Problem with MS on OpenBSD 4.1

Glenn Steen glenn.steen at gmail.com
Wed Jul 4 11:25:44 IST 2007 

On 04/07/07, Christoph Schneeberger <cschnee at box.telemedia.ch> wrote:
> Glenn Steen wrote:
> > On 03/07/07, Christoph Schneeberger <cschnee at box.telemedia.ch> wrote:
> >> Hi Julian,
> >>
> >> Thanks for your reply.
> >>
> >> Julian Field wrote:
> >> ..
> >>
> >> > >When I run MS and SA in debug mode I get an error at line 832 in
> >> > >Mailscanner which is the following line:
> >> >
> >> > >$batch->Explode();
> >> >
> >> > >The error I get is
> >> >
> >> > ><loads of debug deleted>
> >> > >[24820] dbg: locker: safe_unlock: unlocked
> >> > /root/.spamassassin/bayes.mutex
> >> > >[24820] dbg: learn: initializing learner
> >> > >Ignore errors about failing to find EOCD signature
> >> >
> >> >
> >> > That line gives a hint.
> >> >
> >> > >format error: can't find EOCD signature
> >> > > at /opt/MailScanner/bin/MailScanner line 832
> >> >
> >> >
> >> > So you can ignore that.
> >> >
> >> > >Stopping now as you are debugging me.
> >> > > Done.
> >> >
> >> >
> >> > It has run to completion normally. It hasn't bombed out on an error at
> >> > all. It has done exactly what it is supposed to do in Debug mode:
> >> > process 1 batch of messages and then exit.
> >>
> >>
> >> Ok thanks, i was thinking that too, but somebody on irc told me i need
> >> to get rid of this line832 error and that would solve my problem of not
> >> having any detailed Spamassassin result headers at all.
> >>
> >> So could you give me any direction or hints where I could further search
> >> to get that problem of not having detailed results in the header solved,
> >> since thats the only problem I really have.
> >>
> >> Or asked else: Is anybody on this list running a current MailScanner on
> >> OpenBSD 4.1 successfully and do you have any hints for me where too
> >> look ?
> >>
> >> Thanks a lot and best regards,
> >> Christoph
> >>
> > OpenBSD isn]t exactly unheard of, but it certainly isn\t one of the
> > more used OSes.... But this might not be anything specific to your
> > OS... Call me dull, but did you run a
> > MailScanner --debug --debug-sa
> > ... with something obvious, like a GTUBE, on queue?
> >
> > Cheers
>
> Thanks for your reply, I had to google GTUBE before I knew what you
> meant ;-)
>
> I have run with debug and debug-sa (from MailScanner.conf but I guess
> that is the same result) and people on irc told me the output i pasted
> looks good, but I'll happily provide it at the end of this mail.
Yep, they are equivalent... Just easier to use the command line:-).

> I have sent a mail (only body with copy-paste) from my inbox that is
> spam through the MS in question and it scored it with 18 and flagged the
> Subject properly with {Spam?}, BUT only the Spamscore and the Subject
> Flag are here, no details on which tests how many score was given, just
> a result.
This is indeed strange... IIRC there was someone else posting about
specifics for OpenBSD a while back... You have looked in the maillist
archives (gmane is good for this), I presume?

> The reason I want OpenBSD is the spamd/pf combo which is quite unique
> for greylisting and since 4.1 even more use- and powerful. Also I have
> used OpenBSD since 2.5 and I am quite satisfied with its robustness and
> safety. Another reason is that I am a sendmail veteran because there was
> nothing else really serious at the time i needed my first mailhub, so I
> read different sendmails books and am quite comfortable with it. I've
> never found my way into other MTAs and since most Linux are now shipping
> Postfix, Exim or whatever I am sticking with OpenBSD for Mailhubs,
> Mailgates etc.
Oh, no quarrel from me, you should stick with what you're comfy with.
Personally I switched to PF quite a few years ago, but that was ... in
the bad old days, when sendmail was a sieve and PF looked ...
shiny:-). Today, all the major MTAs (no, not exchange:-):-) are quite
secure. TW, most any linux distro can be configured with most any
MTA... Some even have a nice tool for switching between them (like
CentOS/RHEL does). Not that I'm telling you to switch:-).

> So here is the output of
> ./bin/MailScanner --debug --debug-sa 2>&1 | tee /tmp/log
> ---
>
(snip)
> tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
> [14467] dbg: check:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
> Ignore errors about failing to find EOCD signature
> format error: can't find EOCD signature
>  at ./bin/MailScanner line 832
> Stopping now as you are debugging me.
> ---
Ok, so the tests are there, and should be reported back to MS... Hm.

> Please not I have disabled clamav for the moment to debug this without
> having to care about possible problems with the Antivirus, however the
> result was the same (no spamassassin details) when having the antivirus
> set to 'clamav' or 'clamd'.
Yeah, that shouldn't matter.

> Also I have installed clamav and SA from local ports in OpenBSD 4.1, but
> maybe I should use the provided package from the MS site ? Would that be
> worth a try ?
I've stopped using prepackaged things for those, since there
occasionally are strange problems due to ... quirky packaging (not
often, IIRC mostly concerning RPM-based linux distros, but ... still
...)... So uninstalling the SA you have (which is slightly dated
anyway, and don't seem to be using sa-update...), and perhaps your
clamav too, and reinstalling them using Jules package... Might be very
worth your while.

> Thanks for any hints or tips in advance.
>
>
> Cheers,
> Christoph
>
> --
>      ---------------------------------------------------+
>     / Christoph Schneeberger    /  SCS TeleMedia AG     |
>    / GIAC GSEC                 / Liestalerstrasse 47    |
>   / cschnee at telemedia.ch      / info at telemedia.ch       |
>  / 4419 Lupsingen            / http://www.telemedia.ch  |
> / tel +41 61 915 9155       / fax +41 61 911 0714       |
> --------------------------------------------------------+
>
> This e-mail is confidential and may be privileged. It may
> be read, copied and used only by the addressee. If you
> have received it in error, please contact us immediately.
>
>
>           "Quis custodiet ipsos custodes?"
Indeed...:-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list