"Is Definitely Spam" rule not working ?
Glenn Steen
glenn.steen at gmail.com
Tue Feb 5 13:35:03 GMT 2008
On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
>
> Le 05-févr.-08 à 12:31, Glenn Steen a écrit :
>
> > On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
> >>
> >> Le 05-févr.-08 à 09:45, Glenn Steen a écrit :
> >>
> >>> On 05/02/2008, Glenn Steen <glenn.steen at gmail.com> wrote:
> >>>> On 05/02/2008, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
> >>> (snip)
> >>>>> Then Postfix puts the message in the HOLD queue where MailScanner
> >>>>> takes it and puts it back into the Postfix queue.
> >>>>>
> >>>>> I'm pretty sure that MailScanner should see the 66.63.168.38 IP
> >>>>> address otherwise why is the "Is Definitely Not Spam" rule
> >>>>> working :
> >>>>>
> >>>>> Feb 5 09:21:07 smtp-1 MailScanner[14880]: Message
> >>>>> E8686E9102.A7655
> >>>>> from 127.0.0.1 (users-return-66855-pascal.maes=elec.ucl.ac.be at spamassassin.apache.org
> >>>>> ) is whitelisted
> >>>>>
> >>>>>
> >>>>> Regards
> >>>> Anything happening to the message _after_ MailScaner doesn't hjave
> >>>> any
> >>>> impact on your problem... What happens before though... You have to
> >>>> make sure that your SA trust_path is OK, and all should be well.
> >>>> Why
> >>>> do you use the ClamSMTP thing at all?
> >>>>
> >>>> Cheers
> >>> Oh, sorry, not an sa issue... Still, yhe last client to handle
> >>> this is
> >>> the clamsmtp thing, which might just be the problem.
> >>> Again, why do you use that? Theoretically MailScanner (through the
> >>> batching, and using either clamavmodule or clamd) should be more
> >>> efficient and less likely to be able to be DoS'd... That
> >>> "not-really-part-of-SMTP-flow insulation" is ... golden.
> >>>
> >>> Cheers
> >>> --
> >>> -- Glenn
> >>> email: glenn < dot > steen < at > gmail < dot > com
> >>> work: glenn < dot > steen < at > ap1 < dot > se
> >>
> >> One advantage of using ClamSMTP is the reject of the worm at the
> >> connection time.
> >> As we receive a lot of mail per day, it's not negligible.
> >
> > No, but then neither is the resource drain;-).
> >
> >> As MailScanner is using McAffe, we have two different AV to check the
> >> messages.
> >
> > Prudent, but did you look at processing times etc for the "all MS"
> > case?
> > Sure, the real killer is likely SA, and the ClamSMTP thing will
> > avoid that...
> > I wonder if the clamav milter would be a "nicer" solution, avoiding
> > your current problem...
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> > --
>
> OK, I have included some MailScanner::Log::InfoLog in Config.pm to see
> what happens.
> All the clientip are 127.0.0.1 :-(
>
> Whitelisting is working because the check is done on the From address
> and not on the client IP.
> The blacklisting, in that case doesn't work because it's an IP address.
>
> So, we can't use before-filter with Postifx and MailScanner and hope
> that the white or black listing will work with IP addresses even we
> use the smtpd_authorized_xforward_hosts.
>
> Is that right ?
Yes, AFAICS. Unless we ask Jules nicely to facilitate "disregarding"
loopback when determining the ip... Perhaps a bit like SA does it
(with the trust thing).
> If yes, what's the use of smtpd_authorized_xforward_hosts (to be
> posted on the postfix list also) ?
Good question. Perhaps one (Jules) could use that...:).
BTW, wear your asbetos underwear when telling the pf-list your
problem... they seriously dislike MS... still...:(.
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list