"Is Definitely Spam" rule not working ?

Glenn Steen glenn.steen at gmail.com
Tue Feb 5 11:31:36 GMT 2008 

On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
>
> Le 05-févr.-08 à 09:45, Glenn Steen a écrit :
>
> > On 05/02/2008, Glenn Steen <glenn.steen at gmail.com> wrote:
> >> On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
> > (snip)
> >>> Then Postfix puts the message in the HOLD queue where MailScanner
> >>> takes it and puts it back into the Postfix queue.
> >>>
> >>> I'm pretty sure that MailScanner should see the 66.63.168.38 IP
> >>> address otherwise why is the "Is Definitely Not Spam" rule working :
> >>>
> >>> Feb  5 09:21:07 smtp-1 MailScanner[14880]: Message E8686E9102.A7655
> >>> from 127.0.0.1 (users-return-66855-pascal.maes=elec.ucl.ac.be at spamassassin.apache.org
> >>> ) is whitelisted
> >>>
> >>>
> >>> Regards
> >> Anything happening to the message _after_ MailScaner doesn't hjave
> >> any
> >> impact on your problem... What happens before though... You have to
> >> make sure that your SA trust_path is OK, and all should be well. Why
> >> do you use the ClamSMTP thing at all?
> >>
> >> Cheers
> > Oh, sorry, not an sa issue... Still, yhe last client to handle this is
> > the clamsmtp thing, which might just be the problem.
> > Again, why do you use that? Theoretically MailScanner (through the
> > batching, and using either clamavmodule or clamd) should be more
> > efficient and less likely to be able to be DoS'd... That
> > "not-really-part-of-SMTP-flow insulation" is ... golden.
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
>
> One advantage of using ClamSMTP is the reject of the worm at the
> connection time.
> As we receive a lot of mail per day, it's not negligible.

No, but then neither is the resource drain;-).

> As MailScanner is using McAffe, we have two different AV to check the
> messages.

Prudent, but did you look at processing times etc for the "all MS" case?
Sure, the real killer is likely SA, and the ClamSMTP thing will avoid that...
I wonder if the clamav milter would be a "nicer" solution, avoiding
your current problem...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list