Whitelist problem

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jun 4 17:46:49 IST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Upgrade to 4.77.10 and this problem will disappear.

Jules.

On 04/06/2009 16:35, Pascal Maes wrote:
> That's all I have
>
> ./MailScanner --debug /opt/MailScanner/etc/MailScanner.conf
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> Have a batch of 100 messages.
> max message size is '90k'
> max message size is '90k'
> Could not reverse 201-76-71-89.flash.tv.br:
>
>
>
> In the logfile, I see :
>
>
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Making attempt 2 at 
> processing message 71D99643FF.00000
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 934886439E.00000
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 3C37964413.00000
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 94349E8D1C.00000
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Making attempt 2 at 
> processing message 1BAD16441D.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 58D20E8F2E.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 30927643FC.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 57E6B6442C.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message C0192643FD.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 304F16442F.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 7084F64431.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 18D26E8F94.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 750E1E8F9B.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 003C0E8CFD.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 96163E9000.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message D4BF164434.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 6 at 
> processing message 6A1D964435.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 8B862E8E68.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: Making attempt 5 at 
> processing message 5BE53E8B4B.00000
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: New Batch: Found 309 
> messages waiting
> Jun  4 17:30:28 smtp-1 MailScanner[14322]: New Batch: Scanning 100 
> messages, 3511210 bytes
>
> and also
>
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Warning: skipping message 
> 1C914E8AEB.00000 as it has been attempted too many times
> Jun  4 17:30:27 smtp-1 MailScanner[14322]: Quarantined message 
> 1C914E8AEB.00000 as it caused MailScanner to crash several times
>
>
> Le 04-juin-09 à 16:33, Julian Field a écrit :
>
>> Run "MailScanner --debug" and see what happens.
>>
>> On 04/06/2009 14:54, Pascal Maes wrote:
>>> Hello again
>>>
>>> It works better for the spam whitelist but since I have upgraded to 
>>> 4.77.9, I have a lot of
>>>
>>>
>>> The following e-mails were found to have: Other Bad Content Detected
>>>
>>>  Sender: n.peiffer at foretwallonne.be
>>> IP Address: 130.104.130.103
>>> Recipient: jacob at right-ink.com
>>> Subject: demande de prix
>>> MessageID: A6E81EB22E.00000
>>> Quarantine: /var/spool/MailScanner/quarantine/20090604/A6E81EB22E.00000
>>>  Report: MailScanner: Message attempted to kill MailScanner
>>>
>>>
>>> It's a mail with two attachments,
>>>
>>> one tiff : filename=logo_fw.tif
>>> and another pdf : filename="fw97_3-11[arboplant].pdf"
>>>
>>>
>>>
>>>
>>> Le 04-juin-09 à 12:46, Julian Field a écrit :
>>>
>>>> Upgrade to 4.77 and you should find it works rather better.
>>>>
>>>> On 04/06/2009 10:41, Pascal Maes wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> We are using MailScanner version 4.76.25-1
>>>>>
>>>>> In MailScanner.conf, I have :
>>>>>
>>>>> Is Definitely Not Spam = %rules-dir%/spam_whitelist.rules
>>>>>
>>>>> and the file spam_whitelist.rules looks like :
>>>>>
>>>>> > more /opt/MailScanner/etc/rules/spam_whitelist.rules
>>>>> #
>>>>> # Addresses matching in here, with the value
>>>>> # "yes" will never be marked as spam.
>>>>> #
>>>>> #
>>>>>
>>>>> From:    85.201.63.77                    yes
>>>>> From:    85.201.63.77/32                    yes
>>>>> From:    user-85-201-63-77.static.tvcablenet.be        yes
>>>>> From:    host-85-201-63-77.brutele.be            yes
>>>>> From:    uclsbs.ucl.lan                    yes
>>>>> From:    macosx-tex-bounces at email.esm.psu.edu        yes
>>>>>
>>>>> From:    /opt/MailScanner/etc/rules/whitelist.domains    yes
>>>>>
>>>>> FromOrTo:    default                    no
>>>>>
>>>>>
>>>>>
>>>>> The file /opt/MailScanner/etc/rules/whitelist.domains contains 
>>>>> lines like
>>>>>
>>>>> *@example.com
>>>>> *@*.example.net
>>>>> user at some.domain.come
>>>>>
>>>>>
>>>>> The following message is comming from the server 85.201.63.77 but 
>>>>> it is still tagged as spam.
>>>>> Why ?
>>>>>
>>>>>
>>>>> Received: from uclsbs.ucl.lan (host-85-201-63-77.brutele.be 
>>>>> [85.201.63.77])
>>>>> by smtp1.sgsi.ucl.ac.be (Postfix) with ESMTP id CD3A2E8AE2    for
>>>>> <responsable-mail at uclouvain.be>; Thu, 04 Jun 2009 11:06:51 +0200 
>>>>> (CEST)
>>>>> Date: Thu, 04 Jun 2009 11:06:01 +0200
>>>>> From: Veronique Maekelbergh <xxx at yyy.be>
>>>>> Subject: {Spam?} Test mail
>>>>> To:  zzz at yyy.be
>>>>> Message-id: <78AEBC3D06BBD9428F6FC4FAB44118A71776E4 at uclsbs.ucl.lan>
>>>>> MIME-version: 1.0
>>>>> X-MIMEOLE: Produced By Microsoft Exchange V6.5
>>>>> Content-type: multipart/alternative;
>>>>> boundary="Boundary_(ID_kDFY1PEdH5W0kqHpMhDt8A)"
>>>>> Content-class: urn:content-classes:message
>>>>> Thread-topic: Test mail
>>>>> Thread-index: Acnk866wOLlTbHdkQg+C6WRoBjqwuA==
>>>>> X-SGSI-DNSWL: No
>>>>> X-MS-Has-Attach:
>>>>> X-MS-TNEF-Correlator:
>>>>> X-Virus-Scanned: clamav-milter 0.95.1
>>>>> X-Virus-Status: Clean
>>>>> X-SGSI-MailScanner-ID: CD3A2E8AE2.00000
>>>>> X-SGSI-MailScanner: Found to be clean
>>>>> X-SGSI-SpamCheck: polluriel, SpamAssassin (not cached, 
>>>>> score=5.812, requis 5,
>>>>>  BAYES_00 -1.60, BOTNET 3.00, HELO_LH_HOME 3.71, HTML_MESSAGE 0.00,
>>>>>  RDNS_DYNAMIC 0.10, SPF_SOFTFAIL 0.60)
>>>>> X-SGSI-Spam-Score: sssss
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>
>>>> Jules
>>>>
>>>> -- 
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new requirements from your boss?
>>>> Contact me!
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>>
>>>>
>>>> -- 
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> Jules
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.10.0 (Build 500)
Comment: Use PGP or Thunderbird Enigmail to verify this message
Charset: ISO-8859-1

wj8DBQFKJ/p7EfZZRxQVtlQRAgZnAKDE4hQ5iWPLgfjvzKAd2+8PQdTuvQCfeABW
u5ZJR5LxJvlqJyIfkHRm768=
=PMOQ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list