Why isn't mailscanner a built-in option for WHM / cPanel?

[xsenses]

I tried it awhile ago and it started delaying messages in the que - which ended up never getting delivered for some reason so I had to remove it (server has a really light mail load also).

RedHat 9 / Stable WHM/cPanel

[Martin]

Originally posted by spaceman
it would be excellent if I could send a weekly or monthly summary report to each valid POP account on my server to report how many virus-infected emails were blocked on their behalf

Exactly
Is anyone working on that? I'm sure we are not the only two who would be interested. Also, the ability to show domain specific stats in cpanel would be great.

[haze]

Did you guys get any errors in the mailscanner install log? Its located in /var/log btw.

[fikse]

after installing the mailscanner, has anyone experienced any problems when upgrading to a newer release of cpanel/whm?

does the mail setup stay stable? do you have to reinstall mailscanner?

[spaceman]

Originally posted by fikse
after installing the mailscanner, has anyone experienced any problems when upgrading to a newer release of cpanel/whm?

does the mail setup stay stable? do you have to reinstall mailscanner?

So far so good over here. After cPanel/WHM auto-updated itself a week or so ago to the latest stable release our mailscanner appears to be operating normally on both our dedicated servers. (running Redhat 7.2 and 7.3)

[erwinfa]

Originally posted by fikse
after installing the mailscanner, has anyone experienced any problems when upgrading to a newer release of cpanel/whm?

does the mail setup stay stable? do you have to reinstall mailscanner?

No problem, It doesnt need to reinstall mailscanner when you're upgrading into newer release of cpanel

[UniSol]

Thank you pagedeveloping

That guide was alot better than the docs for the install

[HostIt]

Originally posted by spaceman
b) We've set the option to email the sender of the message (even though this address is often spoofed) with a message that explicitly states that their message did not get through (we had to edit one of the standard reports texts to do this).. So presumably if the message is important enough the sender will attempt to resend after fixing their virus problem.

I would strongly recommend against doing this. In the case of a worm that has spoofed it's From: address, it's only going to bombard innocent parties with your bounce message. This alone caused significant headaches with MyDoom and most responsible ISPs shut off the response to sender as a result. We have ours set to notify the recipient, meaning they have the opportunity to contact us if they still require the email and we can take it out of quarantine for them

[spaceman]

Originally posted by HostIt
I would strongly recommend against doing this. In the case of a worm that has spoofed it's From: address, it's only going to bombard innocent parties with your bounce message. This alone caused significant headaches with MyDoom and most responsible ISPs shut off the response to sender as a result. We have ours set to notify the recipient, meaning they have the opportunity to contact us if they still require the email and we can take it out of quarantine for them

Hmmm. Your suggestion means that, potentially, you bombard your clients (the recipients) with lots of messages, 99% of which they don't want or need, when MyDoom or similar is active.

I understand where you're coming from, and I'm totally aware of the spoofing problem, but I think 'll stick with my approach for now. My #1 priority is to reduce the clutter hitting my clients' inboxes.

[HostIt]

Originally posted by spaceman
Hmmm. Your suggest means that, potentially, you bombard your clients (the recipients) with lots of messages, 99% of which they don't want or need, when MyDoom or similar is active.

I'd rather an email went to who it was addressed to, than somebody who most likely has nothing to do with it whatsoever, yep.

Let alone the waste of bandwidth (yours and theirs) in sending bounced messages to people. This is what ties mail systems up and makes these viruses even more effective.

See, not only is your server receiving xMb of virus emails each hour, but you've got it sending back xMb of bounces too, which then add to the load on somebody else's server. If the address doesn't exist at the other server, they'll send a bounce back to your server, thus taking up yet more bandwidth and resources. And so the cycle continues.

Imagine a virus spoofed your client's email address and my server bounced a few hundred emails back to them. That wouldn't help "reduce the clutter" from your client's inbox, would it? You wouldn't appreciate it, just as I wouldn't appreciate your server doing so to my clients...

See where I'm coming from? There's an element of 'collective responsibility' involved.

[pagedeveloping]

Originally posted by HostIt
I'd rather an email went to who it was addressed to, than somebody who most likely has nothing to do with it whatsoever, yep.

Let alone the waste of bandwidth (yours and theirs) in sending bounced messages to people. This is what ties mail systems up and makes these viruses even more effective.

See, not only is your server receiving xMb of virus emails each hour, but you've got it sending back xMb of bounces too, which then add to the load on somebody else's server. If the address doesn't exist at the other server, they'll send a bounce back to your server, thus taking up yet more bandwidth and resources. And so the cycle continues.

