Only a few incoming emails seem to be getting scanned. {Scanned}

Fri Sep 29 05:41:33 IST 2006

Martin Hepworth wrote:
> Henry Hollenberg wrote:
> 
>> Hey gang,
>>
>> Installed MailScanner/Spamassasin on a bastion MTA on my DMZ and have 
>> been poking around
>> looking at what's going on and the first thing I've noticed is that 
>> only a few emails
>> seem to be getting scanned.
>>
>> Of course all my test emails are being scanned and are passing.
>>
>> A few SPAM's are being scanned and are being appropriately scored.
>>
>> A bunch of SPAM shows no indication that it is being scanned at all.
>>
>> I have read the mailscanner install pdf and looked thru the FAQ.  I 
>> have gone
>> thru the /etc/MailScanner/MailScanner.conf several times turning on 
>> everything
>> I could find that might give some indication that the email/SPAM is 
>> being scanned:
>>
>> Add Envelope From Header = yes
>> Sign Messages Already Processed = yes
>> Sign Clean Messages = yes
>> Mark Unscanned Messages = yes
>> Scanned Modify Subject = end
>> Spam Modify Subject = yes
>> Spam Subject Text = {Spam?}
>> High Scoring Spam Modify Subject = yes
>> High Scoring Spam Subject Text = {HSpam?}
>> Spam Checks = yes
>> Use SpamAssassin = yes
>> Spam Actions = deliver
>> High Scoring Spam Actions = deliver
>> Non Spam Actions = deliver
>>
>> Any ideas why/how incoming email is bypassing mailscanner?
>>
>> PS: Here is an example of what's getting thru without scanning:
>>
>> Return-Path: <n.9891.2827336 at xenoglimp.com>
>> X-Original-To: speed at rcwm.com
>> Delivered-To: speed at rcwm.com
>> Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
>>     by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
>>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
>> Received: from ip141.hocklente.com (ip141.hocklente.com 
>> [209.236.229.141])
>>     by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
>>     for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
>> Date: Wed, 27 Sep 2006 14:51:03 -0500
>> From: "Frank Cosley" <admin at xenoglimp.com>
>> To: speed at rcwm.com
>> Subject: Trip to Hawaii can be yours
>> MIME-Version: 1.0
>> X-Mailer: qxc v8.3.2.1001.2827336
>> Reply-To: r.9891.2827336 at xenoglimp.com
>> Message-Id: <20060927063003.yfhdcwztev at xenoglimp.com>
>> Content-Type: multipart/alternative;
>>     boundary="=_aa6a71c68bf884fc9567370c1d67962c"
>>
>> This is a MIME encoded message.
>>
>> --=_aa6a71c68bf884fc9567370c1d67962c
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: 7bit
>>
>> No text version was provided
>>
>> --=_aa6a71c68bf884fc9567370c1d67962c
>> Content-Type: text/html; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"
>>
>> ===> Bunch of SPAM advertisement deleted <=====
>>
>>
>> THanks hgh.
>>
> Have you checked that all the appropriate stuff in postfix has been done...
> 

Ooops!, you were right.  I skipped the postfix steps somehow....
I've done them and restarted postfix and mailscanner.....now let's
see how it goes....

FYI, don't test your boomerang email messages against a MTA that's already set
up with MailScanner, it's easy to confuse their MailScanner entries for your own...
hgh.

-- 
Henry Hollenberg
hgh at rcwm.com

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.