Messages with no MailScanner headers at all?

John Wilcock john at TRADOC.FR
Wed Mar 24 15:31:00 GMT 2004 

Got one!

See results of postcat below. 

Here's the corresponding maillog extract (not that it tells us anything
out of the ordinary):

| Mar 24 16:03:20 gate postfix/smtpd[15334]: connect from dhcp065-025-008-138.neo.rr.com[65.25.8.138]
| Mar 24 16:03:21 gate postfix/smtpd[15334]: 0C1B7B5CBF: client=dhcp065-025-008-138.neo.rr.com[65.25.8.138]
| Mar 24 16:03:21 gate postfix/cleanup[15368]: 0C1B7B5CBF: message-id=<C[20
| Mar 24 16:03:22 gate postfix/qmgr[14728]: 0C1B7B5CBF: from=<Verna_Quick at aol.com>, size=406, nrcpt=1 (queue active)
| Mar 24 16:03:22 gate postfix/smtpd[15334]: disconnect from dhcp065-025-008-138.neo.rr.com[65.25.8.138]
| Mar 24 16:03:23 gate MailScanner[14720]: New Batch: Scanning 1 messages, 758 bytes 
| Mar 24 16:03:23 gate MailScanner[14720]: Saved archive copies of 0C1B7B5CBF 
| Mar 24 16:03:23 gate MailScanner[14720]: Spam Checks: Starting 
| Mar 24 16:03:31 gate MailScanner[14720]: Message 0C1B7B5CBF from 65.25.8.138 (verna_quick at aol.com) to tradoc.fr is spam, SpamAssassin (score=14.865, required 5, BAYES_99 5.40, INVALID_MSGID 2.50, NO_REAL_NAME 0.16, RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_DSBL 0.71, RCVD_IN_DYNABLOCK 0.50, RCVD_IN_SORBS 0.10, local_NOSUBJECT 2.00, local_RCVD_IN_XBL 2.00) 
| Mar 24 16:03:31 gate MailScanner[14720]: Spam Checks: Found 1 spam messages 
| Mar 24 16:03:33 gate MailScanner[14720]: Spam Actions: message 0C1B7B5CBF actions are highspam at tradoc.fr,forward 
| Mar 24 16:03:33 gate MailScanner[14720]: Virus and Content Scanning: Starting 
| Mar 24 16:03:34 gate MailScanner[14720]: Requeue: 0C1B7B5CBF to DE552E12A3 
| Mar 24 16:03:34 gate postfix/qmgr[14737]: DE552E12A3: from=<verna_quick at aol.com>, size=433, nrcpt=1 (queue active)
| Mar 24 16:03:34 gate MailScanner[14720]: Uninfected: Delivered 1 messages 
| Mar 24 16:03:34 gate postfix/smtp[15446]: DE552E12A3: to=<highspam at tradoc.fr>, orig_to=<unknown>, relay=garibaldi.tradoc[192.168.51.1], delay=13, status=sent (250 received the message, thanks)

The message received downline had no MailScanner headers at all, and
indeed as far as I can tell was identical to the original message
received. 

It would be tempting to incriminate the odd-looking Message-ID header,
but I have other examples with a perfectly valid Message-ID added by our
backup MX which slip through in the same way. 

I half suspect a postfix timing problem due to the particularly short
messages, but have no proof of that whatsoever. 

John.

-- 
-- Over 2400 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
-------------- next part --------------
*** ENVELOPE RECORDS /var/spool/MailScanner/archive/20040324/0C1B7B5CBF ***
message_size:             406             325               1
arrival_time: Wed Mar 24 16:03:21 2004
sender: Verna_Quick at aol.com
named attribute: client_name=dhcp065-025-008-138.neo.rr.com
named attribute: client_address=65.25.8.138
named attribute: message_origin=dhcp065-025-008-138.neo.rr.com[65.25.8.138]
named attribute: helo_name=dhcp065-025-008-138.neo.rr.com
named attribute: protocol_name=SMTP
original recipient: john at tradoc.fr
recipient: john at tradoc.fr
*** MESSAGE CONTENTS /var/spool/MailScanner/archive/20040324/0C1B7B5CBF ***
Received: from dhcp065-025-008-138.neo.rr.com (dhcp065-025-008-138.neo.rr.com [65.25.8.138])
        by gate.tradoc (Postfix) with SMTP id 0C1B7B5CBF
        for <john at tradoc.fr>; Wed, 24 Mar 2004 16:03:21 +0100 (CET)
Received: from 248.112.64.69 by 65.25.8.138; Wed, 24 Mar 2004 19:57:30 +0500
Message-ID: <C[20
Date: Wed, 24 Mar 2004 16:03:21 +0100 (CET)
From: Verna_Quick at aol.com
To: undisclosed-recipients:;
*** HEADER EXTRACTED /var/spool/MailScanner/archive/20040324/0C1B7B5CBF ***
return_receipt: 
errors_to: Verna_Quick at aol.com
*** MESSAGE FILE END /var/spool/MailScanner/archive/20040324/0C1B7B5CBF ***

More information about the MailScanner mailing list