MailScanner spam check not working
Valentin Laskov
it at festa.bg
Tue Jul 10 21:19:25 UTC 2018
Try using clamd
Your setup uses clamscan. It loads signatures before each scan and this
takes a while.
About SpamAssassin, in my setup "Spam Score = 3" and "High Spam Score = 6"
I think you can't trigger Spam this way you described. Maybe first you
must set a local rule and try to trigger it to test SpamAssassin
Cheers
Valentin Laskov
На 10.7.2018 г. в 23:57, DobriL Dobrilov написа:
>
> Unfortunately the problem not come from virus scanner, because I’m not
> using virus scanner on the other server where spam checks running fine.
>
> Although I install and configure clamav virus scanner and now each
> processing take too much.. around 20sec per message , doesn’t matter
> there are attachment or not.
>
> This is the output now
>
> #MailScanner --lint
>
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
>
> Reading configuration file /etc/MailScanner/conf.d/README
>
> Read 1500 hostnames from the phishing whitelist
>
> Read 17684 hostnames from the phishing blacklists
>
> Config: calling custom init function MailWatchLogging
>
> MailWatch: Started MailWatch SQL Logging child
>
> Checking version numbers...
>
> Version number in MailScanner.conf (5.0.7) is correct.
>
> Your envelope_sender_header in spamassassin.conf is correct.
>
> MailScanner setting GID to (114)
>
> MailScanner setting UID to (109)
>
> Checking for SpamAssassin errors (if you use it)...
>
> Using SpamAssassin results cache
>
> Connected to SpamAssassin cache database
>
> SpamAssassin reported no errors.
>
> Connected to Processing Attempts Database
>
> Created Processing Attempts Database successfully
>
> There are 0 messages in the Processing Attempts Database
>
> Using locktype = posix
>
> MailScanner.conf says "Virus Scanners = clamav"
>
> Found these virus scanners installed: clamav
>
> ===========================================================================
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
>
> Other Checks: Found 1 problems
>
> Virus and Content Scanning: Starting
>
> ./1/eicar.com: Eicar-Test-Signature FOUND
>
> Virus Scanning: ClamAV found 2 infections
>
> Infected message 1 came from 10.1.1.1
>
> Virus Scanning: Found 2 viruses
>
> ===========================================================================
>
> Virus Scanner test reports:
>
> ClamAV said "eicar.com contains Eicar-Test-Signature"
>
> If any of your virus scanners (clamav)
>
> are not listed there, you should check that they are installed correctly
>
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>
> Config: calling custom end function MailWatchLogging
>
> #cat /var/log/mail.log
>
> Jul 10 23:56:00 mail postfix/smtpd[18656]: warning: hostname
> mail.stanga.net does not resolve to address 195.34.122.2
>
> Jul 10 23:56:00 mail postfix/smtpd[18656]: connect from
> unknown[195.34.122.2]
>
> Jul 10 23:56:00 mail postfix/smtpd[18656]: Anonymous TLS connection
> established from unknown[195.34.122.2]: TLSv1 with cipher
> ADH-AES256-SHA (256/256 bits)
>
> Jul 10 23:56:00 mail postfix/smtpd[18656]: 6621F633C1:
> client=unknown[195.34.122.2]
>
> Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1: hold: header
> Received: from mail.stanga.net (unknown [195.34.122.2])??(using TLSv1
> with cipher ADH-AES256-SHA (256/256 bits))??(No client certificate
> requested)??by mail.snowthunder.org (Postfix) with ESMTPS id 66 from
> unknown[195.34.122.2]; from=<dobril at stanga.net>
> to=<dobril at snowthunder.org> proto=ESMTP helo=<mail.stanga.net>
>
> Jul 10 23:56:00 mail postfix/cleanup[18658]: 6621F633C1:
> message-id=<00cd01d41890$6af315e0$40d941a0$@stanga.net>
