MailScanner spam check not working
DobriL Dobrilov
dobril at stanga.net
Tue Jul 10 20:57:54 UTC 2018
Unfortunately the problem not come from virus scanner, because I’m not using virus scanner on the other server where spam checks running fine.
Although I install and configure clamav virus scanner and now each processing take too much.. around 20sec per message , doesn’t matter there are attachment or not.
This is the output now
#MailScanner --lint
Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 1500 hostnames from the phishing whitelist
Read 17684 hostnames from the phishing blacklists
Config: calling custom init function MailWatchLogging
MailWatch: Started MailWatch SQL Logging child
Checking version numbers...
Version number in MailScanner.conf (5.0.7) is correct.
Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to (114)
MailScanner setting UID to (109)
Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamav
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
./1/eicar.com: Eicar-Test-Signature FOUND
Virus Scanning: ClamAV found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"
If any of your virus scanners (clamav)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function MailWatchLogging
#cat /var/log/mail.log
Jul 10 23:56:00 mail postfix/smtpd[18656]: warning: hostname mail.stanga.net does not resolve to address 195.34.122.2
Jul 10 23:56:00 mail postfix/smtpd[18656]: connect from unknown[195.34.122.2]
Jul 10 23:56:00 mail postfix/smtpd[18656]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Jul 10 23:56:00 mail postfix/smtpd[18656]: 6621F633C1: client=unknown[195.34.122.2]
Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: hold: header Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org (Postfix) with ESMTPS id 66 from unknown[195.34.122.2]; from=<dobril at stanga.net> to=<dobril at snowthunder.org> proto=ESMTP helo=<mail.stanga.net>
Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: message-id=<00cd01d41890$6af315e0$40d941a0$@stanga.net>
Jul 10 23:56:00 mail opendkim[694]: 6621F633C1: DKIM-Signature field added (s=mail, d=stanga.net)
Jul 10 23:56:00 mail postfix/smtpd[18656]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 10 23:56:00 mail MailScanner[18640]: New Batch: Scanning 1 messages, 24138 bytes
Jul 10 23:56:00 mail MailScanner[18640]: Virus and Content Scanning: Starting
Jul 10 23:56:19 mail MailScanner[18640]: Requeue: 6621F633C1.A59BE to C2CC663489
Jul 10 23:56:19 mail MailScanner[18640]: Uninfected: Delivered 1 messages
Jul 10 23:56:19 mail postfix/qmgr[6326]: C2CC663489: from=<dobril at stanga.net>, size=22868, nrcpt=1 (queue active)
Jul 10 23:56:20 mail MailScanner[18640]: Deleted 1 messages from processing-database
Jul 10 23:56:20 mail MailScanner[18640]: MailWatch: Logging message 6621F633C1.A59BE to SQL
Jul 10 23:56:20 mail postfix/pipe[18689]: C2CC663489: to=<dobril at snowthunder.org>, relay=procmail, delay=20, delays=20/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via procmail service)
Jul 10 23:56:20 mail postfix/qmgr[6326]: C2CC663489: removed
From: MailScanner [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Tuesday, July 10, 2018 6:36 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner spam check not working
I would take care of the virus scanner problem first and see if it helps.
On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov <dobril at stanga.net <mailto:dobril at stanga.net> > wrote:
#MailScanner --lint
Currently you are using no virus scanners.
This is probably not what you want.
In your /etc/MailScanner/MailScanner.conf file, set
Virus Scanners = clamav
Then install it with your package manager or download it directly from
http://www.clamav.net
Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Checking version numbers...
Version number in MailScanner.conf (5.0.7) is correct.
Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to (114)
MailScanner setting UID to (109)
Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = none"
Found these virus scanners installed: clamav
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com <http://eicar.com> )
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
===========================================================================
If any of your virus scanners (clamav)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
From: MailScanner [mailto:mailscanner-bounces+dobril <mailto:mailscanner-bounces%2Bdobril> =stanga.net at lists.mailscanner.info <mailto:stanga.net at lists.mailscanner.info> ] On Behalf Of Shawn Iverson
Sent: Tuesday, July 10, 2018 5:49 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info> >
Subject: Re: MailScanner spam check not working
What does a MailScanner --lint show?
I don't see spamassassin being invoked on your new setup...did it install?
On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov <dobril at stanga.net <mailto:dobril at stanga.net> > wrote:
Hello guy,
I decide to start new mail server and use MailScanner v5 . The previous running v4 and all is perfect more than 6y.
What is my exact issue. I think MailScanner not checking messages for spam , because I tried to send multiple spam messages and all they were delivered without mark or stop it.
This what I can see in the logs
Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname mail.stanga.net <http://mail.stanga.net> does not resolve to address 195.34.122.2
Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from unknown[195.34.122.2]
Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS connection established from unknown[195.34.122.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590: client=unknown[195.34.122.2]
Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold: header Received: from mail.stanga.net <http://mail.stanga.net> (unknown [195.34.122.2])??(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate requested)??by mail.snowthunder.org <http://mail.snowthunder.org> (Postfix) with ESMTPS id C5 from unknown[195.34.122.2]; from=<dobril at stanga.net <mailto:dobril at stanga.net> > to=<dobril at snowthunder.org <mailto:dobril at snowthunder.org> > proto=ESMTP helo=<mail.stanga.net <http://mail.stanga.net> >
Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net <http://stanga.net> >
Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature field added (s=mail, d=stanga.net <http://stanga.net> )
Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1 messages, 5040 bytes
Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies of C508963590.A362E
Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-1.txt
Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks: Allowing C508963590.A362E msg-13597-2.html
Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content Scanning: Starting
Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning completed at 454139 bytes per second
Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting
Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam: message C508963590.A362E from dobril at stanga.net <mailto:dobril at stanga.net> to with subject Test
Jul 10 16:59:17 mail MailScanner[13597]: Requeue: C508963590.A362E to 37A5B63597
Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered 1 messages
Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: from=<dobril at stanga.net <mailto:dobril at stanga.net> >, size=3770, nrcpt=1 (queue active)
Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages from processing-database
Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at 279317 bytes per second (5040 / 0)
Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message) processed in 0.02 seconds
Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597: to=<dobril at snowthunder.org <mailto:dobril at snowthunder.org> >, relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0, status=sent (delivered via procmail service)
Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed
This is how looks like the logs on the OLD server where all working fine
Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message) processed in 0.71 seconds
Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1 messages, 3633 bytes
Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies of 7975A30A041D.A83C7
Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-174.html
Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks: Allowing 7975A30A041D.A83C7 msg-32628-173.txt
Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content Scanning: Starting
Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning completed at 538308 bytes per second
Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting
Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net <mailto:dobril at stanga.net> ) is whitelisted
Jul 10 16:59:15 mail MailScanner[32628]: Message 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net <mailto:dobril at stanga.net> ) to snowthunder.org <http://snowthunder.org> is not spam (whitelisted), SpamAssassin (not cached, score=-99.785, required 5, autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST -100.00)
Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam: message 7975A30A041D.A83C7 from dobril at stanga.net <mailto:dobril at stanga.net> to dobril at snowthunder.org <mailto:dobril at snowthunder.org> with subject Test
Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed at 5941 bytes per second
Jul 10 16:59:16 mail MailScanner[32628]: Requeue: 7975A30A041D.A83C7 to 321F930A0422
Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered 1 messages
Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages from processing-database
Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at 2496 bytes per second (3633 / 1)
Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message) processed in 1.46 seconds
--
MailScanner mailing list
mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x1171
iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
<https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ> <https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ>
<https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x1171
iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
<https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ> <https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ>
<https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180710/e21c45eb/attachment.html>
More information about the MailScanner
mailing list