Only a few incoming emails seem to be getting scanned.

Glenn Steen glenn.steen at gmail.com
Thu Sep 28 14:09:06 IST 2006


On 28/09/06, Henry Hollenberg <hgh at rcwm.com> wrote:
> Hey gang,
>
> Installed MailScanner/Spamassasin on a bastion MTA on my DMZ and have been poking around
> looking at what's going on and the first thing I've noticed is that only a few emails
> seem to be getting scanned.
>
> Of course all my test emails are being scanned and are passing.
>
> A few SPAM's are being scanned and are being appropriately scored.
>
> A bunch of SPAM shows no indication that it is being scanned at all.
>
> I have read the mailscanner install pdf and looked thru the FAQ.  I have gone
> thru the /etc/MailScanner/MailScanner.conf several times turning on everything
> I could find that might give some indication that the email/SPAM is being scanned:
>
> Add Envelope From Header = yes
> Sign Messages Already Processed = yes
> Sign Clean Messages = yes
> Mark Unscanned Messages = yes
> Scanned Modify Subject = end
> Spam Modify Subject = yes
> Spam Subject Text = {Spam?}
> High Scoring Spam Modify Subject = yes
> High Scoring Spam Subject Text = {HSpam?}
> Spam Checks = yes
> Use SpamAssassin = yes
> Spam Actions = deliver
> High Scoring Spam Actions = deliver
> Non Spam Actions = deliver
>
> Any ideas why/how incoming email is bypassing mailscanner?
>
> PS: Here is an example of what's getting thru without scanning:
>
> Return-Path: <n.9891.2827336 at xenoglimp.com>
> X-Original-To: speed at rcwm.com
> Delivered-To: speed at rcwm.com
> Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
>      by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
>      for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
> Received: from ip141.hocklente.com (ip141.hocklente.com [209.236.229.141])
>      by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
>      for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
> Date: Wed, 27 Sep 2006 14:51:03 -0500
> From: "Frank Cosley" <admin at xenoglimp.com>
> To: speed at rcwm.com
> Subject: Trip to Hawaii can be yours
> MIME-Version: 1.0
> X-Mailer: qxc v8.3.2.1001.2827336
> Reply-To: r.9891.2827336 at xenoglimp.com
> Message-Id: <20060927063003.yfhdcwztev at xenoglimp.com>
> Content-Type: multipart/alternative;
>      boundary="=_aa6a71c68bf884fc9567370c1d67962c"
>
> This is a MIME encoded message.
>
> --=_aa6a71c68bf884fc9567370c1d67962c
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> No text version was provided
>
> --=_aa6a71c68bf884fc9567370c1d67962c
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"
>
> ===> Bunch of SPAM advertisement deleted <=====
>
>
> THanks hgh.

On bastion.rcwm.com what log entries do you have regarding 471BE161EAE?
Do you employ any header_checks that might remove vital headers, or
make the mails "miss" the HOLD thing?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list