"Is Definitely Spam" rule not working ?
glenn.steen at gmail.com
Tue Feb 5 11:31:36 GMT 2008
On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
> Le 05-févr.-08 à 09:45, Glenn Steen a écrit :
> > On 05/02/2008, Glenn Steen <glenn.steen at gmail.com> wrote:
> >> On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
> > (snip)
> >>> Then Postfix puts the message in the HOLD queue where MailScanner
> >>> takes it and puts it back into the Postfix queue.
> >>> I'm pretty sure that MailScanner should see the 22.214.171.124 IP
> >>> address otherwise why is the "Is Definitely Not Spam" rule working :
> >>> Feb 5 09:21:07 smtp-1 MailScanner: Message E8686E9102.A7655
> >>> from 127.0.0.1 (users-return-66855-pascal.maes=elec.ucl.ac.be at spamassassin.apache.org
> >>> ) is whitelisted
> >>> Regards
> >> Anything happening to the message _after_ MailScaner doesn't hjave
> >> any
> >> impact on your problem... What happens before though... You have to
> >> make sure that your SA trust_path is OK, and all should be well. Why
> >> do you use the ClamSMTP thing at all?
> >> Cheers
> > Oh, sorry, not an sa issue... Still, yhe last client to handle this is
> > the clamsmtp thing, which might just be the problem.
> > Again, why do you use that? Theoretically MailScanner (through the
> > batching, and using either clamavmodule or clamd) should be more
> > efficient and less likely to be able to be DoS'd... That
> > "not-really-part-of-SMTP-flow insulation" is ... golden.
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> One advantage of using ClamSMTP is the reject of the worm at the
> connection time.
> As we receive a lot of mail per day, it's not negligible.
No, but then neither is the resource drain;-).
> As MailScanner is using McAffe, we have two different AV to check the
Prudent, but did you look at processing times etc for the "all MS" case?
Sure, the real killer is likely SA, and the ClamSMTP thing will avoid that...
I wonder if the clamav milter would be a "nicer" solution, avoiding
your current problem...
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner