Only a few incoming emails seem to be getting scanned.

Henry Hollenberg hgh at rcwm.com
Thu Sep 28 13:19:49 IST 2006 

Hey gang,

Installed MailScanner/Spamassasin on a bastion MTA on my DMZ and have been poking around
looking at what's going on and the first thing I've noticed is that only a few emails
seem to be getting scanned.

Of course all my test emails are being scanned and are passing.

A few SPAM's are being scanned and are being appropriately scored.

A bunch of SPAM shows no indication that it is being scanned at all.

I have read the mailscanner install pdf and looked thru the FAQ.  I have gone
thru the /etc/MailScanner/MailScanner.conf several times turning on everything
I could find that might give some indication that the email/SPAM is being scanned:

Add Envelope From Header = yes
Sign Messages Already Processed = yes
Sign Clean Messages = yes
Mark Unscanned Messages = yes
Scanned Modify Subject = end
Spam Modify Subject = yes
Spam Subject Text = {Spam?}
High Scoring Spam Modify Subject = yes
High Scoring Spam Subject Text = {HSpam?}
Spam Checks = yes
Use SpamAssassin = yes
Spam Actions = deliver
High Scoring Spam Actions = deliver
Non Spam Actions = deliver

Any ideas why/how incoming email is bypassing mailscanner?

PS: Here is an example of what's getting thru without scanning:

Return-Path: <n.9891.2827336 at xenoglimp.com>
X-Original-To: speed at rcwm.com
Delivered-To: speed at rcwm.com
Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
     by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
Received: from ip141.hocklente.com (ip141.hocklente.com [209.236.229.141])
     by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
Date: Wed, 27 Sep 2006 14:51:03 -0500
From: "Frank Cosley" <admin at xenoglimp.com>
To: speed at rcwm.com
Subject: Trip to Hawaii can be yours
MIME-Version: 1.0
X-Mailer: qxc v8.3.2.1001.2827336
Reply-To: r.9891.2827336 at xenoglimp.com
Message-Id: <20060927063003.yfhdcwztev at xenoglimp.com>
Content-Type: multipart/alternative;
     boundary="=_aa6a71c68bf884fc9567370c1d67962c"

This is a MIME encoded message.

--=_aa6a71c68bf884fc9567370c1d67962c
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

No text version was provided

--=_aa6a71c68bf884fc9567370c1d67962c
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"

===> Bunch of SPAM advertisement deleted <=====


THanks hgh.

-- 
Henry Hollenberg
hgh at rcwm.com

More information about the MailScanner mailing list