Spam Check rule file issues and checking order.

Bob Jones bob.jones at USG.EDU
Fri Apr 1 17:08:13 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Okay, I'm back with more issues.  MailScanner 4.39.6, Solaris 9,
Sendmail 8.12.11, SpamAssassin 3.0.2.  So, after the previous discussion
about what determined when a ruleset would hit to kickoff spam checks,
we're still having problem.

In the previous thread Julian states:

There is a workaround. Currently, when faced with a message with
multiple headers, some of which want spam checks and some of which
don't, it uses the answer for the first recipient. You can change this
so that it uses any of the recipients by editing
/usr/lib/MailScanner/MailScanner/ConfigDefs.pl. Look for the line
starting "SpamChecks". If you look backwards (towards the start of the
file) from there, you will see that it is in the [First,YesNo] section.
Move that line into the [All,YesNo] section, then stop and restart
MailScanner.

We go on to discover that the order depends on the envelope headers, not
the To: header.  So, with the SpamChecks line in ConfigDefs.pl in the
[First,YesNo] section it still doesn't appear to work as described.
Here is what is in our rule file for the Spam Check option:

From:   168.24.85.              no
From:   168.24.129.             no
From:   127.0.0.1               no
To:     ourdesk at usg.edu         no
To:     abuse at usg.edu           no
To:     /nic-(tech|billing|admin)@usg.edu/      no
FromOrTo:       default         yes

So, we telnet to port 25 on the mailserver and manually enter the mail
from and rcpt to lines.  One time with ourdesk at usg.edu entered first,
and one time with glenn.leavell at usg.edu entered first.  Here are the
resulting q* files sendmail generated:

ourdesk then glenn.leavell:

V6
T1112370112
K0
N0
P60076
Fs
$_66-23-211-254.clients.speedfactory.net [66.23.211.254]
$rSMTP
$s1pof.org
${daemon_flags}
${if_addr}168.24.195.10
Sglenn at leavell.com
rRFC822; ourdesk at usg.edu
RPFD:ourdesk at usg.edu
rRFC822; glenn.leavell at usg.edu
RPFD:glenn.leavell at usg.edu
H?P?Return-Path: <<81>g>
H??Received: from 1pof.org (66-23-211-254.clients.speedfactory.net
[66.23.211.254])
         by hermes.bor.usg.edu (8.12.11/8.12.11) with SMTP id
j31FZrk4021592;
         Fri, 1 Apr 2005 10:41:52 -0500 (EST)
H?D?Date: Fri, 1 Apr 2005 10:41:52 -0500 (EST)
H?F?From: glenn at leavell.com
H?M?Message-Id: <200504011541.j31FZrk4021592 at hermes.bor.usg.edu>
H??Subject: mailscanner down: our then glenn


glenn.leavell then ourdesk:

V6
T1112369969
K0
N0
P60076
Fs
$_66-23-211-254.clients.speedfactory.net [66.23.211.254]
$rSMTP
$s1pof.org
${daemon_flags}
${if_addr}168.24.195.10
Sglenn at leavell.com
rRFC822; glenn.leavell at usg.edu
RPFD:glenn.leavell at usg.edu
rRFC822; ourdesk at usg.edu
RPFD:ourdesk at usg.edu
H?P?Return-Path: <<81>g>
H??Received: from 1pof.org (66-23-211-254.clients.speedfactory.net
[66.23.211.254])
         by hermes.bor.usg.edu (8.12.11/8.12.11) with SMTP id
j31FZrk2021592;
         Fri, 1 Apr 2005 10:39:29 -0500 (EST)
H?D?Date: Fri, 1 Apr 2005 10:39:29 -0500 (EST)
H?F?From: glenn at leavell.com
H?M?Message-Id: <200504011539.j31FZrk2021592 at hermes.bor.usg.edu>
H??Subject: mailscanner down: glenn then our

So, if what I undestand Julian to have said to be true, the first
message should not be scanned as the first match is with ourdesk which
matches a rule to not scan and the second one should be scanned as the
first match is with the default rule.  However, in both instances the
message is not scanned.

Now for an even weirder (in my mind at least) issue.  So, we move the
SpamChecks line in ConfigDefs.pl to the [All,YesNo] section.  If we send
a message originating from IP address 168.24.85.103 (which is in the
rules file to not be scanned) to ourdesk at usg.edu (which is also in the
rules file to not be scanned), the message is scanned.  If only one of
those 2 criteria is used, the message is not scanned (correct result),
but with both criteria the message *is* scanned.  Any idea what is going
on with that?

Let me know if you need/want some more details.

Thanks,
Bob

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list