domain not scanned

Simon Jones simonmjones at gmail.com
Tue Nov 11 15:09:57 GMT 2008


2008/11/11 Martin Hepworth <maxsec at gmail.com>:
> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>>> 2008/11/11 Julian Field <MailScanner at ecs.soton.ac.uk>:
>>>>
>>>>
>>>> Simon Jones wrote:
>>>>>
>>>>> 2008/11/11 Martin Hepworth <maxsec at gmail.com>:
>>>>>
>>>>>>
>>>>>> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>>>>>>
>>>>>>>
>>>>>>> 2008/11/11 Simon Jones <simonmjones at gmail.com>:
>>>>>>>
>>>>>>>>
>>>>>>>> 2008/11/10 Martin Hepworth <maxsec at gmail.com>:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2008/11/10 Simon Jones <simonmjones at gmail.com>:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi all, fresh pair of eyes could be the solution but i'm struggling
>>>>>>>>>> at the mo.
>>>>>>>>>>
>>>>>>>>>> i have a domain that seems to be being excluded from the spam scan -
>>>>>>>>>> virus scanning is OK though.  i've check
>>>>>>>>>> /etc/MailScanner/scan.messages.rules and its not listed in there.
>>>>>>>>>>  the
>>>>>>>>>> recipient and transport tables are good - what else could cause this?
>>>>>>>>>> all other domains are being scanned and everything's working fine.
>>>>>>>>>>
>>>>>>>>>> cheers
>>>>>>>>>>
>>>>>>>>>> Si
>>>>>>>>>> --
>>>>>>>>>> MailScanner mailing list
>>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>
>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> whitelisted in the SA config? Are you putting all SA scores etc in all
>>>>>>>>> emails so can see what's going on?
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Martin Hepworth
>>>>>>>>> Oxford, UK
>>>>>>>>> --
>>>>>>>>>
>>>>>>>
>>>>>>> Morning chaps,
>>>>>>>
>>>>>>> a bit more info - this was working OK and domain has been successfully
>>>>>>> scanned for a number of months but it stopped scanning over the
>>>>>>> weekend.  Its a distributed setup (3 servers + db) and it appears that
>>>>>>> all servers are dropping the domain from the scan.  S/A scores are
>>>>>>> zero on all scans, there's nothing whitelisted that I can see, I run
>>>>>>> MailWatch and the messages for this domain are all classed as clean.
>>>>>>> The only time i've seen this before is when the domain is listed in
>>>>>>> the /etc/MailScanner/rules/scan.messages.rules file - it is not listed
>>>>>>> in this case though.
>>>>>>>
>>>>>>> MailScanner --to @tbanda.co.uk or to MailScanner --to
>>>>>>> user at tbanda.co.uk doesn't return anything at all on any of the nodes.
>>>>>>>
>>>>
>>>> That's because you're not asking it to work out anything.
>>>> MailScanner --to user at tbanda.co.uk --value=scanmessages
>>>> should print something. Try that for other MailScanner.conf options you want
>>>> to check.
>>>>
>>>>>>> It seems to be affecting this domain globally but for no apparent
>>>>>>> reason, all others are OK though.
>>>>>>> Domains are stored in a mysql db as are transport maps and users,
>>>>>>> postfix reads from the (seperate) db without any problems.
>>>>>>>
>>>>>>> I can't see anything in maillog of relevance and a spamassassin -D
>>>>>>> --lint doesn't show any problems, anywhere else i can look?
>>>>>>>
>>>>>>> cheers,
>>>>>>>
>>>>>>> Si
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Simon
>>>>>>
>>>>>> Ok so you're definitely getting MS headers in the emails that aren't
>>>>>> scanned, and you're seeing a zero score in the headers (not just
>>>>>> mailwatch)??
>>>>>>
>>>>>> I presume you have these set in MailScanner.conf so you can see what's
>>>>>> happening?
>>>>>>
>>>>>> Always Include SpamAssassin Report = yes
>>>>>> Spam Score Number Format = yes
>>>>>> SpamScore Number Instead Of Stars = yes
>>>>>>
>>>>>> any timeouts in the logs for these emails?
>>>>>>
