apache.james.transport.matchers.IsInfected.dumpPart(IsInfected.java:442)
>
> at
> org.apache.james.transport.matchers.IsInfected.match(IsInfected.java:248)
> at
> org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:342)
>
> at
> org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:451)
>
> at
> org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:360)
>
> at java.lang.Thread.run(Thread.java:534)
>
> Maybe i am not going about this the right way?
>
> Thanks again. Appreciate any help on this.
>
> Cj
>
> tobe wrote:
>
>> Corey A. Johnson wrote:
>>
>>> Hello,
>>>
>>> I am using the Praxis mailet to virus scan emails... and i notice
>>> it is scanning even the Return to Sender emails generated from a
>>> spam blacklist lookup and rejection.
>>>
>>> I am sure this is not specific to Praxis.. just has to do with my
>>> config. Can anyone suggestion how i could stop it from scanning any
>>> bounce/notifysender generated emails?
>>>
>>> I have an IsInfected Mailet that routes to a processor block named
>>> "virus." The IsInfected mailet is towards the bottom of my "root"
>>> processor after all the blacklist lookups.
>>>
>>> Thanks in advance for any suggestions. I am using version 2.2.0RC3
>>> on Sun Solaris 8 for SPARC with JDK 1.4.2_04
>>>
>>> Cj
>>>
>> I am assuming that you mean the Return to Sender mails you are
>> generating as responses.
>>
>> I also assume that you actually wish to scan outgoing mail for
>> viruses (if not, well then send them out before you scan)
>>
>> I think the notices generated by James have a specific sender (like
>> postmaster@yourdomain), this could be used to divert them past the
>> scan. You could also set a mail-attribute and use that.
>>
>> /tobe
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by "Corey A. Johnson" <cj...@cniweb.net>.
Yes. Did not work... but again.. i was in a panic when i configured
it.. (had a user that was getting BOMBARDED with viruses) so no doubt i
may have had a typo or mistake somewhere in my config. Will try again
this weekend.
Thanks Vincenzo,
Cj
Vincenzo Gianferrari Pini wrote:
>>Correct. i updated the package name.. Only did it because i could not
>>get James to find the class.. and i was in a hurry. Will work on it
>>and change the package back to what it was previously. I added the
>>extra package to my config.xml.. and added the jar to my install. but
>>still received a Class Not Found exception when it tried to load the
>>IsInfected mailet.
>>
>>Obviously i was doing something wrong.. will fix as soon as i can.
>>
>>Cj
>>
>>
>
>Did you put the jar in <james>/apps/james/SAR-INF/lib (in James 2.2.*)? It works for me there.
>
>Vincenzo
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>For additional commands, e-mail: server-user-help@james.apache.org
>
>
>
>
--
Corey A. Johnson
Creative Network Innovations
http://www.cniweb.net/
1-800-CNi-5547 ** 1-321-259-1984
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: stop scanning of Return Messages
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
> Correct. i updated the package name.. Only did it because i could not
> get James to find the class.. and i was in a hurry. Will work on it
> and change the package back to what it was previously. I added the
> extra package to my config.xml.. and added the jar to my install. but
> still received a Class Not Found exception when it tried to load the
> IsInfected mailet.
>
> Obviously i was doing something wrong.. will fix as soon as i can.
>
> Cj
Did you put the jar in <james>/apps/james/SAR-INF/lib (in James 2.2.*)? It works for me there.
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by "Corey A. Johnson" <cj...@cniweb.net>.
Thank you for the info. Will give that a try.
Correct. i updated the package name.. Only did it because i could not
get James to find the class.. and i was in a hurry. Will work on it
and change the package back to what it was previously. I added the
extra package to my config.xml.. and added the jar to my install. but
still received a Class Not Found exception when it tried to load the
IsInfected mailet.
Obviously i was doing something wrong.. will fix as soon as i can.
