Help debugging false positives with SURBL

Alex Broens ms-list at alexb.ch
Wed Feb 14 11:45:56 CET 2007


On 2/14/2007 10:54 AM, Ian wrote:
> On 14 Feb 2007 at 7:14, Alex Broens wrote:
> 
>> On 2/13/2007 5:51 PM, Ian wrote:
>>> On 13 Feb 2007 at 16:27, Steve Freegard wrote:
>>>
>>>> Hi Ian,
>>>>
>>>> Ian wrote:
>>>>> I posted to this list because it only happens when the mail is passed through MailScanner, so 
>>>>> I actually need help on debugging on what happens to the message when it is passed to 
>>>>> spamassassin from MailScanner.  I actually need to know what MailScanner/SpamAssassin 
>>>>> thinks is the bad url.
>>>>>
>>>>> Is it the domain name of the server?  The name of the perl script? Something else I'm not 
>>>>> seeing?
>>>>>
>>>>> What does the MailScanner option:
>>>>>
>>>>> 	Debug SpamAssassin = yes
>>>>>
>>>>> actually do?  Where do I read the debug output?
>>>>>
>>>>> Any help would be appreciated.
>>>> Try this:
>>>>
>>>> Place the attached file into your CustomFunctions directory
>>>> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones),
>>>> then in MailScanner.conf set:
>>>>
>>>> Always Looked Up Last = &SALongReport
>>> Hi Steve,
>>>
>>> Thanks for this.
>>>
>>> I already have:
>>>
>>> 	Always Looked Up Last = &MailWatchLogging
>>>
>>> So I did a bit of hacking and added the line:
>>>
>>> 	MailScanner::Log::InfoLog($message->{salongreport});
>>>
>>> to the 'MailWatchLogging' subrouting after:
>>>
>>> 	# Don't bother trying to do an insert if  no message is passed-in
>>> 	return unless $message;
>>>
>>> I'll let you know how I go on. Thanks for your help
>> Hi Ian
>>
>> Is this working?
>>
>> Which file did you modify to do it?
> 
> Hi Alex,
> 
> I have attached the file Mailwatch.pm.
> 
> I simply added the lines:
> 
>    # log full spamassassin report to syslong
> 	MailScanner::Log::InfoLog($message->{salongreport});
> 
> at line 199-200.

I'm not seeing the full 2 line SA report in MAilwatch so I must be 
missing something

Asked Steve Freegard if he has any idea...


> This worked great but did not help me debug the false positives as they stopped after I 
> fixed the cron script to not print any output unless there was an error.  Even after I 
> changed the script back to the original, it no longer gets tagged.
> 
> I now suspect that one of our domain names got into SURBL for a short period and then 
> the cron email was cached by spamassassin. Does this sound likely?  The cron email was 
> identical (apart from the Date: field) each time.

I've stopped using the SA cache as it created me more headaches with 
long expiration time than it was worth it.

hmmm

Alex





More information about the MailScanner mailing list