headers
Robert Lopez | 24 May 2013 00:58
Picon

Re: Scan Messages = %rules-dir%/scan.messages.rules

On Thu, May 23, 2013 at 8:05 AM, Glenn Steen <glenn.steen <at> gmail.com> wrote:
> Hello Robert,
>
> Two things come to mind:
> 1) Go look in the logs (on the MailScanner host) again... Track one of
> the messages that shouldn't have been scanned to see the actual
> envelope sender and recipient(s)... Do they match what you have there?
> 2) Use the eminent inbuilt ruleset checking capabilities of the
> MailScanner command to check what will actually happen... Do
> "MailScanner --help" to see the possible things you can do... Then do
> something like:
> MailScanner --value=scanmessages --from=students-bounces <at> cnm.edu
> to see what the effect would be.
>
> I use the Scan Messages setting to do a blanket whitelist for
> releasing from localhost, so ... Here's an example (run as the postfix
> user):
> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
> --from=tony.irving <at> nowhere.com --to=glenn.steen <at> ap1.se --ip=127.0.0.1
> Looked up internal option name "scanmail"
> With sender = tony.irving <at> nowhere.com
>   recipient = glenn.steen <at> ap1.se
> Client IP = 127.0.0.1
> Virus =
> Result is "0"
>
> 0=No 1=Yes
> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
> --from=tony.irving <at> nowhere.com --to=glenn.steen <at> ap1.se --ip=127.0.0.2
> Looked up internal option name "scanmail"
(Continue reading)

Permalink | Reply | 1 comment |
headers
东风 | 23 May 2013 10:22
Favicon

MailScanner SpamAssassin Timeout cause CPU100%

 dear all,
    Recently my MailScanner do not run very well.MailScanner SpamAssassin Timeout randomly,and when SpamAssassin Timeout,the MailScanner process will occupancy CPU 100%,and after a few minutes ,the MailScanner process will also occupancy all memery,then the system load is too high ,and the system can't work.
    I google it,do as the people said,set spam.assassinprefs.conf :
use_bayes 1
bayes_auto_expire 0
    But it can't fix the problem.then i run
#MailScanner --debug --debug-sa
    I found the point.Every time when the MailScanner process occupancy CPU 100%,the log is stop at:
 
05:33:31 May 22 05:33:31.411 [5327] dbg: bayes: found bayes db version 3
05:33:31 May 22 05:33:31.411 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.525 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.611 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.694 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.779 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.781 [5327] dbg: bayes: synced databases from journal in 0 seconds: 4023 unique entries (5977 total entries)
05:33:31 May 22 05:33:31.783 [5327] dbg: bayes: bayes journal sync completed
05:33:31 May 22 05:33:31.783 [5327] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x15c43580) implements 'learner_expire_old_training', priority 0
05:33:31 May 22 05:33:31.783 [5327] dbg: bayes: expiry starting
05:33:31 May 22 05:33:31.784 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.784 [5327] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.lock
05:33:31 May 22 05:33:31.784 [5327] dbg: bayes: DB expiry: tokens in DB: 16022840, Expiry max size: 150000, Oldest atime: 1346656738, Newest atime: 1369170442, Last expire: 1346700571, Current time: 1369172011
05:33:31 May 22 05:33:31.785 [5327] dbg: bayes: expiry check keep size, 0.75 * max: 112500
05:33:31 May 22 05:33:31.785 [5327] dbg: bayes: token count: 16022840, final goal reduction size: 15910340
05:33:31 May 22 05:33:31.785 [5327] dbg: bayes: first pass? current: 1369172011, Last: 1346700571, atime: 43200, count: 265804, newdelta: 721, ratio: 59.8574137334276, period: 43200
05:33:31 May 22 05:33:31.785 [5327] dbg: bayes: can't use estimation method for expiry, unexpected result, calculating optimal atime delta (first pass)
05:33:31 May 22 05:33:31.785 [5327] dbg: bayes: expiry max exponent: 9
 
     Stop at here ,and the MailScanner process occupancy CPU 100%, then after 30 seconds(because i set SpamAssassin Timeout = 30 ), the log will go on:
 
