Problem with rule actions (2)
Gareth
list-mailscanner at linguaphone.com
Wed Sep 5 12:24:54 IST 2007
Done a bit of investigating and the 'report' field in the mysql database
is not being populated.
So its mailscanner or the MailWatchLogging custom plugin
On Wed, 2007-09-05 at 11:42, Gareth wrote:
> Thanks Julian.
>
> That is now working fine but I do have one issue which I dont know if it
> is mailscanner or mailwatch.
>
> When I get a virus which is high scoring the mail is only quarantined in
> the spam folder.
> Nothing is saved in the normal virus quarantine. With the previous
> version when it was saving to the spam folder viruses were also put in
> the normal virus quaranteen aswell and this did not cause any problems.
> With this version the change seems to cause mailwatch problems as it
> cannot determine what viruses were detected (there is no report field)
>
> On Tue, 2007-09-04 at 22:16, Julian Field wrote:
> > You're absolutely right, it's a bug.
> > Fixed in 4.63.8-1 which is on its way out the door as I type....
> >
> > The error happens however you try to add more than one action to any
> > given rule, not just in specifying a comma-separated list of actions for
> > a rule.
> >
> > Well spotted.
> >
> > Gareth wrote:
> > > Spam Actions = deliver attachment header "X-Spam-Flag: YES"
> > > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules
> > > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No"
> > >
> > > [root at mailscanner MailScanner]# cat
> > > /etc/MailScanner/rules/deliver.high.scoring.spam.rules
> > > To: mis at linguaphone.co.uk delete
> > > To: mis at linguaphone-intranet.co.uk delete
> > > To: mis at linguaphone.com delete
> > > FromOrTo: default deliver attachment
> > > header "X-Spam-Flag: YES"
> > >
> > > currently running MailScanner-4.63.7-2
> > >
> > >
> > >> -----Original Message-----
> > >> From: mailscanner-bounces at lists.mailscanner.info
> > >> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Julian
> > >> Field
> > >> Sent: 04 September 2007 21:32
> > >> To: MailScanner discussion
> > >> Subject: Re: Prombem with rule actions
> > >>
> > >>
> > >> What were your Spam Actions set to (all 3 of non-spam, spam, and
> > >> high-scoring spam).
> > >>
> > >> And what version are you running?
> > >>
> > >> Gareth wrote:
> > >>
> > >>> For normal ham I get :-
> > >>>
> > >>> Actions are: deliver,header
> > >>>
> > >>> For spam with a rule of :-
> > >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver
> > >>> I get :-
> > >>> Actions are: attachment,header
> > >>>
> > >>>
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: mailscanner-bounces at lists.mailscanner.info
> > >>>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Julian
> > >>>> Field
> > >>>> Sent: 04 September 2007 20:54
> > >>>> To: MailScanner discussion
> > >>>> Subject: Re: Prombem with rule actions
> > >>>>
> > >>>>
> > >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there
> > >>>> should be a big comment in a block of '#' characters that says
> > >>>> "SpamAssassin Rule Actions ends here".
> > >>>> Just after that comment, add this line:
> > >>>>
> > >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n";
> > >>>>
> > >>>> And then run "MailScanner --debug".
> > >>>> Please tell me if it just prints the last action or all of them.
> > >>>>
> > >>>> Gareth wrote:
> > >>>>
> > >>>>
> > >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver
> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver
> > >>>>> non-deliver option works but store does not
> > >>>>>
> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward
> > >>>>> test at cdlive.co.uk,store,non-deliver
> > >>>>> non-deliver works but store and forward dont
> > >>>>>
> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward
> > >>>>>
> > >>>>>
> > >>>> test at cdlive.co.uk,store
> > >>>>
> > >>>>
> > >>>>> store works!
> > >>>>> but foward doesnt
> > >>>>>
> > >>>>> I am beginning to see a pattern here...
> > >>>>>
> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward
> > >>>>> test at cdlive.co.uk,non-deliver,store
> > >>>>> store works
> > >>>>> non-deliver doesn't
> > >>>>>
> > >>>>>
> > >>>>> It looks to me that only the last option works.
> > >>>>>
> > >>>>> Lets try it a little bit different
> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver,
> > >>>>>
> > >>>>>
> > >>>> SpamScore>=20=>store
> > >>>>
> > >>>>
> > >>>>> Not delivered and stored - SUCCESS!
