Spam remaining in hold queue

John Bull jbull at esd113.org
Wed Aug 24 19:38:18 IST 2011 

I have tried numerous attempts to edit directory/file permissions so I believe that can safely be ruled out as an issue.
Mailscanner -debug is hanging after the message "Building a message batch to scan...
# MailScanner --debug
In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...

It maybe that there are additional Perl taint issues that remain.  My production build on CentOS 5.6 with Perl 5.8.8 has always worked like a charm.

Regards,
John


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: Tuesday, August 23, 2011 5:00 PM
To: MailScanner discussion
Subject: Re: Spam remaining in hold queue


What is the debug result for a gtube run, not eicar as you showed that to be fine...?
The processing db thing kind of indicate that something is killing ms.

Cheers
--
-- Glenn
Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org<mailto:jbull at esd113.org>>:
> List,
>
> Testing Lab - Installation specifics:
> MailScanner-4.84.3-1.rpm.tar
> Postfix 2.6.6
> Scientific Linux 6.1, perl 5.10.1
> High scoring spam is set to: store and notify
>
> Problem:
> Email with gtube spam test remains in the Postfix hold queue and is not delivered to the spam quarantine.
>
> # postqueue -p
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab<mailto:jbull at esd113.lab>
> tone at test.lab<mailto:tone at test.lab<mailto:tone at test.lab>>
>
> MailScanner successfully creates /var/Spool/MailScanner/quarantine/<date>/spam
> but the email never makes it there.
>
> Directory Permissions:
> chown -R postfix.clamav /var/spool/MailScanner/incoming
> chmod -R 770 /var/spool/MailScanner/incoming
> chown postfix.postfix /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> chown postfix.postfix -R /var/spool/MailScanner/incoming/SpamAssassin-Temp
> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>
> chown -R postfix.apache /var/spool/MailScanner/quarantine
> chmod 770 -R /var/spool/MailScanner/quarantine
>
> mkdir /var/spool/MailScanner/spamassassin
> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
> chmod -R 770 /var/spool/MailScanner/spamassassin
>
> MailScanner Config
> Run As User = postfix
> Run As Group = postfix
> Incoming Queue Dir = /var/spool/postfix/hold
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Incoming Work Dir = /var/spool/MailScanner/incoming
> MTA = postfix
> Sendmail = /usr/sbin/sendmail.postfix
> Incoming Work Group = clamav
> Incoming Work Permissions = 0644
> Quarantine User = postfix
> Quarantine Group = apache
> Quarantine Permissions = 0660
> Virus Scanners = clamd
> Quarantine Infections = no
> Quarantine Whole Message = yes
> Quarantine Whole Messages As Queue Files = no
> Keep Spam And MCP Archive Clean = yes
> Spam Checks = yes
> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
> Definite Spam Is High Scoring = yes
> Use SpamAssassin = yes
> Required SpamAssassin Score = 4.75
> High SpamAssassin Score = 6
> Spam Score = yes
> Spam Actions = deliver
> High Scoring Spam Actions = store notify
>
>
> Maillog:
> Spam Checks: Starting
> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from 192.168.0.110 (jbull at esd113.lab<mailto:jbull at esd113.lab>) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam messages
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message EFF9C4EB9.A5C23 actions are store,notify
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify tone at test.lab<mailto:tone at test.lab<mailto:tone at test.lab>>
>
> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too many times
> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>
> MailScanner --processing
> Currently being processed:
>
> Number of messages: 1
> Tries Message Next Try At
> ===== ======= ===========
> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>
> # MailScanner --lint --debug
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Reading configuration file /etc/MailScanner/conf.d/README
> Read 867 hostnames from the phishing whitelist
> Read 4076 hostnames from the phishing blacklists
>
> Checking version numbers...
> Version number in MailScanner.conf (4.84.3) is correct.
> MailScanner setting GID to (89)
> MailScanner setting UID to (89)
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There is 1 message in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com<http://eicar.com>)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<http://eicar.com>
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com<http://eicar.com> was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its virus.scanners.conf.
>
> Thank you,
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/ee0649ff/attachment.html

More information about the MailScanner mailing list