ConfigServer Services Blog

New csf v2.88

Changes:

  • Fixed typo in csf.conf for new installs LF_LOAD -> PT_LOAD
  • Modified the courier IMAP and POP3D regex’s to include connections over SSL in lfd
  • Modified lfd to ignore cpdavd processes
  • Modified the cPanel regex’s to include cPanel v11 variants in lfd

Read receipts being marked as spam by MS

The most recent version of MailScanner contains a new feature called watermarking which is designed to prevent so-called backscatter bounces from joe-jobbing. Joe-jobbing is when a spammer sends out email from a spoofed email address on your server. The spam was not actually sent from your server, but your server receives the bounces from these spams.Watermarking in MailScanner adds an encrypted ‘watermark’ to each mail sent through your server, and any legitimate bounces (emails with a null sender) should contain this watermark. If a bounce does NOT contain the watermark, it is marked as spam. Unfortunately there is a bug in this system where read receipts from certain mail programs, which are sent with no sender so they look like bounces but they do not contain the watermark, are being marked as spam by MailScanner.Until this bug is fixed in MailScanner, if you are experiencing this problem we would recommend that you disable the watermarking feature. To do this, in the MailScanner configuration go to the section called “Watermarking” and set the options Use Watermarking, Add Watermark, and Check Watermarks with no sender to no, then click Change.

New csf v2.87

Changes:

  • Fixed duplication of settings during generic configuration upgrade procedure
  • Only display version confirmation update message when running csf -u interactively (Thanks to Brian Coogan for the perl tip)
  • Fixed issue with temporary files not being truncated before being written to, which caused problems e.g. with global allow/deny files
  • Added new option CT_SKIP_TIME_WAIT to exclude TIME_WAIT state from connection tracking
  • Updated the csf webmin module to use the &ReadParse() routine to overcome problems when running through SSL (Thanks to Tim Ballantine for this tip)

New cmm v1.07

Changes:

  • IMAP Trash folder included in quota/space/cleaning calculations
  • Added space used as a percentage of quota when listing accounts

New MailScanner Script v2.58

Changes:

  • Modified MailScanner init script to workaround a MailScanner bug where MailScanner doesn’t bother tidying up the incoming mail processing directory properly
  • Copied the clean.quarantine cron job to periodically tidy up the MailScanner incoming mail processing directory (see above)
  • New version of MailScanner v4.62.9

New csf v2.85

Changes:

  • Fixed a problem with v2.84 which broke permanent IP blocking in lfd – it’s been a long week :-/

New csf v2.84

Changes:

  • Fixed problem with permanent LF blocks in lfd for individual application port blocks when set to permanent
  • Added new SYSLOG option to csf.conf to allow additional lfd logging to SYSLOG (requires perl module Sys::Syslog)
  • Added a minimum to LF_DSHIELD and LF_SPAMHAUS ip block lists refresh interval of 3600 to prevent getting yourself blocked!

N

New ClamAV v0.91

A new version of ClamAV has been released. The update adds a bunch of new features to ClamAV, but most importantly for MailScanner users, fixes a bug which caused the MailScanner child processes to consume large amount of server resources on startup.Upgrade:

/bin/rm -Rf clamav-*wget http://prdownloads.sourceforge.net/clamav/clamav-0.91.tar.gztar -xzf clamav-*cd clamav-*./configure –disable-zlib-vcheckmakemake installreplace “Example” “#Example” — /usr/local/etc/freshclam.confreplace “Example” “#Example” — /usr/local/etc/clamd.conffreshclamcd ../bin/rm -Rf clamav-*/scripts/perlinstaller –force Mail::ClamAVservice MailScanner restarttail -f /var/log/maillog

New csf v2.82

Changes:

  • Fixed a documentation for LF_TRIGGER_PERM
  • Fixed issue where RT_[relay]_ALERT set to “0” was being ignored
  • Fixed condition from v2.80 which prevented SCRIPT_ALERT from working
  • If killproc.conf does not exist the Server Check now links to the Background Process Killer page instead of issuing a file missing error