Message rules don't work, but if message forwarded, it does???
Glenn Steen
glenn.steen at gmail.com
Thu Nov 6 18:50:08 GMT 2008
2008/11/6 Chris Barber <cbarber at techquility.net>:
>>
>>
>> Glenn,
>>
>> Thanks for the reply. You had me scared for a second there, but no
> there
>> was no white listing going on. I verified the envelope addresses. This
>> issue seems to happen randomly a least a couple times a day to some
>> users.
>>
>> Any other ideas?
>>
>> Thanks,
>> Chris
>>
>>Didn't mean to scare you, just point at one (semi-obvious:-)
> possibility....:-)
>>When it happens do you see anything ... curious .... in the logs?
>>Nothing about "Unscanned" messages or timeouts or suchlike?
>>Also... Tell a bit about versions etc, since this just might be a
>>known bug/issue...
>>
>>Cheers
>>--
>>-- Glenn
>>email: glenn < dot > steen < at > gmail < dot > com
>>work: glenn < dot > steen < at > ap1 < dot > se
>
>
> I don't see anything unusual in the logs. No timeouts and nothing about
> unscanned that I can see. MailScanner processes the message normally it
> seems.
>
> It gets an SA score, but the only rules that hit are:
> 0.10 BAYES_50 Bayesian spam probability is 40 to 60%
> 0.00 HTML_MESSAGE HTML included in message
> -0.00 SPF_PASS SPF: sender matches SPF record
>
> Then when the same message is forwarded to me from the user, (Through
> the same MailScanner server) the rule hits show:
> -0.74 BAYES_20 Bayesian spam probability is 5 to 20%
> 0.00 HTML_MESSAGE HTML included in message
> 2.96 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> 3.50 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
>
> Notice that now the URL is beting detected, but why not before?
>
> Versions:
> Cent OS 5.2
> MailScanner 4.72.5
> Spamassassin 3.2.5
> Perl 5.8.8
> MIME::Tools 5.427
> HTML::Parser 3.56
>
> Let me know if there are versions of anything else you would like to see
>
> Thanks!
> Chris
>
Could perhaps be a "timing issue"....:-)
Meaning the URI wasn't in the BL when MS first asked... but when the
user resent it to you.... the BL had been updated. These things have a
tendency to be really short-lived and ... bursty... so if there is any
somewhat significant amount of time between the initial mail and the
user forwarding it to you... say a few hours... that might explain it
all.
In which case... all is well ...:-)
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list