MCP bug? Mcp only reading last rule .cf file

Darren Fulton - Concept Technology darren at concepttechnologyinc.com
Tue Dec 30 16:45:45 GMT 2003 

> At 06:02 30/12/2003, you wrote:
>>Hello,
>>I think this is a bug and would like input if it can be replicated by
>>others and suggestions on how I can fix this whether it is a bug or if
>>I've just screwed something up.  Upgraded to latest revision which
>>contained some mcp fixes.
>>
>>Issue: mcp checker uses only the last rule and not the other .cf rules
>>located in /etc/MailScanner/mcp/
>>Meaning, it gives MCP scores to messages that apply to the last rule
>>(alphabetically) in the directory but to the rules above it.
>>
>>MTA is postfix
>>
>>Info copied from terminal:
>>
>>[root at mailgateway mcp]# hostname
>>mailgateway.healthleaders.com
>>[root at mailgateway mcp]# uname -a
>>Linux mailgateway.healthleaders.com 2.4.20-24.9 #1 Mon Dec 1 11:35:51
>>EST 2003 i686 i686 i386 GNU/Linux
>>[root at mailgateway mcp]# pwd
>>/etc/MailScanner/mcp
>>[root at mailgateway mcp]# ls -la
>>total 24
>>drwxr-xr-x    2 root     root         4096 Dec 29 23:24 .
>>drwxr-xr-x    6 root     root         4096 Dec 29 22:58 ..
>>-rw-r--r--    1 root     root          598 Dec 29 23:02 10_example.cf
>>-rw-r--r--    1 root     root          111 Dec 29 23:31
>> 11_penis_banned.cf
>>-rw-r--r--    1 root     root          112 Dec 29 23:31
>> 12_valium_banned.cf
>>-rw-r--r--    1 root     root         1256 Dec 29 10:25
>>mcp.spam.assassin.prefs.conf
>>
>>[root at mailgateway mcp]# cat *.cf
>>
>>header   BANNED         Subject =~ /banned/i
>>describe BANNED         Banned Subject
>>score    BANNED         22
>>
>>body     BANNED_BODY    /this text is banned/i
>>describe BANNED_BODY    Banned body text
>>score    BANNED_BODY    5
>>
>>header   BANNED         Subject =~ /penis/i
>>describe BANNED         Banned Subject
>>score    BANNED         10
>>
>>header   BANNED         Subject =~ /valium/i
>>describe BANNED         Banned Subject
>>score    BANNED         10
>
> You have given 3 of your rules the same name. All rules must have
> different
> names.
>
>
>>Some examples from the /var/log/maillog:
>>
>>Here is the valium one that worked:
>>Dec 29 23:54:48 mailgateway postfix/cleanup[8909]: CD7073FEE:
>>message-id=<20031230055417.CD7073FEE at mailgateway.healthleaders.com>
>>Dec 29 23:54:48 mailgateway postfix/nqmgr[8768]: CD7073FEE:
>>from=<darren at internav.dyndns.org>, size=440, nrcpt=1 (queue active)
>>Dec 29 23:54:48 mailgateway postfix/nqmgr[8768]: CD7073FEE:
>>to=<darren at concepttechnologyinc.com>, relay=none, delay=31,
>>status=deferred (deferred transport)
>>Dec 29 23:54:51 mailgateway MailScanner[8853]: New Batch: Scanning 1
>>messages, 613 bytes
>>Dec 29 23:54:51 mailgateway MailScanner[8853]: MCP Checks: Starting
>>Dec 29 23:54:51 mailgateway MailScanner[8853]: Message CD7073FEE from
>>127.0.0.1 (darren at internav.dyndns.org) to concepttechnologyinc.com is
>>MCP, MCP-Checker (score=10, required 1, BANNED 10.00)
>>Dec 29 23:54:51 mailgateway MailScanner[8853]: MCP Actions: message
>>CD7073FEE actions are delete
>>
>>Here is the penis one that didn't work:
>>Dec 29 23:36:27 mailgateway postfix/nqmgr[8768]: 3E71F3FEE:
>>to=<darren at concepttechnologyinc.com>, relay=none, delay=44,
>>status=deferred (deferred transport)
>>Dec 29 23:36:27 mailgateway MailScanner[8859]: New Batch: Scanning 1
>>messages, 632 bytes
>>Dec 29 23:36:27 mailgateway MailScanner[8859]: MCP Checks: Starting
>>Dec 29 23:36:27 mailgateway MailScanner[8859]: Spam Checks: Starting
>>Dec 29 23:36:28 mailgateway MailScanner[8859]: Virus and Content
>>Scanning: Starting
>>Dec 29 23:36:28 mailgateway postfix/nqmgr[8838]: 3D9181A7339:
>>from=<darren at healthleaders.com>, size=720, nrcpt=1 (queue active)
>>Dec 29 23:36:28 mailgateway MailScanner[8859]: Uninfected: Delivered 1
>>messages
>>Dec 29 23:36:29 mailgateway postfix/smtp[8878]: 3D9181A7339:
>>to=<darren at concepttechnologyinc.com>,
>>relay=local.concepttechnologyinc.com[192.168.1.10], delay=46,
>>status=sent (250 ok 1072763854 qp 21046)
>>
>>What do you think?  Do you need more info?
>>
>>Best Regards,
>>
>>Darren Fulton
>>Concept Technology, Inc.
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

----------------
Do you mean the word "BANNED" as in,

header   BANNED         Subject =~ /valium/i
describe BANNED         Banned Subject
score    BANNED         10

?

Or are you talking about something else?  That makes sense, but the
example text maybe should make that clear that "BANNED" is descriptive
statement and cannot be the same in any two rules.

Thanks for the help and the great support.

Best Regards,

Darren Fulton
Concept Technology, Inc.

More information about the MailScanner mailing list