Prombem with rule actions

Gareth list-mailscanner at linguaphone.com
Mon Sep 3 19:37:56 IST 2007 

I have a custom rule action :-
SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver

I received 2 emails. One was identified as a virus by sanesecurity
signatures and a spam score of around 17. You can see it being logged. The
other message (E1D42AA0090.C4C0E) had a spam score of 34 but nothing got
saved to the spam folder and there is nothing in the log saying it tried to
save it.

[root at mailscanner 20070903]# pwd
/var/spool/MailScanner/quarantine/20070903
[root at mailscanner 20070903]# ls -l
total 1776
drwxrwx--- 2 postfix apache 4096 Sep  3 01:36 00703AA0092.84CA8
...
drwxrwx--- 2 postfix apache 4096 Sep  3 04:27 F392AAA0090.3C632
drwxrwx--- 2 postfix apache 4096 Sep  3 19:19 spam

Sep  3 19:26:29 mailscanner MailScanner[7702]: New Batch: Scanning 1
messages, 1583 bytes
Sep  3 19:26:36 mailscanner MailScanner[7723]: New Batch: Found 2 messages
waiting
Sep  3 19:26:36 mailscanner MailScanner[7723]: New Batch: Scanning 1
messages, 10944 bytes
Sep  3 19:26:43 mailscanner MailScanner[7702]: Spam Checks: Found 1 spam
messages
Sep  3 19:26:43 mailscanner MailScanner[7702]: Virus and Content Scanning:
Starting
Sep  3 19:26:48 mailscanner MailScanner[7723]: Spam Checks: Found 1 spam
messages
Sep  3 19:26:48 mailscanner MailScanner[7723]: Virus and Content Scanning:
Starting
Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/
Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/GVauoBZVdM.gif
Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
MSRBL-Images/0-0-wgr4:: ./7AB3CAA0092.0CAE9/rOiW6mkZar.gif
Sep  3 19:26:48 mailscanner MailScanner[7702]: Logging message
E1D42AA0090.C4C0E to SQL
Sep  3 19:26:48 mailscanner MailScanner[7681]: E1D42AA0090.C4C0E: Logged to
MailWatch SQL
Sep  3 19:26:49 mailscanner MailScanner[7723]: Virus Scanning: ClamAV Module
found 3 infections
Sep  3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Bitdefender
found 3 infections
Sep  3 19:26:52 mailscanner MailScanner[7723]: Infected message
7AB3CAA0092.0CAE9 came from 193.238.209.194
Sep  3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Found 3
viruses
Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved entire message to
/var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved infected
"GVauoBZVdM.gif" to
/var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved infected
"rOiW6mkZar.gif" to
/var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
Sep  3 19:26:52 mailscanner MailScanner[7723]: Logging message
7AB3CAA0092.0CAE9 to SQL
Sep  3 19:26:52 mailscanner MailScanner[7681]: 7AB3CAA0092.0CAE9: Logged to
MailWatch SQL

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Julian
> Field
> Sent: 03 September 2007 19:14
> To: MailScanner discussion
> Subject: Re: Prombem with rule actions
>
>
>
>
> Gareth wrote:
> > In MailScanner.conf I have :-
> > Quarantine Dir = /var/spool/MailScanner/quarantine
> > Quarantine User = root
> > Quarantine Group = apache
> > Quarantine Permissions = 0660
> >
> > However all quarantine entries are stored in the format :-
> > %quarantine-dir%/<<date>>/<<msgid>> and they are viruses and blocked
> > attachments.
> > I am assuming this is correct for the virus quaranteen?
> >
> Yes, correct.
> > If that is the case then MailScanner does not seem to be creating the
> > additional 'spam' etc... subdirectories for some reason.
> >
> It should always try to create them. Try creating them by hand and see
> if it puts anything in them. Make sure you give them permissions which
> are generous enough.
> > Are you sure the format is not
> %quarantine-dir%/spam/<<date>>/<<msgid>> as
> > if that was the case it could just be the issue that the spam
> directory does
> > not exist.
> >
> Yes, sure :-)
>
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> >> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Steve
> >> Freegard
> >> Sent: 03 September 2007 18:48
> >> To: MailScanner discussion
> >> Subject: Re: Prombem with rule actions
> >>
> >>
> >> Gareth wrote:
> >>
> >>> Understood but where are these quarantines?
> >>>
> >>> I have /var/spool/mailscanner/quaranteen which contains
> directories like
> >>> 20070803 and within that directories named according to the
> >>>
> >> mail ID with the
> >>
> >>> message and any attachments within it.
> >>>
> >>> Where do each of these store options actually try to save the files?
> >>>
> >>>
> >>>> #    store                   - store the message in the (spam)
> >>>>
> >> quarantine
> >>
> >>
> >> %quarantine-dir%/<<date>>/spam/<<msgid>>
> >>
> >>
> >>
> >>>> #    store-nonmcp            - store the message in the
> >>>>
> >> non-MCP quarantine
> >>
> >> %quarantine-dir%/<<date>>/nonmcp/<<msgid>>
> >>
> >>
> >>>> #    store-mcp               - store the message in the MCP
> quarantine
> >>>>
> >> %quarantine-dir%/<<date>>/mcp/<<msgid>>
> >>
> >>
> >>>> #    store-nonspam           - store the message in the
> >>>>
> >> non-spam quarantine
> >>
> >> %quarantine-dir%/<<date>>/nonspam/<<msgid>>
> >>
> >>
> >>>> #    store-spam              - store the message in the spam
> quarantine
> >>>>
> >> %quarantine-dir%/<<date>>/spam/<<msgid>>
> >>
> >>
> >> If you are having trobule with MailWatch reading these then make sure
> >> your permissions settings are correct (Quarantine Perms = 0660 and
> >> Quarantine Group = <<web server group>>) and that you are storing
> >> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue
> >> Files = No) as these are the most common causes of problems.
> >>
> >> Cheers,
> >> Steve.
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >>
> >
> >
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>

More information about the MailScanner mailing list