Installing and configuring simscan

Hi,

Thanks for keeping qmail alive. simscan-1.4.3 still does not scan file greather than 512000 bytes. I've followed whole procedure that you've described. /var/qmail/control/simsizelimit set to 10000000 as per your suggestion ( echo 10000000 > /var/qmail/control/simsizelimit ). 

journalctl -b -f command shows "skipped message, greater than max message size (512000 bytes)"

Is there anything I'm missing.

OS: Debian bookworm

Thanks

BR.

Hi,

I'm not sure that this log message is from simscan. Can you show the entire qmail-smtpd log line? In addition, what qmail are you using? Do you have any other patch that is filtering the msg size?

Hi,

Thanks for reply. The message generated by spamc. Below is the whole message:

Jul 13 15:06:39 antispam.mydomain.com spamc[2573601]: skipped message, greater than max message size (512000 bytes)

My qmail is running as per your instruction from A to Z no otehr patch are applied. there is no such log on /var/log/qmail/smtpd/current or /var/log/spamassassin/spamd.log

I'm getting this log while I run following command:

journalctl -b -f

Thanks

BR

I'll check it out tomorrow. Anyway, if you are following my instructions, simscan will log in qmail-smtpd log when the size limit is exceeded

Hi,

Thanks for reply. My server is running according to your instructions. All spam messages are sent to querentine insted of bounce back. I'm getting below type of logs on smtpd of simscan:

2024-07-14 11:15:48.459856121 simscan:[3331936]:CLEAN (-191.20/5.00/5.00):4.1441s:Dyeing Status:209.85.210.47:planning7@yourdomain:sujanmia@mydomain.com
2024-07-14 11:15:59.458718411 simscan:[3332769]:SPAM DROPPED (24.40/5.00/5.00):3.3198s:*****SPAM***** Blood screening report:103.63.234.101:blood@quantummethod.org.bd:ripon@mydomain.com
2024-07-14 11:15:59.458753127 simscan:[3332769]: Putting the message in quarantine: /var/qmail/quarantine/msg.1720934156.138996.3332799
2024-07-14 11:15:59.459123471 simscan:[3332769]: Message recorded in quarantine successful
2024-07-14 11:16:04.458407684 simscan:[3332947]:SPAM DROPPED (87.40/5.00/5.00):3.5029s:*****SPAM***** RE_ Sacoor Brothers MAH3143 R2 Style Pre Final Booking //JFK // SS24 // OUTLET SWEATERS:118.179.92.24:abir@jfkfashionbd.com:akik.mahmud@mydomain.com
2024-07-14 11:16:04.458450125 simscan:[3332947]: Putting the message in quarantine: /var/qmail/quarantine/msg.1720934160.955580.3332962
2024-07-14 11:16:04.458875702 simscan:[3332947]: Message recorded in quarantine successful
2024-07-14 11:12:10.905890596 simscan:[3323407]:CLEAN (0.00/0.00/0.00):0.0481s:Re_ WEB240391098/Re_ Manual booking for "AXL & CO"//Shipper_:52.101.65.138:inzamul.haque@yourdoman.com:abc@mydomain.com
2024-07-14 11:12:12.624084538 simscan:[3321687]:CLEAN (0.00/0.00/0.00):0.0372s:Re_ Carton poly booking of style- 2200306924.:44.202.169.32:bj@fardingroup.com:sakib.islam@mydomain.com
2024-07-14 11:12:30.104466291 simscan:[3323969]:CLEAN (-298.50/5.00/5.00):3.3525s:RE_ RENAISSANCE BARIND LTD _ OVERDUE EXP:124.109.104.76:prvs=9187fdb7e=mostafa.karim@yourdomain.com

BR.