05:34:45 May 22 05:34:45.809 [5330] dbg: dns: name server: 10.145.199.100, LocalAddr: 0.0.0.0
05:34:45 May 22 05:34:45.810 [5330] dbg: dns: resolver socket rx buffer size is 129024 bytes
05:34:45 May 22 05:34:45.810 [5330] dbg: config: time limit 300.0 s
05:34:45 May 22 05:34:45.812 [5330] dbg: message: main message type: multipart/mixed
05:34:45 May 22 05:34:45.812 [5330] dbg: message: ---- MIME PARSER START ----
05:34:45 May 22 05:34:45.813 [5330] dbg: message: parsing multipart, got boundary: part_60947f67_06c3_40e0_b324_b2bcc46f02c2
...............................
 
    I don't know why and how to fix it.And i found when i run
 
#MailScanner --debug --debug-sa
 
   The MailScanner process will release resources after 30 seconds,when i run(i set Max Children = 5)
#service MailScanner start
 
   The MailScanner process which occupancy CPU 100% will not release resources .....And after a few minutes,maybe more MailScanner process will occupancy resources ,and after all the system is hung.I even set  SpamAssassin Timeout = 10 ,but can't fix either.
 
   So,are there any friends know how to fix this problem? Thx!


---------------------------------------
21CN手机邮Android客户端,邮件随身享! 
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 4 comments |
headers
Jesper Jensen | 22 May 2013 13:55
Picon

Any thing new on missing updates on blacklist in mailscanner / fix or workaround?


Hello ppl

Is there a work around - we are still not getting updates for scamnailer and Mailscanner blacklist

Log:

ok Checking that /var/cache/ScamNailer/cache/2013-164.6 exists... ok I am working with: Current:
2013-164 - 6 and Status: 2013-164 - 6 No base update required

And mailscanner still reads

:

Read 3966 hostnames from the phishing blacklists

Any input is appreciated, Thank you

/Jesper

-----Oprindelig meddelelse-----
Fra: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] På vegne af mailscanner-request <at> lists.mailscanner.info
Sendt: 22. maj 2013 13:00
Til: mailscanner <at> lists.mailscanner.info
Emne: MailScanner Digest, Vol 89, Issue 20

Send MailScanner mailing list submissions to
	mailscanner <at> lists.mailscanner.info

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
or, via email, send a message with subject or body 'help' to
	mailscanner-request <at> lists.mailscanner.info

You can reach the person managing the list at
	mailscanner-owner <at> lists.mailscanner.info

When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..."

Today's Topics:

   1. Re: permissions and ownership of /var/spool/incoming
      (Robert Lopez)
   2. Scan Messages = %rules-dir%/scan.messages.rules (Robert Lopez)
   3. Re: Scan Messages = %rules-dir%/scan.messages.rules
      (Martin Hepworth)

----------------------------------------------------------------------

Message: 1
Date: Tue, 21 May 2013 17:17:18 -0600
From: Robert Lopez <rlopezcnm <at> gmail.com>
Subject: Re: permissions and ownership of /var/spool/incoming
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Message-ID:
	<CAAJHbAqfXAgKN2CF7HZMLafrKCWRCgkFAn16hvuXPS1BCrD+GQ <at> mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, May 20, 2013 at 10:11 AM, Kevin Miller <Kevin_Miller <at> ci.juneau.ak.us> wrote:
> On both my SLES and CentOS boxes running MailScanner an clamAV the user is clamav not clam.  Double check the
name of the account that clamav is actually running as.  It can vary from distribution to distribution...
>
>  ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 
> 307357 -----Original Message-----
> From: mailscanner-bounces <at> lists.mailscanner.info 
> [mailto:mailscanner-bounces <at> lists.mailscanner.info] On Behalf Of Dan 
> Carl
> Sent: Saturday, May 18, 2013 7:24 AM
> To: MailScanner discussion
> Subject: permissions and ownership of /var/spool/incoming
>
> Hi all,
> I never have any issues with Mailscanner the thing just works and works well.
> But when it comes to new installs that when you'll see me post here.
> I'm running a shiny new CentOS 6.4 box with postfix.
> I've tried everything but still getting error below when running MailScanner --lint.
> Could not open file >/var/spool/MailScanner/incoming/2614/1.header:
> Permission denied
> Cannot create + lock headers file
> /var/spool/MailScanner/incoming/2614/1.header, Permission denied at
/usr/lib/MailScanner/MailScanner/Message.pm line 523 I set the permissions and ownership to:
> chown -R postfix.clam *
> chmod -R 750 *
> But Mailscanner sets the permissions to clam.root Thanks in advance 
> Dan
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

I am not at all certain it is related, but also pay attention to the MailScanner.conf (or
MailScanner/conf.d/your-conf-file) for the values of Incoming Work Group and Incoming Work Permissions.

