two messages repeatedly processed
David Vosburgh
vosburgh at dalsemi.com
Mon Oct 30 18:35:53 GMT 2006
I have three inbound mail servers with equal weighted MX values, all
running MS/SA/DCC/Razor/RDJ/milter-greylist/ImageInfo on CentOS 4.4
using sendmail 8.13. The last of these three servers was upgraded about
30 days ago, and all have been running great since then. After getting
in this morning (but prior to coffee), I checked out the Vispan web page
on each server and noticed that one server had stats much different than
the others. To make a long story shorter, there were two messages in
mqueue.in that appear to have been processed 1651 and 548 times (but not
delivered) during a three hour stretch until I moved them out of the
inbound queue. Here's what was showing up in the maillog for one of the
messages:
Oct 30 06:49:27 xxxxxxx milter-greylist: k9UCnMVr023712: addr
209.151.239.125 from <xxx at yyy.zzz.com> rcpt <xxx.yyy at dalsemi.com>:
autowhitelisted for more 768:00:00
Oct 30 06:49:28 xxxxxxx sendmail[23712]: k9UCnMVr023712:
from=<xxx at yyy.zzz.com>, size=5206, class=0, nrcpts=1,
msgid=<20061030125050.22896.qmail at bounce.devicelink.com>, proto=SMTP,
daemon=MTA, relay=aaa.bbb.com [lll.mmm.nnn.ppp]
Oct 30 06:49:28 xxxxxxxx sendmail[23712]: k9UCnMVr023712: Milter add:
header: X-Greylist: IP, sender and recipient auto-whitelisted, not
delayed by milter-greylist-2.0.2 (xxxxxxxx.dalsemi.com [aaa.bbb.ccc.ddd]);
Mon, 30 Oct 2006 06:49:28 -0600 (CST) Oct 30 06:49:28 xxxxxxx
sendmail[23712]: k9UCnMVr023712: to=<xxx.yyy at dalsemi.com>,
delay=00:00:01, mailer=smtp, pri=35206, stat=queued
Oct 30 06:49:45 xxxxxxxx MailScanner[23751]: Content Checks: Detected
and have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
Oct 30 06:49:50 xxxxxxxx MailScanner[23790]: SpamAssassin cache hit for
message k9UCnMVr023712
Oct 30 06:49:56 xxxxxxxx MailScanner[23790]: Content Checks: Detected
and have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
Oct 30 06:49:57 carlsbad MailScanner[23856]: SpamAssassin cache hit for
message k9UCnMVr023712
Oct 30 06:50:01 carlsbad MailScanner[23856]: Content Checks: Detected
and have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
After about 30 minutes of this, it changed to (caused by SA cache purge?):
Oct 30 07:19:47 xxxxxxxx MailScanner[412]: Content Checks: Detected and
have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
Oct 30 07:19:52 xxxxxxxx MailScanner[365]: Message k9UCnMVr023712 from
209.151.239.125 (xxx at yyy.zzz.com) to dalsemi.com is spam, SpamAssassin
(not cached, score=4.354, required 4, AWL -0.36, BAYES_20 -0.74,
EXCUSE_REMOVE 0.11, HTML_IMAGE_ONLY_28 1.90, HTML_IMAGE_RATIO_02 0.46,
HTML_MESSAGE 0.00, HTML_TITLE_UNTITLED 0.51, MAILTO_TO_REMOVE 0.38,
SARE_HEAD_HDR_XBBOUNC 0.88, SARE_UNSUB24 1.21)
Oct 30 07:19:52 xxxxxxxx MailScanner[365]: Spam Actions: message
k9UCnMVr023712 actions are store,deliver
Oct 30 07:19:57 xxxxxxxx MailScanner[365]: Content Checks: Detected and