>>>>>> have you tried running a sample set in debug mode?
>>>>>>
>>>>>> --
>>>>>> Martin Hepworth
>>>>>> Oxford, UK
>>>>>> --
>>>>>>
>>>>>
>>>>> Hi Martin,
>>>>>
>>>>> just a zero score, here's an example from maillog;
>>>>>
>>>>>  cat /var/log/maillog | grep 1B6906814F1.E8158
>>>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Requeue:
>>>>> 1B6906814F1.E8158 to D27525C0302
>>>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Logging message
>>>>> 1B6906814F1.E8158 to SQL
>>>>> Nov 11 11:39:47 mailgate1 MailScanner[11926]: 1B6906814F1.E8158:
>>>>> Logged to MailWatch SQL
>>>>>
>>>>> [root at server postfix]# cat /var/log/maillog | grep D27525C0302
>>>>> Nov 11 11:39:47 mailgate1 MailScanner[12279]: Requeue:
>>>>> 1B6906814F1.E8158 to D27525C0302
>>>>> Nov 11 11:39:47 mailgate1 postfix/qmgr[11829]: D27525C0302:
>>>>> from=<t.walsh at tbanda.co.uk>, size=2566, nrcpt=1 (queue active)
>>>>> Nov 11 11:39:47 mailgate1 postfix/smtp[11872]: D27525C0302:
>>>>> to=<t.walsh at tbanda.co.uk>, relay=xx.xx.xx.xx[xx.xx.xx.xx]:25,
>>>>> delay=23, delays=23/0/0/0, dsn=2.0.0, status=sent (250 Message queued)
>>>>> Nov 11 11:39:47 mailgate1 postfix/qmgr[11829]: D27525C0302: removed
>>>>>
>>>>> you can see it gets passed from mailscanner to the postfix queue
>>>>> manager before being sent which I guess is all normal.
>>>>>
>>>>> Always include.. was set to "no" so I changed this to "yes", the
>>>>> others look ok with the spam score number being %d
>>>>>
>>>>> No time-outs that I can see, I haven't really done anything in debug
>>>>> other than stop the service then restart in debug but everything
>>>>> looked OK, the fact that this only appears to affect one domain (there
>>>>> are about 300 on the system) is the strange part.  Could it be
>>>>> something in SpamAssassin's cache?  I've checked user configured
>>>>> black/white lists and that looks OK, 3 whitelist entries and 50 or so
>>>>> blacklists, nothing abnormal though.  Where can I find the docs for
>>>>> "running a sample set in debug mode?"
>>>>>
>>>>> Simon
>>>>>
>>>>
>>>> Jules
>>>>
>>>> --
>>> Aah, thanks Jules - this looks ok?
>>>
>>>  MailScanner --to user at tbanda.co.uk --value=scanmessages
>>> Looked up internal option name "scanmail"
>>> With sender =
>>>  recipient = s.bunker at tbanda.co.uk
>>> Client IP =
>>> Virus =
>>> Result is "1"
>>>
>>> 0=No 1=Yes
>>>
>>
>> and here's the debug output...
>>
>> MailScanner --Debug
>> In Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> Building a message batch to scan...
>> Have a batch of 3 messages.
>> max message size is '40k'
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> max message size is '40k'
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> max message size is '40k'
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> bayes: locker: safe_lock: cannot create lockfile
>> /etc/MailScanner/bayes/bayes.mutex: Permission denied
>>
>> Stopping now as you are debugging me.
>> commit ineffective with AutoCommit enabled at
>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
>> <CLIENT> line 118.
>> Commmit ineffective while AutoCommit is on at
>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
>> <CLIENT> line 118.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> Simon
>
> you need to run the debug as the postfix user really so it doesn't
> give you problems with permissions.
>
> a full debug "mailScanner --debug --debug-sa" might be useful.
>
> Obviously make sure there's email in the queue relating to the domain
> in question ;-)
>
> --
> Martin Hepworth
> Oxford, UK
> --
Thanks Martin, doesn't show any problems so far as I can see which you
would expect since it works for all other domains other than the one
it refuses to scan.


More information about the MailScanner mailing list