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

------------------------------

Message: 2
Date: Tue, 21 May 2013 19:18:11 -0600
From: Robert Lopez <rlopezcnm <at> gmail.com>
Subject: Scan Messages = %rules-dir%/scan.messages.rules
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Message-ID:
	<CAAJHbAonjeXxrgU+bwOkQUZdc+-qqjioCOcOLjp7tKHAJCC7xA <at> mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

wrt "Scan Messages = %rules-dir%/scan.messages.rules"

Three questions:

1) Does MailScanner do a case sensitive match when scan.messages.rules file is used?

2) Which "From:" does scan.messages.rules use (Envelope or Email Body)?

3) Does MailScanner directly implement the match and action or is this passed to SpamAssassin to do the
match and action?

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

------------------------------

Message: 3
Date: Wed, 22 May 2013 09:20:51 +0100
From: Martin Hepworth <maxsec <at> gmail.com>
Subject: Re: Scan Messages = %rules-dir%/scan.messages.rules
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Message-ID:
	<CAGDKorJK_NGwpGVKJEeLYzikdBoRCWaYxu1TJ_7d8JA8CaCHbg <at> mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

1) nope, email addresses are not case sensitive.
2) Envelope, MS always uses the Envelope-from in from parsing.
3) this is the 'big knob' that tells whether MailScanner scans the email or not. Way before it's passed to SA,
anti-virus or checked by mailScanner again RBLS (independently of SA). etc. Be very careful with setting
as it's basically sending email through with zero scanning. Might want to look at the the "Is definitely
Not spam" setting. Normally this is only used for trusted ip-addresses not email 'from' addresses.

hope that helps

--
Martin Hepworth, CISSP
Oxford, UK

On 22 May 2013 02:18, Robert Lopez <rlopezcnm <at> gmail.com> wrote:

> wrt "Scan Messages = %rules-dir%/scan.messages.rules"
>
> Three questions:
>
> 1) Does MailScanner do a case sensitive match when
> scan.messages.rules file is used?
>
> 2) Which "From:" does scan.messages.rules use (Envelope or Email Body)?
>
> 3) Does MailScanner directly implement the match and action or is this
> passed to SpamAssassin to do the match and action?
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner <at> lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130522/53090ad8/attachment-0001.html 

------------------------------

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read the Wiki (http://wiki.mailscanner.info/).

Support MailScanner development - buy the book off the website! 

End of MailScanner Digest, Vol 89, Issue 20
*******************************************

-- 
Denne meddelelse er blevet skannet for virus og farligt indhold
af MailScanner, og er fundet ufarlig.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 0 comments |
headers
Alessandro Dentella | 22 May 2013 11:40
Picon
Gravatar

storing messages


Hi, 

I have several servers where storing messagges just works.
Now i'm fighting to get spam and nonspanm messages stored in a new server
that was not preared by me but seems correct, nevertheless I cant get
messages stored.

Relevant configuration directives are:

  Spam Actions = store
  High Scoring Spam Actions = store
  Spam Actions = store deliver header "
  Non Spam Actions = store deliver header "X-Spam-Status: No"

Quarantine dir is /var/spool/MailScanner/quarantine/ and permissions are
postfix.www-data 

  root <at> smtp:/etc/MailScanner# find /var/spool/MailScanner/quarantine/ -ls
  262148    4 drwxrwxr-x   3 postfix  www-data     4096 May 22 06:25 /var/spool/MailScanner/quarantine/
  262166    4 drwxrwx---   4 postfix  www-data     4096 May 22 06:53 /var/spool/MailScanner/quarantine/20130522
  262167    4 drwxrwx---   2 postfix  www-data     4096 May 22 11:37 /var/spool/MailScanner/quarantine/20130522/nonspam
  262168    4 drwxrwx---   2 postfix  www-data     4096 May 22 11:38 /var/spool/MailScanner/quarantine/20130522/spam

What should I check to understand why mailscanner is not storing them?