> > >>>>>
> > >>>>>
> > >>>>> It looks like there may be a parsing bug.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> -----Original Message-----
> > >>>>>> From: mailscanner-bounces at lists.mailscanner.info
> > >>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf
> > >>>>>>
> > >> Of Julian
> > >>
> > >>>>>> Field
> > >>>>>> Sent: 04 September 2007 19:31
> > >>>>>> To: MailScanner discussion
> > >>>>>> Subject: Re: Prombem with rule actions
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> Gareth wrote:
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>> Jules, Could this be a bug?
> > >>>>>>>
> > >>>>>>> As it works when I put the store option in the high scoring
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>> rules but wont
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>> work as part of a rules actions line I cant think of any cause
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>> other that a
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>> problem with the rule actioon line itself or a bug somewhere.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>> I have this lot set:
> > >>>>>>
> > >>>>>> Required SpamAssassin Score = 6
> > >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No"
> > >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes"
> > >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"
> > >>>>>>
> > >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward
> > >>>>>> secretary at domain.com, SpamScore>=6=>forward
> > >>>>>> spam.score at greater6.com,store,non-deliver,
> > >>>>>>
> > >> SpamScore<100=>store,forward
> > >>
> > >>>>>> spam.score at less100.com, store, SpamScore>100=>deliver,store
> > >>>>>>
> > >>>>>> And I get everything stored in the "nonspam" archive.
> > >>>>>>
> > >>>>>> So it appears to work for me. So I don't quite see why it doesn't for
> > >>>>>> you. It sets all the spam actions first, long before it does anything
> > >>>>>> about them. So it shouldn't be possible for the action to work in one
> > >>>>>> setting and not in another.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>> -----Original Message-----
> > >>>>>>>> From: mailscanner-bounces at lists.mailscanner.info
> > >>>>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf
> > >>>>>>>>
> > >>>>>>>>
> > >>>> Of Gareth
> > >>>>
> > >>>>
> > >>>>>>>> Sent: 04 September 2007 13:37
> > >>>>>>>> To: MailScanner discussion
> > >>>>>>>> Subject: Re: Prombem with rule actions
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> I tried the following aswell as an alternative and it didn't
> > >>>>>>>>
> > >>>>>>>>
> > >>>> store the
> > >>>>
> > >>>>
> > >>>>>>>> message either.
> > >>>>>>>>
> > >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver
> > >>>>>>>>
> > >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote:
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>> Thanks for that. I have changed it to postfix but I dont
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> think it makes
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> any real difference since it is already running as postfix
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>> so it could
> > >>>>
> > >>>>
> > >>>>>>>>> not change the user to root anyway.
> > >>>>>>>>>
> > >>>>>>>>> I changed my high scoring spam actions to add the deliver
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> option and an
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> incoming high scoring spam and virus was detected and copies
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> were saved
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> in the following places :-
> > >>>>>>>>> 20070904/spam/CF509AA0090.2CC09
> > >>>>>>>>> 20070904/CF509AA0090.2CC09/message
> > >>>>>>>>> i.e it worked fine and two copies of the message was saved.
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> That is fine
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> with me.
> > >>>>>>>>>
> > >>>>>>>>> I then switched to using
> > >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver
> > >>>>>>>>>
> > >>>>>>>>> A few spams with a score of >20 came in and they were not
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> delivered but
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> still were not logged in the spam directory.
> > >>>>>>>>>
> > >>>>>>>>> Previously when I had a spam with score >20 which was also
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>> identified as
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>> a virus then nothing was stored also not even to the virus
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>> store which
> > >>>>
> > >>>>
> > >>>>>>>>> seems very wrong.
> > >>>>>>>>>
> > >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote:
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>> On 03/09/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> In MailScanner.conf I have :-
> > >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine
> > >>>>>>>>>>> Quarantine User = root
> > >>>>>>>>>>> Quarantine Group = apache
> > >>>>>>>>>>> Quarantine Permissions = 0660
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>> thought you
> > >>>>
> > >>>>
> > >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>> likely to
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>>>> be correct... Then again...
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> However all quarantine entries are stored in the format :-
> > >>>>>>>>>>> %quarantine-dir%/<<date>>/<<msgid>> and they are viruses
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>> and blocked
> > >>>>
> > >>>>
> > >>>>>>>>>>> attachments.
