Greetings:

EnterUnix Software released SpamGuard 1.7 this past week.

See http://www.enderunix.org/spamguard/

Changes from 1.6 can be seen on http://www.enderunix.org/spamguard/devel/spamguard-devel/CHANGELOG

See http://www.forum.psoft.net/showthread.php?s=&threadid=1609&highlight=spamguard+patch for the patch necessary if you use SpamAssassin.

Thank you.

I installed this today and got it working.... But now every 5 minutes it e-mails me that someone sent 40 e-mails... then 5 minutes later 42..then 45, then 50.. it's like it doesn't reset itself from the last time. It's counting *all* the e-mail in the log instead of just the new e-mail from the last scan.

I've had this working long time ago (1-2 years ago, dont remember which spamguard version) on a different server and it didnt do that.. If someone sent out 500 e-mails inbetween scans, I'd get one e-mail saying that not over and over

Greetings:

EnterUnix Software released SpamGuard 1.7 this past week.

See http://www.enderunix.org/spamguard/

Changes from 1.6 can be seen on http://www.enderunix.org/spamguard/devel/spamguard-devel/CHANGELOG

See http://www.forum.psoft.net/showthread.php?s=&threadid=1609&highlight=spamguard+patch for the patch necessary if you use SpamAssassin.

Thank you.

Greetings NeoFree:

I could be wrong, but it sounds like the settings on your server (typically stored in /usr/local/etc/) have to be tweaked.

Thank you.

Here's my file. If I run spamguard by command line it runs with no errors and works perfectly, EXCEPT it's detecting normal mail activity as spam because it's not resetting back to 0 after each scan.


#spamguard 1.6 Configuration file

#logtype = "sendmail" #log type qmail, sendmail, postfix
logtype = "qmail" #log type qmail, sendmail, postfix
logfile = "/var/log/maillog" #
#logfile = "/var/log/qmail/current" #
ignorefile = "/usr/local/etc/spam-ignore.txt" #
badmailfile = "/var/qmail/control/badmailfrom" #
#badmailfile = "/etc/mail/access" # For Sendmail
sysadmin = "tom@startwebhost.com" #
hostname = "startwebhost.com"
mail_command = "/bin/mail"
makemap_command = "/usr/sbin/makemap hash /etc/mail/access < /etc/mail/access" #sendmail , postfix only
statfile = "/usr/local/etc/spamguard.stat"
wcnt = 40 #warning count
bcnt = 1000 #block count
pcnt = 1000000 #paranoid count

Hi NeoFree:

If my memory is correct, 1.7 is a beta; and I believe I had to modify some c code to get it to work right (not sure as that was several months ago).

It keeps the current activity in a state file (I believe that state file is in /usr/local/etc); it could be the permissions of the state file (not sure).

Thank you.

Well even though 1.7 is beta, the site says it's stable at the top of the page. Obviously incorrect. I went back to 1.6 and it's working fine.

Hi NeoFree:

If my memory is correct, 1.7 is a beta; and I believe I had to modify some c code to get it to work right (not sure as that was several months ago).

It keeps the current activity in a state file (I believe that state file is in /usr/local/etc); it could be the permissions of the state file (not sure).

Thank you.

Hi NeoFree:

If my memory is correct, 1.7 is a beta; and I believe I had to modify some c code to get it to work right (not sure as that was several months ago).

It keeps the current activity in a state file (I believe that state file is in /usr/local/etc); it could be the permissions of the state file (not sure).

Thank you.

Hi Dynamicnet,

I'm using the lastest version 1.7 and have the same problem. I know that it's been several months since you last tweaked with the c code to have this working. But could you possibly try to recall and assist me in trying to modify the c code that you mentioned before?

Here are the permissions of the state file.

[root@cp etc]# ls -ls spamguard.stat
4 -rw-r--r-- 1 root root 16 Jan 4 00:19 spamguard.stat

Thanks again for you help.

Greetings:

July 29, 2004 was when I made the changes; unfortunately, this was one where I didn't document what changes I made. Sorry.

I recommend using the 1.6 version unless you know enough C to go through and fix the problem areas.

Thank you.

Greetings:

July 29, 2004 was when I made the changes; unfortunately, this was one where I didn't document what changes I made. Sorry.

I recommend using the 1.6 version unless you know enough C to go through and fix the problem areas.

Thank you.


Hi:

I just installed the spamassassin patch, as I was reviewing the spamguard.conf i noticed the setting:

badmailfile = "/var/qmail/control/badmailfrom

we dont have a badmailfrom file in /control/badmailfrom ..

how did you address this ?


Thanks
Barry

Greetings Barry:

You can create /var/qmail/control/badmailfrom with the following:


touch /var/qmail/control/badmailfrom


Please make sure the file does not exist prior to touching it.

Thank you.

Greetings Barry:

You can create /var/qmail/control/badmailfrom with the following:


touch /var/qmail/control/badmailfrom


Please make sure the file does not exist prior to touching it.

Thank you.


actually I already did that .. I was not sure if something needed to be turned on within qmail to referrence badmailfrom


Thanks
Barry

I saw an interesting article at http://www.securitytracker.com/alerts/2004/May/1010342.html regarding a vulnerability in Spamguard prior to 1.7-BETA. I'm not sure if this a concern for those still using version 1.6

Anyway, below is the complete arcticle------------------->

spamGuard Multiple Buffer Overflows May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1010342 SecurityTracker URL: http://securitytracker.com/id?1010342 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: May 30 2004
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 1.7-BETA

Description: Some buffer overflow vulnerabilities were reported in spamGuard. A remote user may be able to execute arbitrary code on the target system.

The vendor reported that a remote user can trigger buffer overflows in the qmail_parseline() and and sendmail_parseline() functions in 'parser.c'. The vendor also reported that the loadconfig() and removespaces() functions in 'loadconfig.c' contain overflows.
Impact: A remote user may be able to execute arbitrary code on the target system.
Solution: The vendor released a fixed version (1.7-BETA), available at:

http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz
Vendor URL: www.enderunix.org/spamguard/ (Links to External Site)
Cause: Boundary error
Underlying OS: Linux (Any), UNIX (Any)
Reported By: Murat Balaban <murat@enderunix.org>
Message History: None.

To get 1.7-BETA working I believe you need to modify link 187 in function.c from...
fscanf(fp, "%.15s %.15s", inode, pos);
to
fscanf(fp, "%s %s", inode, pos);
Cheers,
Sean

wow! it's working now.

thanks Sean.

wow! it's working now.

thanks Sean.
No problem :)

Hi All,

I tested spamguard on qmail before releasing it. As you see belove it does not scan all log file. it scans only new-mails from last scan.

# spamguard
# cat /usr/local/etc/spamguard/spamguard.stat
311850 6635206

#spamguard
#cat /usr/local/etc/spamguard/spamguard.stat
311850 6646962

which mail server do you use?

By the way new configuration directory is /usr/local/etc/spamguard. so you should edit /usr/local/etc/spamguard/spamguard.conf

Best Regards
Hi Dynamicnet,

I'm using the lastest version 1.7 and have the same problem. I know that it's been several months since you last tweaked with the c code to have this working. But could you possibly try to recall and assist me in trying to modify the c code that you mentioned before?

Here are the permissions of the state file.

[root@cp etc]# ls -ls spamguard.stat
4 -rw-r--r-- 1 root root 16 Jan 4 00:19 spamguard.stat

Thanks again for you help.