The systems is debian squeeze:

ii  mailscanner        4.84.5-4~squeeze
ii  postfix            2.7.1-1+squeeze1   

Thanks in advanced
sandro
*:-)
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 5 comments |
headers
Robert Lopez | 22 May 2013 03:18
Picon

Scan Messages = %rules-dir%/scan.messages.rules

wrt "Scan Messages = %rules-dir%/scan.messages.rules"

Three questions:

1) Does MailScanner do a case sensitive match when
scan.messages.rules file is used?

2) Which "From:" does scan.messages.rules use (Envelope or Email Body)?

3) Does MailScanner directly implement the match and action or is this
passed to SpamAssassin to do the match and action?

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 9 comments |
headers
Informática - Astória Papéis LTDA | 20 May 2013 19:50
Picon

RES: MailScanner Digest, Vol 89, Issue 18

Sergio, apenas para seu conhecimento, recebi este e-mail, do mailscanner.

-----Mensagem original-----
De: mailscanner-bounces <at> lists.mailscanner.info
[mailto:mailscanner-bounces <at> lists.mailscanner.info] Em nome de
mailscanner-request <at> lists.mailscanner.info
Enviada em: domingo, 19 de maio de 2013 08:00
Para: mailscanner <at> lists.mailscanner.info
Assunto: MailScanner Digest, Vol 89, Issue 18

Send MailScanner mailing list submissions to
	mailscanner <at> lists.mailscanner.info

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
or, via email, send a message with subject or body 'help' to
	mailscanner-request <at> lists.mailscanner.info

You can reach the person managing the list at
	mailscanner-owner <at> lists.mailscanner.info

When replying, please edit your Subject line so it is more specific than
"Re: Contents of MailScanner digest..."

Today's Topics:

   1. permissions and ownership of /var/spool/incoming (Dan Carl)

----------------------------------------------------------------------

Message: 1
Date: Sat, 18 May 2013 10:23:53 -0500
From: Dan Carl <danc <at> bluestarshows.com>
Subject: permissions and ownership of /var/spool/incoming
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Message-ID: <51979D09.6060607 <at> bluestarshows.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi all,
I never have any issues with Mailscanner the thing just works and works
well.
But when it comes to new installs that when you'll see me post here.
I'm running a shiny new CentOS 6.4 box with postfix.
I've tried everything but still getting error below when running MailScanner
--lint.
Could not open file >/var/spool/MailScanner/incoming/2614/1.header: 
Permission denied
Cannot create + lock headers file
/var/spool/MailScanner/incoming/2614/1.header, Permission denied at
/usr/lib/MailScanner/MailScanner/Message.pm line 523 I set the permissions
and ownership to:
chown -R postfix.clam *
chmod -R 750 *
But Mailscanner sets the permissions to clam.root Thanks in advance Dan

------------------------------

--
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read the Wiki (http://wiki.mailscanner.info/).

Support MailScanner development - buy the book off the website! 

End of MailScanner Digest, Vol 89, Issue 18
*******************************************

--
Esta mensagem foi verificada pelo sistema de antivmrus e  acredita-se estar
livre de perigo.

-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 0 comments |
headers
Dan Carl | 18 May 2013 17:23
Favicon

permissions and ownership of /var/spool/incoming

Hi all,
I never have any issues with Mailscanner the thing just works and works 
well.
But when it comes to new installs that when you'll see me post here.
I'm running a shiny new CentOS 6.4 box with postfix.
I've tried everything but still getting error below when running 
MailScanner --lint.
Could not open file >/var/spool/MailScanner/incoming/2614/1.header: 
Permission denied
Cannot create + lock headers file 
/var/spool/MailScanner/incoming/2614/1.header, Permission denied at 
/usr/lib/MailScanner/MailScanner/Message.pm line 523
I set the permissions and ownership to:
chown -R postfix.clam *
chmod -R 750 *
But Mailscanner sets the permissions to clam.root
Thanks in advance
Dan
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 2 comments |
headers
John Baker | 16 May 2013 18:28
Favicon

MailScanner debug hanging

Hi, I'm finishing a new mailserver build with the last stable MailScanner. I ran MailScanner --debug to check for problems and it keeps hanging after Building a message batch to scan...

