Only a few incoming emails seem to be getting scanned.

Henry Hollenberg hgh at rcwm.com
Fri Sep 29 04:41:17 IST 2006 

Martin Hepworth wrote:
> Henry Hollenberg wrote:
> 
>> Hey gang,
>>
>> Installed MailScanner/Spamassasin on a bastion MTA on my DMZ and have 
>> been poking around
>> looking at what's going on and the first thing I've noticed is that 
>> only a few emails
>> seem to be getting scanned.
>>
>> Of course all my test emails are being scanned and are passing.
>>
>> A few SPAM's are being scanned and are being appropriately scored.
>>
>> A bunch of SPAM shows no indication that it is being scanned at all.
>>
>> I have read the mailscanner install pdf and looked thru the FAQ.  I 
>> have gone
>> thru the /etc/MailScanner/MailScanner.conf several times turning on 
>> everything
>> I could find that might give some indication that the email/SPAM is 
>> being scanned:
>>
>> Add Envelope From Header = yes
>> Sign Messages Already Processed = yes
>> Sign Clean Messages = yes
>> Mark Unscanned Messages = yes
>> Scanned Modify Subject = end
>> Spam Modify Subject = yes
>> Spam Subject Text = {Spam?}
>> High Scoring Spam Modify Subject = yes
>> High Scoring Spam Subject Text = {HSpam?}
>> Spam Checks = yes
>> Use SpamAssassin = yes
>> Spam Actions = deliver
>> High Scoring Spam Actions = deliver
>> Non Spam Actions = deliver
>>
>> Any ideas why/how incoming email is bypassing mailscanner?
>>
>> PS: Here is an example of what's getting thru without scanning:
>>
>> Return-Path: <n.9891.2827336 at xenoglimp.com>
>> X-Original-To: speed at rcwm.com
>> Delivered-To: speed at rcwm.com
>> Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
>>     by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
>>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
>> Received: from ip141.hocklente.com (ip141.hocklente.com 
>> [209.236.229.141])
>>     by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
>>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
>> Date: Wed, 27 Sep 2006 14:51:03 -0500
>> From: "Frank Cosley" <admin at xenoglimp.com>
>> To: speed at rcwm.com
>> Subject: Trip to Hawaii can be yours
>> MIME-Version: 1.0
>> X-Mailer: qxc v8.3.2.1001.2827336
>> Reply-To: r.9891.2827336 at xenoglimp.com
>> Message-Id: <20060927063003.yfhdcwztev at xenoglimp.com>
>> Content-Type: multipart/alternative;
>>     boundary="=_aa6a71c68bf884fc9567370c1d67962c"
>>
>> This is a MIME encoded message.
>>
>> --=_aa6a71c68bf884fc9567370c1d67962c
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: 7bit
>>
>> No text version was provided
>>
>> --=_aa6a71c68bf884fc9567370c1d67962c
>> Content-Type: text/html; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"
>>
>> ===> Bunch of SPAM advertisement deleted <=====
>>
>>
>> THanks hgh.
>>
> Have you checked that all the appropriate stuff in postfix has been done...
> 

I've had postfix set up and working for several years and it's been delivering the
email all too well.  Ever increasing amounts of SPAM.  I held off on MailScanner
and SpamAssasin until now as I dreaded digging into the complexity of it....but
the SPAM has gotten so bad.....

I was up to 300 a day and implemented RBL's in postfix which knocked it down
to about 30 - 40 a day....but now it's back up to about 200 a day even with
the RBL's.  MailScanner seems to have cut that about in half to just under
100.  I'm hoping the Baysian filters will cut it a good bit more.  Also
not sure dcc is functioning correctly.....I'm still sorting thru it.

What I had hoped to do was get each message tagged with some information
so that I could work out what was working and what was broken and maybe
some clue about how to fix it....

hgh.

-- 
Henry Hollenberg
hgh at rcwm.com

More information about the MailScanner mailing list