Messages with no MailScanner headers at all?
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Mar 24 09:57:07 GMT 2004
Not a clue on this one, I'm afraid. Can you use "Archive Mail" to capture
one on the way in before your MTA starts adding things to it?
At 09:51 17/03/2004, you wrote:
>I've seen quite a few messages recently that somehow do not get
>processed by MailScanner.
>
>They are all alike: no subject header, a body containing nothing apart
>from one e-mail address (also present in the From: field).
>Message-Id: is added by the MTA (either on the MS machine or the backup
>MX) and I suspect the Date: is too.
>To: has mostly been "Undisclosed recipients: ;" but also one with my
>address in the To: field. Most but not all also have an X-Message-Info:
>header
>
>The messages do not get any MailScanner headers added at all (unlike the
>other threads recently about messages where the subject is not tagged).
>However the logs show that the messages do get scanned - and generally
>get quite a decent SA score.
>
>This is with MS 4.28.6 and Postfix 2.0.18 on RH9.
>
>FYI in the quoted example message and log below metroid.nerim.net is our
>MX backup; gate.tradoc is the MS box.
>
>| Return-Path: <tfmub at professoremail.com>
>| Received: from gate.tradoc (gate.tradoc [192.168.51.2])
>| by garibaldi.tradoc.net with ESMTP (Mailtraq/2.3.1.1414) id
>GRBLF0728085
>| for john at tradoc.fr; Wed, 17 Mar 2004 10:02:27 +0100
>| Received: from metroid.nerim.net (metroid.nerim.net [62.4.16.80])
>| by gate.tradoc (Postfix) with ESMTP id 4FD74B5CC1
>| for <john at tradoc.fr>; Wed, 17 Mar 2004 10:02:21 +0100 (CET)
>| Received: from 212.199.205.41.forward.012.net.il
>(212.199.205.41.forward.012.net.il [212.199.205.41])
>| by metroid.nerim.net (Postfix) with SMTP id 674EAD5696
>| for <john at tradoc.fr>; Wed, 17 Mar 2004 10:02:03 +0100 (CET)
>| X-Message-Info: c
>| Message-Id: <20040317090203.674EAD5696 at metroid.nerim.net>
>| Date: Wed, 17 Mar 2004 10:02:03 +0100 (CET)
>| From: tfmub at professoremail.com
>| To: undisclosed-recipients: ;
>| X-Hops: 1
>|
>|
>| tfmub at professoremail.com
>
>
>| Mar 17 10:02:21 gate postfix/smtpd[3005]: connect from
>metroid.nerim.net[62.4.16.80]
>| Mar 17 10:02:21 gate postfix/smtpd[3005]: 4FD74B5CC1:
>client=metroid.nerim.net[62.4.16.80]
>| Mar 17 10:02:21 gate postfix/cleanup[3006]: 4FD74B5CC1:
>message-id=<20040317090203.674EAD5696 at metroid.nerim.net>
>| Mar 17 10:02:21 gate postfix/qmgr[1859]: 4FD74B5CC1:
>from=<tfmub at professoremail.com>, size=589, nrcpt=1 (queue active)
>| Mar 17 10:02:21 gate postfix/smtpd[3005]: disconnect from
>metroid.nerim.net[62.4.16.80]
>| Mar 17 10:02:22 gate postfix/qmgr[1859]: 4FD74B5CC1:
>to=<john at tradoc.fr>, relay=none, delay=0, status=deferred (deferred transport)
>| Mar 17 10:02:23 gate MailScanner[1851]: New Batch: Scanning 1 messages,
>911 bytes
>| Mar 17 10:02:23 gate MailScanner[1851]: Spam Checks: Starting
>| Mar 17 10:02:26 gate MailScanner[1851]: Message 4FD74B5CC1 from
>62.4.16.80 (tfmub at professoremail.com) to tradoc.fr is spam, SpamAssassin
>(score=11.567, required 5, BAYES_99 5.40, NO_REAL_NAME 0.16,
>RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_DSBL 0.71, RCVD_IN_NJABL 0.10,
>RCVD_IN_NJABL_PROXY 0.50, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
>local_RCVD_IN_XBL 2.00)
>| Mar 17 10:02:26 gate MailScanner[1851]: Spam Checks: Found 1 spam messages
>| Mar 17 10:02:26 gate MailScanner[1851]: Spam Actions: message 4FD74B5CC1
>actions are deliver
>| Mar 17 10:02:26 gate MailScanner[1851]: Virus and Content Scanning:
>Starting
>| Mar 17 10:02:27 gate MailScanner[1851]: Requeue: 4FD74B5CC1 to DD7DEE1322
>| Mar 17 10:02:27 gate postfix/qmgr[1868]: DD7DEE1322:
>from=<tfmub at professoremail.com>, size=621, nrcpt=1 (queue active)
>| Mar 17 10:02:27 gate MailScanner[1851]: Uninfected: Delivered 1 messages
>| Mar 17 10:02:27 gate postfix/smtp[3020]: DD7DEE1322:
>to=<john at tradoc.fr>, relay=garibaldi.tradoc[192.168.51.1], delay=6,
>status=sent (250 received the message, thanks)
>
>John.
>
>--
>-- Over 2400 webcams from ski resorts around the world - www.snoweye.com
>-- Translate your technical documents and web pages - www.tradoc.fr
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list