However MailScanner --lint works ok.

How can I get debug information on why debug won't run properly? Any suggestions for sorting this out?

--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 5 comments |
headers
Gary Faith | 15 May 2013 22:53

MailScanner: Message attempted to kill MailScanner

There seems to be a problem with TNEF for this message and others messages from this senter.  The sender refuses to disable RTF in Outlook and the receiver wants the messages from the sender.  So I am stuck trying to figure out how to fix this problem. 
 
-  MailScanner is running on SLES 10 SP4 64-bit, MailScanner Version Number = 4.84.5
-  Expand TNEF = yes
-  Use TNEF Contents = replace
-  TNEF Expander = internal
-  TNEF Timeout = 120
Any ideas/suggestions?  Change to external TNEF expander?  Increase the TNEF timeout? 
 
May 9 09:57:39 mscan MailScanner[8751]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8751/r49DvZfK008854/winmail.dat
May 9 09:57:39 mscan MailScanner[8751]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 09:57:39 mscan MailScanner[8751]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:02:16 mscan MailScanner[19826]: Making attempt 2 at processing message r49DvZfK008854
May 9 10:02:16 mscan MailScanner[19826]: Expanding TNEF archive at /var/spool/MailScanner/incoming/19826/r49DvZfK008854/winmail.dat
May 9 10:02:16 mscan MailScanner[19826]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 10:02:16 mscan MailScanner[19826]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:07:02 mscan MailScanner[9910]: Making attempt 3 at processing message r49DvZfK008854
May 9 10:07:02 mscan MailScanner[9910]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9910/r49DvZfK008854/winmail.dat
May 9 10:07:02 mscan MailScanner[9910]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 10:07:02 mscan MailScanner[9910]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:11:39 mscan MailScanner[9686]: Making attempt 4 at processing message r49DvZfK008854
May 9 10:11:39 mscan MailScanner[9686]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9686/r49DvZfK008854/winmail.dat
May 9 10:11:39 mscan MailScanner[9686]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 10:11:39 mscan MailScanner[9686]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:15:58 mscan MailScanner[10523]: Making attempt 5 at processing message r49DvZfK008854
May 9 10:15:58 mscan MailScanner[10523]: Expanding TNEF archive at /var/spool/MailScanner/incoming/10523/r49DvZfK008854/winmail.dat
May 9 10:15:58 mscan MailScanner[10523]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 10:15:58 mscan MailScanner[10523]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:21:47 mscan MailScanner[9923]: Making attempt 6 at processing message r49DvZfK008854
May 9 10:21:48 mscan MailScanner[9923]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9923/r49DvZfK008854/winmail.dat
May 9 10:21:48 mscan MailScanner[9923]: Message r49DvZfK008854 added TNEF contents RFI265-PlatformPG4PG5ColConns.doc,Picture(DeviceIndependentBitmap)
May 9 10:21:48 mscan MailScanner[9923]: Message r49DvZfK008854 has had TNEF winmail.dat removed
May 9 10:21:58 mscan MailScanner[11166]: Warning: skipping message r49DvZfK008854 as it has been attempted too many times
May 9 10:21:58 mscan MailScanner[11166]: Quarantined message r49DvZfK008854 as it caused MailScanner to crash several times
Thanks,

Gary
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 2 comments |
headers
Robert Lopez | 15 May 2013 19:31
Picon

Single email, multiple Spamassassin attempls

Do I have a MailScanner configuration problem or is this expected behavior?

MailScanner 4.84.5-3
Clamd 0.97.7-1
SpamAssassin 3.3.1
Perl 5.10.1
Postfix 2.10.0

A new email gateway is sending the much discussed "Problem Email"
messages. As far as I see there is not a problem with anything other
than the emails that are listed in the "Problem Email" messages.

