Trying to get MCP working

Antony Stone Antony.Stone at mailscanner.open.source.it
Thu Oct 29 20:11:39 GMT 2009 

Hi.

I'm trying to get Message Content Protection working and failing miserably :(

I'm using Debian Lenny, with MailScanner 4.74.16 installed from backports, 
SpamAssassin 3.2.5, and Exim 4.69 as the MTA.

Mail delivery works, MailScanner is working, doing its internal tests, and is 
passing the email to SpamAssassin and ClamAV for checking.  Both a GTUBE and 
an EICAR email get detected and processed correctly.

However, I can't for the life of me get MCP performing any tests.

I've posted the relevant section of MailScanner.conf below, as well as the 
test which I'm using as an example rule.  When email goes through the 
machine, I get the following entries in /var/log/mail.log (I've removed the 
hostname for anonymity and to keep the lines shorter):

Firstly, an email with the GTUBE spam signature in it:

Oct 29 18:47:41 MailScanner[26202]: New Batch: Scanning 1 messages, 1064 bytes
Oct 29 18:47:41 MailScanner[26202]: Saved archive copies of 1N3a27-0006op-Mw
Oct 29 18:47:42 MailScanner[26202]: Spam Checks: Found 1 spam messages
Oct 29 18:47:42 MailScanner[26202]: MCP Checks: Starting
Oct 29 18:47:42 MailScanner[26202]: Virus and Content Scanning: Starting
Oct 29 18:47:45 MailScanner[26202]: Uninfected: Delivered 1 messages

Headers on the received mail include:

X-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0,
    required 1)
X-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
    score=1001.459, required 6, ALL_TRUSTED -1.44, GTUBE 1000.00,
    TVD_SPACE_RATIO 2.90)

Now, an email which should match my MCP rule:

Oct 29 18:48:15 MailScanner[26202]: New Batch: Scanning 1 messages, 1064 bytes
Oct 29 18:48:15 MailScanner[26202]: Saved archive copies of 1N3a2d-0006p2-6u
Oct 29 18:48:16 MailScanner[26202]: MCP Checks: Starting
Oct 29 18:48:16 MailScanner[26202]: Virus and Content Scanning: Starting
Oct 29 18:48:18 MailScanner[26202]: Uninfected: Delivered 1 messages

Headers on the received mail include:

X-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0,
    required 1)
X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
    score=1.459, required 6, ALL_TRUSTED -1.44, TVD_SPACE_RATIO 2.90)

I created my MCP test by taking the GTUBE test from SpamAssassin's 
20_body_tests.cf, renaming it to NYLON, and replacing the letters G T U B E 
in the middle of the search pattern with N Y L O N.  Here is the content 
of /etc/MailScanner/mcp/20_body_tests.cf (I didn't change the filename in 
case I was missing something subtle about the required format for these):

body 
NYLON              /XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*NYLON-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X/
describe NYLON          Generic Test for Message Content Protection
tflags NYLON            userconf noautolearn
score NYLON             42

(Yes, the first line of the file does correctly have "body NYLON /XJS\*...." 
all on one line - it's simply wrapped here in my mail client.)

So, SpamAssassin is working when called for spam checks, but not when called 
for MCP checks.

What have I missed, or how can I debug this further, please?

I've seen several postings in list archives saying that people have found 
"First Check = spam" to work, and "First Check = mcp" not to work, however I 
have left mine as the default "spam" as you can see below.

Here's the entire MCP section of my MailScanner.conf:

-------
MCP Checks = yes

# Do the spam checks first, or the MCP checks first?
# This cannot be the filename of a ruleset, only a fixed value.
First Check = spam

# The rest of these options are clones of the equivalent spam options
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver header "X-MCP-Status: No"
MCP Actions = deliver header "X-MCP-Status: Yes"
High Scoring MCP Actions = deliver header "X-MCP-Status: Yes"
Bounce MCP As Attachment = no

MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = yes
Detailed MCP Report = yes
Include Scores In MCP Report = yes
Log MCP = yes

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
-------

If I can supply any further config files or debug output to help diagnose 
this, please let me know what's needed.

Many thanks - I hope someone knows how to get MCP working!


Regards,


Antony Stone.

-- 
"It would appear we have reached the limits of what it is possible to achieve 
with computer technology, although one should be careful with such 
statements; they tend to sound pretty silly in five years."

 - John von Neumann (1949)

                                                     Please reply to the list;
                                                           please don't CC me.

More information about the MailScanner mailing list