Part of MRTG died

Mike Kercher mike at CAMAROSS.NET
Tue Jun 25 19:58:44 IST 2002 

I can see the spams getting logged in my maillog...it's just that MRTG (or
my mrtg.cfg) isn't picking them up anymore.  It was working until ONE of my
upgrades :)

Here is the mail. line from my syslog.conf

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

Mike

----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, June 25, 2002 1:51 PM
Subject: Re: Part of MRTG died


> At 19:44 25/06/2002, you wrote:
> >I have "Log Spam = yes" in my .conf and neither Spam nor spam in my
mrtg.cfg
> >reveal any spam in my maillog.  *boggle*
>
> Spam logging is done as mail.info, I suspect that your /etc/syslog.conf
> isn't logging mail.info messages.
>
> >----- Original Message -----
> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Tuesday, June 25, 2002 11:35 AM
> >Subject: Re: Part of MRTG died
> >
> >
> > > Check your mailscanner.conf file for "Log Spam = no".
> > >
> > > At 17:19 25/06/2002, you wrote:
> > > >I've the same problem, after updating to the last available
MailScanner
> > > >version, I've no spam reports in /var/log/maillog I've tried to do
also
> > > >with changing "spam" to "Spam" but it doesn't work.
> > > >   I've sent a SPAM mail throught sendmail and here are the headers:
> > > >
> > > >
> > > >Return-Path: <yop at nohwere.com>
> > > >Received: from localhost.localdomain (localhost.localdomain
[127.0.0.1])
> > > >         by Alufis35.uv.es (8.11.6/8.11.2) with SMTP id g5PG90512839
> > > >         for Pablo.Iranzo at alufis35.uv.es; Tue, 25 Jun 2002 18:09:14
+0200
> > > >Date: Tue, 25 Jun 2002 18:09:14 +0200
> > > >From: yop at nohwere.com
> > > >Message-Id: <200206251609.g5PG90512839 at Alufis35.uv.es>
> > > >X-Authentication-Warning: Alufis35.uv.es: localhost.localdomain
> >[127.0.0.1]
> > > >     didn't use HELO protocol
> > > >Subject: {SPAM?} Navega por telefonicaonline.com y ¡llévate cientos
de
> > > >     Puntos Travel Club!
> > > >Content-type: text/html
> > > >MIME-Version: 1.0
> > > >Content-Transfer-Encoding: quoted-printable
> > > >X-MailScanner: Found to be clean
> > > >X-MailScanner-SpamCheck: SpamAssassin (score=10.1, required 5,
> > > >         SUBJ_HAS_Q_MARK, NO_REAL_NAME, PLING, BIG_FONT,
CTYPE_JUST_HTML,
> > > >         MISSING_HEADERS, NO_MX_FOR_FROM)
> > > >
> > > >
> > > >(As you can see, thhe Mailscanner passed it throught SpamAssassin and
> >gave
> > > >it "Spam" status and did modified the subject)
> > > >
> > > >And here is the maillog "conversation":
> > > >
> > > >
> > > >Jun 25 18:04:50 Alufis35 sendmail[12739]: g5PG4nv12739:
to=yop at yop.es,
> > > >delay=00:
> > > >00:01, xdelay=00:00:00, mailer=relay, pri=49438, relay=sello.,
dsn=2.0.
> > > >0, stat=Sent (g5PG4oJN009163 Message accepted for delivery)
> > > >Jun 25 18:09:00 Alufis35 sendmail[12839]: g5PG90512839:
Authentication-
> > > >Warning:
> > > >Alufis35.uv.es: localhost.localdomain [127.0.0.1] didn't use HELO
> >protocol
> > > >Jun 25 18:09:37 Alufis35 sendmail[12839]: g5PG90512839:
> > > >from=yop at nohwere.com, si
> > > >ze=19465, class=0, nrcpts=1,
msgid=<200206251609.g5PG90512839 at Alufis35>,
> >b
> > > >odytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain
> > > >[127.0.0.1
> > > >]
> > > >Jun 25 18:09:49 Alufis35 mailscanner[12624]: Scanning 1 messages,
20139
> > > >bytes
> > > >Jun 25 18:10:12 Alufis35 mailscanner[12624]: Scanned 1 messages,
20139
> > > >bytes in
> > > >4 seconds
> > > >Jun 25 18:10:13 Alufis35 sendmail[12868]: g5PG90512839:
> > > >to=iranzo at amena.com, del
> > > >ay=00:00:59, xdelay=00:00:00, mailer=relay, pri=139465, relay=sello.
[1
> > > >47.156.1.112], dsn=5.6.0, stat=Data format error
> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839: to=\iranzo,
> > > >delay=00:01:
> > > >00, xdelay=00:00:01, mailer=local, pri=139465, dsn=2.0.0, stat=Sent
> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839: g5PGADY12868:
> >DSN:
> > > >Data
> > > >format error
> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PGADY12868:
> >to=yop at nohwere.com,
> > > >dela
> > > >y=00:00:00, xdelay=00:00:00, mailer=relay, pri=49437, relay=sello.,
dsn
> > > >=2.0.0, stat=Sent (g5PGAEJN009658 Message accepted for delivery)
> > > >
> > > >It Scans the message, marks it as spam but doesn't reflect that on
the
> > > >maillog.
> > > >
> > > >My syslog has the -r switch from previous versions. I'm running
RedHat
> >7.3.
> > > >
> > > >
> > > >¿Any idea?
> > > >Thanks in advance
> > > >Pablo
> > >
> > > --
> > > Julian Field                Teaching Systems Manager
> > > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> > > Tel. 023 8059 2817          University of Southampton
> > >                              Southampton SO17 1BJ
> > >
>
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ
>

More information about the MailScanner mailing list