None of the above log lines by simscan show a size limit skip. This is the exact  log line that you'll have in case of a size limit exceeded by simscan, with no need to enable simscan's debug:

2024-07-14 10:39:49.989994500 simscan: big file (931698 bytes); size limit is 80 bytes; skipping SpamAssassin

After a quick google search, I found out that the error message "skipped message, greater than max message size" is triggered by spamassassin itself (not simscan) when the variable SA_MAX_MAIL_SIZE is set. Can you do

grep -r SA_MAX_MAIL_SIZE /etc/mail/spamassassin

man spamc says

-s max_size, --max-size=max_size
Set the maximum message size which will be sent to spamd -- any bigger than this threshold and the message will be returned unprocessed (default: 500 KB). If spamc gets handed a message bigger than this, it won't be passed to spamd. The maximum message size is 256 MB.

The size is specified in bytes, as a positive integer greater than 0. For example, -s 500000.

tar xzf simscan-$[SIMSCAN_VER}.tar.gz should be {

Thank you. Corrected

echo "none /var/qmail/simscan tmpfs nodev,noexec,noatime,uid=$CLAMAV_UID,gid=CLAMAV_GID,mode=2750 0 0" >> /etc/fstab

I'd like to use simscan, but I like qmail-scanner's built in perlscan to quickly dump emails. I also like the reports. Any suggestions?

Hi, I dropped qmail-scanner ages ago and I'm not familiar with it anymore, sorry

Hi, 

i would like to ask you for help if you see it sensible, scanning order is first  spamc then clamd, but i manage it to reorder, so clamd scan message first /lighter on resources, than its pass to spamc . I manage to just move block od code above spam definition in simscan.c .

however, i would like to use this logic - if clamd detect virus, stop processing, return code, close it. because its not nececesary go for spamc check, its already detected by clamd as virus /with 3rd party db , even spams are detected by clamd/ , but its above my coding skills. 

this i done/manage somehow years ago, but its lost in server migration somewhere ;)   

main reason is to have it lighter on resources

thnx a lot

Hi, I had a quick look. It's not a task to be accomplished with a few touches to the code. So it would be very time expensive...

thank you Roberto for effort, I understand ,no problem. 

thnx a lot

miki

I'll have a look. Thanks for the comment

Hi

I started noticing the increase of this error
Making a little research that the error appear when clamav can access some file attached to emails
Not a permission problem, is a "name" problem
For example:

Fri Oct 16 11:03:50 2020 -> /var/qmail/simscan/1602857030.173486.80905/Consulta Pública_edited.jpg: Can't access file ERROR

Obviously the file name have special chars, but this can't be a problem
Could be something related with ripmime that's involved in the process ?

did you try to debug ripmime in this way?

ripmime --debug --disable-qmail-bounce -i message.eml -d tmp > ripmime.log

Hi Mr Robert,

i tried to install qmail scanner to replace Sim Scan, but i got 451 qq temporary problem (#4.3.0) while try to send a mail... is it the system designed flow here not compatible to work with qmail scanner?

thank you

Hi, yes it is compatible with qmail scanner, I used it before switchimg to simscan

Hi Mr Roberto,

after qmail scanner installation, i tried to run the "test_installation.sh" to test qmail scanner and the testing was successful... but when i tried to put it to tcp.smtp .. it pop out "451 qq temporary problem (#4.3.0)", i tried to find out what is the issue in qmail-queue.log file, but no error messages inside there. i also checked send and smtp log files, also no error messages.

below is the telnet result:

telnet 192.168.1.2 25
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
220 esmtt.com ESMTP
mail from:abc@mydomain.com
250 ok
rcpt to:kenny@mydomain.com
250 ok
data
354 go ahead
subject: testing
to: kenny@mydomain.com
from: abc@mydomain.com

testing 123
.
451 qq temporary problem (#4.3.0)
quit
221 mydomain.com
Connection closed by foreign host

thank you

Unfortunately I'm not familiar with qmailscanner, as I switched to simscan about 10 years ago

PS be sure that your softlimit is high enough

I tried to compile ripmime, but it kept giving an error. Since I use Debian, it has this package available:

apt-get install ripmime

Hi,

 I would like to inform you that qmailwiki.org seems to be not working anymore.

