Fetchmail and MailScanner

Tue Jan 25 22:03:48 GMT 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Strange.

I uninstalled MailScanner and reinstalled SpamAssassin..  Made sure the perl
stuff was uptodate.  Reinstalled MailScanner.  It still doesn't run RBL
check.  But it does use the blacklist that I have in
"/etc/MailScanner/rules/spam.blacklist.rules".  see example below.

I have fetchmail setup so that .fetchmailrc is in the root home folder.  All
the user settings for mail servers, username and passwords are in there.
The users all have accounts and mailboxs on the server.  They pop into the
server and pull mail from the mailboxes.  A cron job pulls the emails from
the different servers.

Jan 25 12:38:23 free sendmail[5016]: j0PKc5Ih005016:
from=<bounce-111429-6624239 at youreletters.com>, size=25518, class=0,
nrcpts=1,
msgid=<LYRIS-6624239-111429-2005.01.25-11.24.23--hitme#jehrhart.net at yourelet
ters.com>, proto=SMTP, daemon=MTA, relay=youreletters.com [65.202.132.10]
Jan 25 12:38:28 free MailScanner[4411]: New Batch: Scanning 1 messages,
26062 bytes
Jan 25 12:38:28 free MailScanner[4411]: Spam Checks: Starting
Jan 25 12:38:28 free MailScanner[4411]: Message j0PKc5Ih005016 from
65.202.132.10 (bounce-111429-6624239 at youreletters.com) to jehrhart.net is
spam (blacklisted)
Jan 25 12:38:28 free MailScanner[4411]: Spam Checks: Found 1 spam messages
Jan 25 12:38:28 free MailScanner[4411]: Spam Actions: message j0PKc5Ih005016
actions are forward,spam at jehrhart.net
Jan 25 12:38:28 free MailScanner[4411]: Virus and Content Scanning: Starting
Jan 25 12:38:28 free MailScanner[4411]: Uninfected: Delivered 1 messages

MailScanner is updating CalmAV, running Sendmail (see below), putting
viruses in the quarantine.  It just isn't running the RBLs in MailScanner,
(see below).

Executing /etc/rc.d/init.d/MailScanner start ..

Starting MailScanner daemons:
         incoming sendmail: [  OK  ]
         outgoing sendmail: [  OK  ]
         MailScanner:       [  OK  ]

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org

# This is the list of spam domain blacklists which you are using
# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
# file for more information about what you can put here.
# This can also be the filename of a ruleset.
Spam Domain List = whois.rfc-ignorant.org

----- Original Message -----
From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, January 25, 2005 10:31 AM
Subject: Re: Fetchmail and MailScanner

