Syslogging broken

Thu Mar 26 00:47:11 GMT 2009

Hello,

last month there was a thread from Greg Deputy about Mailscanner not
logging correctly to syslog. While Greg probably worked around his
problem, I think it still exists.

On debian lenny with Mailscanner from testing (4.74.16-1) I get logging
like this:

1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333)
1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333)
2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist 
2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist 
2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache
2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database
2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality...
19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam.
2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist 
2,6,Mar 26 01:06:24,MailScanner[9713]: Read 4278 hostnames from the phishing blacklist 
2,6,Mar 26 01:06:24,MailScanner[9713]: Using SpamAssassin results cache
2,6,Mar 26 01:06:24,MailScanner[9713]: Connected to SpamAssassin cache database
2,6,Mar 26 01:06:24,MailScanner[9713]: Enabling SpamAssassin auto-whitelist functionality...
19,7,Mar 26 01:06:25,check[9713]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
19,6,Mar 26 01:06:26,check[9707]: Using locktype = flock
19,7,Mar 26 01:06:27,check[9713]: [ 3] mail 1 is not known spam.
2,6,Mar 26 01:06:29,MailScanner[9717]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
2,6,Mar 26 01:06:29,MailScanner[9717]: Read 848 hostnames from the phishing whitelist 
2,6,Mar 26 01:06:29,MailScanner[9717]: Read 4278 hostnames from the phishing blacklist 
2,6,Mar 26 01:06:29,MailScanner[9717]: Using SpamAssassin results cache
2,6,Mar 26 01:06:29,MailScanner[9717]: Connected to SpamAssassin cache database
2,6,Mar 26 01:06:29,MailScanner[9717]: Enabling SpamAssassin auto-whitelist functionality...
19,7,Mar 26 01:06:30,check[9717]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
19,7,Mar 26 01:06:31,check[9717]: [ 3] mail 1 is not known spam.
19,6,Mar 26 01:06:32,check[9713]: Using locktype = flock
19,6,Mar 26 01:06:37,check[9717]: Using locktype = flock
19,6,Mar 26 01:12:56,check[9707]: New Batch: Scanning 1 messages, 1615 bytes
19,6,Mar 26 01:12:56,check[9707]: Spam Checks: Starting
19,5,Mar 26 01:12:57,check[9707]: RBL checks: 567081E5.644FE found in SORBS-DNSBL
19,7,Mar 26 01:12:57,check[9739]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
19,7,Mar 26 01:12:59,check[9739]: [ 3] mail 1 is known spam.
19,6,Mar 26 01:13:04,check[9707]: Message 567081E5.644FE from .... is spam ....
19,5,Mar 26 01:13:04,check[9707]: Spam Checks: Found 1 spam messages
19,5,Mar 26 01:13:04,check[9707]: Non-delivery of spam: message 567081E5.644FE from ... to ... 
19,5,Mar 26 01:13:04,check[9707]: Spam Actions: message 567081E5.644FE actions are store,delete
19,6,Mar 26 01:13:04,check[9707]: Spam Checks completed at 222 bytes per second
19,6,Mar 26 01:13:04,check[9707]: Virus and Content Scanning: Starting
19,6,Mar 26 01:13:05,check[9707]: Virus Scanning completed at 1063 bytes per second
19,6,Mar 26 01:13:05,check[9707]: Batch completed at 183 bytes per second (1615 / 8)
19,6,Mar 26 01:13:05,check[9707]: Batch (1 message) processed in 8.78 seconds

For debuggin I configured rsyslogd to log facility and priority (the
first 2 numbers each line).
2 = LOG_MAIL, 19=LOG_LOCAL3
No matter what I configure in MailScanner.conf, this value is only used
on the same Lines that log with the tag "MailScanner". For me it seems
that the child processes get this messed up and continue logging with
the tag "check" and always with LOG_LOCAL3.

I have another MailScanner running on a debian etch box just fine with
correct logging.

The output of --version of both working and broken setup are attached.

