Only a few incoming emails seem to be getting scanned.
Glenn Steen
glenn.steen at gmail.com
Fri Sep 29 08:56:43 IST 2006
On 29/09/06, Henry Hollenberg <hgh at rcwm.com> wrote:
> Glenn Steen wrote:
(snip)
> >> Received: from bastion.rcwm.com (bastion.rcwm.com [10.1.2.1])
> >> by mail.rcwm.com (Postfix) with ESMTP id 3C8E8BCB0
> >> for <speed at rcwm.com>; Wed, 27 Sep 2006 14:53:08 -0500 (CDT)
> >> Received: from ip141.hocklente.com (ip141.hocklente.com
> >> [209.236.229.141])
> >> by bastion.rcwm.com (Postfix) with SMTP id 471BE161EAE
> >> for <speed at rcwm.com>; Wed, 27 Sep 2006 14:52:45 -0500 (CDT)
(snip)
> > On bastion.rcwm.com what log entries do you have regarding 471BE161EAE?
> > Do you employ any header_checks that might remove vital headers, or
> > make the mails "miss" the HOLD thing?
> >
>
> Sep 27 14:52:42 bastion postfix/smtpd[29999]: connect from ip141.hocklente.com[209.236.229.141]
> Sep 27 14:52:58 bastion postfix/smtpd[29999]: 471BE161EAE: client=ip141.hocklente.com[209.236.229.141]
> Sep 27 14:53:06 bastion postfix/cleanup[30001]: 471BE161EAE: message-id=<20060927063003.yfhdcwztev at xenoglimp.com>
> Sep 27 14:53:08 bastion postfix/qmgr[25191]: 471BE161EAE: from=<n.9891.2827336 at xenoglimp.com>, size=9763, nrcpt=1 (queue active)
> Sep 27 14:53:08 bastion postfix/smtp[30002]: 471BE161EAE: to=<speed at rcwm.com>, relay=10.1.1.2[10.1.1.2], delay=23, status=sent (250 Ok: queued as 3C8E8BCB0)
> Sep 27 14:53:08 bastion postfix/qmgr[25191]: 471BE161EAE: removed
> Sep 27 14:53:10 bastion postfix/smtpd[29999]: disconnect from ip141.hocklente.com[209.236.229.141]
>
> I didn't notice anything odd, postfix-wise, don't see any MailScanner/Spamassasin logging.
Uh, well... That _is_ the problem. As you have postfix set now, it'll
never actually put anything where MailScanner will get at it... So the
question then becomes what did you do to your postfix setup? Or rather
what type of setup do you have?
You should use the "one instance HOLD" method. If you think you do,
take extra care reading your header_checks, therein probably lies your
problem... Or post it here.
If you are using the seriously deprecated "dual instance defer"
method, stop doing that immediately.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list