Deleting spam per user.

Ken Goods KGoods at AIAINSURANCE.COM
Tue Jan 4 00:48:59 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

OK... I know this has been discussed and I realize why it's a bad idea,
but... the one who pays the bills does not want *any* emails marked as spam
delivered to him. I started by creating a rule in outlook to move
spam-identified emails directly to his deleted items folder and this was ok
for here in the office but it doesn't work well using OWA. so....

I created a spam.routing.rules file in %rules-dir% and in it have these
lines:

To:     BigBoss at ourdomain.com   delete
To:     default deliver (<tabs> between fields)

Then I edited MailScanner.conf and set both:
Spam Actions = %rules-dir%/spam.routing.rules
and
High Scoring Spam Actions = %rules-dir%/spam.routing.rules

So far so good? I actually used my email address for testing. Then I sent a
couple GTUBEs from another domain I administer and it seems like this works
fine but I don't see the spam being dropped in the maillog. Is this normal?

Here is an example from maillog of a normal delivery...

[root at gw-mail log]# grep j03NgrB0012060 maillog
Jan  3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060:
from=<users-return-21610-munged=aiainsurance.com at spamassassin.apache.org>,
size=3180, class=-60, nrcpts=1, msgid=<954817450.20050103154851 at surbl.org>,
proto=SMTP, daemon=MTA, relay=hermes.apache.org [209.237.227.199]
Jan  3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060:
to=<munged at aiainsurance.com>, delay=00:00:00, mailer=esmtp, pri=139626,
stat=queued
Jan  3 15:43:12 gw-mail sendmail[12086]: j03NgrB0012060:
to=<munged at aiainsurance.com>, delay=00:00:19, xdelay=00:00:01, mailer=esmtp,
pri=229626, relay=mail.aiainsurance.com. [66.236.7.2], dsn=2.0.0, stat=Sent
(OK)

And one with the GTUBE included and email address matching the above rule.

[root at gw-mail log]# grep j03NgpB0012059 maillog
Jan  3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059:
from=<munged at onlinebizhelp.com>, size=3025, class=0, nrcpts=1,
msgid=<002301c4f1ec$8b6deef0$6500000a at HP1>, proto=ESMTP, daemon=MTA,
relay=67.108.38.13.ptr.us.xo.net [67.108.38.13]
Jan  3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059:
to=<munged at aiainsurance.com>, delay=00:00:00, mailer=esmtp, pri=30623,
stat=queued

It's hard to track the transition between sendmail and MailScanner because I
don't see a common identifier, but I normally see "New Batch Found X
messages waiting", "New Batch: Scanning 1 messages, XXXX bytes", Spam
Checks: Found 1 spam messages", etc.... and nothing looked out of the
ordinary there. But it seems that the second example above just
disappears... there is no maillog entry showing what MailScanner has done
with the message. The last thing I see (that I can track) is that it's
"stat=queued". It's very possible (and probable) that it is the next "Spam
Checks: Found 1 spam message" but I can't tell for sure. It doesn't get
delivered but I'd like to see what happened to it. Am I looking in the wrong
log? Do I need to turn up logging somewhere?

Also I've never seen this mentioned anywhere... are rules case sensitive? In
other words is "BigBoss at ourdoamin.com" equal to "bigboss at ourdomain.com" or
would every combination need to be supplied? I know it wouldn't make sense
but since this is the bosses account I want to be perfectly clear. :)

Config... MailScanner 4.33.3, Sendmail 8.12.?, Spamassassin 3.0000, ClamAV
(latest?)

Thanks in advance to any and all insights and Happy New Year to all! And a
special thanks to Julian for an outstanding piece of genius software... and
for making my job a little easier!

Kind regards,
Ken

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list