temp files not being processed - score=0 (UNCLASSIFIED)

Kash, Howard (Civ, ARL/CISD) hmkash at arl.army.mil
Mon Aug 20 15:41:45 IST 2007 

Classification:  UNCLASSIFIED 
Caveats: NONE

 
I've had the "(not cached, score=0, required 5, autolearn=)" problem
several times myself.  Typically restarting MailScanner fixed the
problem.  Last time it happened, simply restarting didn't help so I
tried removing SpamAssassin.cache.db and the problem stopped.  Can't say
for sure removing the cache was the fix, but worth a try.

BTW, is there something similar to db_verify that can be run on the
SpamAssassin cache to check for consistency?


Howard


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
donald.dawson at bakerbotts.com
Sent: Monday, August 20, 2007 9:46 AM
To: mailscanner at lists.mailscanner.info
Subject: FW: temp files not being processed - score=0

<<ms.zxp>> 
I have posted this problem before, but I have not found a solution, and
I really need the forum's help. 

One of our MX servers is leaving files in
/var/spool/MailScanner/incoming/SpamAssassin-Temp.  It appears that each
one being left is getting a 0 score.

I ran this by Julian recently, and he said he was at least the same
issue of files being left in that dir. 

I added an entry in cron to remove them, but it is just cleaning up the
files leftover from a real problem: 

1 * * * *       /usr/bin/find
/var/spool/MailScanner/incoming/SpamAssassin-Temp -type f -mtime +1
-print | /usr/bin/xargs rm -f # delete leftover temp files 

Here are the number of files in the for today and yesterday: 

root at houmx05:/var/spool/MailScanner/incoming/SpamAssassin-Temp 
# ls -la | grep -c ' Aug 19 ' 
2409 
# ls -la | grep -c ' Aug 18 ' 
2135 

Although not perfect, here is a count of 'score=0' lines from the
maillog for the respective days: 
# zcat /var/log/maillog.1.gz | grep -c  score=0 
1221 
# zcat /var/log/maillog.2.gz | grep -c  score=0 
1400 

I have already lowered the MX priority of this server to try and receive
less email, but it's still delivering emails (not all) with a zero
score.

I have included MailScanner -v and an output from MailScanner --debug
--debug-sa as well (attached ms.zxp - rename to .zip to extract) as the
contents of the email.  I saw one possible discrepancy in processing the
2nd email via the debug option where it did not end with 'I am
generating a hash using the input of'.  The output show two emails being
processed.  The last one was definitely spam, but was scored as 0 and
was left in the /var/spool/MailScanner/incoming/SpamAssassin-Temp dir.


# MailScanner -v 
Running on 
Linux houmx05.bakerbotts.com 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52
EST 2004 i686 i686 i386 GNU/Linux 
This is Fedora Core release 3 (Heidelberg) 
This is Perl version 5.008005 (5.8.5) 

This is MailScanner version 4.62.9 
Module versions are: 
1.00    AnyDBM_File 
1.18    Archive::Zip 
1.03    Carp 
1.119   Convert::BinHex 
1.00    DirHandle 
1.05    Fcntl 
2.73    File::Basename <File::Basename>  
2.08    File::Copy <File::Copy>  
2.01    FileHandle 
1.06    File::Path <File::Path>  
0.18    File::Temp <File::Temp>  
0.90    Filesys::Df 
1.35    HTML::Entities 
3.56    HTML::Parser 
2.37    HTML::TokeParser 
1.21    IO 
1.10    IO::File 
1.123   IO::Pipe 
1.71    Mail::Header 
1.86    Math::BigInt 
3.05    MIME::Base64 
5.420   MIME::Decoder 
5.420   MIME::Decoder::UU 
5.420   MIME::Head 
5.420   MIME::Parser 
3.03    MIME::QuotedPrint 
5.420   MIME::Tools 
0.11    Net::CIDR 
1.08    POSIX 
1.19    Scalar::Util 
1.77    Socket 
1.4     Sys::Hostname::Long 
0.18    Sys::Syslog 
1.9707  Time::HiRes 
1.02    Time::localtime 

Optional module versions are: 
1.30    Archive::Tar 
0.21    bignum 
1.82    Business::ISBN 
1.10    Business::ISBN::Data 
0.17    Convert::TNEF 
1.08    Data::Dump 
1.814   DB_File 
1.13    DBD::SQLite 
1.56    DBI 
1.15    Digest 
1.01    Digest::HMAC 
2.36    Digest::MD5 
2.10    Digest::SHA1 
1.00    Encode::Detect 
0.17008 Error 
0.18    ExtUtils::CBuilder 
2.18    ExtUtils::ParseXS 
0.44    Inline 
1.08    IO::String 
1.04    IO::Zlib 
2.21    IP::Country 
0.20    Mail::ClamAV 
3.002002        Mail::SpamAssassin 
v2.004  Mail::SPF 
1.999001        Mail::SPF::Query 
0.19    Math::BigRat 
0.2808  Module::Build 
0.20    Net::CIDR::Lite 
0.60    Net::DNS 
0.002.2 Net::DNS::Resolver::Programmable 
missing Net::LDAP 
 4.004  NetAddr::IP 
1.94    Parse::RecDescent 
missing SAVI 
2.64    Test::Harness 
0.95    Test::Manifest 
1.95    Text::Balanced 
1.35    URI 
0.7203  version 
0.62    YAML 

see attached ms.txt for mailscanner --debug --debug-sa 

# l
/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin15944T1P9
bFtmp 
-rw-------  1 root root 2433 Aug 20 03:11
/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin15944T1P9
bFtmp 

# fuser
/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin15944T1P9
bFtmp 
root at houmx05:/var/spool/MailScanner/incoming/SpamAssassin-Temp 

