Syslogging broken

Martin Hepworth maxsec at gmail.com
Thu Mar 26 09:08:09 GMT 2009


Tom

from memory this was a problem with Greg's syslog.conf setup.

2009/3/26 Tom Weber <l_mailscanner at mail2news.4t2.com>:
> Hello,
>
> last month there was a thread from Greg Deputy about Mailscanner not
> logging correctly to syslog. While Greg probably worked around his
> problem, I think it still exists.
>
> On debian lenny with Mailscanner from testing (4.74.16-1) I get logging
> like this:
>
> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333)
> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333)
> 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist
> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist
> 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache
> 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database
> 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality...
> 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
> 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam.
> 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
> 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist
> 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 4278 hostnames from the phishing blacklist
> 2,6,Mar 26 01:06:24,MailScanner[9713]: Using SpamAssassin results cache
> 2,6,Mar 26 01:06:24,MailScanner[9713]: Connected to SpamAssassin cache database
> 2,6,Mar 26 01:06:24,MailScanner[9713]: Enabling SpamAssassin auto-whitelist functionality...
> 19,7,Mar 26 01:06:25,check[9713]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
> 19,6,Mar 26 01:06:26,check[9707]: Using locktype = flock
> 19,7,Mar 26 01:06:27,check[9713]: [ 3] mail 1 is not known spam.
> 2,6,Mar 26 01:06:29,MailScanner[9717]: MailScanner E-Mail Virus Scanner version 4.74.16 starting...
> 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 848 hostnames from the phishing whitelist
> 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 4278 hostnames from the phishing blacklist
> 2,6,Mar 26 01:06:29,MailScanner[9717]: Using SpamAssassin results cache
> 2,6,Mar 26 01:06:29,MailScanner[9717]: Connected to SpamAssassin cache database
> 2,6,Mar 26 01:06:29,MailScanner[9717]: Enabling SpamAssassin auto-whitelist functionality...
> 19,7,Mar 26 01:06:30,check[9717]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
> 19,7,Mar 26 01:06:31,check[9717]: [ 3] mail 1 is not known spam.
> 19,6,Mar 26 01:06:32,check[9713]: Using locktype = flock
> 19,6,Mar 26 01:06:37,check[9717]: Using locktype = flock
> 19,6,Mar 26 01:12:56,check[9707]: New Batch: Scanning 1 messages, 1615 bytes
> 19,6,Mar 26 01:12:56,check[9707]: Spam Checks: Starting
> 19,5,Mar 26 01:12:57,check[9707]: RBL checks: 567081E5.644FE found in SORBS-DNSBL
> 19,7,Mar 26 01:12:57,check[9739]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog
> 19,7,Mar 26 01:12:59,check[9739]: [ 3] mail 1 is known spam.
> 19,6,Mar 26 01:13:04,check[9707]: Message 567081E5.644FE from .... is spam ....
> 19,5,Mar 26 01:13:04,check[9707]: Spam Checks: Found 1 spam messages
> 19,5,Mar 26 01:13:04,check[9707]: Non-delivery of spam: message 567081E5.644FE from ... to ...
> 19,5,Mar 26 01:13:04,check[9707]: Spam Actions: message 567081E5.644FE actions are store,delete
> 19,6,Mar 26 01:13:04,check[9707]: Spam Checks completed at 222 bytes per second
> 19,6,Mar 26 01:13:04,check[9707]: Virus and Content Scanning: Starting
> 19,6,Mar 26 01:13:05,check[9707]: Virus Scanning completed at 1063 bytes per second
> 19,6,Mar 26 01:13:05,check[9707]: Batch completed at 183 bytes per second (1615 / 8)
> 19,6,Mar 26 01:13:05,check[9707]: Batch (1 message) processed in 8.78 seconds
>
> For debuggin I configured rsyslogd to log facility and priority (the
> first 2 numbers each line).
> 2 = LOG_MAIL, 19=LOG_LOCAL3
> No matter what I configure in MailScanner.conf, this value is only used
> on the same Lines that log with the tag "MailScanner". For me it seems
> that the child processes get this messed up and continue logging with
> the tag "check" and always with LOG_LOCAL3.
>
> I have another MailScanner running on a debian etch box just fine with
> correct logging.
>
> The output of --version of both working and broken setup are attached.
>
> Let me know if you need more information,
>  Tom
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>



-- 
Martin Hepworth
Oxford, UK


More information about the MailScanner mailing list