and also look at the archive for the original message and the logs for the message to see what MS thought of the email and what it did with it.<br><br clear="all">-- <br>Martin Hepworth, CISSP<br>Oxford, UK<br>
<br><br><div class="gmail_quote">On 23 October 2012 11:22, Joolee <span dir="ltr"><<a href="mailto:mailscanner@joolee.nl" target="_blank">mailscanner@joolee.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Compare the e-mail the customer received (the source code, not the view) and the original archive file.<br>You might post both versions to the mailing list after stripping personal information.<div class="HOEnZb"><div class="h5">
<br><br><div class="gmail_quote">
On 23 October 2012 11:21, Budi Febrianto <span dir="ltr"><<a href="mailto:bfebrian.milis@gmail.com" target="_blank">bfebrian.milis@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dear all,<div><br></div><div>I have the archive file that user received it as blank email.</div><div>Is there anything that I can do with it? test it? debug?</div><div><br></div><div>Best Regards</div><div>
<div><div><br><br><div class="gmail_quote">
On Thu, Oct 11, 2012 at 10:25 AM, Budi Febrianto <span dir="ltr"><<a href="mailto:bfebrian.milis@gmail.com" target="_blank">bfebrian.milis@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dear Martin,<div><br></div><div>Already activated the archive facility.</div><div>How to proper way to inject and debug mailscanner/sendmail?</div><div><br></div><div>This is what I did, and maybe I did it wrong.</div><div>
shutdown the mailscanner</div><div>copy the archive from /var/spool/MailScanner/archive/(date) to /var/spool/mqeue</div><div>run mailscanner with --debug</div><div><br></div><div>Mailscanner run, and than stop, with some error related with mailwatch about commit, but nothing else</div>
<div><br></div><div>Best Regards</div><div><div><div><br></div><div><br><div class="gmail_quote">On Tue, Oct 9, 2012 at 1:31 AM, Martin Hepworth <span dir="ltr"><<a href="mailto:maxsec@gmail.com" target="_blank">maxsec@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Doubt it, unless the antivirus on the Domino server did something to it, all Mailwatch does is log the information.<br>
<br>Can you replay messages at all - ie do you use the archive facility so you can inject the message again while running in debug mode?<div><br>
<br><br clear="all">-- <br>Martin Hepworth, CISSP<br>Oxford, UK<br>
<br><br></div><div><div><div class="gmail_quote">On 8 October 2012 18:05, Budi Febrianto <span dir="ltr"><<a href="mailto:bfebrian.milis@gmail.com" target="_blank">bfebrian.milis@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>Dear Martin, </p>
<p>This happen not always with big emails, many big emails still delivered without any problems. </p>
<p>This problem appears to be random, but often. </p>
<p>The next host is the mail server, which is Lotus Domino 8.5.</p>
<p>Is it possible that the anti virus or mailwatch somehow altered the mail format? </p>
<p>Best regards </p><div><div>
<div class="gmail_quote">On Oct 8, 2012 11:39 PM, "Martin Hepworth" <<a href="mailto:maxsec@gmail.com" target="_blank">maxsec@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is this consistent with large emails above the spam checks size limit?<br><br>If it is, you could run a test in debug mode of a large email to see what's going flakey.<br><br>I presume the next host down the line (192.168.10.17) is handling this OK? <br>
<br><br clear="all">-- <br>Martin Hepworth, CISSP<br>Oxford, UK<br>
<br><br><div class="gmail_quote">On 8 October 2012 16:27, Budi Febrianto <span dir="ltr"><<a href="mailto:bfebrian.milis@gmail.com" target="_blank">bfebrian.milis@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Dear Martin, </div><div><br></div><div>Thank you for the reply, but I don't see something strange in the maillog</div><div><br></div><div>[root@spam log]# cat maillog.1 | grep q917UfQF014676</div><div>Oct 1 14:30:58 spam sendmail[14676]: q917UfQF014676: from=<<a href="mailto:cory.margaret@abc.com" target="_blank">cory.margaret@abc.com</a>>, size=340562, class=0, nrcpts=1, msgid=<<a href="mailto:E430C752C711024D996D49014F27FD10A78D9B@MT-XC-02-CB.abc.com" target="_blank">E430C752C711024D996D49014F27FD10A78D9B@MT-XC-02-CB.abc.com</a>>, proto=ESMTP, daemon=MTA, relay=<a href="http://ln-static-202-77-100-39.link.net.id" target="_blank">ln-static-202-77-100-39.link.net.id</a> <a href="tel:%5B202.77.100.39" value="+12027710039" target="_blank">[202.77.100.39</a>] (may be forged)</div>
<div>Oct 1 14:30:58 spam sendmail[14676]: q917UfQF014676: to=<<a href="mailto:amiws@xyz.co.id" target="_blank">amiws@xyz.co.id</a>>, delay=00:00:11, mailer=smtp, pri=370562, stat=queued</div><div>Oct 1 14:30:59 spam MailScanner[13678]: Message q917UfQF014676 from <a href="tel:202.77.100.39" value="+12027710039" target="_blank">202.77.100.39</a> (<a href="mailto:cory.margaret@abc.com" target="_blank">cory.margaret@abc.com</a>) to <a href="http://xyz.co.id" target="_blank">xyz.co.id</a> is too big for spam checks (341198 > 200000 bytes)</div>
<div>Oct 1 14:30:59 spam MailScanner[13678]: Logging message q917UfQF014676 to SQL</div><div>Oct 1 14:30:59 spam MailScanner[13945]: q917UfQF014676: Logged to MailWatch SQL</div><div>Oct 1 14:31:00 spam sendmail[14693]: q917UfQF014676: to=<<a href="mailto:amiws@xyz.co.id" target="_blank">amiws@xyz.co.id</a>>, delay=00:00:13, xdelay=00:00:01, mailer=smtp, pri=460562, relay=[192.168.10.17] [192.168.10.17], dsn=2.0.0, stat=Sent (Message accepted for delivery)</div>
<div><br></div>Best Regards<div><div><div><br><div class="gmail_quote">On Mon, Oct 8, 2012 at 6:53 PM, Martin Hepworth <span dir="ltr"><<a href="mailto:maxsec@gmail.com" target="_blank">maxsec@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Check the mailScanner logs for that message to see if it's doing anything 'unusual' with the message.<br>
<br clear="all">
-- <br>Martin Hepworth, CISSP<br>Oxford, UK<br>
<br><br><div class="gmail_quote"><div><div>On 8 October 2012 11:30, Budi Febrianto <span dir="ltr"><<a href="mailto:bfebrian.milis@gmail.com" target="_blank">bfebrian.milis@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<div>Dear all,</div><div><br></div><div>My customer have problems with their mailscanner installation, sometimes users emails with blank body. I already search the web for possible reasons, but can't find any.</div><div>
<br></div><div>This is the configurations:</div><div><br></div><div>MailScanner 4.84.5</div><div>Centos 6.2 64 bit</div><div>Sendmail 8.13</div><div>MailWatch-1.1.5.1</div><div>ClamAV 0.96.5<br><div><br></div></div><div>
Best regards</div>
<br></div></div><span><font color="#888888">--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></font></span></blockquote></div><br>
<br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br></div>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>
<br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>