# grep l7K8B63E015934 /var/log/maillog 
Aug 20 03:11:14 houmx05 milter-greylist: l7K8B63E015934: skipping
greylist because this is the default action,
(from=<reginald at chmai2.loxinfo.co.th>, rcpt=<bperkel at bakerbotts.com>,
addr=ARouen-252-1-67-214.w90-23.abo.wanadoo.fr[90.23.62.214])

Aug 20 03:11:14 houmx05 sendmail[15934]: l7K8B63E015934:
from=<reginald at chmai2.loxinfo.co.th>, size=1880, class=0, nrcpts=1,
msgid=<000801c7e301$a7518b00$1201a8c0 at reginald>, proto=SMTP, daemon=MTA,
relay=ARouen-252-1-67-214.w90-23.abo.wanadoo.fr [90.23.62.214]

Aug 20 03:11:14 houmx05 sendmail[15934]: l7K8B63E015934: Milter add:
header: X-Null-Tag: 6a12c78c6f1e5960796d07939b28851d

Aug 20 03:11:14 houmx05 sendmail[15934]: l7K8B63E015934: Milter add:
header: X-Greylist: Default is to whitelist mail, not delayed by
milter-greylist-3.0rc3 (houmx05.bakerbotts.com [204.194.98.17]); Mon, 20
Aug 2007 03:11:14 -0500 (CDT)

Aug 20 03:11:14 houmx05 sendmail[15934]: l7K8B63E015934:
to=<bperkel at bakerbotts.com>, delay=00:00:00, mailer=esmtp, pri=31880,
stat=queued

Aug 20 03:11:29 houmx05 MailScanner[15899]: Message l7K8B63E015934 from
90.23.62.214 (reginald at chmai2.loxinfo.co.th) to bakerbotts.com is not
spam, SpamAssassin (not cached, score=0, required 5, autolearn=)

Aug 20 03:11:29 houmx05 sendmail[15968]: l7K8B63E015934:
to=<bperkel at bakerbotts.com>, delay=00:00:15, xdelay=00:00:00,
mailer=esmtp, pri=121880, relay=housweep01.bakerbotts.net.
[10.20.254.236], dsn=2.0.0, stat=Sent (Message received OK)

Contents of
/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin15944T1P9
bFtmp: 

X-BakerBotts-MailScanner-From: reginald at chmai2.loxinfo.co.th 
X-Envelope-From: reginald at chmai2.loxinfo.co.th 
Return-Path: <g> 
Received: from abo.wanadoo.fr (ARouen-252-1-67-214.w90-23.abo.wanadoo.fr
[90.23.62.214]) 
        by houmx05.bakerbotts.com (8.13.8/8.13.5) with SMTP id
l7K8B63E015934 
        for <bperkel at bakerbotts.com>; Mon, 20 Aug 2007 03:11:14 -0500 
Message-ID: <000801c7e301$a7518b00$1201a8c0 at reginald> 
From: "natal  julia" <reginald at chmai2.loxinfo.co.th> 
TO: <bperkel at bakerbotts.com> 
Subject: Hey bro, found this site 
Date: Mon, 20 Aug 2007 23:02:05 +0300 
MIME-Version: 1.0 
Content-Type: multipart/alternative; 
        boundary="----=_NextPart_001_000C_01C7E301.A7518B00" 
Content-Transfer-Encoding: 7bit 
X-MSMail-Priority: Normal 
X-Mailer: Microsoft Outlook Express Macintosh Edition - 5.01 (1630) 
X-MimeOLE: Produced By Microsoft MimeOLE V 
X-Null-Tag: 6a12c78c6f1e5960796d07939b28851d 
X-Greylist: Default is to whitelist mail, not delayed by
milter-greylist-3.0rc3 (houmx05.bakerbotts.com [204.194.98.17]); Mon, 20
Aug 2007 03:11:14 -0500 (CDT)

This is a multi-part message in MIME format. 

------=_NextPart_001_000C_01C7E301.A7518B00 
Content-Type: text/plain; 
        charset="us-ascii" 
Content-Transfer-Encoding: 7bit 


------=_NextPart_001_000C_01C7E301.A7518B00 
Content-Type: text/html; 
        charset="us-ascii" 
Content-Transfer-Encoding: 7bit 


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
<HTML><HEAD> 
<META http-equiv=Content-Type content="text/html; charset=us-ascii"> 
<META content="MSHTML " name="GENERATOR"> 
<STYLE></STYLE> 
</HEAD> 
<BODY> 
<DIV> 
<body bgcolor="#F0FFFF"> 
<h2><font color="#008000">Finally the real thing- no more
ripoffs!</font></h2> 
<h4><font color="#FF0000"><a href="http://www.olaner.com/">Enhancement
Patches</a> are hot right now, VERY hot! <br><br>

Unfortunately, most are cheap imitiations and do very little to increase
your size and stamina.<br><br> 
Well this is the real thing, not an imitation!<br><br> 
One of the very originals, the absolutely strongest Patch available,
anywhere!</font> 
</h4> 
<center> 
<h3><a href="http://www.olaner.com/">Check out the site for more info
TODAY, you'll be glad you did ;)</a></h3> 
<font size="4"><a href="http://www.olaner.com/">0rder
now</a></font></b><br><br><br><br><br> 
</center> 
<font size="2"><a href="http://www.olaner.com/a.php">Remove you
e-mail</a></font><br><br> 
</body> 
</DIV></BODY></HTML> 

Is there any more debug options I can use to figure this one out? 

Thanks, 
Donald 

Donald Dawson 
Baker Botts L.L.P. 
Security Administrator 
713-229-2183 

Classification:  UNCLASSIFIED 
Caveats: NONE

More information about the MailScanner mailing list