Part of MRTG died

Pablo Iranzo G ómez Pablo.Iranzo at UV.ES
Tue Jun 25 21:41:28 IST 2002 

Mine is the same... it seems to be a problem in the sendmail.pl script that
mrtg uses, but it worked without any change until the update... (but virus
and mail got reported ok)

On Tue, 25 Jun 2002 13:58:44 -0500, Mike Kercher <mike at CAMAROSS.NET> wrote:

>I can see the spams getting logged in my maillog...it's just that MRTG (or
>my mrtg.cfg) isn't picking them up anymore.  It was working until ONE of my
>upgrades :)
>
>Here is the mail. line from my syslog.conf
>
># Log all the mail messages in one place.
>mail.*                                                  /var/log/maillog
>
>Mike
>
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Tuesday, June 25, 2002 1:51 PM
>Subject: Re: Part of MRTG died
>
>
>> At 19:44 25/06/2002, you wrote:
>> >I have "Log Spam = yes" in my .conf and neither Spam nor spam in my
>mrtg.cfg
>> >reveal any spam in my maillog.  *boggle*
>>
>> Spam logging is done as mail.info, I suspect that your /etc/syslog.conf
>> isn't logging mail.info messages.
>>
>> >----- Original Message -----
>> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>> >To: <MAILSCANNER at JISCMAIL.AC.UK>
>> >Sent: Tuesday, June 25, 2002 11:35 AM
>> >Subject: Re: Part of MRTG died
>> >
>> >
>> > > Check your mailscanner.conf file for "Log Spam = no".
>> > >
>> > > At 17:19 25/06/2002, you wrote:
>> > > >I've the same problem, after updating to the last available
>MailScanner
>> > > >version, I've no spam reports in /var/log/maillog I've tried to do
>also
>> > > >with changing "spam" to "Spam" but it doesn't work.
>> > > >   I've sent a SPAM mail throught sendmail and here are the headers:
>> > > >
>> > > >
>> > > >Return-Path: <yop at nohwere.com>
>> > > >Received: from localhost.localdomain (localhost.localdomain
>[127.0.0.1])
>> > > >         by Alufis35.uv.es (8.11.6/8.11.2) with SMTP id g5PG90512839
>> > > >         for Pablo.Iranzo at alufis35.uv.es; Tue, 25 Jun 2002 18:09:14
>+0200
>> > > >Date: Tue, 25 Jun 2002 18:09:14 +0200
>> > > >From: yop at nohwere.com
>> > > >Message-Id: <200206251609.g5PG90512839 at Alufis35.uv.es>
>> > > >X-Authentication-Warning: Alufis35.uv.es: localhost.localdomain
>> >[127.0.0.1]
>> > > >     didn't use HELO protocol
>> > > >Subject: {SPAM?} Navega por telefonicaonline.com y ¡llévate cientos
>de
>> > > >     Puntos Travel Club!
>> > > >Content-type: text/html
>> > > >MIME-Version: 1.0
>> > > >Content-Transfer-Encoding: quoted-printable
>> > > >X-MailScanner: Found to be clean
>> > > >X-MailScanner-SpamCheck: SpamAssassin (score=10.1, required 5,
>> > > >         SUBJ_HAS_Q_MARK, NO_REAL_NAME, PLING, BIG_FONT,
>CTYPE_JUST_HTML,
>> > > >         MISSING_HEADERS, NO_MX_FOR_FROM)
>> > > >
>> > > >
>> > > >(As you can see, thhe Mailscanner passed it throught SpamAssassin
and
>> >gave
>> > > >it "Spam" status and did modified the subject)
>> > > >
>> > > >And here is the maillog "conversation":
>> > > >
>> > > >
>> > > >Jun 25 18:04:50 Alufis35 sendmail[12739]: g5PG4nv12739:
>to=yop at yop.es,
>> > > >delay=00:
>> > > >00:01, xdelay=00:00:00, mailer=relay, pri=49438, relay=sello.,
>dsn=2.0.
>> > > >0, stat=Sent (g5PG4oJN009163 Message accepted for delivery)
>> > > >Jun 25 18:09:00 Alufis35 sendmail[12839]: g5PG90512839:
>Authentication-
>> > > >Warning:
>> > > >Alufis35.uv.es: localhost.localdomain [127.0.0.1] didn't use HELO
>> >protocol
>> > > >Jun 25 18:09:37 Alufis35 sendmail[12839]: g5PG90512839:
>> > > >from=yop at nohwere.com, si
>> > > >ze=19465, class=0, nrcpts=1,
>msgid=<200206251609.g5PG90512839 at Alufis35>,
>> >b
>> > > >odytype=8BITMIME, proto=SMTP, daemon=MTA,
relay=localhost.localdomain
>> > > >[127.0.0.1
>> > > >]
>> > > >Jun 25 18:09:49 Alufis35 mailscanner[12624]: Scanning 1 messages,
>20139
>> > > >bytes
>> > > >Jun 25 18:10:12 Alufis35 mailscanner[12624]: Scanned 1 messages,
>20139
>> > > >bytes in
>> > > >4 seconds
>> > > >Jun 25 18:10:13 Alufis35 sendmail[12868]: g5PG90512839:
>> > > >to=iranzo at amena.com, del
>> > > >ay=00:00:59, xdelay=00:00:00, mailer=relay, pri=139465, relay=sello.
>[1
>> > > >47.156.1.112], dsn=5.6.0, stat=Data format error
>> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839: to=\iranzo,
>> > > >delay=00:01:
>> > > >00, xdelay=00:00:01, mailer=local, pri=139465, dsn=2.0.0, stat=Sent
>> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839:
g5PGADY12868:
>> >DSN:
>> > > >Data
>> > > >format error
>> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PGADY12868:
>> >to=yop at nohwere.com,
>> > > >dela
>> > > >y=00:00:00, xdelay=00:00:00, mailer=relay, pri=49437, relay=sello.,
>dsn
>> > > >=2.0.0, stat=Sent (g5PGAEJN009658 Message accepted for delivery)
>> > > >
>> > > >It Scans the message, marks it as spam but doesn't reflect that on
>the
>> > > >maillog.
>> > > >
>> > > >My syslog has the -r switch from previous versions. I'm running
>RedHat
>> >7.3.
>> > > >
>> > > >
>> > > >¿Any idea?
>> > > >Thanks in advance
>> > > >Pablo
>> > >
>> > > --
>> > > Julian Field                Teaching Systems Manager
>> > > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>> > > Tel. 023 8059 2817          University of Southampton
>> > >                              Southampton SO17 1BJ
>> > >
>>
>> --
>> Julian Field                Teaching Systems Manager
>> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>> Tel. 023 8059 2817          University of Southampton
>>                              Southampton SO17 1BJ
>>

More information about the MailScanner mailing list