MailScanner Overload...

Clay Goss claygoss at
Tue Nov 3 18:31:42 GMT 2009

I am having fits with a mail server running MailScanner.  For many a year
now, it has just hummed along without much fuss - about 1 year ago, I
doubled the RAM after it got sluggish, but lately...  I restart it - all
seems well, but after 12 to 48 hours, it comes to its knees.  The box is
marginal - I'm building a new one, but for now, I need to keep this one up.
When things have gone south, I find:
The named server has crashed out....
SpamAssassin is timing out, being killed and restarted...
I have many "MailScanner" and "sendmail" processes running, to the point
that I must execute "service MailScanner stop" 4, 5, 6 times to get all the
MailScanner instances stopped and then "service sendmail stop" a few times
to stop all of those.  Then I can restart everything and its good for
another 12 to 48.

The box is a PIII with 768 MB RAM.  Any help much appreciated.

Here are the versions of the items I believe are pertinent:


And here is the MailScanner.conf:

%org-name% = MY_NET
%org-long-name% = My Net Place %web-site% = %etc-dir% =
/etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% =
/etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run
As User = Run As Group = Queue Scan Interval = 30 Incoming Queue Dir =
/var/spool/ Outgoing Queue Dir = /var/spool/mqueue Incoming Work
Dir = /var/spool/MailScanner/incoming Quarantine Dir =
/var/spool/MailScanner/quarantine PID file = /var/run/
Restart Every = 7200 MTA = sendmail Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions = 0600
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0600
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Scan Messages = yes
Reject Message = no
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File
Command = /usr/bin/file File Timeout = 50 Gunzip Command = /bin/gunzip
Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find
UU-Encoded Files = no Maximum Message Size =
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 2
Find Archives By Content = yes
Zip Attachments = no
Attachments Zip Filename = Attachments Min Total Size
To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg
.jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Virus Scanning = yes Virus
Scanners = auto Virus Scanner Timeout = 300 Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages
= no Block Unencrypted Messages = no Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = yes Allowed Sophos Error
Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir =
/opt/sophos-av/lib Monitors For Sophos Updates =
/opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates =
/usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd ClamAVmodule
Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule
Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression
Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = #
/var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes
Fpscand Port = 10200 Dangerous Content Scanning = yes Allow Partial Messages
= no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find
Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing
Fraud = yes Phishing Safe Sites File = %etc-dir%/
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country
Sub-Domains List = %etc-dir%/ Allow IFrame Tags = disarm
Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim Known Web
Bug Servers = Web Bug Replacement =
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Allow File
MIME Types = Deny Filetypes = Deny File MIME Types = Filetype Rules =
%etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent
Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive
Clean = yes Language Strings = %report-dir%/languages.conf Rejection Report
= %report-dir%/ Deleted Bad Content Message Report  =
Deleted Bad Filename Message Report =
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report        = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report        = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/
Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature =
%report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg Inline HTML Warning =
%report-dir%/inline.warning.html Inline Text Warning =
Sender Content Report        = %report-dir%/
Sender Error Report        = %report-dir%/
Sender Bad Filename Report = %report-dir%/
Sender Virus Report        = %report-dir%/
Sender Size Report         = %report-dir%/
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Information Header = X-%org-name%-MailScanner-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 0
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = no Multiple Headers = append Hostname =
the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no
Sign Clean Messages = yes Attach Image To Signature = no Attach Image To
HTML Message Only = yes Mark Infected Messages = yes Mark Unscanned Messages
= yes Unscanned Header Value = Not scanned: please contact your Internet
E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status:
Deliver Cleaned Messages = yes
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no Notify Senders Of
Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no #
end Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus
Subject Text = {Virus?} Filename Modify Subject = start Filename Subject
Text = {Filename?} Content Modify Subject = start Content Subject Text =
{Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size}
Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing
Modify Subject = start Phishing Subject Text = {Fraud?} Spam Modify Subject
= start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment
Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = no Notices
Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice
Signature = -- \nMailScanner\nEmail Virus Scanner\
Notices From = MailScanner Notices To = postmaster Local Postmaster =
postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner
Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = #
spamhaus-ZEN # You can un-comment this to enable them Spam Domain List =
Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 1 Spam List
Timeout = 20 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is
Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam =
no Definite Spam Is High Scoring = yes Ignore Spam Whitelist If Recipients
Exceed = 20 Max Spam Check Size = 100k Use Watermarking = no Add Watermark =
yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No
Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark
Header = X-%org-name%-MailScanner-Watermark:
Use SpamAssassin = yes
Max SpamAssassin Size = 200k
Required SpamAssassin Score = 4
High SpamAssassin Score = 6
SpamAssassin Auto Whitelist = yes
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes Include Binary Attachments In
SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes
SpamAssassin Cache Database File =
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header
"X-Spam-Status: Yes"
High Scoring Spam Actions = store
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report         = %report-dir%/
Sender Spam List Report    = %report-dir%/
Sender SpamAssassin Report = %report-dir%/
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/
Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no
Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log
Permitted Filenames = no Log Permitted Filetypes = no Log Permitted File
MIME Types = no Log Silent Viruses = no Log Dangerous HTML Tags = no Log
SpamAssassin Rule Actions = no SpamAssassin Temporary Dir =
SpamAssassin User State Dir =
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local
Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir = MCP Checks = no First Check = spam MCP
Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error
Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules
Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP
Report = %report-dir%/
Sender MCP Report = %report-dir%/
Use Default Rules With Multiple Recipients = no Spam Score Number Format =
%d MailScanner Version Number = 4.68.8 SpamAssassin Cache Timings =
1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In
Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch
= no Deliver In Background = yes Delivery Method = batch Split Exim Spool =
no Lockfile Dir = /tmp Custom Functions Dir =
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported

Thank you,
Clay Goss

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list