>
> Jul 10 23:56:00 mail opendkim[694]: 6621F633C1: DKIM-Signature field
> added (s=mail, d=stanga.net)
>
> Jul 10 23:56:00 mail postfix/smtpd[18656]: disconnect from
> unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
> commands=7
>
> Jul 10 23:56:00 mail MailScanner[18640]: New Batch: Scanning 1
> messages, 24138 bytes
>
> Jul 10 23:56:00 mail MailScanner[18640]: Virus and Content Scanning:
> Starting
>
> Jul 10 23:56:19 mail MailScanner[18640]: Requeue: 6621F633C1.A59BE to
> C2CC663489
>
> Jul 10 23:56:19 mail MailScanner[18640]: Uninfected: Delivered 1 messages
>
> Jul 10 23:56:19 mail postfix/qmgr[6326]: C2CC663489:
> from=<dobril at stanga.net>, size=22868, nrcpt=1 (queue active)
>
> Jul 10 23:56:20 mail MailScanner[18640]: Deleted 1 messages from
> processing-database
>
> Jul 10 23:56:20 mail MailScanner[18640]: MailWatch: Logging message
> 6621F633C1.A59BE to SQL
>
> Jul 10 23:56:20 mail postfix/pipe[18689]: C2CC663489:
> to=<dobril at snowthunder.org>, relay=procmail, delay=20,
> delays=20/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via procmail
> service)
>
> Jul 10 23:56:20 mail postfix/qmgr[6326]: C2CC663489: removed
>
> *From:*MailScanner
> [mailto:mailscanner-bounces+dobril=stanga.net at lists.mailscanner.info]
> *On Behalf Of *Shawn Iverson
> *Sent:* Tuesday, July 10, 2018 6:36 PM
> *To:* MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Subject:* Re: MailScanner spam check not working
>
> I would take care of the virus scanner problem first and see if it helps.
>
> On Tue, Jul 10, 2018 at 11:13 AM, DobriL Dobrilov <dobril at stanga.net
> <mailto:dobril at stanga.net>> wrote:
>
> #MailScanner --lint
>
> Currently you are using no virus scanners.
>
> This is probably not what you want.
>
> In your /etc/MailScanner/MailScanner.conf file, set
>
> Virus Scanners = clamav
>
> Then install it with your package manager or download it directly from
>
> http://www.clamav.net
>
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
>
> Reading configuration file /etc/MailScanner/conf.d/README
>
> Checking version numbers...
>
> Version number in MailScanner.conf (5.0.7) is correct.
>
> Your envelope_sender_header in spamassassin.conf is correct.
>
> MailScanner setting GID to (114)
>
> MailScanner setting UID to (109)
>
> Checking for SpamAssassin errors (if you use it)...
>
> Using SpamAssassin results cache
>
> Connected to SpamAssassin cache database
>
> SpamAssassin reported no errors.
>
> Connected to Processing Attempts Database
>
> Created Processing Attempts Database successfully
>
> There are 0 messages in the Processing Attempts Database
>
> Using locktype = posix
>
> MailScanner.conf says "Virus Scanners = none"
>
> Found these virus scanners installed: clamav
>
> ===========================================================================
>
> Filename Checks: Windows/DOS Executable (1 eicar.com
> <http://eicar.com>)
>
> Other Checks: Found 1 problems
>
> Virus and Content Scanning: Starting
>
> ===========================================================================
>
> If any of your virus scanners (clamav)
>
> are not listed there, you should check that they are installed
> correctly
>
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>
> *From:*MailScanner [mailto:mailscanner-bounces+dobril
> <mailto:mailscanner-bounces%2Bdobril>=stanga.net at lists.mailscanner.info
> <mailto:stanga.net at lists.mailscanner.info>] *On Behalf Of *Shawn
> Iverson
> *Sent:* Tuesday, July 10, 2018 5:49 PM
> *To:* MailScanner Discussion <mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>>
> *Subject:* Re: MailScanner spam check not working
>
> What does a MailScanner --lint show?
