Quarantined email testing/troubleshooting

Nikolaos Pavlidis Nikolaos.Pavlidis at beds.ac.uk
Tue Jan 27 11:44:57 GMT 2009


Hello,

A million thanks once again Julian, I do apologise for the late reply
though, things have been quite busy around here. 

Kind regards,

Nik

On Thu, 2009-01-22 at 16:50 +0000, Julian Field wrote:
> You can't just use df and/or qf files as if they were RFC822 messages.

> They're not.
> 	However, they *nearly* are, when used as a pair.
> Many years ago (2002 is the date stamp on the file) I wrote a script 
> which would take an entire quarantine directory (or a string of 
> director						y names) full of
qf* and df* files, and generate an mbox file 
> from them, which could then be simply fed to sa-learn with 1 command
to 
> learn the whole lot at one go by using the "--mbox" command-line
option 
> to sa-learn.
> It's at
> www.mailscanner.info/files/4/df2mbox
> It's a fairly simple shell script, I'm sure you can hack it around if 
> you want to do something slightly different with it.
> 
> Usage example:
> Say you have a quarantine directory 
> /var/spool/MailScanner/quarantine/<date-here> and each of those 
> <date-here> subdirectories contains a whole bunch of qf and df files
in 
> the same directory. You can just do
>      cd /var/spool/MailSanner/quarantine
>      df2mbox *
> and it will go and get on with it, and give you a pile of mbox files
as 
> a result.
> 
> I posted this to this mailing list back in 2002 as well, but I doubt 
> anyone looks back that far. Don't worry, I'll let you off this time
:-)
> 
> Hope that helps,
> Jules.
> 
> On 22/1/09 16:30, Nikolaos Pavlidis wrote:
> > Hello all,
> >
> > We seem to be facing a weird issue and we would appreciate any
> > assistance with it.
> > To start with, we are using a solaris + sendmail +
MailScanner-4.73.4-2
> > implementation. Bayes database has been trained with lots of spam
and
> > some ham that got quarantined since the service went live.
> >
> > We have set mailscanner to separate the mail messages into q and d
queue
> > files so we can put false possitives back in the queue in a more
quick
> > and efficient manner. Spamassassin seemed to be putting automated
> > Delivery Notifications to quarantine so we trained it back then (the
> > single mail messages RFC822) to be ham.
> >
> > Now we have noticed that some Delivery notifications again get
> > quarantined, only now we have the 2 part emails q and d files.
> >
> > When we do a test on them "spamassassin -t
> > -p /etc/mail/MailScanner/spam.assassin.prefs.conf<  d (or q)file"
> > they both come less than 5.0 points(sometimes even -).
> >
> > Should the tests be performed in another way? Is the "cat qfile
dfile |
> > spamassassin -t -p /etc/mail/MailScanner/spam.assassin.prefs.conf"
the
> > appropriate way?
> > When using sa-learn to teach SA which parameters should be used,
should
> > we feed the d file only?
> > What else could be blocking/sending to quarantine these messages?
> >
> > I do apologise for the barrage of questions. Any help is much
> > appreciated. Thank you in advance.
> >
> > Regards,
> >
> > Nik
> >
> >
> >    
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
-- 

Nikolaos Pavlidis BSc (Hons) MBCS NCLP
System Administrator
University Of Bedfordshire
Park Square LU1 3JU
Luton, Beds, UK
Tel: +441582489277



More information about the MailScanner mailing list