Being that lot of links ( in simscan at least ) point to that site, it becomes hard to follow instruction.

FYI.

Pierluigi

Thank you. I linked the README file in place of the old qmailwiki

Hello,

Is there a way to disable simscan for outgoing emails? Because we send weekly newsletters with thousands of subscribers, and since simscan scans outgoing emails as well, the server load goes through the roof when we are sending these newsletters.

Any thoughts?

Cheers,

Gabriel.

I don't have simscan enabled for outgoing emails. It is sufficient that you don't export QMAILQUEUE="/var/qmail/bin/simscan" for outgoing emails, nor DKIMQUEUE=/var/qmail/bin/simscan if you are signing by means of qmail-smtpd

Make sure to create the simscan temp folder with the correct permissions, otherwise it won't work, giving the infamous "mail server temporarily rejected message (#4.3.0)"

mkdir /var/qmail/simscan

chown clamav:clamav /var/qmail/simscan

Also, make sure to follow all clamav installation steps before installing simscan.

thank you for all your corrections. Anyway following the order of this guide, simscan is supposed to be installed after clamav

Hi,

I'm trying to get the whole simscan/clamav/spamassassin stuff but I have this problem:

when I receive a mail from the net, the spamc report always clean ( from log )

2019-04-22 18:58:16.984370500 simscan: calling spamc
2019-04-22 18:58:16.984424500 simscan: calling /usr/bin/vendor_perl/spamc spamc -u XXXX@XXXXXXX.XX
2019-04-22 18:58:16.992705500 simscan:[5958]:CLEAN (0.00/0.00):6.6524s:Super aid super erection:212.124.180.14:MarvinAnderson@lrmmotors.it:XXXX@XXXXXXXX.XXX
2019-04-22 18:58:16.992954500 simscan: done, execing qmail-queue
2019-04-22 18:58:17.004802500 simscan: qmail-queue exited 0

If I test it with the command ( I've saved the mail with the SIMSCAN_DEBUG_FILES=2):

env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject XXXX@XXXXXX.XX < /tmp/mailtest.txt

simscan: calling spamc
simscan: calling /usr/bin/vendor_perl/spamc spamc -u XXXXX@XXXXXX.XXX
simscan:[6046]:SPAM DROPPED (19.70/4.40):0.5449s:*****SPAM***** Super aid super erection:(null):root@XXX.XXXXXX.XX:XXX@XXXXXX.XX
simscan: check_spam detected spam refuse message

it works perfectly.

Do you have any idea where to search for the problem ?

Thanks

Do you have your spamassassin behind a firewall? A thing like this happened to me once, when I forgot to add the public IP to the spamd options...

what the spamd/spamc log say?

Roberto,

 no, the spamd/spamc are on the same machine.

It seems I have fixed the problem by increasing softlimit memory in the "run" script for qmail-smtpd.

It's rather strange as at first, with a lower limit I could see errors in logs, and increased a bit.

The error ( spamc: error while loading shared libraries: libcrypto.so.1.1: failed to map segment from shared object ) went away but stil it behaves as described.

I've then, just for test, increased the softlimit again ( although no errors were shown in logs ) and everything started to work as expected.

Thanks, and thank for your website/blog. Very informative !!!!

Hi Roberto,

I have the same error in smtp log.
Do you know how to fix it?

Thanks!
Joao

Do you have spamassassin and clamav working and running?

Hi Roberto,

I found an error in my /service/qmail-smtpd/run.
The problem was fixed.

Thanks
Joao

It would be interesting for those facing the same issue to know what you have found exactly...

Hi Roberto,

I don't now exacly what fixed this problem, because I've tried a lot of things like recompile simscam, clamav and netqmail (with your patch) and try to copy /usr/lib64/libcrypto.so* to /usr/local/lib64/.

I'll reinstall step by step in a fresh machine. If I had the same error, I'll back here with the solution.

Thank you very much

Joao

Hi Roberto,

I've found what I did to fix the problem.
My file /service/qmail-smtpd/run had this line:

exec /usr/local/bin/softlimit -m 8000000

I've changed to:

exec /usr/local/bin/softlimit -m 64000000

Thanks
Joao

Hi,

I had an email with a .mpp attachment got rejected with the bounce error

@400000005c6caf6110c3bd8c qlogreceived: result=rejected code=554 reason=queuereject detail=Your_email_was_rejected_because_it_contains_a_bad_attachment:_r helo=mail-pl1-f178.google.com mailfrom=nic@abc.sg rcptto=nic@xyz.sg relay=no rcpthosts= size= authuser= authtype= encrypted= sslverified=no localip=198.*.*.1 localport=25 remoteip=209.85.214.178 remoteport=34374 remotehost= qp=12744 pid=12743
@400000005c6caf6110c5636c qmail-smtpd: message rejected (Your email was rejected because it contains a bad attachment: r): : nic@abc.sg from 209.85.214.178 to nic@xyz.sg helo mail-pl1-f178.google.com

No matter what file name i change to the mpp file, i keep getting the same error (Your email was rejected because it contains a bad attachment: r). But the file name is not "r" at all.

This is my simcontrol

:clam=yes,spam=yes,spam_hits=10.0,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif:.jar

Any idea?

Thanks

This bug was fixed in the latest patch (tx Pablo Murillo)

I get the previous patch from: http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.html

I'm using it and works !!!

Thank you. I'll check it out

I found a patch about that error some time ago

Is a problem on simscan and the way it check extension

--- ./configure.orig 2007-10-29 09:14:25.000000000 -0500
+++ ./configure 2012-06-26 14:20:22.000000000 -0500
@@ -1694,11 +1736,15 @@
 for(i=0;i<MaxAttach;++i) {
 if ( DebugFlag > 2 ) fprintf(stderr, "simscan: checking attachment %s against %s\n", mydirent->d_name, bk_attachments[i] ); 
 lowerit(mydirent->d_name); 
+ if ( strlen(mydirent->d_name) >= strlen(bk_attachments[i]) ) {
 if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
 strncpy(AttachName, mydirent->d_name, sizeof(AttachName)-1); 
 closedir(mydir);
 return(1);
 }
+ } else {
+ if ( DebugFlag > 2 ) fprintf(stderr, "simscan: attachment name '%s' (%d) is shorter than '%s' (%d). IGNORED\n", mydirent->d_name, strlen( mydirent->d_name ), bk_attachments[i], strlen( bk_attachments[i] ) );
+ }
 }
 }
 closedir(mydir); 

unfortunately no ideas

Hi
I updated the patch qmail-queue-custom-error.patch to work with netqmail-1.06

--- qmail.c 2018-12-07 16:47:31.950228000 -0300
+++ qmail.c 2018-12-07 17:12:46.186218000 -0300
@@ -23,22 +23,32 @@
 {
 int pim[2];
 int pie[2];
+ int pierr[2];

setup_qqargs();

if (pipe(pim) == -1) return -1;
 if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
+ if (pipe(pierr) == -1) {
+ close(pim[0]); close(pim[1]);
+ close(pie[0]); close(pie[1]);
+ close(pierr[0]); close(pierr[1]);
+ return -1;
+ }

switch(qq->pid = vfork()) {
 case -1:
+ close(pierr[0]); close(pierr[1]);
 close(pim[0]); close(pim[1]);
 close(pie[0]); close(pie[1]);
 return -1;
 case 0:
 close(pim[1]);
 close(pie[1]);
+ close(pierr[0]); /* we want to receive data */
 if (fd_move(0,pim[0]) == -1) _exit(120);
 if (fd_move(1,pie[0]) == -1) _exit(120);
+ if (fd_move(4,pierr[1]) == -1) _exit(120);
 if (chdir(auto_qmail) == -1) _exit(61);
 execv(*binqqargs,binqqargs);
 _exit(120);
@@ -46,6 +56,7 @@

