Spam remaining in hold queue

Glenn Steen glenn.steen at gmail.com
Thu Aug 25 14:24:43 IST 2011


It hangs because the queue is empty. You need stop ms, start the mta through
the ms init script (should work with the startin option), supply a gtube
message the same as before, then run the ms debug command.

Cheers
-- 
-- Glenn
Den 24 aug 2011 20:44 skrev "John Bull" <jbull at esd113.org>:
> I have tried numerous attempts to edit directory/file permissions so I
believe that can safely be ruled out as an issue.
> Mailscanner -debug is hanging after the message "Building a message batch
to scan...
> # MailScanner --debug
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
>
> It maybe that there are additional Perl taint issues that remain. My
production build on CentOS 5.6 with Perl 5.8.8 has always worked like a
charm.
>
> Regards,
> John
>
>
> From: mailscanner-bounces at lists.mailscanner.info [mailto:
mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: Tuesday, August 23, 2011 5:00 PM
> To: MailScanner discussion
> Subject: Re: Spam remaining in hold queue
>
>
> What is the debug result for a gtube run, not eicar as you showed that to
be fine...?
> The processing db thing kind of indicate that something is killing ms.
>
> Cheers
> --
> -- Glenn
> Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org<mailto:
jbull at esd113.org>>:
>> List,
>>
>> Testing Lab - Installation specifics:
>> MailScanner-4.84.3-1.rpm.tar
>> Postfix 2.6.6
>> Scientific Linux 6.1, perl 5.10.1
>> High scoring spam is set to: store and notify
>>
>> Problem:
>> Email with gtube spam test remains in the Postfix hold queue and is not
delivered to the spam quarantine.
>>
>> # postqueue -p
>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab<mailto:
jbull at esd113.lab>
>> tone at test.lab<mailto:tone at test.lab<mailto:tone at test.lab>>
>>
>> MailScanner successfully creates
/var/Spool/MailScanner/quarantine/<date>/spam
>> but the email never makes it there.
>>
>> Directory Permissions:
>> chown -R postfix.clamav /var/spool/MailScanner/incoming
>> chmod -R 770 /var/spool/MailScanner/incoming
>> chown postfix.postfix
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> chown postfix.postfix -R
/var/spool/MailScanner/incoming/SpamAssassin-Temp
>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>>
>> chown -R postfix.apache /var/spool/MailScanner/quarantine
>> chmod 770 -R /var/spool/MailScanner/quarantine
>>
>> mkdir /var/spool/MailScanner/spamassassin
>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
>> chmod -R 770 /var/spool/MailScanner/spamassassin
>>
>> MailScanner Config
>> Run As User = postfix
>> Run As Group = postfix
>> Incoming Queue Dir = /var/spool/postfix/hold
>> Outgoing Queue Dir = /var/spool/postfix/incoming
>> Incoming Work Dir = /var/spool/MailScanner/incoming
>> MTA = postfix
>> Sendmail = /usr/sbin/sendmail.postfix
>> Incoming Work Group = clamav
>> Incoming Work Permissions = 0644
>> Quarantine User = postfix
>> Quarantine Group = apache
>> Quarantine Permissions = 0660
>> Virus Scanners = clamd
>> Quarantine Infections = no
>> Quarantine Whole Message = yes
>> Quarantine Whole Messages As Queue Files = no
>> Keep Spam And MCP Archive Clean = yes
>> Spam Checks = yes
>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
>> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
>> Definite Spam Is High Scoring = yes
>> Use SpamAssassin = yes
>> Required SpamAssassin Score = 4.75
>> High SpamAssassin Score = 6
>> Spam Score = yes
>> Spam Actions = deliver
>> High Scoring Spam Actions = store notify
>>
>>
>> Maillog:
>> Spam Checks: Starting
>> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
192.168.0.110 (jbull at esd113.lab<mailto:jbull at esd113.lab>) to test.lab is
spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled,
ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
messages
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
EFF9C4EB9.A5C23 actions are store,notify
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
tone at test.lab<mailto:tone at test.lab<mailto:tone at test.lab>>
>>
>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too
many times
>> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>>
>> MailScanner --processing
>> Currently being processed:
>>
>> Number of messages: 1
>> Tries Message Next Try At
>> ===== ======= ===========
>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>>
>> # MailScanner --lint --debug
>> Trying to setlogsock(unix)
>>
>> Reading configuration file /etc/MailScanner/MailScanner.conf
>> Reading configuration file /etc/MailScanner/conf.d/README
>> Read 867 hostnames from the phishing whitelist
>> Read 4076 hostnames from the phishing blacklists
>>
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>>
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database
>> SpamAssassin reported no errors.
>> Connected to Processing Attempts Database
>> Created Processing Attempts Database successfully
>> There is 1 message in the Processing Attempts Database
>> Using locktype = posix
>> MailScanner.conf says "Virus Scanners = clamd"
>> Found these virus scanners installed: clamd
>>
===========================================================================
>> Filename Checks: Windows/DOS Executable (1 eicar.com<http://eicar.com>)
>> Other Checks: Found 1 problems
>> Virus and Content Scanning: Starting
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<http://eicar.com>
>> Virus Scanning: Clamd found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>>
===========================================================================
>> Virus Scanner test reports:
>> Clamd said "eicar.com<http://eicar.com> was infected:
Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamd)
>> are not listed there, you should check that they are installed correctly
>> and that MailScanner is finding them correctly via its
virus.scanners.conf.
>>
>> Thank you,
>> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110825/cce75b15/attachment.html


More information about the MailScanner mailing list