Filename rule question
Marco Induni
minduni at ti-edu.ch
Thu Jul 5 09:33:51 IST 2007
Glenn Steen wrote:
> On 04/07/07, Marco Induni <minduni at ti-edu.ch> wrote:
> (snip)
>> Hi Gleen,
Sorry, for the mistake :-(
> Go easy on the "e"s;-)
>> unfortunately, the file is correct, I added the -- for ident on the mail
>> only, but it look like a field.
>> Also as you said this error (and even the lost TAB) are catched by the
>> --lint option.
>
> Yeah, wouldn't it be nice if it was some easy typo... To much to hope
> for, I guess:-).
>
>> > Also, you should pay extra attention to whether it is finame or
>> > filetype rules kicking in (in the logs... Perhaps you have MailWatch?
>> > Makes things ... easier to see:-).
>>
>> Uhm, I don't have Mailwatch installed, but in the log i can't see the
>> rules involved. I had to activate some flag, or there are special logs ?
>> The rules appear to be correct when i tested via the "MailScanner
>> --value=filenamerules ...."
>
> No, nothing special, MailWatch just highlight things and make them
> obvious (like when you thing you have one envelope sender, and in
> reality you don't... you have some other...)... In that vein, did you
> do the tests by telnet (so that you have complete control of the SMTP
> conversation) or ... some other thing?
> Perhaps there is some other rule,like a whitelist for the local host
> or domain, kicking in _before_ the rule you try out? If you supply a
> --ip=... you can test that too...
> Would be great if this was something eaily explicable... I'm running
> out of ideas:-).
Also tried with ip, and from different "external" account as gmail,...
Nope
>
>>
>> > I always try to make filenames and filetypes functionally equivalent:).
>> > Paying attention to ones logs is never wrong anyway, so ... you
>> > wouldn't have any log snippets to look at, for a relevant test run?
>> >
>> > When you send these messages, or indeed any messages sent to you, if
>> > the mail has more recipients than one... then the rules applicable to
>> > the first recipient will "win" for all of them... So you might need
>> > split messages/recipient (look in the wiki how to do this... At least
>> > Postfix and Sendmail can do this for you), to be sure what rules will
>> > trigger for a specific message/recipient combination.
>>
>> Good point, but in my test I'm the only recipient
> Hm, another good pint down the drain:-).
>
>> >
>> > Cheers
>>
>> Grazie (Thank you)
>>
> Thank me when we get to the bottom of this...:-).
> I wonder if the file isn't a bit suspect anyway... If you change it to
> deny<TAB>/\..*$/<TAB>-<TAB>-<LF>
> ... does that make a difference? If you make some specific deny rules?
> And perhaps some "specific but the other way around" in the default
> file?
> We're missing something here....:)
>
> Cheers
Also tried to use the sample rule filename.rules.conf directly setting
the "Filename Rules = %etc-dir%/filename.rules.conf, but nothing.
At the end I made one of the two mailgateway reacheble just for me, and
set the Mailscanner in debug mode.
This the output when a send an email:
>>>>>
Ignore errors about failing to find EOCD signature
format error: file is too short
at /usr/sbin/MailScanner line 832
Stopping now as you are debugging me.
>>>>>
At the line 832 seems to be the attachment extraction
831 $0 = 'MailScanner: extracting attachments';
832 $batch->Explode();
Could be that for some reason this step fail, and then all the rules
tied to the file attachemnet are skipped ?
In case i'm using
- Mailscanner 4.61.7
- Red Hat Enterprise Linux AS release 3 (Taroon Update 9)
- Linux 2.4.21-50.EL
- Perl 5.8.0
- Spamassassin 3.1.9
Hope this could be an hint
Cheers
marco
--
Marco Induni
Universita` della Svizzera italiana
Servizi informatici / TI-EDU
Galleria 2
CH-6928 Manno (Switzerland)
E-mail: minduni at ti-edu.ch
Tel: +41 58 666 6656
Fax: +41 58 666 6650
More information about the MailScanner
mailing list