Spam remaining in hold queue
Glenn Steen
glenn.steen at gmail.com
Wed Aug 24 00:59:40 IST 2011
What is the debug result for a gtube run, not eicar as you showed that to be
fine...?
The processing db thing kind of indicate that something is killing ms.
Cheers
--
-- Glenn
Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org>:
> List,
>
> Testing Lab - Installation specifics:
> MailScanner-4.84.3-1.rpm.tar
> Postfix 2.6.6
> Scientific Linux 6.1, perl 5.10.1
> High scoring spam is set to: store and notify
>
> Problem:
> Email with gtube spam test remains in the Postfix hold queue and is not
delivered to the spam quarantine.
>
> # postqueue -p
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab
> tone at test.lab<mailto:tone at test.lab>
>
> MailScanner successfully creates
/var/Spool/MailScanner/quarantine/<date>/spam
> but the email never makes it there.
>
> Directory Permissions:
> chown -R postfix.clamav /var/spool/MailScanner/incoming
> chmod -R 770 /var/spool/MailScanner/incoming
> chown postfix.postfix
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
> chown postfix.postfix -R /var/spool/MailScanner/incoming/SpamAssassin-Temp
> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>
> chown -R postfix.apache /var/spool/MailScanner/quarantine
> chmod 770 -R /var/spool/MailScanner/quarantine
>
> mkdir /var/spool/MailScanner/spamassassin
> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
> chmod -R 770 /var/spool/MailScanner/spamassassin
>
> MailScanner Config
> Run As User = postfix
> Run As Group = postfix
> Incoming Queue Dir = /var/spool/postfix/hold
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Incoming Work Dir = /var/spool/MailScanner/incoming
> MTA = postfix
> Sendmail = /usr/sbin/sendmail.postfix
> Incoming Work Group = clamav
> Incoming Work Permissions = 0644
> Quarantine User = postfix
> Quarantine Group = apache
> Quarantine Permissions = 0660
> Virus Scanners = clamd
> Quarantine Infections = no
> Quarantine Whole Message = yes
> Quarantine Whole Messages As Queue Files = no
> Keep Spam And MCP Archive Clean = yes
> Spam Checks = yes
> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
> Definite Spam Is High Scoring = yes
> Use SpamAssassin = yes
> Required SpamAssassin Score = 4.75
> High SpamAssassin Score = 6
> Spam Score = yes
> Spam Actions = deliver
> High Scoring Spam Actions = store notify
>
>
> Maillog:
> Spam Checks: Starting
> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin
(score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00,
DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
messages
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
EFF9C4EB9.A5C23 actions are store,notify
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
tone at test.lab<mailto:tone at test.lab>
>
> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too
many times
> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>
> MailScanner --processing
> Currently being processed:
>
> Number of messages: 1
> Tries Message Next Try At
> ===== ======= ===========
> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>
> # MailScanner --lint --debug
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Reading configuration file /etc/MailScanner/conf.d/README
> Read 867 hostnames from the phishing whitelist
> Read 4076 hostnames from the phishing blacklists
>
> Checking version numbers...
> Version number in MailScanner.conf (4.84.3) is correct.
> MailScanner setting GID to (89)
> MailScanner setting UID to (89)
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There is 1 message in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
>
===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
>
===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its
virus.scanners.conf.
>
> Thank you,
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment.html
More information about the MailScanner
mailing list