> You need to tell fetchmail to deliver all the mail it receives to an
> SMTP server called "localhost". This will infect it into sendmail so
> that MailScanner can work on it.
>
> Hmm, but the logs you show below appear to indicate that this is already
> happening. Is it just the virus scan that is failing to detect anything?
> The "forward" would send the original untouched message to the address
> given, without any changes.
>
> This may all come down to nothing more than me not explaining
> sufficiently what the "forward" action does.
>
> Jay Ehrhart wrote:
>
> >Thank you.  I should have included more detail in my question, sorry.
> >My setting is Use SpamAssassin = yes
> >I am not using procmail.  Sendmail is set to not start at startup so
> >MailScanner call call it.  SpamAssassin is not running excepted when
called
> >by MailScanner.
> >I do have MailScanner entries in the log file.
> >
> >I have another mail gateway server that I have been running for about 3
> >years on Red Hat using MailScanner.  I set the new box up the same way
> >except for the fetchmail.  In fact I copied the MailScanner.conf file
over
> >and used it except for the domain name changes in the file.  It works
> >correctly and shows the emails being blocked by the RBLs.  Here is an
> >example:
> >Jan 25 09:50:28 free MailScanner[29146]: RBL checks: j0PHoO9A025227 found
in
> >SBL+XBL
> >
> >The mail server using fetchmail does have MailScanner entries, example,
> >Jan 25 09:48:04 free sendmail[28874]: j0PHm4Nj028874:
> >from=<mbfup at centrapoint.com>, size=2320, class=0, nrcpts=1,
> >msgid=<200501251742.j0PHgQx3023954 at mtac3.prodigy.net>, proto=ESMTP,
> >daemon=MTA, relay=localhost.localdomain [127.0.0.1]
> >Jan 25 09:48:05 free MailScanner[27108]: New Batch: Scanning 1 messages,
> >2838 bytes
> >Jan 25 09:48:05 free MailScanner[27108]: Spam Checks: Starting
> >Jan 25 09:48:06 free MailScanner[27108]: Message j0PHm4Nj028874 from
> >127.0.0.1 (mbfup at centrapoint.com) to localhost is spam, SpamAssassin
> >(score=8.467, required 5, FORGED_RCVD_HELO 0.05, MIME_BOUND_DD_DIGITS
4.23,
> >MSGID_FROM_MTA_HEADER 0.00, X_MESSAGE_INFO 4.19)
> >Jan 25 09:48:06 free MailScanner[27108]: Spam Checks: Found 1 spam
messages
> >Jan 25 09:48:06 free MailScanner[27108]: Spam Actions: message
> >j0PHm4Nj028874 actions are forward,spam at jehrhart.net
> >Jan 25 09:48:06 free MailScanner[27108]: Virus and Content Scanning:
> >Starting
> >Jan 25 09:48:07 free MailScanner[27108]: Uninfected: Delivered 1 messages
> >Jan 25 09:48:07 free sendmail[28889]: j0PHm4Nj028874:
> >to=<spam at jehrhart.net>, delay=00:00:03, xdelay=00:00:00, mailer=local,
> >pri=122320, dsn=2.0.0, stat=Sent
> >
> >Any suggests on how to see where it is failing?
> >Thanks
> >
> >----- Original Message -----
> >From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Tuesday, January 25, 2005 8:11 AM
> >Subject: Re: Fetchmail and MailScanner
> >
> >
> >
> >
> >>Sounds like you are running SpamAssassin with procmail and spamc/spamd.
> >>You can stop all of that (shutdown the SpamAssassin processes
> >>altogether) and get your system up and running so that fetchmail is
> >>collecting your mail and delivering it normally, without any
> >>SpamAssassin involved at all.
> >>
> >>Once that is working happily, shutdown down the sendmail service and
> >>only then enable MailScanner. The MailScanner init.d script will start
> >>up the copies of sendmail that it needs in exactly the right way. All
> >>you then need to do to enable SpamAssassin is set "Use SpamAssassin =
> >>yes" in MailScanner.conf and restart MailScanner. You do not want to be
> >>running the spamassassin "service" (i.e. spamd+spamc) or the sendmail
> >>"service" as MailScanner will look after that for you.
> >>
> >>Once MailScanner is processing your mail, you will see MailScanner
> >>headers appearing in all your messages, whether they are spam or not.
> >>
> >>
> >>yoloits wrote:
> >>
> >>
> >>
> >>>I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail.
> >>>Fetchmail brings in all the email.  SpamAssassin 3.0.2 works fine on
the
> >>>email.  In MailScanner I use RBLs.  If it is on a blacklist I just want
> >>>
> >>>
> >to
> >
> >
> >>>drop it.  But MailScanner is not running the blacklist agains the
emails.
> >>>
> >>>
> >I
> >
> >
> >>>have no RBL checks in my log files.  SpamAssassin has emails scored
with
> >>>
> >>>
> >SBL
> >
> >
> >>>and dsbl so I know I have email that should have been dropped by the
> >>>
> >>>
> >RBLs.
> >
> >
> >>>Because of SA scoring some SPAM gets through that could have been
dropped
> >>>with the RBLs.  The config is:
> >>>
> >>>Log Spam = yes
> >>>Spam Checks = yes
> >>>Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org
> >>>Spam Lists To Reach High Score = 1
> >>>Spam List Timeout = 10
> >>>Max Spam List Timeouts = 7
> >>>
> >>>Can I get MailScanner to process fetchmail or do I have a setup problem
> >>>
> >>>
> >on
> >
> >
> >>>my server?
> >>>
> >>>Thanks in advance
> >>>Jay
> >>>
> >>>------------------------ MailScanner list ------------------------
> >>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>'leave mailscanner' in the body of the email.
> >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>
> >>>Support MailScanner development - buy the book off the website!
> >>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>Buy the MailScanner book at www.MailScanner.info/store
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
> >
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!