Imagine a virus spoofed your client's email address and my server bounced a few hundred emails back to them. That wouldn't help "reduce the clutter" from your client's inbox, would it? You wouldn't appreciate it, just as I wouldn't appreciate your server doing so to my clients...

See where I'm coming from? There's an element of 'collective responsibility' involved.

Finally some one who sees things the way I do...

It's been a while since I have last been here to this post.
I see that it has gone along ways...

[spaceman]

Originally posted by HostIt
I'd rather an email went to who it was addressed to, than somebody who most likely has nothing to do with it whatsoever, yep.

Let alone the waste of bandwidth (yours and theirs) in sending bounced messages to people. This is what ties mail systems up and makes these viruses even more effective.

See, not only is your server receiving xMb of virus emails each hour, but you've got it sending back xMb of bounces too, which then add to the load on somebody else's server. If the address doesn't exist at the other server, they'll send a bounce back to your server, thus taking up yet more bandwidth and resources. And so the cycle continues.

Imagine a virus spoofed your client's email address and my server bounced a few hundred emails back to them. That wouldn't help "reduce the clutter" from your client's inbox, would it? You wouldn't appreciate it, just as I wouldn't appreciate your server doing so to my clients...

See where I'm coming from? There's an element of 'collective responsibility' involved.

I think we're going to have to agree to disagree on this one. :-) We're both debating from opposite sides of the same equation - but we're actually on the same side overall.

You're effectively spamming your clients, chewing up unnecessary bandwidth, etc. with messages they don't want and don't need by telling them each and every time you block a virus for them. I'm effectively spamming the senders, spoofed or otherwise, of the messages with viruses attached.

When I receive a message from a mail server that says a message I sent was not delivered because it contained a virus, and I know my email address was spoofed as the sender's address, then I'm OK with that. I don't like it - I'd prefer that my email address wasn't spoofed in the first place - but that's a very unfortunate weakness of SMTP. Otherwise, I accept that the mail server is just doing it's job as best it can.

All that said, I can see you point, and I will think more on the subject of not sending a message to the sender (spoofed or otherwise). What I will not do is spam by clients with messages each time we block a virus on their behalfs.

It's the spammers, spoofers and virus writers who are the culprits here, not your or I.

[pagedeveloping]

Originally posted by spaceman
I think we're going to have to agree to disagree on this one. :-) We're both debating from opposite sides of the same equation - but we're actually on the same side overall.

You're effectively spamming your clients, chewing up unnecessary bandwidth, etc. with messages they don't want and don't need by telling them each and every time you block a virus for them. I'm effectively spamming the senders, spoofed or otherwise, of the messages with viruses attached.

When I receieve a message from a mail server that says a message I sent was not delivered because it contained a virus, and I know my email address was spoofed as the sender's address, then I'm OK with that. I don't like it - I'd prefer that my email address wasn't spoofed in the first place - but that's a very unfortunate weakness of SMTP. Otherwise, I accept that the mail server is just doing it's job as best it can.

It's the spammers and virus writers who are the culprits here, not your or I.

and yet you serve another point I agree with as well..

It serves as a ballance in a way....

when the server is not loaded we don't mind the queue sitting for several days to develiver or delete. Yup! it gets deleted after 7 days..

When the server is over loading and we know that it has to do with all that mailgueue sitting in there bouncing back and forth, We hit the "Delete all mail in queue"

[HostIt]

Originally posted by spaceman
I think we're going to have to agree to disagree on this one. :-)

No problem, such is life

Just don't expect me to thank you when I see my server loads increase, my mail queues fill up and my bandwidth drain away because of erroneous bounce messages the next time a big virus hits.

I found the article I was looking for, here's a quote...

Jack Clark, technology consultant at antivirus firm McAfee estimates that "bounce-back" emails play a significant part in slowing down corporate networks and the feature should be disabled immediately.

"There is no real point in trying to tell somebody that they are infected when 99 percent of the viruses that are being produced today will spoof the address. On Tuesday and today, people have noticed that the Internet is a percentage slower. The bounce-back emails could account for up to 25 percent of this slow-down," Clark told ZDNet UK.

http://news.zdnet.co.uk/internet/sec...9143774,00.htm

[spaceman]

Alright - you've convinced me! Well done! I'm going to stop sending notification emails.

But I'm still not going to spam my clients to tell them when I've blocked viruses on their behalf. :-) If a client informs me that someone is trying to send them an email but it's not getting through, then I'll tell them to inform the sender that the only emails we reject are ones with viruses attached, ie. the sender should check their computer for viruses.

Great debate - and thanks for highlighting this problem.

Hint for editing Mailscanner.conf:
Notify Senders = no