mailscanner entries in sendmail logs too long?

Mack RAGAN_DAVIS at COLSTATE.EDU
Sun Mar 7 05:54:53 GMT 2004


Hi,

First, I'd like to offer major kudos to Julian for outstanding work!!  I can't speak highly
enough on how well MailScanner performs.

My problem:  I just discovered that occasionally the mailscanner entry in my
sendmail logs seems to be incomplete.  It seems to happen when the spamassassin
report is really long.  Here's an example (I replaced IP's, email addresses and
domains with bogus values):

Complete log entry:

Mar  1 00:59:17 mailhost MailScanner[8501]: Message i215x5GP000623 from
some.ip.some.where (someone at somedomain.com) to mydomain.com is spam,
spamcop.net, spamhaus.org, SpamAssassin (score=4.738, required 4.2,
CLICK_BELOW 0.00, HTML_LINK_PUSH_HERE 0.50, HTML_MESSAGE 0.00,
RCVD_IN_BL_SPAMCOP_NET 2.25, RCVD_IN_SBL 1.27, RCVD_IN_SORBS 0.10,
SUBJ_DOLLARS 0.62)

Incomplete log entry:

Mar  1 00:59:18 mailhost MailScanner[9064]: Message i215x3GP000622 from
some.ip.some.where (someone at somedomain.com) to mydomain.com is spam,
spamcop.net, njabl, SpamAssassin (score=42.668, required 4.2, BANG_EXERCISE
1.22, BANG_GUARANTEE 1.10, CLICK_BELOW_CAPS 0.57,
DATE_SPAMWARE_Y2K 4.40, DCC_CHECK 1.81, FORGED_MUA_OUTLOOK
1.58, FORGED_OUTLOOK_HTML 1.10, FORGED_OUTLOOK_TAGS 1.10,
FORGED_RCVD_NET_HELO 3.02, GUARANTEED_STUFF 1.17, HTML_60_70
0.10, HTML_FONTCOLOR_UNKNOWN 0.10, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_FONT_BIG 0.10, HTML_FONT_INVISIBLE 0.45, HTML_MESSAGE 0.00,
HTML_SHOUTING4 0.31, HTML_TABLE_THICK_BORD 0.70, IMPOTENCE 4.24,
MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10,
MIME_HTML_ONLY_MULTI 1.10, MISSING_MIMEOLE 1.15, MONEY_BACK 4.30,
PENIS_ENLARGE 1.10, PENIS_ENLARGE2 0.59, PYZOR_CHECK 0.32,
RAZOR2_CF_RANGE_51_100 1.55, RAZOR2_CHECK 0.90,
RCVD_IN_BL_SPAMCOP_NET 2.25, RCVD_IN_DSBL 1.10, RCVD_IN_NJABL
0.10, RCVD_IN_NJABL_RELAY 1.31, RCVD_IN_SORBS 0.10,
RCVD_IN_SORBS_HTTP 1.10, RCVD_IN_SORBS_MISC 1.10,
SOME_BREAKTHROUGH 0.60

Notice....no ending paren on the incomplete log entry. I just upgraded to the beta
version that included the password-protected archive checker (version 4.28.4-1) on
3/4/04.  I did not notice this before, but then again I wasn't looking.  I will sift thru
some older logs and see if this behavior was present before the upgrade.
Nevertheless, has anyone noticed this before?  Is there something I can do to fix it?

Thanks!
mack

--
This message has been scanned for viruses and
dangerous content by the CSU Email Gateway, and is
believed to be clean.



More information about the MailScanner mailing list