Different Split Problem

Thu Mar 11 23:33:17 GMT 2004

In addition to the previous locking thread -- I've noticed this, anybody
else ?

When a message comes in to an address,  gets split into X number of
messages.  Original or first recipients messages isn't scanned, but other
recipients are.  So if it was spam -- the first recipient gets it.. rest do
not.  In the case of the following log lines.. I get mail for
abuse at icnet.net so I got the sweet Viagra message, while rest of recipients
did not.

---snip---
[root at ns2 log]# grep 17527 maillog.archive
Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527:
from=<jaffosjd at msn.com>, size=1294, class=0, nrcpts=2,
msgid=<483544238074342.IH42103 at hempenrose.com>, proto=SMTP, daemon=MTA,
relay=RJ149140159.user.veloxzone.com.br [200.149.140.159] (may be forged)
Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527: split: maxrcpts=1,
rcpts=2, count=1, id=i2BM3dTc017527
Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527: to=<abuse at icnet.net>,
delay=00:00:08, mailer=relay, pri=60547, stat=queued
Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTc017527:
to=<acalvillo at icnet.net>, delay=00:00:08, mailer=relay, pri=60547,
stat=queued
Mar 11 16:03:58 ns2 sendmail[17535]: i2BM3dTb017527: to=<abuse at icnet.net>,
delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=150547,
relay=mail.icnet.net [66.210.152.10], dsn=2.0.0, stat=Sent (Message
received: 20040311220349964.AAA2016 at ns2.icnet.net)
Mar 11 16:04:00 ns2 MailScanner[4809]: Message i2BM3dTc017527 from
200.149.140.159 (jaffosjd at msn.com) to icnet.net is spam, SpamAssassin
(score=15.329, required 5, BAYES_99 5.40, DCC_CHECK 5.00,
MIME_HEADER_CTYPE_ONLY 2.23, RCVD_IN_DYNABLOCK 2.60, RCVD_IN_SORBS 0.10)
Mar 11 16:04:00 ns2 MailScanner[4809]: Spam Actions: message i2BM3dTc017527
actions are delete
--snip--

My interpretation :
   My secondary (gateway) MX (ns2) server receives message from
jaffosjd at msn.com
   Has 2 total recipients, message is split
        abuse at icnet.net
        acalvillo at icnet.net
   message is sent to abuse at icnet.net on server mail.icnet.net, apparently
unchecked (no sa score in headers either) ?
        how did it get to outgoing queue for sendmail to pick it up and send
it ?
   now SA identifies the additional split message as spam and deletes it so
second
        recipient acalvillo doesn't get it.  Good for him,  bad for me.

   I've looked at the splitting code to see if its splitting the original
recipients message into the outgoing directory, that's about the only way I
can figure out that the first recipient isn't getting scanned, but It just
uses sendmails settings as far as I can tell, and the queue group/rewriting
sections in sendmail_in.cf only reference mqueue.in

                                      Brady A. Tucker
                                      Internet Complete! inc.
                                      http://www.icnet.net