Message rules don't work, but if message forwarded, it does???

Chris Barber cbarber at techquility.net
Thu Nov 20 01:20:21 GMT 2008


<snip>
> I agree that this timing issue is probably the cause for some of these.
> However there are many of these for one of my users almost every day. 
> I have her forwarding them to me right after she gets them and they 
> are blocked.
> 
> Scott mentioned running MailScanner --lint, MailScanner --debug 
> --debug-sa I did this and I don't see any errors. I can see the 
> URI_OB_SURBL rule (for example) run and successfully score the 
> message. Is it possible that this is timing out sometimes? I have not 
> seen a timeout but I am grasping at straws at this point to figure out 
> why the URL in the message seems to be ignored the first time, then 5 
> min later when the message is forwarded back to me (Going through the 
> same MailScanner server), it gets caught?
> 
> Thanks,
> Chris
> 
>Is the server natted? Does it have a real public IP address or is it port forwarded from another server?
>
>Can you follow the chain of the headers back on both a missed message and after it has been forwarded to you?
>
>I am still leaning toward this being some sort of trust path issue in spamassassin, although it could be a net timeout. The lookup might time out >just before the result comes back, and on the resend the lookup is in the local cache and hits. Have you tried setting your spammassassin timeouts >longer?
>
>Do you have any full examples of a missed message, and one that hits right afterwards? Either full queue files or complete RFC 822 (2822) messages.

Thanks for the reply.

Yes this server is natted behind a Cisco ASA. Port 25 is forwarded to the MailScanner machine. Out of curiosity, where are you headed with this question?

I followed the headers and it looks correct. I can see the message travel to my MailScanner server and then on to the customers mail server. On the forwarded message, I see it go from the customers mail server directly to my MailScanner server and then on to my internal mail server. Is this what you mean by follow the chain?

I actually have increased my Spamassassin timeout to 120 seconds. Is there some other type of timeout I should/could be watching for?

I've attached the message queue files and named them accordingly. Let me know if this is not the format you requested.

Thanks again for the assistance!
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: messages.tar
Type: application/x-tar
Size: 9728 bytes
Desc: messages.tar
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081119/95657bb8/messages.tar


More information about the MailScanner mailing list