Problem with MailScanner, postfix and corrupt mails

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 16 14:00:08 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steen, Glenn wrote:

>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: den 16 mars 2005 12:27
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Problem with MailScanner, postfix and corrupt mails
>>
>>
>>Steen, Glenn wrote:
>>
>>
>>
>>>Got one friday... They're extremely rare it seems.
>>>
>>>I noticed something a bit curious about it in the logs:
>>><normal hold headers not included>
>>>Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC:
>>>message-id=<522842524315.TIN93887@
>>>Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning
>>>
>>>
>>1 messages,
>>
>>
>>>9167 bytes
>>>Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from
>>>82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49]
>>>Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam
>>>messages
>>>Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning:
>>>Starting
>>>Mar 11 19:25:29 mail MailScanner[5361]: Requeue:  to A1CE723DDB
>>>Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB:
>>>from=<exqnclufhgenp at freemessage.com>, size=18870, nrcpt=1
>>>
>>>
>>(queue active)
>>
>>
>>>Mar 11 19:25:29 mail MailScanner[5361]: Uninfected:
>>>
>>>
>>Delivered 1 messages
>>
>>
>>>Mar 11 19:25:29 mail MailScanner[5361]: Logging message
>>>
>>>
>>B551923DCC.D5385
>>
>>
>>>to SQL
>>>
>>>Note the message ID. Perhaps doesn't matter(?).
>>>
>>>
>>>
>>>
>>The D5385 on the end is intentional. Postfix re-uses its queue numbers
>>too quickly, so I have to force them to be unique for processing and
>>quarantine purposes. Everyone else just ensures that their
>>queue numbers
>>really are unique, but not Wietse of course....
>>
>>
>>
>>>Since it is a spam message, I've got both the mangled
>>>
>>>
>>A1CE723DDB and the
>>
>>
>>>nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the
>>>SQL/MailWatch logentry for it. If you want it Jules, you can have it
>>>(off
>>>list).
>>>
>>>
>>>
>>>
>>Yes, please send it. It will probably look like the others, but I will
>>check anyway.
>>
>>
>
>Did you get them OK? Any immediate reflections?
>
>
See my posting of about 12:14 or so.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list