MailScanner could not analyze some mails
Pascal Maes
pascal.maes at elec.ucl.ac.be
Sun Dec 16 08:05:23 GMT 2007
Le 13-déc.-07 à 14:33, Ugo Bellavance a écrit :
> Pascal Maes wrote:
>> Hello,
>> Questions
>> - why that kind of email could no be analyzed ?
>> - Does a workaround exist ?
>> - How can we distribute these kind of emails ?
>
> Most likely an AV problem, are you using Sophos?
>
> Please have a look at your logs and show us what you find, we'll
> then be able to help you.
>
> Ugo
I have disabled the Virus scanning in MailScanner:
Virus Scanning = no
but the message is always put in quarantine :
Dec 16 08:39:24 smtp-2 postfix/smtpd[13500]: 6F516EC10F:
client=localhost.localdomain[127.0.0.1]
Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: hold:
header Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain
[127.0.0.1])??by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id
6F516EC10F??for <pascal.maes at uclouvain.be>; Sun, 16 Dec 2007 08:39:24
+0100 (CE from localhost.localdomain[127.0.0.1]; from=<> to=<pascal.maes at uclouvain.be
> proto=ESMTP helo=<smtp2.sgsi.ucl.ac.be>
Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: message-id=<B0078839076 at mail5.e-zone.net
>
Dec 16 08:39:24 smtp-2 clamsmtpd: 3E803F: from=<>, to=pascal.maes at uclouvain.be
, status=CLEAN
Dec 16 08:39:26 smtp-2 MailScanner[13754]: Message 6F516EC10F.7E01C
from 127.0.0.1 () to uclouvain.be is n'est pas un polluriel,
SpamAssassin (not cached, score=3.401, requis 5, BAYES_00 -1.60,
BOTNET_BADDNS 3.00, BOTNET_SERVERWORDS 1.00, NO_REAL_NAME 1.00)
Dec 16 08:39:26 smtp-2 MailScanner[13754]: Virus and Content Scanning:
Starting
Dec 16 08:39:26 smtp-2 MailScanner[13754]: Saved entire message to /
var/spool/MailScanner/quarantine/20071216/6F516EC10F.7E01C
With Virus Scanning = no and Dangerous Content Scanning = no, I
receive the return message :
> Received: from smtp4.sgsi.ucl.ac.be ([10.1.5.4])
> by mmp.sipr-dc.ucl.ac.be (Sun Java(tm) System Messaging Server
> 6.3-4.01 (built
> Aug 3 2007; 32bit)) with ESMTP id <0JT400L13TTY4Q10 at mmp.sipr-dc.ucl.ac.be
> >
> for pascal.maes at uclouvain.be; Sun, 16 Dec 2007 08:51:34 +0100 (CET)
> Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain
> [127.0.0.1])
> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 0C1FCEFB78 for
> <pascal.maes at uclouvain.be>; Sun, 16 Dec 2007 08:51:37 +0100 (CET)
> Received: from mail6.e-zone.net (mail6.e-zone.net [212.35.125.173])
> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP for <pascal.maes at uclouvain.be
> >;
> Sun, 16 Dec 2007 08:51:36 +0100 (CET)
> Date: Sun, 16 Dec 2007 08:51:34 +0100
> From: postmaster at legat.eu
> Subject: Delivery failure (toto at legat.eu)
> To: pascal.maes at uclouvain.be
> Message-id: <B0053901173 at mail6.e-zone.net>
> MIME-version: 1.0
> Content-type: multipart/report; report-type=delivery-status
> X-AV-Checked: ClamAV using ClamSMTP
> X-SGSI-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached,
> score=2,
> requis 5, autolearn=not spam, BOTNET_SERVERWORDS 1.00, NO_REAL_NAME
> 1.00)
> X-SGSI-Spam-Score: ss
> X-SGSI-From:
> X-SGSI-Spam-Status: No
>
> This is a multi-part message in MIME format.
>
>
> --6764/1197791494/MailSite/1392/1480
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain; charset="us-ascii"
>
> Your message has encountered delivery problems
> to the following recipient(s):
>
> toto at legat.eu
> Delivery failed
> User not known
>
>
>
> --6764/1197791494/MailSite/1392/1480
> Content-Disposition: attachment; filename="DSN4764D8FE.txt"
> Content-Transfer-Encoding: quoted-printable
> Content-Type: message/delivery-status; charset="utf-8"
>
> Reporting-MTA: mail.register.be
> Received-From-MTA: dns; smtp2.sgsi.ucl.ac.be (unverified
> [130.104.5.77])
> Arrival-Date: Sun, 16 Dec 2007 08:51:26 +0100
>
> Final-Recipient: rfc822; toto at legat.eu
> Action: failed
> Status: 5.1.1 (Permanent failure - addressing: bad destination
> mailbox ad=
> dress)
>
>
> --6764/1197791494/MailSite/1392/1480
> Content-Type: message/rfc822; charset="utf-8"
>
> X-Spam-Score: 1
> Received: from smtp2.sgsi.ucl.ac.be (unverified [130.104.5.77]) by
> mail.register.be
> (Rockliffe SMTPRA 7.0.6) with ESMTP id
> <B0053901164 at mail.register.be> for <toto at legat.eu>;
> Sun, 16 Dec 2007 08:51:29 +0100
> Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain
> [127.0.0.1])
> by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id 9159AEC0CF
> for <toto at legat.eu>; Sun, 16 Dec 2007 08:51:24 +0100 (CET)
> Received: from [192.168.1.66] (maes.elec.ucl.ac.be [130.104.240.228])
> (using TLSv1 with cipher AES128-SHA (128/128 bits))
> (No client certificate requested)
> (Authenticated sender: pmaes at smtp2.sgsi.ucl.ac.be)
> by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP
> for <toto at legat.eu>; Sun, 16 Dec 2007 08:51:24 +0100 (CET)
> Message-Id: <816190C6-AD6F-48A3-BD13-E3F7727B2C3F at uclouvain.be>
> From: Pascal Maes <pascal.maes at uclouvain.be>
> To: toto at legat.eu
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> Content-Transfer-Encoding: 7bit
> Mime-Version: 1.0 (Apple Message framework v915)
> Subject: test du 16/12 avec MailScanner 4.65 sans Content ni virus
> scanning
> Date: Sun, 16 Dec 2007 08:51:23 +0100
> X-Mailer: Apple Mail (2.915)
> X-AV-Checked: ClamAV using ClamSMTP
> X-Sgsi-Spamcheck: Authenticated,
> X-SGSI-From: pascal.maes at uclouvain.be
> X-SGSI-Spam-Status: No
>
>
> test du 16/12
>
> --
> Pascal
>
>
>
> --6764/1197791494/MailSite/1392/1480--
>
Why this message can not be analyzed ?
--
Pascal
--
Pascal
More information about the MailScanner
mailing list