Let me know if you need more information,
  Tom

-------------- next part --------------
Linux XXXX 2.6.28.8-vs2.3.0.36.8 #1 SMP Wed Mar 18 13:38:01 UTC 2009 i686 GNU/Linux
This is Perl version 5.010000 (5.10.0)

This is MailScanner version 4.74.16
Module versions are:
1.00	AnyDBM_File
1.18	Archive::Zip
0.22	bignum
1.08	Carp
2.012	Compress::Zlib
1.119 	Convert::BinHex
0.17	Convert::TNEF
2.121_14	Data::Dumper
2.27	Date::Parse
1.01	DirHandle
1.06	Fcntl
2.76	File::Basename
2.11	File::Copy
2.01	FileHandle
2.04	File::Path
0.18	File::Temp
0.92	Filesys::Df
1.35	HTML::Entities
3.56	HTML::Parser
2.37	HTML::TokeParser
1.23_01	IO
1.14	IO::File
1.13	IO::Pipe
2.03	Mail::Header
1.88	Math::BigInt
0.21	Math::BigRat
3.07_01	MIME::Base64
5.427	MIME::Decoder
5.427	MIME::Decoder::UU
5.427	MIME::Head
5.427	MIME::Parser
3.07	MIME::QuotedPrint
5.427	MIME::Tools
0.11	Net::CIDR
1.25	Net::IP
0.16	OLE::Storage_Lite
1.04	Pod::Escapes
3.05	Pod::Simple
1.13	POSIX
1.19	Scalar::Util
1.80	Socket
2.18	Storable
1.4	Sys::Hostname::Long
0.26	Sys::Syslog
missing	Test::Pod
0.72	Test::Simple
1.9711	Time::HiRes
1.02	Time::localtime

Optional module versions are:
1.38	Archive::Tar
0.22	bignum
missing	Business::ISBN
missing	Business::ISBN::Data
missing	Data::Dump
1.816_1	DB_File
1.14	DBD::SQLite
1.605	DBI
1.15	Digest
1.01	Digest::HMAC
2.36_01	Digest::MD5
2.11	Digest::SHA1
missing	Encode::Detect
missing	Error
0.21	ExtUtils::CBuilder
2.18_02	ExtUtils::ParseXS
2.37	Getopt::Long
missing	Inline
1.08	IO::String
1.07	IO::Zlib
missing	IP::Country
missing	Mail::ClamAV
3.002005	Mail::SpamAssassin
missing	Mail::SPF
1.999001	Mail::SPF::Query
0.280801	Module::Build
0.20	Net::CIDR::Lite
0.63	Net::DNS
missing	Net::DNS::Resolver::Programmable
0.36	Net::LDAP
missing	NetAddr::IP
missing	Parse::RecDescent
missing	SAVI
2.64	Test::Harness
missing	Test::Manifest
2.0.0	Text::Balanced
1.35	URI
0.74	version
missing	YAML

-------------- next part --------------
Running on
Linux XXXX 2.6.22.7-vs23024 #1 SMP Tue Sep 25 03:55:21 CEST 2007 i686 GNU/Linux
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.56.8
Module versions are:
1.00	AnyDBM_File
1.16	Archive::Zip
1.04	Carp
1.119 	Convert::BinHex
1.00	DirHandle
1.05	Fcntl
2.74	File::Basename
2.09	File::Copy
2.01	FileHandle
1.08	File::Path
0.16	File::Temp
0.92	Filesys::Df
1.35	HTML::Entities
3.55	HTML::Parser
2.37	HTML::TokeParser
1.22	IO
1.13	IO::File
1.13	IO::Pipe
1.74	Mail::Header
3.07	MIME::Base64
5.420	MIME::Decoder
5.420	MIME::Decoder::UU
5.420	MIME::Head
5.420	MIME::Parser
3.07	MIME::QuotedPrint
5.420	MIME::Tools
0.11	Net::CIDR
1.09	POSIX
1.78	Socket
1.4	Sys::Hostname::Long
0.18	Sys::Syslog
1.86	Time::HiRes
1.02	Time::localtime

Optional module versions are:
0.17	Convert::TNEF
1.814	DB_File
1.13	DBD::SQLite
1.53	DBI
1.14	Digest
1.01	Digest::HMAC
2.36	Digest::MD5
2.11	Digest::SHA1
missing	Inline
missing	Mail::ClamAV
3.002003	Mail::SpamAssassin
1.999001	Mail::SPF::Query
0.20	Net::CIDR::Lite
1.25	Net::IP
0.59	Net::DNS
missing	Net::LDAP
missing	Parse::RecDescent
missing	SAVI
2.56	Test::Harness
0.62	Test::Simple
1.95	Text::Balanced
1.35	URI