qq->fdm = pim[1]; close(pim[0]);
 qq->fde = pie[1]; close(pie[0]);
+ qq->fderr = pierr[0]; close(pierr[1]);
 substdio_fdbuf(&qq->ss,write,qq->fdm,qq->buf,sizeof(qq->buf));
 qq->flagerr = 0;
 return 0;
@@ -93,10 +104,22 @@
 {
 int wstat;
 int exitcode;
+ int match;
+ char ch;
+ static char errstr[256];
+ int len = 0;

qmail_put(qq,"",1);
 if (!qq->flagerr) if (substdio_flush(&qq->ss) == -1) qq->flagerr = 1;
 close(qq->fde);
+ substdio_fdbuf(&qq->ss,read,qq->fderr,qq->buf,sizeof(qq->buf));
+ while( substdio_bget(&qq->ss,&ch,1) && len < 255){
+ errstr[len]=ch;
+ len++;
+ }
+ if (len > 0) errstr[len]='\0'; /* add str-term */
+
+ close(qq->fderr);

if (wait_pid(&wstat,qq->pid) != qq->pid)
 return "Zqq waitpid surprise (#4.3.0)";
@@ -129,6 +152,9 @@
 case 81: return "Zqq internal bug (#4.3.0)";
 case 120: return "Zunable to exec qq (#4.3.0)";
 default:
+ if (exitcode == 82 && len > 2){
+ return errstr;
+ }
 if ((exitcode >= 11) && (exitcode <= 40))
 return "Dqq permanent problem (#5.3.0)";
 return "Zqq temporary problem (#4.3.0)";
--- qmail.h 1998-06-15 12:53:16.000000000 +0200
+++ ../../qmail-1.03/qmail.h 2004-05-26 14:48:23.000000000 +0200
@@ -8,6 +8,7 @@
 unsigned long pid;
 int fdm;
 int fde;
+ int fderr;
 substdio ss;
 char buf[1024];
 } ;

Hi

I´m using FreeBSD 11.2
I installed simscan from ports, don't worked, so, I installed then simscan "manually" with the patch and with this options:

user = simscan
qmail directory = /var/qmail
work directory = /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program = /var/qmail/bin/qmail-queue
clamdscan program = /usr/local/bin/clamdscan
clamav scan = ON
trophie scanning = OFF
attachement scan = ON
ripmime program = /usr/local/bin/ripmime
custom smtp reject = OFF
drop message = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = OFF
add received header = ON
spam scanning = OFF
dspam scanning = OFF

I have:

-rws--x--x 1 simscan simscan /var/qmail/bin/simscan
-rwxr-xr-x 1 simscan simscan /var/qmail/bin/simscanmk

drwxr-s--- 2 simscan simscan simscan

Every time I test the smtp sending and email with or without attachment I get the next error on clamd.log

Access denied: /var/qmail/simscan/???????/textfile2

The directory's content is:

-rw-r----- 1 simscan simscan 52B addr.1543888712.202274.40537
-rw-r----- 1 simscan simscan 766B msg.1543888712.202274.40537
-rw-r----- 1 simscan simscan 0B textfile0
-rw-r----- 1 simscan simscan 23B textfile1
-rw------- 1 simscan simscan 23B textfile2

The problem is obvius, there is a missing permission on textfile2

I created a new jail, I installed all by hand, the same problem
I changed permission on /var/qmail/bin/simscan to:

-rws--x--x 1 simscan wheel /var/qmail/bin/simscan

The same problem

I added on qmail-smtpd/run for debug purpose :

umask 027
export SIMSCAN_DEBUG_FILES=1
export SIMSCAN_DEBUG=3

Any idea ?