However, I see a pattern that looks like this, where there are
apparently multiple attempts to scan of each email by SpamAssassin:

May 15 10:18:08 mg08 postfix/cleanup[7331]: 780574C02AB: hold: header
Received: from apn-37-7-144-188.dynamic.gprs.plus.pl (unknown
[5.174.118.246])??by mg08.cnm.edu (Postfix) with ESMTP id
780574C02AB??for <xxxxxxxx <at> cnm.edu>; Wed, 15 May 2013 10:18:06 -0600
(MDT) from unknown[5.174.118.246];
from=<wBlUzCw213 <at> apostolic-voice.org> to=<xxxxxxxx <at> cnm.edu>
proto=ESMTP helo=<apn-37-7-144-188.dynamic.gprs.plus.pl>
May 15 10:18:08 mg08 postfix/cleanup[7331]: 780574C02AB: warning:
header Subject: I cant be the only one in this from
unknown[5.174.118.246]; from=<wBlUzCw213 <at> apostolic-voice.org>
to=<xxxxxxxx <at> cnm.edu> proto=ESMTP
helo=<apn-37-7-144-188.dynamic.gprs.plus.pl>
May 15 10:18:08 mg08 postfix/cleanup[7331]: 780574C02AB:
message-id=<9BAEEC48-4130-08D1-E84A-F0DF63F3D233 <at> apn-37-7-144-188.dynamic.gprs.plus.pl>
May 15 10:18:13 mg08 MailScanner[4633]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (not cached, score=16.991, required 6,
autolearn=disabled, CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24,
RDNS_NONE 1.27, URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM
1.70, URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:18:13 mg08 MailScanner[4633]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:18:13 mg08 MailScanner[4633]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:20:54 mg08 MailScanner[7342]: Making attempt 2 at processing
message 780574C02AB.A2DEA
May 15 10:20:54 mg08 MailScanner[7342]: SpamAssassin cache hit for
message 780574C02AB.A2DEA
May 15 10:20:54 mg08 MailScanner[7342]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (cached, score=16.991, required 6, autolearn=disabled,
CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24, RDNS_NONE 1.27,
URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM 1.70,
URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:20:54 mg08 MailScanner[7342]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:20:54 mg08 MailScanner[7342]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:25:16 mg08 MailScanner[4579]: Making attempt 3 at processing
message 780574C02AB.A2DEA
May 15 10:25:16 mg08 MailScanner[4579]: SpamAssassin cache hit for
message 780574C02AB.A2DEA
May 15 10:25:16 mg08 MailScanner[4579]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (cached, score=16.991, required 6, autolearn=disabled,
CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24, RDNS_NONE 1.27,
URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM 1.70,
URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:25:16 mg08 MailScanner[4579]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:25:16 mg08 MailScanner[4579]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:28:34 mg08 MailScanner[4746]: Making attempt 4 at processing
message 780574C02AB.A2DEA
May 15 10:28:34 mg08 MailScanner[4746]: SpamAssassin cache hit for
message 780574C02AB.A2DEA
May 15 10:28:34 mg08 MailScanner[4746]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (cached, score=16.991, required 6, autolearn=disabled,
CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24, RDNS_NONE 1.27,
URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM 1.70,
URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:28:34 mg08 MailScanner[4746]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:28:34 mg08 MailScanner[4746]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:30:38 mg08 MailScanner[7382]: Making attempt 5 at processing
message 780574C02AB.A2DEA
May 15 10:30:38 mg08 MailScanner[7382]: SpamAssassin cache hit for
message 780574C02AB.A2DEA
May 15 10:30:38 mg08 MailScanner[7382]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (cached, score=16.991, required 6, autolearn=disabled,
CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24, RDNS_NONE 1.27,
URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM 1.70,
URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:30:38 mg08 MailScanner[7382]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:30:38 mg08 MailScanner[7382]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:34:24 mg08 MailScanner[7439]: Making attempt 6 at processing
message 780574C02AB.A2DEA
May 15 10:34:24 mg08 MailScanner[7439]: SpamAssassin cache hit for
message 780574C02AB.A2DEA
May 15 10:34:24 mg08 MailScanner[7439]: Message 780574C02AB.A2DEA from
5.174.118.246 (wbluzcw213 <at> apostolic-voice.org) to cnm.edu is spam,
SpamAssassin (cached, score=16.991, required 6, autolearn=disabled,
CK_HELO_GENERIC 0.25, HELO_DYNAMIC_IPADDR 3.24, RDNS_NONE 1.27,
URIBL_AB_SURBL 4.50, URIBL_BLACK 1.77, URIBL_DBL_SPAM 1.70,
URIBL_JP_SURBL 1.95, URIBL_SBL 0.64, URIBL_WS_SURBL 1.66)
May 15 10:34:24 mg08 MailScanner[7439]: Non-delivery of spam: message
780574C02AB.A2DEA from wbluzcw213 <at> apostolic-voice.org to
xxxxxxxx <at> cnm.edu with subject I cant be the only one in this
May 15 10:34:24 mg08 MailScanner[7439]: Spam Actions: message
780574C02AB.A2DEA actions are store
May 15 10:34:24 mg08 MailScanner[7422]: Warning: skipping message
780574C02AB.A2DEA as it has been attempted too many times
May 15 10:34:24 mg08 MailScanner[7422]: Quarantined message
780574C02AB.A2DEA as it caused MailScanner to crash several times
May 15 10:34:24 mg08 MailScanner[7422]: Saved entire message to
/var/spool/MailScanner/quarantine/20130515/780574C02AB.A2DEA

