MailScanner scanning everything twice

Martin Hepworth maxsec at gmail.com
Fri Mar 4 16:14:36 UTC 2016 

Yeah I'd take a good look at the setup as you're also running spamd
explicitly as well, rathan than the internal calls to spamassassin from
mailscanner.

What instructions did you use to install MailScanner?

-- 
Martin Hepworth, CISSP
Oxford, UK

On 4 March 2016 at 14:36, Daniel Malmgren <daniel at kolefors.se> wrote:

> Hi.
> I'm completely new to MailScanner (installed it today), so please don't
> shoot me if this is dead simple. I got everything working, but it seems for
> some reason all mails are being scanned twice. I suspect this isn't
> MailScanners fault, but rather me having set up my postfix in a stupid
> manner. There are different message id's for the two mails being scanned.
> Any hints about what could be wrong? Please tell me what further
> information could be useful. This is on a Debian 8.3 server, running
> postfix and dovecot.
>
> This is what I get in my mail.log (domains replaced):
> (note that daniel is an alias for malmgren, so all mail to daniel ends up
> in malmgrens mailbox. I get the exact same problem when sending directly to
> malmgren though.)
>
> Mar  4 14:14:16 cube postfix/smtpd[29904]: connect from
> webadmin.myworkdomain.se[193.42.159.5]
> Mar  4 14:14:17 cube postfix/cleanup[29908]: 1B4BD4004F: hold: header
> Received: from smtp.myworkdomain.se (webadmin.myworkdomain.se
> [193.42.159.5])??by cube (Postfix) with ESMTPS id 1B4BD4004F??for <
> daniel at myhomedomain.se>; Fri,  4 Mar 2016 14:14:16 +0100 (CET) from
> webadmin.myworkdomain.se[193.42.159.5]; from=<prvs=187193eaf2=
> Daniel.Malmgren at myworkdomain.se> to=<daniel at myhomedomain.se> proto=ESMTP
> helo=<smtp.myworkdomain.se>
> Mar  4 14:14:17 cube postfix/cleanup[29908]: 1B4BD4004F: message-id=<
> 1193eba94cd847849abfc1e6e595511a at ucs-ex-02.myworkdomain.se>
> Mar  4 14:14:17 cube postfix/smtpd[29904]: disconnect from
> webadmin.myworkdomain.se[193.42.159.5]
> Mar  4 14:14:22 cube MailScanner[29485]: New Batch: Scanning 1 messages,
> 14054 bytes
> Mar  4 14:14:22 cube MailScanner[29485]: Virus and Content Scanning:
> Starting
> Mar  4 14:15:04 cube postfix/smtpd[29904]: connect from
> localhost[127.0.0.1]
> Mar  4 14:15:04 cube postfix/smtpd[29904]: disconnect from
> localhost[127.0.0.1]
> Mar  4 14:15:27 cube MailScanner[29485]: Requeue: 1B4BD4004F.AB70C to
> EC1A64028E
> Mar  4 14:15:27 cube postfix/qmgr[15119]: EC1A64028E:
> from=<prvs=187193eaf2=daniel.malmgren at myworkdomain.se>, size=13369,
> nrcpt=1 (queue active)
> Mar  4 14:15:27 cube MailScanner[29485]: Uninfected: Delivered 1 messages
> Mar  4 14:15:27 cube spamd[9821]: spamd: connection from localhost
> [127.0.0.1]:47051 to port 783, fd 5
> Mar  4 14:15:27 cube spamd[9821]: spamd: setuid to debian-spamd succeeded
> Mar  4 14:15:27 cube spamd[9821]: spamd: processing message <
> 1193eba94cd847849abfc1e6e595511a at ucs-ex-02.myworkdomain.se> for
> debian-spamd:116
> Mar  4 14:15:27 cube MailScanner[29485]: Deleted 1 messages from
> processing-database