Cj
Vincenzo Gianferrari Pini wrote:
>>>anytime a bounce email is scanned.. i get this exception:
>>>IsInfected: Exception caught
>>>javax.mail.MessagingException: Missing start boundary
>>> at ...MimeMultipart.parse(MimeMultipart.java:297)
>>> at ...MimeMultipart.getCount(MimeMultipart.java:159)
>>> at ...IsInfected.dumpPart(IsInfected.java:442)
>>>...
>>>
>>>
>>Seems to me that the IsInfected matcher should be more robust, if it is
>>throwing exceptions just because the message body isn't in MIME format. But
>>I haven't seen the code.
>>
>>
>
>Looking at my last 30 days log, I found this exception 22 over about 58,000 messages scanned (with 7600 viruses found).
>There are sometimes other exceptions thrown, due to the fact that there are sometimes some "malformed" messages flowing (especially the spam ones) that do not follow the rules. I'll have a look at it.
>
>I suggest anyhow to have a two level "defense": invoking the IsInfected matcher with onMatchException="noMatch" set followed by an "AttachmentFileNameIs=*.exe *.com ...." filter.
>
>
>
>>Which reminds me. We're going to have to remind people that the
>>org.apache.* name space belongs to the ASF. No one should be using that
>>name space in their own code.
>>
>>
>
>The package name I used writing the IsInfected matcher is "it.praxis.james.matchers.*", and everything is in a totally separate and signed jar ("it.praxis.james.jar"). Corey must have inserted my source in his org/apache/james/transport/matchers downloaded from CVS, changed the package declaration and recompiled. THIS IS NOT MY CODE.
>
>Vincenzo
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>For additional commands, e-mail: server-user-help@james.apache.org
>
>
>
>
--
Corey A. Johnson
Creative Network Innovations
http://www.cniweb.net/
1-800-CNi-5547 ** 1-321-259-1984
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: stop scanning of Return Messages
Posted by "Noel J. Bergman" <no...@devtech.com>.
> THIS IS NOT MY CODE.
To be clear, Vincenzo, I know you use a different package space. :-) For
all I knew, someone had written code with a similar classname to yours and
put it in the James package namespace.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: stop scanning of Return Messages
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
> > anytime a bounce email is scanned.. i get this exception:
> > IsInfected: Exception caught
> > javax.mail.MessagingException: Missing start boundary
> > at ...MimeMultipart.parse(MimeMultipart.java:297)
> > at ...MimeMultipart.getCount(MimeMultipart.java:159)
> > at ...IsInfected.dumpPart(IsInfected.java:442)
> > ...
>
> Seems to me that the IsInfected matcher should be more robust, if it is
> throwing exceptions just because the message body isn't in MIME format. But
> I haven't seen the code.
Looking at my last 30 days log, I found this exception 22 over about 58,000 messages scanned (with 7600 viruses found).
There are sometimes other exceptions thrown, due to the fact that there are sometimes some "malformed" messages flowing (especially the spam ones) that do not follow the rules. I'll have a look at it.
I suggest anyhow to have a two level "defense": invoking the IsInfected matcher with onMatchException="noMatch" set followed by an "AttachmentFileNameIs=*.exe *.com ...." filter.
>
> Which reminds me. We're going to have to remind people that the
> org.apache.* name space belongs to the ASF. No one should be using that
> name space in their own code.
The package name I used writing the IsInfected matcher is "it.praxis.james.matchers.*", and everything is in a totally separate and signed jar ("it.praxis.james.jar"). Corey must have inserted my source in his org/apache/james/transport/matchers downloaded from CVS, changed the package declaration and recompiled. THIS IS NOT MY CODE.
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: stop scanning of Return Messages
Posted by "Noel J. Bergman" <no...@devtech.com>.
> anytime a bounce email is scanned.. i get this exception:
> IsInfected: Exception caught
> javax.mail.MessagingException: Missing start boundary
> at ...MimeMultipart.parse(MimeMultipart.java:297)
> at ...MimeMultipart.getCount(MimeMultipart.java:159)
> at ...IsInfected.dumpPart(IsInfected.java:442)
> ...
Seems to me that the IsInfected matcher should be more robust, if it is
throwing exceptions just because the message body isn't in MIME format. But
I haven't seen the code.