>
> I don't see spamassassin being invoked on your new setup...did it
> install?
>
> On Tue, Jul 10, 2018 at 10:04 AM, DobriL Dobrilov
> <dobril at stanga.net <mailto:dobril at stanga.net>> wrote:
>
> Hello guy,
>
> I decide to start new mail server and use MailScanner v5 . The
> previous running v4 and all is perfect more than 6y.
>
> What is my exact issue. I think MailScanner not checking
> messages for spam , because I tried to send multiple spam
> messages and all they were delivered without mark or stop it.
>
> This what I can see in the logs
>
> Jul 10 16:59:16 mail postfix/smtpd[13610]: warning: hostname
> mail.stanga.net <http://mail.stanga.net> does not resolve to
> address 195.34.122.2
>
> Jul 10 16:59:16 mail postfix/smtpd[13610]: connect from
> unknown[195.34.122.2]
>
> Jul 10 16:59:16 mail postfix/smtpd[13610]: Anonymous TLS
> connection established from unknown[195.34.122.2]: TLSv1 with
> cipher ADH-AES256-SHA (256/256 bits)
>
> Jul 10 16:59:16 mail postfix/smtpd[13610]: C508963590:
> client=unknown[195.34.122.2]
>
> Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590: hold:
> header Received: from mail.stanga.net <http://mail.stanga.net>
> (unknown [195.34.122.2])??(using TLSv1 with cipher
> ADH-AES256-SHA (256/256 bits))??(No client certificate
> requested)??by mail.snowthunder.org
> <http://mail.snowthunder.org> (Postfix) with ESMTPS id C5 from
> unknown[195.34.122.2]; from=<dobril at stanga.net
> <mailto:dobril at stanga.net>> to=<dobril at snowthunder.org
> <mailto:dobril at snowthunder.org>> proto=ESMTP
> helo=<mail.stanga.net <http://mail.stanga.net>>
>
> Jul 10 16:59:16 mail postfix/cleanup[13613]: C508963590:
> message-id=<006f01d41856$35f1cc40$a1d564c0$@stanga.net
> <http://stanga.net>>
>
> Jul 10 16:59:16 mail opendkim[694]: C508963590: DKIM-Signature
> field added (s=mail, d=stanga.net <http://stanga.net>)
>
> Jul 10 16:59:16 mail postfix/smtpd[13610]: disconnect from
> unknown[195.34.122.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1
> quit=1 commands=7
>
> Jul 10 16:59:17 mail MailScanner[13597]: New Batch: Scanning 1
> messages, 5040 bytes
>
> Jul 10 16:59:17 mail MailScanner[13597]: Saved archive copies
> of C508963590.A362E
>
> Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks:
> Allowing C508963590.A362E msg-13597-1.txt
>
> Jul 10 16:59:17 mail MailScanner[13597]: Filename Checks:
> Allowing C508963590.A362E msg-13597-2.html
>
> Jul 10 16:59:17 mail MailScanner[13597]: Virus and Content
> Scanning: Starting
>
> Jul 10 16:59:17 mail MailScanner[13597]: Virus Scanning
> completed at 454139 bytes per second
>
> Jul 10 16:59:17 mail MailScanner[13597]: Spam Checks: Starting
>
> Jul 10 16:59:17 mail MailScanner[13597]: Delivery of nonspam:
> message C508963590.A362E from dobril at stanga.net
> <mailto:dobril at stanga.net> to with subject Test
>
> Jul 10 16:59:17 mail MailScanner[13597]: Requeue:
> C508963590.A362E to 37A5B63597
>
> Jul 10 16:59:17 mail MailScanner[13597]: Uninfected: Delivered
> 1 messages
>
> Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597:
> from=<dobril at stanga.net <mailto:dobril at stanga.net>>,
> size=3770, nrcpt=1 (queue active)
>
