Message rules don't work, but if message forwarded, it does???
ssilva at sgvwater.com
Thu Nov 20 19:29:23 GMT 2008
on 11-19-2008 5:20 PM Chris Barber spake the following:
>> I agree that this timing issue is probably the cause for some of these.
>> However there are many of these for one of my users almost every day.
>> I have her forwarding them to me right after she gets them and they
>> are blocked.
>> Scott mentioned running MailScanner --lint, MailScanner --debug
>> --debug-sa I did this and I don't see any errors. I can see the
>> URI_OB_SURBL rule (for example) run and successfully score the
>> message. Is it possible that this is timing out sometimes? I have not
>> seen a timeout but I am grasping at straws at this point to figure out
>> why the URL in the message seems to be ignored the first time, then 5
>> min later when the message is forwarded back to me (Going through the
>> same MailScanner server), it gets caught?
>> Is the server natted? Does it have a real public IP address or is it port forwarded from another server?
>> Can you follow the chain of the headers back on both a missed message and after it has been forwarded to you?
>> I am still leaning toward this being some sort of trust path issue in spamassassin, although it could be a net timeout. The lookup might time out >just before the result comes back, and on the resend the lookup is in the local cache and hits. Have you tried setting your spammassassin timeouts >longer?
>> Do you have any full examples of a missed message, and one that hits right afterwards? Either full queue files or complete RFC 822 (2822) messages.
> Thanks for the reply.
> Yes this server is natted behind a Cisco ASA. Port 25 is forwarded to the MailScanner machine. Out of curiosity, where are you headed with this question?
> I followed the headers and it looks correct. I can see the message travel to my MailScanner server and then on to the customers mail server. On the forwarded message, I see it go from the customers mail server directly to my MailScanner server and then on to my internal mail server. Is this what you mean by follow the chain?
> I actually have increased my Spamassassin timeout to 120 seconds. Is there some other type of timeout I should/could be watching for?
> I've attached the message queue files and named them accordingly. Let me know if this is not the format you requested.
> Thanks again for the assistance!
The HTML encoding seems different between messages. This might be why it gets
caught the second time around.
Also, the message you mark as missed has a RFC private IP address in it
(Received: from [192.168.1.56] (unknown [192.168.1.56]))
, but the one you marked as forwarded doesn't. Could they be mixed up?
Never mind. They are mixed up because the one marked missed has a Fwd:
prepended to the subject.
The missed message is encoded with "quoted-printable" in the html section, but
Thunderbird looks to be re-encoding it on the forward. Maybe you have a
problem with your mime-tools module on the server.
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081120/4cb2a471/signature-0001.bin
More information about the MailScanner