Do I have a MailScanner configuration problem or is this expected behavior?

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 12 comments |
headers
Ronnie Smith | 10 May 2013 16:45

Spam Action: Store

Version info:

 

This is CentOS release 6.3 (Final)

This is Perl version 5.010001 (5.10.1)

 

This is MailScanner version 4.84.5

Module versions are:

1.00    AnyDBM_File

1.30    Archive::Zip

0.23    bignum

1.11    Carp

2.02    Compress::Zlib

1.119   Convert::BinHex

0.17    Convert::TNEF

2.124   Data::Dumper

2.27    Date::Parse

1.03    DirHandle

1.06    Fcntl

2.77    File::Basename

2.14    File::Copy

2.02    FileHandle

2.08    File::Path

0.22    File::Temp

0.90    Filesys::Df

3.64    HTML::Entities

3.64    HTML::Parser

3.57    HTML::TokeParser

1.25    IO

1.14    IO::File

1.13    IO::Pipe

2.04    Mail::Header

1.89    Math::BigInt

0.22    Math::BigRat

3.08    MIME::Base64

5.427   MIME::Decoder

5.427   MIME::Decoder::UU

5.427   MIME::Head

5.427   MIME::Parser

3.08    MIME::QuotedPrint

5.427   MIME::Tools

0.13    Net::CIDR

1.25    Net::IP

0.16    OLE::Storage_Lite

1.04    Pod::Escapes

3.13    Pod::Simple

1.17    POSIX

1.21    Scalar::Util

1.82    Socket

2.20    Storable

1.4     Sys::Hostname::Long

0.27    Sys::Syslog

1.40    Test::Pod

0.92    Test::Simple

1.9721  Time::HiRes

1.02    Time::localtime

 

Optional module versions are:

1.58    Archive::Tar

0.23    bignum

missing Business::ISBN

missing Business::ISBN::Data

missing Data::Dump

1.82    DB_File

1.27    DBD::SQLite

1.609   DBI

1.16    Digest

1.01    Digest::HMAC

2.39    Digest::MD5

2.12    Digest::SHA1

1.01    Encode::Detect

0.17015 Error

missing ExtUtils::CBuilder

2.2203  ExtUtils::ParseXS

2.38    Getopt::Long

0.45    Inline

1.08    IO::String

1.09    IO::Zlib

2.27    IP::Country

0.29    Mail::ClamAV

3.003001        Mail::SpamAssassin

missing Mail::SPF

missing Mail::SPF::Query

missing Module::Build

missing Net::CIDR::Lite

0.65    Net::DNS

missing Net::DNS::Resolver::Programmable

missing Net::LDAP

4.027  NetAddr::IP

missing Parse::RecDescent

missing SAVI

3.17    Test::Harness

missing Test::Manifest

2.0.0   Text::Balanced

1.40    URI

0.77    version

missing YAML

 

