Help debugging false positives with SURBL

Ian cobalt-users1 at fishnet.co.uk
Wed Feb 14 12:34:19 CET 2007


On 14 Feb 2007 at 11:45, Alex Broens wrote:

<snip>

> >    # log full spamassassin report to syslong
> > 	MailScanner::Log::InfoLog($message->{salongreport});
> > 
> > at line 199-200.
> 
> I'm not seeing the full 2 line SA report in MAilwatch so I must be 
> missing something

Hi,

The report is printed to syslog, so depending on your setup, this could be /var/log/maillog or 
somewhere else if you've modified it.

I have not had time to look at adding the report to MailWatch yet, but I will drop a line to the 
list if I get it working. 

> > I now suspect that one of our domain names got into SURBL for a short period and then 
> > the cron email was cached by spamassassin. Does this sound likely?  The cron email was 
> > identical (apart from the Date: field) each time.
> 
> I've stopped using the SA cache as it created me more headaches with 
> long expiration time than it was worth it.

I think I might do the same after this incident, even though I can't specifically point the finger 
at it, the risk doesn't seem worth it.

Regards

Ian
-- 



More information about the MailScanner mailing list