Help debugging false positives with SURBL

Ian cobalt-users1 at fishnet.co.uk
Wed Feb 14 10:54:34 CET 2007 

On 14 Feb 2007 at 7:14, Alex Broens wrote:

> On 2/13/2007 5:51 PM, Ian wrote:
> > On 13 Feb 2007 at 16:27, Steve Freegard wrote:
> > 
> >> Hi Ian,
> >>
> >> Ian wrote:
> >>> I posted to this list because it only happens when the mail is passed through MailScanner, so 
> >>> I actually need help on debugging on what happens to the message when it is passed to 
> >>> spamassassin from MailScanner.  I actually need to know what MailScanner/SpamAssassin 
> >>> thinks is the bad url.
> >>>
> >>> Is it the domain name of the server?  The name of the perl script? Something else I'm not 
> >>> seeing?
> >>>
> >>> What does the MailScanner option:
> >>>
> >>> 	Debug SpamAssassin = yes
> >>>
> >>> actually do?  Where do I read the debug output?
> >>>
> >>> Any help would be appreciated.
> >> Try this:
> >>
> >> Place the attached file into your CustomFunctions directory
> >> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones),
> >> then in MailScanner.conf set:
> >>
> >> Always Looked Up Last = &SALongReport
> > 
> > Hi Steve,
> > 
> > Thanks for this.
> > 
> > I already have:
> > 
> > 	Always Looked Up Last = &MailWatchLogging
> > 
> > So I did a bit of hacking and added the line:
> > 
> > 	MailScanner::Log::InfoLog($message->{salongreport});
> > 
> > to the 'MailWatchLogging' subrouting after:
> > 
> > 	# Don't bother trying to do an insert if  no message is passed-in
> > 	return unless $message;
> > 
> > I'll let you know how I go on. Thanks for your help
> 
> Hi Ian
> 
> Is this working?
> 
> Which file did you modify to do it?

Hi Alex,

I have attached the file Mailwatch.pm.

I simply added the lines:

   # log full spamassassin report to syslong
	MailScanner::Log::InfoLog($message->{salongreport});

at line 199-200.

This worked great but did not help me debug the false positives as they stopped after I 
fixed the cron script to not print any output unless there was an error.  Even after I 
changed the script back to the original, it no longer gets tagged.

I now suspect that one of our domain names got into SURBL for a short period and then 
the cron email was cached by spamassassin. Does this sound likely?  The cron email was 
identical (apart from the Date: field) each time.

Regards

Ian
-- 


-------------- next part --------------
The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any other MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.

   ---- File information -----------
     File:  MailWatch.new.pm
     Date:  14 Feb 2007, 9:54
     Size:  10940 bytes.
     Type:  Unknown
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MailWatch.new.pm
Type: application/octet-stream
Size: 10940 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/2315bb10/MailWatch.new.obj

More information about the MailScanner mailing list