Problem Messages

[Julian Field]

On 11/06/2009 13:27, Remco Barendse wrote:
> On Tue, 2 Jun 2009, Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Look for traces of the messages in your mail logs. That will tell you
>> what happened. You might then want to try digging the messages out of
>> quarantine and running them through MailScanner manually (start with
>> "MailScanner --help" and work from there) one at a time to see what goes
>> wrong.
>>
>> If you want to wipe the database you can always just delete it. Its
>> location in set in MailScanner.conf (look for "Processing.db" in there).
>>
>> Also, the fact that they have been the cause of these problems means
>> that they were never delivered, so you may want to take a look at them
>> and figure out if they were important and what you might want to do
>> about this.
>
> I keep getting the problem messages e-mails. The fact that mails are 
> not delivered is not a problem, so far they are all spam. I suspect 
> the problem is in Processing.db because i get this in my e-mail :
>
> Archive:
>
> Number of messages: 1
> Tries   Message Last Tried
> =====   ======= ==========
> 6       n59KLG4X024369  Tue Jun  9 22:51:41 2009
>
> -- 
> MailScanner
>
>
> However, when i search for that file :
> [root at mail ]# locate -i 59KLG4X024369
> /var/spool/MailScanner/quarantine/20090609/n59KLG4X024369
> /var/spool/MailScanner/quarantine/20090609/n59KLG4X024369/dfn59KLG4X024369 
>
> /var/spool/MailScanner/quarantine/20090609/n59KLG4X024369/qfn59KLG4X024369 
>
>
> The messages are long gone into quarantine and dealt with.
>
>
> [root at mail ]# cat /var/log/maillog | grep -i 59KLG4X024369
> Jun  9 22:21:36 mail sendmail[24369]: n59KLG4X024369: 
> from=<rit1win at msn.com>, size=10348, class=0, nrcpts=1, 
> msgid=<BLU130-W211108316762336E4C0169EB440 at phx.gbl>, proto=ESMTP, 
> daemon=MTA, relay=blu0-omc2-s15.blu0.hotmail.com [65.55.111.90]
> Jun  9 22:21:36 mail sendmail[24369]: n59KLG4X024369: 
> to=<x.xxxxxxxx at xxxx.xxx>, delay=00:00:00, mailer=esmtp, pri=40348, 
> stat=queued
> Jun  9 22:25:07 mail MailScanner[22079]: Making attempt 2 at 
> processing message n59KLG4X024369
> Jun  9 22:30:59 mail MailScanner[23616]: Making attempt 3 at 
> processing message n59KLG4X024369
> Jun  9 22:36:51 mail MailScanner[20198]: Making attempt 4 at 
> processing message n59KLG4X024369
> Jun  9 22:42:33 mail MailScanner[19693]: Making attempt 5 at 
> processing message n59KLG4X024369
> Jun  9 22:46:03 mail MailScanner[23456]: Making attempt 6 at 
> processing message n59KLG4X024369
> Jun  9 22:46:04 mail MailScanner[24456]: Warning: skipping message 
> n59KLG4X024369 as it has been attempted too many times
> Jun  9 22:46:04 mail MailScanner[24456]: Quarantined message 
> n59KLG4X024369 as it caused MailScanner to crash several times
> Jun  9 22:46:04 mail MailScanner[24456]: Saved entire message to 
> /var/spool/MailScanner/quarantine/20090609/n59KLG4X024369
>
> Doesn't make me any wiser
>
> I'm running :
> Running on
> Linux 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 
> x86_64 x86_64 GNU/Linux
> This is CentOS release 5.3 (Final)
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.77.10
>
>
> I want to try to run the e-mail manually through MailScanner but 
> --info doesn't enlighten me (yes also here PBKAC) :PPP
>
> MailScanner [ -h|-v|--debug|--debug-sa|--lint ] |
>             [ --processing | --processing=<minimum> ] |
>             [ -c|--changed ] |
>             [ --id=<message-id> ] |
>             [ --inqueuedir=<dir-name|glob> ] |
>             [--value=<option-name> --from=<from-address>
>              --to=<to-address>,    --to=<to-address-2>, ...]
>              --ip=<ip-address>,    --virus=<virus-name> ]
> <MailScanner.conf-file-location>
>
>
> What should i do with the qf/df pair to run MailScanner manually?
Copy the mail df+qf pair to /var/spool/mqueue.in and run something along 
the lines of
MailScanner --debug --id=n59KLG4X024369
and it should just process that one message and quit.
You might need to delete the Processing.db before you start. And I would 
stop your main MailScanner too, or else it will pick up the message and 
try to process it.
Please tell me what output you got from that MailScanner command.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.