Part of MRTG died
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Jun 25 21:59:15 IST 2002
I have just posted a new sendmail.logs.pl on the website.
Works again :-)
At 21:41 25/06/2002, you wrote:
>Mine is the same... it seems to be a problem in the sendmail.pl script that
>mrtg uses, but it worked without any change until the update... (but virus
>and mail got reported ok)
>
>On Tue, 25 Jun 2002 13:58:44 -0500, Mike Kercher <mike at CAMAROSS.NET> wrote:
>
> >I can see the spams getting logged in my maillog...it's just that MRTG (or
> >my mrtg.cfg) isn't picking them up anymore. It was working until ONE of my
> >upgrades :)
> >
> >Here is the mail. line from my syslog.conf
> >
> ># Log all the mail messages in one place.
> >mail.* /var/log/maillog
> >
> >Mike
> >
> >----- Original Message -----
> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Tuesday, June 25, 2002 1:51 PM
> >Subject: Re: Part of MRTG died
> >
> >
> >> At 19:44 25/06/2002, you wrote:
> >> >I have "Log Spam = yes" in my .conf and neither Spam nor spam in my
> >mrtg.cfg
> >> >reveal any spam in my maillog. *boggle*
> >>
> >> Spam logging is done as mail.info, I suspect that your /etc/syslog.conf
> >> isn't logging mail.info messages.
> >>
> >> >----- Original Message -----
> >> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >> >Sent: Tuesday, June 25, 2002 11:35 AM
> >> >Subject: Re: Part of MRTG died
> >> >
> >> >
> >> > > Check your mailscanner.conf file for "Log Spam = no".
> >> > >
> >> > > At 17:19 25/06/2002, you wrote:
> >> > > >I've the same problem, after updating to the last available
> >MailScanner
> >> > > >version, I've no spam reports in /var/log/maillog I've tried to do
> >also
> >> > > >with changing "spam" to "Spam" but it doesn't work.
> >> > > > I've sent a SPAM mail throught sendmail and here are the headers:
> >> > > >
> >> > > >
> >> > > >Return-Path: <yop at nohwere.com>
> >> > > >Received: from localhost.localdomain (localhost.localdomain
> >[127.0.0.1])
> >> > > > by Alufis35.uv.es (8.11.6/8.11.2) with SMTP id g5PG90512839
> >> > > > for Pablo.Iranzo at alufis35.uv.es; Tue, 25 Jun 2002 18:09:14
> >+0200
> >> > > >Date: Tue, 25 Jun 2002 18:09:14 +0200
> >> > > >From: yop at nohwere.com
> >> > > >Message-Id: <200206251609.g5PG90512839 at Alufis35.uv.es>
> >> > > >X-Authentication-Warning: Alufis35.uv.es: localhost.localdomain
> >> >[127.0.0.1]
> >> > > > didn't use HELO protocol
> >> > > >Subject: {SPAM?} Navega por telefonicaonline.com y ¡llévate cientos
> >de
> >> > > > Puntos Travel Club!
> >> > > >Content-type: text/html
> >> > > >MIME-Version: 1.0
> >> > > >Content-Transfer-Encoding: quoted-printable
> >> > > >X-MailScanner: Found to be clean
> >> > > >X-MailScanner-SpamCheck: SpamAssassin (score=10.1, required 5,
> >> > > > SUBJ_HAS_Q_MARK, NO_REAL_NAME, PLING, BIG_FONT,
> >CTYPE_JUST_HTML,
> >> > > > MISSING_HEADERS, NO_MX_FOR_FROM)
> >> > > >
> >> > > >
> >> > > >(As you can see, thhe Mailscanner passed it throught SpamAssassin
>and
> >> >gave
> >> > > >it "Spam" status and did modified the subject)
> >> > > >
> >> > > >And here is the maillog "conversation":
> >> > > >
> >> > > >
> >> > > >Jun 25 18:04:50 Alufis35 sendmail[12739]: g5PG4nv12739:
> >to=yop at yop.es,
> >> > > >delay=00:
> >> > > >00:01, xdelay=00:00:00, mailer=relay, pri=49438, relay=sello.,
> >dsn=2.0.
> >> > > >0, stat=Sent (g5PG4oJN009163 Message accepted for delivery)
> >> > > >Jun 25 18:09:00 Alufis35 sendmail[12839]: g5PG90512839:
> >Authentication-
> >> > > >Warning:
> >> > > >Alufis35.uv.es: localhost.localdomain [127.0.0.1] didn't use HELO
> >> >protocol
> >> > > >Jun 25 18:09:37 Alufis35 sendmail[12839]: g5PG90512839:
> >> > > >from=yop at nohwere.com, si
> >> > > >ze=19465, class=0, nrcpts=1,
> >msgid=<200206251609.g5PG90512839 at Alufis35>,
> >> >b
> >> > > >odytype=8BITMIME, proto=SMTP, daemon=MTA,
>relay=localhost.localdomain
> >> > > >[127.0.0.1
> >> > > >]
> >> > > >Jun 25 18:09:49 Alufis35 mailscanner[12624]: Scanning 1 messages,
> >20139
> >> > > >bytes
> >> > > >Jun 25 18:10:12 Alufis35 mailscanner[12624]: Scanned 1 messages,
> >20139
> >> > > >bytes in
> >> > > >4 seconds
> >> > > >Jun 25 18:10:13 Alufis35 sendmail[12868]: g5PG90512839:
> >> > > >to=iranzo at amena.com, del
> >> > > >ay=00:00:59, xdelay=00:00:00, mailer=relay, pri=139465, relay=sello.
> >[1
> >> > > >47.156.1.112], dsn=5.6.0, stat=Data format error
> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839: to=\iranzo,
> >> > > >delay=00:01:
> >> > > >00, xdelay=00:00:01, mailer=local, pri=139465, dsn=2.0.0, stat=Sent
> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839:
>g5PGADY12868:
> >> >DSN:
> >> > > >Data
> >> > > >format error
> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PGADY12868:
> >> >to=yop at nohwere.com,
> >> > > >dela
> >> > > >y=00:00:00, xdelay=00:00:00, mailer=relay, pri=49437, relay=sello.,
> >dsn
> >> > > >=2.0.0, stat=Sent (g5PGAEJN009658 Message accepted for delivery)
> >> > > >
> >> > > >It Scans the message, marks it as spam but doesn't reflect that on
> >the
> >> > > >maillog.
> >> > > >
> >> > > >My syslog has the -r switch from previous versions. I'm running
> >RedHat
> >> >7.3.
> >> > > >
> >> > > >
> >> > > >¿Any idea?
> >> > > >Thanks in advance
> >> > > >Pablo
> >> > >
> >> > > --
> >> > > Julian Field Teaching Systems Manager
> >> > > jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
> >> > > Tel. 023 8059 2817 University of Southampton
> >> > > Southampton SO17 1BJ
> >> > >
> >>
> >> --
> >> Julian Field Teaching Systems Manager
> >> jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
> >> Tel. 023 8059 2817 University of Southampton
> >> Southampton SO17 1BJ
> >>
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list