> Jul 10 16:59:17 mail MailScanner[13597]: Deleted 1 messages
> from processing-database
>
> Jul 10 16:59:17 mail MailScanner[13597]: Batch completed at
> 279317 bytes per second (5040 / 0)
>
> Jul 10 16:59:17 mail MailScanner[13597]: Batch (1 message)
> processed in 0.02 seconds
>
> Jul 10 16:59:17 mail postfix/pipe[13614]: 37A5B63597:
> to=<dobril at snowthunder.org <mailto:dobril at snowthunder.org>>,
> relay=procmail, delay=0.62, delays=0.61/0.01/0/0, dsn=2.0.0,
> status=sent (delivered via procmail service)
>
> Jul 10 16:59:17 mail postfix/qmgr[6326]: 37A5B63597: removed
>
> This is how looks like the logs on the OLD server where all
> working fine
>
> Jul 10 16:59:09 mail MailScanner[9639]: Batch (1 message)
> processed in 0.71 seconds
>
> Jul 10 16:59:15 mail MailScanner[32628]: New Batch: Scanning 1
> messages, 3633 bytes
>
> Jul 10 16:59:15 mail MailScanner[32628]: Saved archive copies
> of 7975A30A041D.A83C7
>
> Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks:
> Allowing 7975A30A041D.A83C7 msg-32628-174.html
>
> Jul 10 16:59:15 mail MailScanner[32628]: Filename Checks:
> Allowing 7975A30A041D.A83C7 msg-32628-173.txt
>
> Jul 10 16:59:15 mail MailScanner[32628]: Virus and Content
> Scanning: Starting
>
> Jul 10 16:59:15 mail MailScanner[32628]: Virus Scanning
> completed at 538308 bytes per second
>
> Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks: Starting
>
> Jul 10 16:59:15 mail MailScanner[32628]: Message
> 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net
> <mailto:dobril at stanga.net>) is whitelisted
>
> Jul 10 16:59:15 mail MailScanner[32628]: Message
> 7975A30A041D.A83C7 from 192.168.0.222 (dobril at stanga.net
> <mailto:dobril at stanga.net>) to snowthunder.org
> <http://snowthunder.org> is not spam (whitelisted),
> SpamAssassin (not cached, score=-99.785, required 5,
> autolearn=disabled, ALL_TRUSTED -1.00, HTML_MESSAGE 0.00,
> MIME_HTML_MOSTLY 0.00, TVD_RCVD_SINGLE 1.21, USER_IN_WHITELIST
> -100.00)
>
> Jul 10 16:59:15 mail MailScanner[32628]: Delivery of nonspam:
> message 7975A30A041D.A83C7 from dobril at stanga.net
> <mailto:dobril at stanga.net> to dobril at snowthunder.org
> <mailto:dobril at snowthunder.org> with subject Test
>
> Jul 10 16:59:15 mail MailScanner[32628]: Spam Checks completed
> at 5941 bytes per second
>
> Jul 10 16:59:16 mail MailScanner[32628]: Requeue:
> 7975A30A041D.A83C7 to 321F930A0422
>
> Jul 10 16:59:16 mail MailScanner[32628]: Uninfected: Delivered
> 1 messages
>
> Jul 10 16:59:16 mail MailScanner[32628]: Deleted 1 messages
> from processing-database
>
> Jul 10 16:59:16 mail MailScanner[32628]: Batch completed at
> 2496 bytes per second (3633 / 1)
>
> Jul 10 16:59:16 mail MailScanner[32628]: Batch (1 message)
> processed in 1.46 seconds
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
>
> Shawn Iverson, CETL
>
> Director of Technology
>
> Rush County Schools
>
> 765-932-3901 x1171
>
> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
>
> Shawn Iverson, CETL
>
> Director of Technology
>
> Rush County Schools
>
> 765-932-3901 x1171
>
> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180711/0e98d8b5/attachment-0001.html>
More information about the MailScanner
mailing list