Thanks in advance
Pablo Murillo

everyone who decided to run simscan as the "simscan" user should add "clamav" user to the "simscan" group and then patch ripmime in order to make the extracted attachment group-readable, as now is also explained at the top of this page

I would try to recompile it with --enable-user=clamav so that clamd has write permissions in the simscan directory...

Changing the user solved the problem, but I think there is something wrong with ripmime, because, only the attached files to email are with the wrong permission

Thanks

Hello,

I have a problem with simscan with rejecting SPAM with less than 9.5 hits:

SPAM DROPPED (7.00/7.00):1.1858s:*****SPAM*****

In /var/qmail/control/simcontrol I have:

:clam=yes,spam=yes,spam_hits=9.5,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif

In /etc/mail/spamassassin/local.cf I put:

rewrite_header  subject *****SPAM*****

Do you know what could be wrong. 

Thank you a lot.

Regards

did you update simcontrol.cdb?

/var/qmail/bin/simscanmk

Roberto,

 I forgot to do that. Problem is solved now.

Thank you,

Regards,

Al

Hi Roberto,

Yes you are right simscan 1.4.1 is essentially the same as 1.4.0 from functionality POfView

However it has some minor improvements:

1. At line 781 in simscan.c uses  (char *)NULL whitch suppresses some comp warnings
2. Same for line 1785 where val variable initialized (suppresses comp warns)
3. Uses the modern autoconf approach to Makefiles

Additionally to further suppress all comp warnings one should:

1. Edit cdb/conf-cc and append  -fno-builtin-malloc to gcc options
2. Edit line 1735@simscan.c and replace globally: %d --> %zu

As far as the abnormal behaviour of simscan with spamc is concerned I think the relevant  simscan.c block of code is:

(in v1.4.1)

1313,1349

.........................................................................................

if ( MaxRcptTo==1 && i 0){
    spamc_args[i++] = "-u";
    spamc_args[i++] = spamuser;
#ifdef ENABLE_SPAMC_USER
  /*  } else if ( MaxRcptTo==1 && i0 && i 0 ) {
    fprintf(stderr, "simscan:[%d]: calling %s ", getppid(), SPAMC);
    i=0;
    while(spamc_args[i] != NULL){
      fprintf(stderr, " %s", spamc_args[i]);
      ++i;
    }
    fprintf(stderr, "\n");
  }
  if ( pipe(pim) == 0 ) {
    /* fork spamc */
    switch(pid = vfork()) {
      case -1:
        close(pim[0]);
        close(pim[1]);
        close(spam_fd);
        return(-1);
      case 0:
        close(pim[0]);
        dup2(pim[1],1);
        close(pim[1]);
        execve(SPAMC, spamc_args, 0);
        _exit(-1);
    }

.................................................................................................

MaxRcptTo always takes value 1 except when email has many recepients @ Cc or To Fields. In such a case MaxRcptTo counts the recepients

and has a positive value. So if we change the if condition

else if (MaxRcptTo==1 && i

to

else if (MaxRcptTo>0 && i

we get a more normal behavior.

I think it would be wise to ask the developers/mainteners of the current  simscan ver for a more formal and/or consistent amendment.

Ciao 

Bob

Dear Rob

I think before anything else we should somehow unravel the logic of the simscan developer (or at least give it a shot, since he/she is unreachable).

The presence of MaxRcptTo var in simscan.c indicates the fact that at smtpd level one expects, in general, more than one recipients.

This fact has two realisations according to the way various MTAs connect to our smtpd.

Some MTAs open only one tcp conn per email msg (sendmail?), others open one tcp conn per recipient (qmail).

See: http://grokbase.com/t/perl/qpsmtpd/055bt3byjj/opinion-regarding-multiple-recipients-per-connection

So counting recipients in the 'forward smtp buffer' via MaxRcptTo shows us that the developer is aware of all these.

So why then imposes a condition with MaxRcptTo == 1 as if he/she expects only one connection per recipient?

