Spam remaining in hold queue

Mon Aug 22 23:06:24 IST 2011

List,

Testing Lab - Installation specifics:
MailScanner-4.84.3-1.rpm.tar
Postfix 2.6.6
Scientific Linux 6.1, perl 5.10.1
High scoring spam is set to: store and notify

Problem:
Email with gtube spam test remains in the Postfix hold queue and is not delivered to the spam quarantine.

# postqueue -p
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
EFF9C4EB9!      755 Mon Aug 22 13:22:51  jbull at esd113.lab
                                         tone at test.lab<mailto:tone at test.lab>

MailScanner successfully creates /var/Spool/MailScanner/quarantine/<date>/spam
but the email never makes it there.

Directory Permissions:
chown -R postfix.clamav /var/spool/MailScanner/incoming
chmod -R 770 /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/incoming/SpamAssassin.cache.db
chown postfix.postfix -R /var/spool/MailScanner/incoming/SpamAssassin-Temp
chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db

chown -R postfix.apache /var/spool/MailScanner/quarantine
chmod 770 -R /var/spool/MailScanner/quarantine

mkdir /var/spool/MailScanner/spamassassin
chown -R postfix:postfix /var/spool/MailScanner/spamassassin
chmod -R 770 /var/spool/MailScanner/spamassassin

MailScanner Config
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
MTA = postfix
Sendmail = /usr/sbin/sendmail.postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0644
Quarantine User = postfix
Quarantine Group = apache
Quarantine Permissions = 0660
Virus Scanners = clamd
Quarantine Infections = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = yes
Spam Checks = yes
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 4.75
High SpamAssassin Score = 6
Spam Score = yes
Spam Actions = deliver
High Scoring Spam Actions = store notify

Maillog:
Spam Checks: Starting
Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from 192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam messages
Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message EFF9C4EB9.A5C23 actions are store,notify
Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify tone at test.lab<mailto:tone at test.lab>

: Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too many times
Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message EFF9C4EB9.A5C23 as it caused MailScanner to crash several times

MailScanner --processing
Currently being processed:

Number of messages: 1
Tries      Message              Next Try At
=====    =======                ===========
6              EFF9C4EB9.A5C23            Mon Aug 22 13:49:34 2011

# MailScanner --lint --debug
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 867 hostnames from the phishing whitelist
Read 4076 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.84.3) is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There is 1 message in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

Thank you,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110822/310e6d14/attachment.html