Receives email with blank body
Budi Febrianto
bfebrian.milis at gmail.com
Thu Oct 11 04:25:07 IST 2012
Dear Martin,
Already activated the archive facility.
How to proper way to inject and debug mailscanner/sendmail?
This is what I did, and maybe I did it wrong.
shutdown the mailscanner
copy the archive from /var/spool/MailScanner/archive/(date) to
/var/spool/mqeue
run mailscanner with --debug
Mailscanner run, and than stop, with some error related with mailwatch
about commit, but nothing else
Best Regards
On Tue, Oct 9, 2012 at 1:31 AM, Martin Hepworth <maxsec at gmail.com> wrote:
> Doubt it, unless the antivirus on the Domino server did something to it,
> all Mailwatch does is log the information.
>
> Can you replay messages at all - ie do you use the archive facility so
> you can inject the message again while running in debug mode?
>
>
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 8 October 2012 18:05, Budi Febrianto <bfebrian.milis at gmail.com> wrote:
>
>> Dear Martin,
>>
>> This happen not always with big emails, many big emails still delivered
>> without any problems.
>>
>> This problem appears to be random, but often.
>>
>> The next host is the mail server, which is Lotus Domino 8.5.
>>
>> Is it possible that the anti virus or mailwatch somehow altered the mail
>> format?
>>
>> Best regards
>> On Oct 8, 2012 11:39 PM, "Martin Hepworth" <maxsec at gmail.com> wrote:
>>
>>> Is this consistent with large emails above the spam checks size limit?
>>>
>>> If it is, you could run a test in debug mode of a large email to see
>>> what's going flakey.
>>>
>>> I presume the next host down the line (192.168.10.17) is handling this
>>> OK?
>>>
>>>
>>> --
>>> Martin Hepworth, CISSP
>>> Oxford, UK
>>>
>>>
>>> On 8 October 2012 16:27, Budi Febrianto <bfebrian.milis at gmail.com>wrote:
>>>
>>>> Dear Martin,
>>>>
>>>> Thank you for the reply, but I don't see something strange in the
>>>> maillog
>>>>
>>>> [root at spam log]# cat maillog.1 | grep q917UfQF014676
>>>> Oct 1 14:30:58 spam sendmail[14676]: q917UfQF014676: from=<
>>>> cory.margaret at abc.com>, size=340562, class=0, nrcpts=1, msgid=<
>>>> E430C752C711024D996D49014F27FD10A78D9B at MT-XC-02-CB.abc.com>,
>>>> proto=ESMTP, daemon=MTA, relay=ln-static-202-77-100-39.link.net.id
>>>> [202.77.100.39] (may be forged)
>>>> Oct 1 14:30:58 spam sendmail[14676]: q917UfQF014676: to=<
>>>> amiws at xyz.co.id>, delay=00:00:11, mailer=smtp, pri=370562, stat=queued
>>>> Oct 1 14:30:59 spam MailScanner[13678]: Message q917UfQF014676 from
>>>> 202.77.100.39 (cory.margaret at abc.com) to xyz.co.id is too big for spam
>>>> checks (341198 > 200000 bytes)
>>>> Oct 1 14:30:59 spam MailScanner[13678]: Logging message q917UfQF014676
>>>> to SQL
>>>> Oct 1 14:30:59 spam MailScanner[13945]: q917UfQF014676: Logged to
>>>> MailWatch SQL
>>>> Oct 1 14:31:00 spam sendmail[14693]: q917UfQF014676: to=<
>>>> amiws at xyz.co.id>, delay=00:00:13, xdelay=00:00:01, mailer=smtp,
>>>> pri=460562, relay=[192.168.10.17] [192.168.10.17], dsn=2.0.0, stat=Sent
>>>> (Message accepted for delivery)
>>>>
>>>> Best Regards
>>>>
>>>> On Mon, Oct 8, 2012 at 6:53 PM, Martin Hepworth <maxsec at gmail.com>wrote:
>>>>
>>>>> Check the mailScanner logs for that message to see if it's doing
>>>>> anything 'unusual' with the message.
>>>>>
>>>>> --
>>>>> Martin Hepworth, CISSP
>>>>> Oxford, UK
>>>>>
>>>>>
>>>>> On 8 October 2012 11:30, Budi Febrianto <bfebrian.milis at gmail.com>wrote:
>>>>>
>>>>>> Dear all,
>>>>>>
>>>>>> My customer have problems with their mailscanner installation,
>>>>>> sometimes users emails with blank body. I already search the web for
>>>>>> possible reasons, but can't find any.
>>>>>>
>>>>>> This is the configurations:
>>>>>>
>>>>>> MailScanner 4.84.5
>>>>>> Centos 6.2 64 bit
>>>>>> Sendmail 8.13
>>>>>> MailWatch-1.1.5.1
>>>>>> ClamAV 0.96.5
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121011/452f45ce/attachment.html
More information about the MailScanner
mailing list