MailScanner ignoring some rules
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Apr 4 09:20:33 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TecnoWay Digital wrote:
> [root at firewall.silmaq.com.br ~]# ls -lu
> /etc/MailScanner/rules/scan.messages.rules
> -rwxrwxrwx 1 root root 76 2008-04-03 21:38
> /etc/MailScanner/rules/scan.messages.rules
> [root at firewall.silmaq.com.br ~]# sleep 60
> MailScanner --value=scanmessages --from=marketing at silmaq.com.br
> --to=root at localhost
> MailScanner --value=scanmessages --from=root at localhost
> --to=marketing at silmaq.com.br
> ls -lu /etc/MailScanner/rules/scan.messages.rules
> [root at firewall.silmaq.com.br ~]# MailScanner --value=scanmessages
> --from=marketing at silmaq.com.br --to=root at localhost
> Looked up internal option name "scanmail"
> With sender = marketing at silmaq.com.br
> recipient = root at localhost
> Client IP =
> Virus =
> Result is "0"
>
> 0=No 1=Yes
> [root at firewall.silmaq.com.br ~]# MailScanner --value=scanmessages
> --from=root at localhost --to=marketing at silmaq.com.br
> Looked up internal option name "scanmail"
> With sender = root at localhost
> recipient = marketing at silmaq.com.br
> Client IP =
> Virus =
> Result is "0"
>
> 0=No 1=Yes
> [root at firewall.silmaq.com.br ~]# ls -lu
> /etc/MailScanner/rules/scan.messages.rules
> -rwxrwxrwx 1 root root 76 2008-04-03 21:38
> /etc/MailScanner/rules/scan.messages.rules
You have a typo in your MailScanner.conf somewhere. This rules file
isn't being read. Notice the "last read" date stamp is the same as it
was a minute ago.
> [root at firewall.silmaq.com.br ~]#
> ----- Original Message ----- From: "Julian Field"
> <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, April 03, 2008 5:17 PM
> Subject: Re: MailScanner ignoring some rules
>
>
>> I have just done a thorough test of a %rules-dir%/scan.messages.rules
>> with 4 combinations:
>>
>> FromOrTo: ntl.com no
>> FromOrTo: default yes
>>
>> FromOrTo: soton.ac.uk no
>> FromOrTo: default yes
>>
>> FromOrTo: ecs.soton.ac.uk no
>> FromOrTo: default yes
>>
>> FromOrTo: jkf at soton.ac.uk no
>> FromOrTo: default yes
>>
>> with 2 messages. 1st from ntl at ntl.com to jkf at soton.ac.uk, 2nd from
>> jkf at ecs.soton.ac.uk to root at ecs.soton.ac.uk.
>>
>> In all combinations, it worked exactly as expected.
>>
>> What I would like you to do is show me the output of the following 5
>> commands:
>>
>> ls -lu /etc/MailScanner/rules/scan.messages.rules
>> sleep 60
>> MailScanner --value=scanmessages --from=marketing at silmaq.com.br
>> --to=root at localhost
>> MailScanner --value=scanmessages --from=root at localhost
>> --to=marketing at silmaq.com.br
>> ls -lu /etc/MailScanner/rules/scan.messages.rules
>>
>> Just cut and paste the whole block into your terminal window. It will
>> take just over a minute to run. Cut and paste *all* the output into a
>> reply to this message.
>>
>> The 'sleep 60' is to force the MailScanner commands into the next
>> minute on the clock. The "ls" commands will show the "last accessed"
>> date stamp on rules file. If the rules file is being read at all, the
>> 2nd ls will print a different date and/or time than the 1st ls. If it
>> is not being read for some reason, the 2 ls commands will print the
>> same date and time.
>>
>> Then we'll be able to see what is going wrong with your setup.
>>
>> Best regards,
>> Jules.
>>
>> TecnoWay Digital wrote:
>>> For example: %rules-dir%/scan.messages.rules then content of
>>> scan.messages.rules file is:
>>>
>>> FromOrTo: marketing at silmaq.com.br no
>>> FromOrTo: default yes
>>>
>>>
>>> On a server with mailscanner-4.46.2-2 (the rule works)
>>>
>>> but another server with mailscanner-4.68.8-1 the rule doesn't work
>>> the mailbox marketing at silmaq.com.br continue has still being
>>> processed by
>>> mailscanner.
>>>
>>> To certify that using the correct MailScanner.conf after upgrade,
>>> I'd put a wrong set
>>> example "Sca Messages" and MailScanner report syntax error.
>>>
>>>
>>> Best Regards
>>>
>>> ----- Original Message ----- From: "Hugo van der Kooij"
>>> <hvdkooij at vanderkooij.org>
>>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>>> Sent: Thursday, April 03, 2008 2:29 AM
>>> Subject: Re: MailScanner ignoring some rules
>>>
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> mailscanner at tecnowaydigital.com.br wrote:
>>>>
>>>> | At MailScanner recent versions, when I set some rules like:
>>>> | Scan Messages = /etc/MailScanner/rules/scan.messages.rules
>>>> | or
>>>> | Filename Rules = /etc/MailScanner/filename.rules
>>>> |
>>>> | The MailScanner simply ignore the rules and don't print any error
>>>> message.
>>>>
>>>> Since you didn not include anything about the rules you have there we
>>>> must assume MS is right and your rules are wrong. In what way we
>>>> can not
>>>> tell you by lack of any information.
>>>>
>>>> Hugo.
>>>>
>>>> - --
>>>> hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
>>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>>>>
>>>> A: Yes.
>>>> >Q: Are you sure?
>>>> >>A: Because it reverses the logical flow of conversation.
>>>> >>>Q: Why is top posting frowned upon?
>>>>
>>>> Bored? Click on http://spamornot.org/ and rate those images.
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.7 (GNU/Linux)
>>>>
>>>> iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+
>>>> KnYl0Qt9kzlzy4m99EgvKhU=
>>>> =LsQL
>>>> -----END PGP SIGNATURE-----
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> Jules
>>
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration help?
>> Contact me at Jules at Jules.FM
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> PGP public key: http://www.jules.fm/julesfm.asc
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: (pgp-secured)
Charset: UTF-8
wj8DBQFH9eTSEfZZRxQVtlQRAlRwAJ48Ta/sWGyvnyiybMsFvMOTQ8xzmgCgr+Rk
hUU0BGj7P4lquwBY8e1pM9w=
=cSQz
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list