MCP logging action question - bug in 4.41.3-1 or not?

Thu May 19 09:56:21 IST 2005

Found and fixed. Thanks for reporting it.
I'll put out a new beta fairly soon, which will include this fix.

On 19 May 2005, at 07:29, Quentin Campbell wrote:

> Julian
>
> Is there a bug in MCP handling in 4.41.3-1?
>
> I asked in an earlier message why I am _not_ seeing
>
> "...MCP Actions: message j4I9gwgT004139 actions are delete"
>
> records in the log files when I am getting an MCP score of 10 for a
> message and have in MailScanner.conf:
>
> MCP High SpamAssassin Score = 10
> High Scoring MCP Actions = delete
> Always Include MCP Report = yes
> Detailed MCP Report = yes
> Include Scores In MCP Report = yes
> Log MCP = yes
>
> The logs say:
>
> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139
> from
> 128.240.233.53 (xxx at hotmail.com) to maildb.ncl.ac.uk is MCP, MCP-
> Checker
> (score=10, required 1, PROLO_GMCP24 10.00)
>
> Although the logs do not say that MailScanner MCP actions are "delete"
> for this message it is clear that it was not delivered.
>
>
>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>> Sent: 18 May 2005 11:53
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: MCP logging action question
>>
>> On 18 May 2005, at 11:44, Quentin Campbell wrote:
>>
>>
>>>> -----Original Message-----
>>>> From: MailScanner mailing list
>>>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>>> Sent: 18 May 2005 11:03
>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>> Subject: Re: MCP logging action question
>>>>
>>>> On 18 May 2005, at 10:57, Quentin Campbell wrote:
>>>>
>>>>
>>>>
>>>>> Am using MCP facility for first time to deal with "German"
>>>>>
>> spam from
>>
>>>>> Sober.Q worm.
>>>>>
>>>>> In MailScanner.conf have:
>>>>>
>>>>> MCP Checks = yes
>>>>>
>>>>> # Do the spam checks first, or the MCP checks first?
>>>>> # This cannot be the filename of a ruleset, only a fixed value.
>>>>> First Check = mcp
>>>>>
>>>>> # The rest of these options are clones of the equivalent spam
>>>>> options
>>>>> MCP Required SpamAssassin Score = 1
>>>>> MCP High SpamAssassin Score = 10
>>>>> MCP Error Score = 1
>>>>>
>>>>> MCP Header = X-%org-name%-MailScanner-MCPCheck:
>>>>> Non MCP Actions = deliver
>>>>> MCP Actions = deliver
>>>>>
>>>>>
>>>>
>>>> I suspect you mean "delete" and not "deliver".
>>>>
>>>>
>>>
>>> I only want "delete" action if MCP score >= 10. Otherwise deliver. I
>>> thought that is what I have specified?
>>>
>>
>> But what score have you attached to your MCP rule(s)?
>>
>
> The score is 10 on each rules. This was shown in the log extract I
> provided below. This shows that the "Message ... is MCP ..." with a
> score of 10.
>
>
>>
>>
>>>
>>>
>>
>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>> High Scoring MCP Actions = delete
>>>>> Bounce MCP As Attachment = no
>>>>>
>>>>> MCP Modify Subject = yes
>>>>> MCP Subject Text = {MCP?}
>>>>> High Scoring MCP Modify Subject = yes
>>>>> High Scoring MCP Subject Text = {MCP?!}
>>>>>
>>>>> Is Definitely MCP = no
>>>>> Is Definitely Not MCP = no
>>>>> Definite MCP Is High Scoring = no
>>>>> Always Include MCP Report = yes
>>>>> Detailed MCP Report = yes
>>>>> Include Scores In MCP Report = yes
>>>>> Log MCP = yes
>>>>>
>>>>> I am seeing as expected in the logs:
>>>>>
>>>>> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139
>>>>> from
>>>>> 128.240.233.53 (xxx at hotmail.com) to maildb.ncl.ac.uk is MCP, MCP-
>>>>> Checker
>>>>> (score=10, required 1, PROLO_GMCP24 10.00)
>>>>>
>>>>> BUT I am not seeing in the logs the expected
>>>>>
>>>>> ...MCP Actions: message j4I9gwgT004139 actions are delete
>>>>>
>>>>> although the message does not appear to be delivered according to
>>>>> the
>>>>> logs.
>>>>>
>>>>> I am running MS 4.41.3-1.
>>>>>
>>>>> NOTE: I am doing the Sober.Q filtering with MCP rather than normal
>>>>> spam
>>>>> filtering because we whitelist from spam tagging some domains from
>>>>> which
>>>>> the Sober.Q messages apparently originate.
>>>>>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!