Message rules don't work, but if message forwarded, it does???

Chris Barber cbarber at
Thu Nov 20 01:20:21 GMT 2008

> I agree that this timing issue is probably the cause for some of these.
> However there are many of these for one of my users almost every day. 
> I have her forwarding them to me right after she gets them and they 
> are blocked.
> Scott mentioned running MailScanner --lint, MailScanner --debug 
> --debug-sa I did this and I don't see any errors. I can see the 
> URI_OB_SURBL rule (for example) run and successfully score the 
> message. Is it possible that this is timing out sometimes? I have not 
> seen a timeout but I am grasping at straws at this point to figure out 
> why the URL in the message seems to be ignored the first time, then 5 
> min later when the message is forwarded back to me (Going through the 
> same MailScanner server), it gets caught?
> Thanks,
> Chris
>Is the server natted? Does it have a real public IP address or is it port forwarded from another server?
>Can you follow the chain of the headers back on both a missed message and after it has been forwarded to you?
>I am still leaning toward this being some sort of trust path issue in spamassassin, although it could be a net timeout. The lookup might time out >just before the result comes back, and on the resend the lookup is in the local cache and hits. Have you tried setting your spammassassin timeouts >longer?
>Do you have any full examples of a missed message, and one that hits right afterwards? Either full queue files or complete RFC 822 (2822) messages.

Thanks for the reply.

Yes this server is natted behind a Cisco ASA. Port 25 is forwarded to the MailScanner machine. Out of curiosity, where are you headed with this question?

I followed the headers and it looks correct. I can see the message travel to my MailScanner server and then on to the customers mail server. On the forwarded message, I see it go from the customers mail server directly to my MailScanner server and then on to my internal mail server. Is this what you mean by follow the chain?

I actually have increased my Spamassassin timeout to 120 seconds. Is there some other type of timeout I should/could be watching for?

I've attached the message queue files and named them accordingly. Let me know if this is not the format you requested.

Thanks again for the assistance!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: messages.tar
Type: application/x-tar
Size: 9728 bytes
Desc: messages.tar
Url :

More information about the MailScanner mailing list