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>> ... that this works indicate that the settings are
> > >>>>>>>>>>
> > >> correct for your
> > >>
> > >>>>>>>>>> setup (either another MTA, or PF run as root, I
> > >>>>>>>>>>
> > >> presume... Or some
> > >>
> > >>>>>>>>>> sticky bit magic:). I presume you've linted a few times,
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>> without any
> > >>>>
> > >>>>
> > >>>>>>>>>> real errors?
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> I am assuming this is correct for the virus quaranteen?
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>> Yes.
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> If that is the case then MailScanner does not seem to be
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>> creating the
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason.
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>> Seems so, yes.
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> Are you sure the format is not
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>> %quarantine-dir%/spam/<<date>>/<<msgid>> as
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>>>> if that was the case it could just be the issue that the
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>> spam directory does
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>>>> not exist.
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>> this pretty
> > >>>>
> > >>>>
> > >>>>>>>>>> ... intimately:-).
> > >>>>>>>>>>
> > >>>>>>>>>> Cheers
> > >>>>>>>>>> --
> > >>>>>>>>>> -- Glenn
> > >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com
> > >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>> --
> > >>>>>>>> MailScanner mailing list
> > >>>>>>>> mailscanner at lists.mailscanner.info
> > >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>>>>>>>
> > >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
> > >>>>>>>>
> > >>>>>>>> Support MailScanner development - buy the book off the website!
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>> Jules
> > >>>>>>
> > >>>>>> --
> > >>>>>> Julian Field MEng CITP
> > >>>>>> www.MailScanner.info
> > >>>>>> Buy the MailScanner book at www.MailScanner.info/store
> > >>>>>>
> > >>>>>> MailScanner customisation, or any advanced system
> > >>>>>>
> > >> administration help?
> > >>
> > >>>>>> Contact me at Jules at Jules.FM
> > >>>>>>
> > >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >>>>>> For all your IT requirements visit www.transtec.co.uk
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>> This message has been scanned for viruses and
> > >>>>>> dangerous content by MailScanner, and is
> > >>>>>> believed to be clean.
> > >>>>>> For all your IT requirements visit www.transtec.co.uk
> > >>>>>>
> > >>>>>> --
> > >>>>>> MailScanner mailing list
> > >>>>>> mailscanner at lists.mailscanner.info
> > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>>>>>
> > >>>>>> Before posting, read http://wiki.mailscanner.info/posting
> > >>>>>>
> > >>>>>> Support MailScanner development - buy the book off the website!
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>> Jules
> > >>>>
> > >>>> --
> > >>>> Julian Field MEng CITP
> > >>>> www.MailScanner.info
> > >>>> Buy the MailScanner book at www.MailScanner.info/store
> > >>>>
> > >>>> MailScanner customisation, or any advanced system administration help?
> > >>>> Contact me at Jules at Jules.FM
> > >>>>
> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >>>> For all your IT requirements visit www.transtec.co.uk
> > >>>>
> > >>>>
> > >>>> --
> > >>>> This message has been scanned for viruses and
> > >>>> dangerous content by MailScanner, and is
> > >>>> believed to be clean.
> > >>>> For all your IT requirements visit www.transtec.co.uk
> > >>>>
> > >>>> --
> > >>>> MailScanner mailing list
> > >>>> mailscanner at lists.mailscanner.info
> > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>>>
> > >>>> Before posting, read http://wiki.mailscanner.info/posting
> > >>>>
> > >>>> Support MailScanner development - buy the book off the website!
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >> Jules
> > >>
> > >> --
> > >> Julian Field MEng CITP
> > >> www.MailScanner.info
> > >> Buy the MailScanner book at www.MailScanner.info/store
> > >>
> > >> MailScanner customisation, or any advanced system administration help?
> > >> Contact me at Jules at Jules.FM
> > >>
> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >> For all your IT requirements visit www.transtec.co.uk
> > >>
> > >>
> > >> --
> > >> This message has been scanned for viruses and
> > >> dangerous content by MailScanner, and is
> > >> believed to be clean.
> > >> For all your IT requirements visit www.transtec.co.uk
> > >>
> > >> --
> > >> MailScanner mailing list
> > >> mailscanner at lists.mailscanner.info
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> >
> > Jules
> >
> > --
> > Julian Field MEng CITP
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> >
> > MailScanner customisation, or any advanced system administration help?
> > Contact me at Jules at Jules.FM
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > For all your IT requirements visit www.transtec.co.uk
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list