MCP bug? Mcp only reading last rule .cf file
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Dec 30 16:32:24 GMT 2003
At 16:45 30/12/2003, you wrote:
> > At 06:02 30/12/2003, you wrote:
> >>Hello,
> >>I think this is a bug and would like input if it can be replicated by
> >>others and suggestions on how I can fix this whether it is a bug or if
> >>I've just screwed something up. Upgraded to latest revision which
> >>contained some mcp fixes.
> >>
> >>Issue: mcp checker uses only the last rule and not the other .cf rules
> >>located in /etc/MailScanner/mcp/
> >>Meaning, it gives MCP scores to messages that apply to the last rule
> >>(alphabetically) in the directory but to the rules above it.
> >>
> >>MTA is postfix
> >>
> >>Info copied from terminal:
> >>
> >>[root at mailgateway mcp]# hostname
> >>mailgateway.healthleaders.com
> >>[root at mailgateway mcp]# uname -a
> >>Linux mailgateway.healthleaders.com 2.4.20-24.9 #1 Mon Dec 1 11:35:51
> >>EST 2003 i686 i686 i386 GNU/Linux
> >>[root at mailgateway mcp]# pwd
> >>/etc/MailScanner/mcp
> >>[root at mailgateway mcp]# ls -la
> >>total 24
> >>drwxr-xr-x 2 root root 4096 Dec 29 23:24 .
> >>drwxr-xr-x 6 root root 4096 Dec 29 22:58 ..
> >>-rw-r--r-- 1 root root 598 Dec 29 23:02 10_example.cf
> >>-rw-r--r-- 1 root root 111 Dec 29 23:31
> >> 11_penis_banned.cf
> >>-rw-r--r-- 1 root root 112 Dec 29 23:31
> >> 12_valium_banned.cf
> >>-rw-r--r-- 1 root root 1256 Dec 29 10:25
> >>mcp.spam.assassin.prefs.conf
> >>
> >>[root at mailgateway mcp]# cat *.cf
> >>
> >>header BANNED Subject =~ /banned/i
> >>describe BANNED Banned Subject
> >>score BANNED 22
> >>
> >>body BANNED_BODY /this text is banned/i
> >>describe BANNED_BODY Banned body text
> >>score BANNED_BODY 5
> >>
> >>header BANNED Subject =~ /penis/i
> >>describe BANNED Banned Subject
> >>score BANNED 10
> >>
> >>header BANNED Subject =~ /valium/i
> >>describe BANNED Banned Subject
> >>score BANNED 10
> >
> > You have given 3 of your rules the same name. All rules must have
> > different
> > names.
> >
> >
> >>Some examples from the /var/log/maillog:
> >>
> >>Here is the valium one that worked:
> >>Dec 29 23:54:48 mailgateway postfix/cleanup[8909]: CD7073FEE:
> >>message-id=<20031230055417.CD7073FEE at mailgateway.healthleaders.com>
> >>Dec 29 23:54:48 mailgateway postfix/nqmgr[8768]: CD7073FEE:
> >>from=<darren at internav.dyndns.org>, size=440, nrcpt=1 (queue active)
> >>Dec 29 23:54:48 mailgateway postfix/nqmgr[8768]: CD7073FEE:
> >>to=<darren at concepttechnologyinc.com>, relay=none, delay=31,
> >>status=deferred (deferred transport)
> >>Dec 29 23:54:51 mailgateway MailScanner[8853]: New Batch: Scanning 1
> >>messages, 613 bytes
> >>Dec 29 23:54:51 mailgateway MailScanner[8853]: MCP Checks: Starting
> >>Dec 29 23:54:51 mailgateway MailScanner[8853]: Message CD7073FEE from
> >>127.0.0.1 (darren at internav.dyndns.org) to concepttechnologyinc.com is
> >>MCP, MCP-Checker (score=10, required 1, BANNED 10.00)
> >>Dec 29 23:54:51 mailgateway MailScanner[8853]: MCP Actions: message
> >>CD7073FEE actions are delete
> >>
> >>Here is the penis one that didn't work:
> >>Dec 29 23:36:27 mailgateway postfix/nqmgr[8768]: 3E71F3FEE:
> >>to=<darren at concepttechnologyinc.com>, relay=none, delay=44,
> >>status=deferred (deferred transport)
> >>Dec 29 23:36:27 mailgateway MailScanner[8859]: New Batch: Scanning 1
> >>messages, 632 bytes
> >>Dec 29 23:36:27 mailgateway MailScanner[8859]: MCP Checks: Starting
> >>Dec 29 23:36:27 mailgateway MailScanner[8859]: Spam Checks: Starting
> >>Dec 29 23:36:28 mailgateway MailScanner[8859]: Virus and Content
> >>Scanning: Starting
> >>Dec 29 23:36:28 mailgateway postfix/nqmgr[8838]: 3D9181A7339:
> >>from=<darren at healthleaders.com>, size=720, nrcpt=1 (queue active)
> >>Dec 29 23:36:28 mailgateway MailScanner[8859]: Uninfected: Delivered 1
> >>messages
> >>Dec 29 23:36:29 mailgateway postfix/smtp[8878]: 3D9181A7339:
> >>to=<darren at concepttechnologyinc.com>,
> >>relay=local.concepttechnologyinc.com[192.168.1.10], delay=46,
> >>status=sent (250 ok 1072763854 qp 21046)
> >>
> >>What do you think? Do you need more info?
> >>
> >>Best Regards,
> >>
> >>Darren Fulton
> >>Concept Technology, Inc.
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
>
>----------------
>Do you mean the word "BANNED" as in,
>
>header BANNED Subject =~ /valium/i
>describe BANNED Banned Subject
>score BANNED 10
>
>?
Yes. I assumed anyone trying to write rules would read
man Mail::SpamAssassin::Conf
which explains how to write them and (I think) makes it fairly obvious.
But yes, choosing "BANNED" as the name of the rule was probably the worst
word I could have chosen. I'll change the sample to something else.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list