domain not scanned
Simon Jones
simonmjones at gmail.com
Tue Nov 11 12:55:16 GMT 2008
2008/11/11 Simon Jones <simonmjones at gmail.com>:
> 2008/11/11 Julian Field <MailScanner at ecs.soton.ac.uk>:
>>
>>
>> Simon Jones wrote:
>>>
>>> 2008/11/11 Martin Hepworth <maxsec at gmail.com>:
>>>
>>>>
>>>> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>>>>
>>>>>
>>>>> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>>>>>
>>>>>>
>>>>>> 2008/11/10 Martin Hepworth <maxsec at gmail.com>:
>>>>>>
>>>>>>>
>>>>>>> 2008/11/10 Simon Jones <simonmjones at gmail.com>:
>>>>>>>
>>>>>>>>
>>>>>>>> Hi all, fresh pair of eyes could be the solution but i'm struggling
>>>>>>>> at the mo.
>>>>>>>>
>>>>>>>> i have a domain that seems to be being excluded from the spam scan -
>>>>>>>> virus scanning is OK though. i've check
>>>>>>>> /etc/MailScanner/scan.messages.rules and its not listed in there.
>>>>>>>> the
>>>>>>>> recipient and transport tables are good - what else could cause this?
>>>>>>>> all other domains are being scanned and everything's working fine.
>>>>>>>>
>>>>>>>> cheers
>>>>>>>>
>>>>>>>> Si
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> whitelisted in the SA config? Are you putting all SA scores etc in all
>>>>>>> emails so can see what's going on?
>>>>>>>
>>>>>>> --
>>>>>>> Martin Hepworth
>>>>>>> Oxford, UK
>>>>>>> --
>>>>>>>
>>>>>
>>>>> Morning chaps,
>>>>>
>>>>> a bit more info - this was working OK and domain has been successfully
>>>>> scanned for a number of months but it stopped scanning over the
>>>>> weekend. Its a distributed setup (3 servers + db) and it appears that
>>>>> all servers are dropping the domain from the scan. S/A scores are
>>>>> zero on all scans, there's nothing whitelisted that I can see, I run
>>>>> MailWatch and the messages for this domain are all classed as clean.
>>>>> The only time i've seen this before is when the domain is listed in
>>>>> the /etc/MailScanner/rules/scan.messages.rules file - it is not listed
>>>>> in this case though.
>>>>>
>>>>> MailScanner --to @tbanda.co.uk or to MailScanner --to
>>>>> user at tbanda.co.uk doesn't return anything at all on any of the nodes.
>>>>>
>>
>> That's because you're not asking it to work out anything.
>> MailScanner --to user at tbanda.co.uk --value=scanmessages
>> should print something. Try that for other MailScanner.conf options you want
>> to check.
>>
>>>>> It seems to be affecting this domain globally but for no apparent
>>>>> reason, all others are OK though.
>>>>> Domains are stored in a mysql db as are transport maps and users,
>>>>> postfix reads from the (seperate) db without any problems.
>>>>>
>>>>> I can't see anything in maillog of relevance and a spamassassin -D
>>>>> --lint doesn't show any problems, anywhere else i can look?
>>>>>
>>>>> cheers,
>>>>>
>>>>> Si
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>
>>>> Simon
>>>>
>>>> Ok so you're definitely getting MS headers in the emails that aren't
>>>> scanned, and you're seeing a zero score in the headers (not just
>>>> mailwatch)??
>>>>
>>>> I presume you have these set in MailScanner.conf so you can see what's
>>>> happening?
>>>>
>>>> Always Include SpamAssassin Report = yes
>>>> Spam Score Number Format = yes
>>>> SpamScore Number Instead Of Stars = yes
>>>>
>>>> any timeouts in the logs for these emails?
>>>>
>>>> have you tried running a sample set in debug mode?
>>>>
>>>> --
>>>> Martin Hepworth
>>>> Oxford, UK
>>>> --
>>>>
>>>
>>> Hi Martin,
>>>
>>> just a zero score, here's an example from maillog;
>>>
>>> cat /var/log/maillog | grep 1B6906814F1.E8158
>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Requeue:
>>> 1B6906814F1.E8158 to D27525C0302
>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Logging message
>>> 1B6906814F1.E8158 to SQL
>>> Nov 11 11:39:47 mailgate1 MailScanner[11926]: 1B6906814F1.E8158:
>>> Logged to MailWatch SQL
>>>
>>> [root at server postfix]# cat /var/log/maillog | grep D27525C0302
>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Requeue:
>>> 1B6906814F1.E8158 to D27525C0302
>>> Nov 11 11:39:47 mailgate1 postfix/qmgr[11829]: D27525C0302:
>>> from=<t.walsh at tbanda.co.uk>, size=2566, nrcpt=1 (queue active)
>>> Nov 11 11:39:47 mailgate1 postfix/smtp[11872]: D27525C0302:
>>> to=<t.walsh at tbanda.co.uk>, relay=xx.xx.xx.xx[xx.xx.xx.xx]:25,
>>> delay=23, delays=23/0/0/0, dsn=2.0.0, status=sent (250 Message queued)
>>> Nov 11 11:39:47 mailgate1 postfix/qmgr[11829]: D27525C0302: removed
>>>
>>> you can see it gets passed from mailscanner to the postfix queue
>>> manager before being sent which I guess is all normal.
>>>
>>> Always include.. was set to "no" so I changed this to "yes", the
>>> others look ok with the spam score number being %d
>>>
>>> No time-outs that I can see, I haven't really done anything in debug
>>> other than stop the service then restart in debug but everything
>>> looked OK, the fact that this only appears to affect one domain (there
>>> are about 300 on the system) is the strange part. Could it be
>>> something in SpamAssassin's cache? I've checked user configured
>>> black/white lists and that looks OK, 3 whitelist entries and 50 or so
>>> blacklists, nothing abnormal though. Where can I find the docs for
>>> "running a sample set in debug mode?"
>>>
>>> Simon
>>>
>>
>> Jules
>>
>> --
> Aah, thanks Jules - this looks ok?
>
> MailScanner --to user at tbanda.co.uk --value=scanmessages
> Looked up internal option name "scanmail"
> With sender =
> recipient = s.bunker at tbanda.co.uk
> Client IP =
> Virus =
> Result is "1"
>
> 0=No 1=Yes
>
and here's the debug output...
MailScanner --Debug
In Debugging mode, not forking...
Trying to setlogsock(unix)
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
Building a message batch to scan...
Have a batch of 3 messages.
max message size is '40k'
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
max message size is '40k'
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
max message size is '40k'
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
bayes: locker: safe_lock: cannot create lockfile
/etc/MailScanner/bayes/bayes.mutex: Permission denied
Stopping now as you are debugging me.
commit ineffective with AutoCommit enabled at
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
<CLIENT> line 118.
Commmit ineffective while AutoCommit is on at
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
<CLIENT> line 118.
More information about the MailScanner
mailing list