have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
Oct 30 07:20:03 xxxxxxxx MailScanner[486]: SpamAssassin cache hit for
message k9UCnMVr023712
Oct 30 07:20:03 xxxxxxx MailScanner[486]: Message k9UCnMVr023712 from
aaa.bbb.ccc.ddd (xxx at yyy.zzz.com) to dalsemi.com is spam, SpamAssassin
(cached, score=4.354, required 4, AWL -0.36, BAYES_20 -0.74,
EXCUSE_REMOVE 0.11, HTML_IMAGE_ONLY_28 1.90, HTML_IMAGE_RATIO_02 0.46,
HTML_MESSAGE 0.00, HTML_TITLE_UNTITLED 0.51, MAILTO_TO_REMOVE 0.38,
SARE_HEAD_HDR_XBBOUNC 0.88, SARE_UNSUB24 1.21)
Oct 30 07:20:03 xxxxxxxx MailScanner[486]: Spam Actions: message
k9UCnMVr023712 actions are store,deliver
Oct 30 07:20:09 xxxxxxxx MailScanner[486]: Content Checks: Detected and
have disarmed web bug tags in HTML message in k9UCnMVr023712 from
xxx at yyy.zzz.com
Oct 30 07:20:10 xxxxxxxx MailScanner[558]: SpamAssassin cache hit for
message k9UCnMVr023712
Oct 30 07:20:10 xxxxxxxx MailScanner[558]: Message k9UCnMVr023712 from
209.151.239.125 (xxx at yyy.zzz.com) to dalsemi.com is spam, SpamAssassin
(cached, score=4.354, required 4, AWL -0.36, BAYES_20 -0.74,
EXCUSE_REMOVE 0.11, HTML_IMAGE_ONLY_28 1.90, HTML_IMAGE_RATIO_02 0.46,
HTML_MESSAGE 0.00, HTML_TITLE_UNTITLED 0.51, MAILTO_TO_REMOVE 0.38,
SARE_HEAD_HDR_XBBOUNC 0.88, SARE_UNSUB24 1.21)
Oct 30 07:20:10 xxxxxxxx MailScanner[558]: Spam Actions: message
k9UCnMVr023712 actions are store,deliver
It proceeded with these messages for several more hours until I moved
the message out of the inbound queue. I still have the two message if
that helps. Should I just put one of the messages back in the queue and
run MS in debug mode to see what's happening?
Here's the MailScanner version info:
# MailScanner -V
Running on
Linux xxxx.yyyy.com 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006
i686 i686 i386 GNU/Linux
This is CentOS release 4.4 (Final)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.55.10
Module versions are:
1.00 AnyDBM_File
1.14 Archive::Zip
1.03 Carp
1.119 Convert::BinHex
1.00 DirHandle
1.05 Fcntl
2.73 File::Basename
2.08 File::Copy
2.01 FileHandle
1.06 File::Path
0.14 File::Temp
0.90 Filesys::Df
1.35 HTML::Entities
3.54 HTML::Parser
2.37 HTML::TokeParser
1.21 IO
1.10 IO::File
1.123 IO::Pipe
1.71 Mail::Header
3.05 MIME::Base64
5.420 MIME::Decoder
5.420 MIME::Decoder::UU
5.420 MIME::Head
5.420 MIME::Parser
3.03 MIME::QuotedPrint
5.420 MIME::Tools
0.10 Net::CIDR
1.08 POSIX
1.77 Socket
1.4 Sys::Hostname::Long
0.17 Sys::Syslog
1.86 Time::HiRes
1.02 Time::localtime
Optional module versions are:
0.17 Convert::TNEF
1.814 DB_File
1.12 DBD::SQLite
1.50 DBI
1.15 Digest
1.01 Digest::HMAC
2.36 Digest::MD5
2.10 Digest::SHA1
0.44 Inline
0.17 Mail::ClamAV
3.001004 Mail::SpamAssassin
1.999001 Mail::SPF::Query
0.20 Net::CIDR::Lite
1.25 Net::IP
0.57 Net::DNS
0.31 Net::LDAP
1.94 Parse::RecDescent
missing SAVI
2.56 Test::Harness
0.47 Test::Simple
1.95 Text::Balanced
1.35 URI
More information about the MailScanner
mailing list