> Mar  4 14:15:27 cube MailScanner[29485]: Logging message 1B4BD4004F.AB70C
> to SQL
> Mar  4 14:15:35 cube spamd[9821]: spamd: clean message (0.0/5.0) for
> debian-spamd:116 in 7.9 seconds, 13418 bytes.
> Mar  4 14:15:35 cube spamd[9821]: spamd: result: . 0 -
> HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_DNSWL_NONE
> scantime=7.9,size=13418,user=debian-spamd,uid=116,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47051,mid=<
> 1193eba94cd847849abfc1e6e595511a at ucs-ex-02.myworkdomain.se>,autolearn=ham
> autolearn_force=no
> Mar  4 14:15:36 cube spamd[4003]: prefork: child states: I
> Mar  4 14:15:36 cube postfix/pickup[23000]: 289EE4004F: uid=116
> from=<prvs=187193eaf2=daniel.malmgren at myworkdomain.se>
> Mar  4 14:15:36 cube postfix/pipe[29946]: EC1A64028E: to=<
> malmgren at myhomedomain.se>, orig_to=<daniel at myhomedomain.se>,
> relay=spamfilter, delay=79, delays=71/0.02/0/8.2, dsn=2.0.0, status=sent
> (delivered via spamfilter service)
> Mar  4 14:15:36 cube postfix/qmgr[15119]: EC1A64028E: removed
> Mar  4 14:15:36 cube postfix/cleanup[29908]: 289EE4004F: hold: header
> Received: by cube (Postfix, from userid 116)??id 289EE4004F; Fri,  4 Mar
> 2016 14:15:35 +0100 (CET) from local; from=<prvs=187193eaf2=
> daniel.malmgren at myworkdomain.se> to=<malmgren at myhomedomain.se>
> Mar  4 14:15:36 cube postfix/cleanup[29908]: 289EE4004F: message-id=<
> 1193eba94cd847849abfc1e6e595511a at ucs-ex-02.myworkdomain.se>
> Mar  4 14:15:43 cube MailScanner[29485]: New Batch: Scanning 1 messages,
> 14059 bytes
> Mar  4 14:15:43 cube MailScanner[29485]: Virus and Content Scanning:
> Starting
> Mar  4 14:16:44 cube MailScanner[29485]: SpamAssassin cache hit for
> message 289EE4004F.A3592
> Mar  4 14:16:44 cube MailScanner[29485]: Requeue: 289EE4004F.A3592 to
> 7F6B1402AB
> Mar  4 14:16:44 cube postfix/qmgr[15119]: 7F6B1402AB:
> from=<prvs=187193eaf2=daniel.malmgren at myworkdomain.se>, size=13818,
> nrcpt=1 (queue active)
> Mar  4 14:16:44 cube MailScanner[29485]: Uninfected: Delivered 1 messages
> Mar  4 14:16:44 cube MailScanner[29485]: Deleted 1 messages from
> processing-database
> Mar  4 14:16:44 cube MailScanner[29485]: Logging message 289EE4004F.A3592
> to SQL
> Mar  4 14:16:44 cube dovecot: lmtp(30007): Connect from local
> Mar  4 14:16:45 cube dovecot: lmtp(30007, malmgren):
> XKKvNbyK2VY3dQAAs8rsrw: sieve: msgid=<
> 1193eba94cd847849abfc1e6e595511a at ucs-ex-02.myworkdomain.se>: stored mail
> into mailbox 'Daniel'
> Mar  4 14:16:45 cube postfix/lmtp[30006]: 7F6B1402AB: to=<
> malmgren at myhomedomain.se>, relay=cube[private/dovecot-lmtp], delay=78,
> delays=77/0.02/0.05/0.91, dsn=2.0.0, status=sent (250 2.0.0 <
> malmgren at myhomedomain.se> XKKvNbyK2VY3dQAAs8rsrw Saved)
> Mar  4 14:16:45 cube dovecot: lmtp(30007): Disconnect from local:
> Successful quit
> Mar  4 14:16:45 cube postfix/qmgr[15119]: 7F6B1402AB: removed
>
> Regards
> Daniel Malmgren
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160304/43958b33/attachment.html>

More information about the MailScanner mailing list