4.34.8 MCP bugs

Tue Oct 12 10:39:25 IST 2004

No thoughts on these anyone?

Related to #2 below, if the the MCP SpamAssassin times out, the email is
quarantined as MCP!

Oct 11 14:05:37 cheetah MailScanner[21950]: Message i9BI347P027207 from
207.250.170.169 (electionshirt at zippedemail.com) to jasper.k12.ga.us is MCP,
MCP-Checker (MCP timed out)

[root at cheetah mcp]# pwd
/var/spool/MailScanner/quarantine/20041011/mcp
[root at cheetah mcp]# ls i9BI347P027207
i9BI347P027207

Have thes bugs been fixed in beta releases?  They seem non-minor as I've had to
stop using MCP.

Quoting Jason Kau <jkau at jasper.k12.ga.us>:
> A few MCP-related bugs I've noticed in 4.34.8 on my server (RHEL 3 AS on Dell
> PowerEdge 2500):
>
> 1) MCP messages are quaratined with incorrect ownership of the individual
> message files (but directories have correct ownership).  My MailScanner.conf
> says:
>
> Quaratine User = apache
> Quarantine Group = apache
> Quarantine Permissions = 0660
>
> Individual MCP message files are quarantined owned by root:root:
>
> [root at cheetah mcp]# pwd
> /var/spool/MailScanner/quarantine/20041011/mcp
> [root at cheetah mcp]# ls -al
> total 20
> drwxrwx---    2 apache   apache       4096 Oct 11 01:25 .
> drwxrwx---    3 apache   apache       4096 Oct 11 01:14 ..
> -rw-rw----    1 root     root          882 Oct 11 01:14 i9B5DhuS026130
> -rw-rw----    1 root     root         1720 Oct 11 01:25 i9B5OqOs026471
> -rw-rw----    1 root     root          882 Oct 11 01:58 i9B5vNM3027985
> [root at cheetah mcp]#
>
> But individual spam message files are quarantined with the correct ownership:
>
> [root at cheetah spam]# pwd
> /var/spool/MailScanner/quarantine/20041011/spam
> [root at cheetah spam]# ls -al
> total 68
> drwxrwx---    2 apache   apache       4096 Oct 11 01:47 .
> drwxrwx---    4 apache   apache       4096 Oct 11 01:47 ..
> -rw-rw----    1 apache   apache      38752 Oct 11 01:56 i9B5uUUf027938
> -rw-rw----    1 apache   apache       6971 Oct 11 01:58 i9B5vJtF027982
> -rw-rw----    1 apache   apache       2094 Oct 11 01:58 i9B5vSS7027989
> -rw-rw----    1 apache   apache       2108 Oct 11 01:58 i9B5vSS8027989
> -rw-rw----    1 apache   apache       2094 Oct 11 01:58 i9B5vSS9027989
>
> [root at cheetah spam]#
>
> 2) If an email is marked as spam, it is also always logged in syslog as MCP:
>
> For example, here's an email that is certainly not matching my MCP rules but
> MailScanner says it's an MCP message:
>
> Oct 11 02:05:47 cheetah MailScanner[28508]: Message i9B65FSe028510 from
> 63.251.59.120 (money_finders.bfb at reply.ic10.com) to jasper.k12.ga.us is spam,
> SBL+XBL, NJABL, SpamAssassin (score=5.1, required 3, CLICK_BELOW 0.10,
> HTML_30_40 0.89, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.10,
> SARE_HTML_FONT_INVIS2 0.64, SARE_HTML_NO_BODY1 1.03, SARE_MONEYTERMS 0.68,
> UNCLAIMED_MONEY 1.64)
> Oct 11 02:05:47 cheetah MailScanner[28508]: Spam Checks: Found 1 spam
> messages
> Oct 11 02:05:48 cheetah MailScanner[28508]: Spam Actions: message
> i9B65FSe028510
> actions are alerts at localhost,forward
> Oct 11 02:05:48 cheetah MailScanner[28508]: MCP Checks: Starting
> Oct 11 02:05:48 cheetah MailScanner[28508]: MCP Checks: Found 1 MCP messages
> Oct 11 02:05:48 cheetah MailScanner[28508]: Virus and Content Scanning:
> Starting
> Oct 11 02:05:48 cheetah MailScanner[28508]: Content Checks: Detected and will
> disarm HTML message in i9B65FSe028510
> Oct 11 02:05:49 cheetah MailScanner[28508]: Uninfected: Delivered 1 messages
>
> Thank you for MailScanner.  Very nice.
>
> --
> Jason Kau
> Consultant
> Jasper County Schools
> Monticello, GA
>

--
Jason Kau
Consultant
Jasper County Schools
Monticello, GA

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).