Different Split Problem

[Ken Anderson (Pacific Internet)]

I just tested this by sending myself an email to 2 addresses I receive.
They are both properly scanned & tagged.

Are you sure mail TO your abuse address isn't whitelisted?

Check your maillog for other occurances of "split:" and grep the log to
see if each ID is scanned. It is working here, and I really don't see
any way a message can hop from mqueue.in to mqueue without MailScanner's
help.

Ken


Brady A. Tucker wrote:

> In addition to the previous locking thread -- I've noticed this, anybody
> else ?
>
> When a message comes in to an address,  gets split into X number of
> messages.  Original or first recipients messages isn't scanned, but other
> recipients are.  So if it was spam -- the first recipient gets it.. rest do
> not.  In the case of the following log lines.. I get mail for
> abuse at icnet.net so I got the sweet Viagra message, while rest of recipients
> did not.
>
>
> ---snip---
> [root at ns2 log]# grep 17527 maillog.archive
> Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527:
> from=<jaffosjd at msn.com>, size=1294, class=0, nrcpts=2,
> msgid=<483544238074342.IH42103 at hempenrose.com>, proto=SMTP, daemon=MTA,
> relay=RJ149140159.user.veloxzone.com.br [200.149.140.159] (may be forged)
> Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527: split: maxrcpts=1,
> rcpts=2, count=1, id=i2BM3dTc017527
> Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTb017527: to=<abuse at icnet.net>,
> delay=00:00:08, mailer=relay, pri=60547, stat=queued
> Mar 11 16:03:56 ns2 sendmail[17527]: i2BM3dTc017527:
> to=<acalvillo at icnet.net>, delay=00:00:08, mailer=relay, pri=60547,
> stat=queued
> Mar 11 16:03:58 ns2 sendmail[17535]: i2BM3dTb017527: to=<abuse at icnet.net>,
> delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=150547,
> relay=mail.icnet.net [66.210.152.10], dsn=2.0.0, stat=Sent (Message
> received: 20040311220349964.AAA2016 at ns2.icnet.net)
> Mar 11 16:04:00 ns2 MailScanner[4809]: Message i2BM3dTc017527 from
> 200.149.140.159 (jaffosjd at msn.com) to icnet.net is spam, SpamAssassin
> (score=15.329, required 5, BAYES_99 5.40, DCC_CHECK 5.00,
> MIME_HEADER_CTYPE_ONLY 2.23, RCVD_IN_DYNABLOCK 2.60, RCVD_IN_SORBS 0.10)
> Mar 11 16:04:00 ns2 MailScanner[4809]: Spam Actions: message i2BM3dTc017527
> actions are delete
> --snip--
>
> My interpretation :
>    My secondary (gateway) MX (ns2) server receives message from
> jaffosjd at msn.com
>    Has 2 total recipients, message is split
>         abuse at icnet.net
>         acalvillo at icnet.net
>    message is sent to abuse at icnet.net on server mail.icnet.net, apparently
> unchecked (no sa score in headers either) ?
>         how did it get to outgoing queue for sendmail to pick it up and send
> it ?
>    now SA identifies the additional split message as spam and deletes it so
> second
>         recipient acalvillo doesn't get it.  Good for him,  bad for me.
>
>    I've looked at the splitting code to see if its splitting the original
> recipients message into the outgoing directory, that's about the only way I
> can figure out that the first recipient isn't getting scanned, but It just
> uses sendmails settings as far as I can tell, and the queue group/rewriting
> sections in sendmail_in.cf only reference mqueue.in
>
>                                       Brady A. Tucker
>                                       Internet Complete! inc.
>                                       http://www.icnet.net
>
>