 

When I set action to store or any iteration of store my spam message stay in postfix hold queue and maillog just shows the following:

 

May 10 09:38:00 filter01 postfix/smtpd[11712]: 24C2F1E1695: client=digitalsanctuary.com[174.37.94.132]

May 10 09:38:00 filter01 postfix/cleanup[11703]: 24C2F1E1695: hold: header Received: from mail.digitalsanctuary.com (digitalsanctuary.com [174.37.94.132])??by filter01..com (Postfix) with ESMTP id 24C2F1E1695??for <DQ <at> .com>; Fri, 10 May 2013 from digitalsanctuary.com[174.37.94.132]; from=<f174532 <at> rmqkr.net> to=<DQ <at> .com> proto=ESMTP helo=<mail.digitalsanctuary.com>

May 10 09:38:00 filter01 postfix/cleanup[11703]: 24C2F1E1695: message-id=<2046887021.4491368193076851.JavaMail.f174532 <at> rmqkr.net>

May 10 09:38:01 filter01 MailScanner[11656]: Message 24C2F1E1695.AAE16 from 174.37.94.132 (f174532 <at> rmqkr.net) to.com is spam, SpamAssassin (not cached, score=4, required 2.5, BAYES_00 -1.00, LOCAL_DEMONSTRATION_FROM 5.00)

May 10 09:38:03 filter01 MailScanner[11656]: Spam Actions: message 24C2F1E1695.AAE16 actions are store-/var/spool/spam,header

May 10 09:41:01 filter01 MailScanner[11999]: Making attempt 2 at processing message 24C2F1E1695.AAE16

May 10 09:41:01 filter01 MailScanner[11999]: SpamAssassin cache hit for message 24C2F1E1695.AAE16

May 10 09:41:01 filter01 MailScanner[11999]: Message 24C2F1E1695.AAE16 from 174.37.94.132 (f174532 <at> rmqkr.net) to.com is spam, SpamAssassin (cached, score=4, required 2.5, BAYES_00 -1.00, LOCAL_DEMONSTRATION_FROM 5.00)

May 10 09:41:01 filter01 MailScanner[11999]: Spam Actions: message 24C2F1E1695.AAE16 actions are store-/var/spool/spam,header

May 10 09:43:47 filter01 MailScanner[11762]: Making attempt 3 at processing message 24C2F1E1695.AAE16

May 10 09:43:47 filter01 MailScanner[11762]: SpamAssassin cache hit for message 24C2F1E1695.AAE16

May 10 09:43:47 filter01 MailScanner[11762]: Message 24C2F1E1695.AAE16 from 174.37.94.132 (f174532 <at> rmqkr.net) to .com is spam, SpamAssassin (cached, score=4, required 2.5, BAYES_00 -1.00, LOCAL_DEMONSTRATION_FROM 5.00)

May 10 09:43:47 filter01 MailScanner[11762]: Spam Actions: message 24C2F1E1695.AAE16 actions are store-/var/spool/spam,header

May 10 09:48:16 filter01 MailScanner[12790]: Making attempt 4 at processing message 24C2F1E1695.AAE16

May 10 09:48:16 filter01 MailScanner[12790]: SpamAssassin cache hit for message 24C2F1E1695.AAE16

May 10 09:48:16 filter01 MailScanner[12790]: Message 24C2F1E1695.AAE16 from 174.37.94.132 (f174532 <at> rmqkr.net) to .com is spam, SpamAssassin (cached, score=4, required 2.5, BAYES_00 -1.00, LOCAL_DEMONSTRATION_FROM 5.00)

May 10 09:48:16 filter01 MailScanner[12790]: Spam Actions: message 24C2F1E1695.AAE16 actions are store-/var/spool/spam,header

 

Nothing else to indicate why it won’t store.  Any ideas?

 

Ronnie Smith // Support Engineer
rsmith <at> dynamicquest.com
336.389.4687

IT Solutions  //  Business Consulting  //  Marketing  //  Data Center  //  Software  //  Helpdesk

 

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Permalink | Reply | 3 comments |

Gmane