<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Verdana">Hi Glenn,<br>
<br>
Not using any milters currently.<br>
Anyway will enable the archive mail feature and get back to this once I
have an outcome.<br>
<br>
Thanks for the input.<br>
<br>
</font></font><br>
Glenn Steen wrote:
<blockquote
cite="mid:223f97700907071621t1abfb5cav4e800627005ceb90@mail.gmail.com"
type="cite">
<pre wrap="">2009/7/7 Mohd Hafiz Ramly <a class="moz-txt-link-rfc2396E" href="mailto:hafiz@variegate.biz"><hafiz@variegate.biz></a>:
</pre>
<blockquote type="cite">
<pre wrap="">Hi List,
I have posted an issue earlier regarding "MailScanner: Could not analyze message"
More info can be found here : <a class="moz-txt-link-freetext" href="http://www.bluequartz.us/phpBB2/viewtopic.php?t=93948&sid=83856caba40a9dbd1211fc82334ab118">http://www.bluequartz.us/phpBB2/viewtopic.php?t=93948&sid=83856caba40a9dbd1211fc82334ab118</a> <a class="moz-txt-link-freetext" href="http://www.bluequartz.us/phpBB2/viewtopic.php?t=93948&sid=83856caba40a9dbd1211fc82334ab118">http://www.bluequartz.us/phpBB2/viewtopic.php?t=93948&sid=83856caba40a9dbd1211fc82334ab118</a>
Further investigation on the issue, I found that the problematic mail is caused by broken mail headers (not sure if I get this term right).
Inspecting the quarantine mail in MailScanner reveals that Content-Type has randomly misspelled or missing in some words.
Example 1 :
Content-Type: multipart/related;
bary="----=neXtPaRt_1244707265"
The correct headers would be :
Content-Type: multipart/related;
boundary
="----=neXtPaRt_1244707265"
Example 2:
Content-Type: multipart/alternaboundary="----=neXtPaRt_1245338959"
The correct headers would be :
Content-Type: multipart/alternative;boundary="----=neXtPaRt_1245338959"
Example 3:
Content-Type: multipart/alternative;
boundarneXtPaRt_1246674293"
The correct headers would be :
Content-Type: multipart/alternative;
boundary
="----=
neXtPaRt_1246674293"
Using
file
command in my Linux server shows the message file is good
[root@mail1 ~]# file /var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message
/var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message: RFC 822 mail text
[root@mail1 ~]# file -i /var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message
/var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message: message/rfc822
So I decide to edit the quarantine message file and fixed the headers to the correct entry and the mail went through just fine.
MailScanner did not complains anything.
[root@mail1 ~]# sendmail -toi <
/var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message
I notice the client uses Outlook 11, Outlook Express 6 and SquirrelMail 1.4.10a as their mail editor.
And all of those mail is scanned using FortiGuard antivirus.
So what actually caused the mail headers to be broken ?
Does it caused by the mail client or might be the antivirus at client ends ?
My guess it could be caused by FortiGuard antivirus software which scans outgoing mail on clients PC.
</pre>
</blockquote>
<pre wrap=""><!---->You could enable the Archive Mail feature. That way you can see the
messages as they were before MailScanner touches them at all. If the
"problematic ones" are mangled there, you can be prety sure that
something between the sender and you is the culprit.
You don't seem to do any "before" filters (PF style), nor milters... Right?
</pre>
<blockquote type="cite">
<pre wrap="">Anyone had this similar issue before ?
</pre>
</blockquote>
<pre wrap=""><!---->Not really, no.
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<title></title>
<font face="Verdana" size="-1">Thanks.<br>
<br>
Mohd Hafiz Ramly<br>
Senior Consultant<br>
<b>Variegate Systems Sdn Bhd</b><br>
Tel : +60 4 2298808<br>
Fax : +60 4 2295006<br>
Mobile : +6 013 4812676<br>
Web : <a class="moz-txt-link-freetext" href="http://www.variegate.biz">http://www.variegate.biz</a><br>
<a href="http://www.variegate.biz/"><img alt="Variegate - Openbravo"
title="Variegate - Openbravo"
src="cid:part1.05000202.07070401@variegate.biz" border="0" height="44"
width="153"></a><a href="http://www.variegate.biz/"><br>
</a></font>
</div>
</body>
</html>