"Is Definitely Spam" rule not working ?

Pascal Maes pascal.maes at elec.ucl.ac.be
Tue Feb 5 13:18:07 GMT 2008


Le 05-févr.-08 à 12:31, Glenn Steen a écrit :

> On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
>>
>> Le 05-févr.-08 à 09:45, Glenn Steen a écrit :
>>
>>> On 05/02/2008, Glenn Steen <glenn.steen at gmail.com> wrote:
>>>> On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
>>> (snip)
>>>>> Then Postfix puts the message in the HOLD queue where MailScanner
>>>>> takes it and puts it back into the Postfix queue.
>>>>>
>>>>> I'm pretty sure that MailScanner should see the 66.63.168.38 IP
>>>>> address otherwise why is the "Is Definitely Not Spam" rule  
>>>>> working :
>>>>>
>>>>> Feb  5 09:21:07 smtp-1 MailScanner[14880]: Message  
>>>>> E8686E9102.A7655
>>>>> from 127.0.0.1 (users-return-66855-pascal.maes=elec.ucl.ac.be at spamassassin.apache.org
>>>>> ) is whitelisted
>>>>>
>>>>>
>>>>> Regards
>>>> Anything happening to the message _after_ MailScaner doesn't hjave
>>>> any
>>>> impact on your problem... What happens before though... You have to
>>>> make sure that your SA trust_path is OK, and all should be well.  
>>>> Why
>>>> do you use the ClamSMTP thing at all?
>>>>
>>>> Cheers
>>> Oh, sorry, not an sa issue... Still, yhe last client to handle  
>>> this is
>>> the clamsmtp thing, which might just be the problem.
>>> Again, why do you use that? Theoretically MailScanner (through the
>>> batching, and using either clamavmodule or clamd) should be more
>>> efficient and less likely to be able to be DoS'd... That
>>> "not-really-part-of-SMTP-flow insulation" is ... golden.
>>>
>>> Cheers
>>> --
>>> -- Glenn
>>> email: glenn < dot > steen < at > gmail < dot > com
>>> work: glenn < dot > steen < at > ap1 < dot > se
>>
>> One advantage of using ClamSMTP is the reject of the worm at the
>> connection time.
>> As we receive a lot of mail per day, it's not negligible.
>
> No, but then neither is the resource drain;-).
>
>> As MailScanner is using McAffe, we have two different AV to check the
>> messages.
>
> Prudent, but did you look at processing times etc for the "all MS"  
> case?
> Sure, the real killer is likely SA, and the ClamSMTP thing will  
> avoid that...
> I wonder if the clamav milter would be a "nicer" solution, avoiding
> your current problem...
>
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --

OK, I have included some MailScanner::Log::InfoLog in Config.pm to see  
what happens.
All the clientip are 127.0.0.1 :-(

Whitelisting is working because the check is done on the From address  
and not on the client IP.
The blacklisting, in that case doesn't work because it's an IP address.

So, we can't use before-filter with Postifx and MailScanner and hope  
that the white or black listing will work with IP addresses even we  
use the smtpd_authorized_xforward_hosts.

Is that right ?

If yes, what's the use of smtpd_authorized_xforward_hosts (to be  
posted on the postfix list also) ?

--
Pascal





More information about the MailScanner mailing list