One possible explanation is that he/she wants a somehow "pure" user pref policy ie
   one recipient      --   one local user (RcptTo[0]) --  reliable bayes entries in the SQL backend
   many recipients --                  ?                        --  no entries
                                                                              (Actually, we might get entries for clamd user!
                                                                               So eventually our SQL db gets polluted.
                                                                               Is this simply a real bug?)

So if someone (like me) is willing to impose more flexible policies on his users (eg global blacklists per domain etc) he can patch the condition to  MaxRcptTo > 0.

I've tested the code and the MaxRcptTo > 0  seems a pretty harmless change that meets my needs without spoiling the simscan functionality.

Ciao
Bob

Dear Roberto

After all this is a bug!

It had been pointed out previously by Sossi Andrej (you might know him...)

See: http://simscan.inter7.narkive.com/OQQ5ulG8/simscan-not-send-rcpt-address-to-spamassassin

So feel free to add it to some of your patches for our convenience...

Thanks 

Bob

Patch updated, thank you

Your patch is working here.

Unfortunately I coudn't find any contact of the author of the current 1.4.1 version

did you test your patch already?

Anyway, it's not clear to me why this happens only with gmail/hotmail...

Roberto hi,

FYI there is a newer simscan 'bumdle' 1.4.1 @ https://github.com/qmail/simscan

However, I've noticed a strange simscan behavior (for both vers). When I send emails from @gmail/hotmail with multiple 'local' recepients [To, Cc] to my new qmail-simscan server the spamc scan is executed as null user!!! [SIMSCAN_DEBUG=4](The normal behaviour accordind to README is to extract the first local recepient.)

Any ideas?

Bob

I had a better look to the 1.4.1 fork and noticed that actually it contains many bug fixes and most of the patches I am used to apply. A lot of garbage was cleaned as well so I decided to do the switch...

Hi Bob,

I have the same strange behaviour when receiving from gmail with CC. Test from other senders made simscan call spamc twice (one for the To address and another for the CC address). At the moment I have no idea... Let me know if youe manage to solve or find a patch.

According to the changelog, the new simscan seems not to add anything important, I'll wait for further development.

Hi, for centos distribution in my case i have to put this option in the configure "--enable-spamc=/usr/bin/spamc".

I hope to be useful

Thanks a lot Roberto for this great manual. 

Hi,

I have been using --enable-spam-hits=9.5 and i would like to lower to 8.0. I had recompile simscan with --enable-spam-hits=8.0, make and make install-strip , still it did not change.

Did i missed out anything?

thanks, nic

I think modifing and  recompiling simcontrol should work

Thanks Roberto.

I missed out the simcontol.

It will not compile unless you add the following to the function in "simscanmk.c" where ever it is referenced:

In function ‘open’, inlined from ‘make_cdb’ at simscanmk.c:429:6: /usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:4: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT in second argument needs 3 arguments 

so it looks like:

if ( (fdout = open(CdbTmpFile, O_CREAT | O_TRUNC | O_WRONLY, 0644)) < 0) { 

so in this case on line 429, I added "0644" - add it where ever it there's a "open_missing_mode"

Hope it helps someone.

Thanks for your contribution, Wlad

I wish there was an alternative to simscan 1.4.0 - compiling it requires an older version of gcc - which in this case prevents this from building without proper arguments (for security purposes).

which gcc version? I can compile up to gcc-4.8.2 here

Rather then reply to an email stating why the message was blocked can it just be dropped with no reply as spammers will send a fake repy to address and someone will be inundated with these messages.

there are several options, depending on the delivery program you use. Look at this for details http://www.gossamer-threads.com/lists/qmail/users/133589

I use CHKUSER_WRONGRCPTLIMIT in conjunction with a fail2ban rule

hello everyone , I have a question related to simscan, may I block all kind of attachment in the mail ? I need just this functionnality, is that possible ?