Which reminds me. We're going to have to remind people that the
org.apache.* name space belongs to the ASF. No one should be using that
name space in their own code.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by "Corey A. Johnson" <cj...@cniweb.net>.
thanks tobe.
The server is used for inbound email only. i thought about bypassing
the scan based on sender (postmaster@mydomain.com) but since a lot of
emails spoof the from address.. didn't think that was a good idea. How
can i set an attribute on messages generated from James? The main ones
i want to avoid scanning are the tons of return attempts that are
generated from the spam blacklist rejections. I have a "spam" processor
block (below).. and emails that match any of my InSpammerBlacklist are
being sent to:
<processor name="spam">
<mailet match="All" class="Bounce"/>
<mailet match="All" class="Null"/>
</processor>
The reason i want to stop this.. is because anytime a bounce email is
scanned.. i get this exception:
10/05/04 00:03:05 INFO James.Mailet: IsInfected: Exception caught
javax.mail.MessagingException: Missing start boundary
at javax.mail.internet.MimeMultipart.parse(MimeMultipart.java:297)
at
javax.mail.internet.MimeMultipart.getCount(MimeMultipart.java:159)
at
org.apache.james.transport.matchers.IsInfected.dumpPart(IsInfected.java:442)
at
org.apache.james.transport.matchers.IsInfected.match(IsInfected.java:248)
at
org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:342)
at
org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:451)
at
org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:360)
at java.lang.Thread.run(Thread.java:534)
Maybe i am not going about this the right way?
Thanks again. Appreciate any help on this.
Cj
tobe wrote:
> Corey A. Johnson wrote:
>
>> Hello,
>>
>> I am using the Praxis mailet to virus scan emails... and i notice it
>> is scanning even the Return to Sender emails generated from a spam
>> blacklist lookup and rejection.
>>
>> I am sure this is not specific to Praxis.. just has to do with my
>> config. Can anyone suggestion how i could stop it from scanning any
>> bounce/notifysender generated emails?
>>
>> I have an IsInfected Mailet that routes to a processor block named
>> "virus." The IsInfected mailet is towards the bottom of my "root"
>> processor after all the blacklist lookups.
>>
>> Thanks in advance for any suggestions. I am using version 2.2.0RC3
>> on Sun Solaris 8 for SPARC with JDK 1.4.2_04
>>
>> Cj
>>
> I am assuming that you mean the Return to Sender mails you are
> generating as responses.
>
> I also assume that you actually wish to scan outgoing mail for viruses
> (if not, well then send them out before you scan)
>
> I think the notices generated by James have a specific sender (like
> postmaster@yourdomain), this could be used to divert them past the
> scan. You could also set a mail-attribute and use that.
>
> /tobe
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
--
Corey A. Johnson
Creative Network Innovations
http://www.cniweb.net/
1-800-CNi-5547 ** 1-321-259-1984
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: stop scanning of Return Messages
Posted by tobe <to...@swipnet.se>.
Corey A. Johnson wrote:
> Hello,
>
> I am using the Praxis mailet to virus scan emails... and i notice it
> is scanning even the Return to Sender emails generated from a spam
> blacklist lookup and rejection.
>
> I am sure this is not specific to Praxis.. just has to do with my
> config. Can anyone suggestion how i could stop it from scanning any
> bounce/notifysender generated emails?
>
> I have an IsInfected Mailet that routes to a processor block named
> "virus." The IsInfected mailet is towards the bottom of my "root"
> processor after all the blacklist lookups.
>
> Thanks in advance for any suggestions. I am using version 2.2.0RC3 on
> Sun Solaris 8 for SPARC with JDK 1.4.2_04
>
> Cj
>
I am assuming that you mean the Return to Sender mails you are
generating as responses.
I also assume that you actually wish to scan outgoing mail for viruses
(if not, well then send them out before you scan)
I think the notices generated by James have a specific sender (like
postmaster@yourdomain), this could be used to divert them past the scan.
You could also set a mail-attribute and use that.
/tobe
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org