Only a few incoming emails seem to be getting scanned.

Thu Sep 28 13:40:46 IST 2006

Henry Hollenberg wrote:
> Hey gang,
> 
> Installed MailScanner/Spamassasin on a bastion MTA on my DMZ and have 
> been poking around
> looking at what's going on and the first thing I've noticed is that only 
> a few emails
> seem to be getting scanned.
> 
> Of course all my test emails are being scanned and are passing.
> 
> A few SPAM's are being scanned and are being appropriately scored.
> 
> A bunch of SPAM shows no indication that it is being scanned at all.
> 
> I have read the mailscanner install pdf and looked thru the FAQ.  I have 
> gone
> thru the /etc/MailScanner/MailScanner.conf several times turning on 
> everything
> I could find that might give some indication that the email/SPAM is 
> being scanned:
> 
> Add Envelope From Header = yes
> Sign Messages Already Processed = yes
> Sign Clean Messages = yes
> Mark Unscanned Messages = yes
> Scanned Modify Subject = end
> Spam Modify Subject = yes
> Spam Subject Text = {Spam?}
> High Scoring Spam Modify Subject = yes
> High Scoring Spam Subject Text = {HSpam?}
> Spam Checks = yes
> Use SpamAssassin = yes
> Spam Actions = deliver
> High Scoring Spam Actions = deliver
> Non Spam Actions = deliver
> 
> Any ideas why/how incoming email is bypassing mailscanner?
> 
> PS: Here is an example of what's getting thru without scanning:
> 
> Return-Path: <n.9891.2827336 at xenoglimp.com>
> X-Original-To: speed at rcwm.com
> Delivered-To: speed at rcwm.com
> Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
>     by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
> Received: from ip141.hocklente.com (ip141.hocklente.com [209.236.229.141])
>     by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
> Date: Wed, 27 Sep 2006 14:51:03 -0500
> From: "Frank Cosley" <admin at xenoglimp.com>
> To: speed at rcwm.com
> Subject: Trip to Hawaii can be yours
> MIME-Version: 1.0
> X-Mailer: qxc v8.3.2.1001.2827336
> Reply-To: r.9891.2827336 at xenoglimp.com
> Message-Id: <20060927063003.yfhdcwztev at xenoglimp.com>
> Content-Type: multipart/alternative;
>     boundary="=_aa6a71c68bf884fc9567370c1d67962c"
> 
> This is a MIME encoded message.
> 
> --=_aa6a71c68bf884fc9567370c1d67962c
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> 
> No text version was provided
> 
> --=_aa6a71c68bf884fc9567370c1d67962c
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"
> 
> ===> Bunch of SPAM advertisement deleted <=====
> 
> 
> THanks hgh.
> 
Have you checked that all the appropriate stuff in postfix has been done...

-- 
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************