Quarantined email testing/troubleshooting
Nikolaos.Pavlidis at beds.ac.uk
Tue Jan 27 11:44:57 GMT 2009
A million thanks once again Julian, I do apologise for the late reply
though, things have been quite busy around here.
On Thu, 2009-01-22 at 16:50 +0000, Julian Field wrote:
> You can't just use df and/or qf files as if they were RFC822 messages.
> They're not.
> However, they *nearly* are, when used as a pair.
> Many years ago (2002 is the date stamp on the file) I wrote a script
> which would take an entire quarantine directory (or a string of
> director y names) full of
qf* and df* files, and generate an mbox file
> from them, which could then be simply fed to sa-learn with 1 command
> learn the whole lot at one go by using the "--mbox" command-line
> to sa-learn.
> It's at
> It's a fairly simple shell script, I'm sure you can hack it around if
> you want to do something slightly different with it.
> Usage example:
> Say you have a quarantine directory
> /var/spool/MailScanner/quarantine/<date-here> and each of those
> <date-here> subdirectories contains a whole bunch of qf and df files
> the same directory. You can just do
> cd /var/spool/MailSanner/quarantine
> df2mbox *
> and it will go and get on with it, and give you a pile of mbox files
> a result.
> I posted this to this mailing list back in 2002 as well, but I doubt
> anyone looks back that far. Don't worry, I'll let you off this time
> Hope that helps,
> On 22/1/09 16:30, Nikolaos Pavlidis wrote:
> > Hello all,
> > We seem to be facing a weird issue and we would appreciate any
> > assistance with it.
> > To start with, we are using a solaris + sendmail +
> > implementation. Bayes database has been trained with lots of spam
> > some ham that got quarantined since the service went live.
> > We have set mailscanner to separate the mail messages into q and d
> > files so we can put false possitives back in the queue in a more
> > and efficient manner. Spamassassin seemed to be putting automated
> > Delivery Notifications to quarantine so we trained it back then (the
> > single mail messages RFC822) to be ham.
> > Now we have noticed that some Delivery notifications again get
> > quarantined, only now we have the 2 part emails q and d files.
> > When we do a test on them "spamassassin -t
> > -p /etc/mail/MailScanner/spam.assassin.prefs.conf< d (or q)file"
> > they both come less than 5.0 points(sometimes even -).
> > Should the tests be performed in another way? Is the "cat qfile
> > spamassassin -t -p /etc/mail/MailScanner/spam.assassin.prefs.conf"
> > appropriate way?
> > When using sa-learn to teach SA which parameters should be used,
> > we feed the d file only?
> > What else could be blocking/sending to quarantine these messages?
> > I do apologise for the barrage of questions. Any help is much
> > appreciated. Thank you in advance.
> > Regards,
> > Nik
> Julian Field MEng CITP CEng
> Buy the MailScanner book at www.MailScanner.info/store
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
Nikolaos Pavlidis BSc (Hons) MBCS NCLP
University Of Bedfordshire
Park Square LU1 3JU
Luton, Beds, UK
More information about the MailScanner