[Baruwa] Poor performance... 15-20 minutes to deliver !

[Ritchie P. Fraser]

What I want to happen:
                Inbound message with attachment containing a virus...
                Accepted by exim, passed to MailScanner/ClamAV...
                Clam fix the virus, Baruwa quarantine the mail and attachment 
and ...
                send recipient message about  quarantined mail.

Exim was NOT accepting the email and REJECTING it. /var/log/exim/main.log 
contained
2013-06-19 11:06:41 1UpFHl-00020S-0T H=(rpfext) [192.168.0.109] 
F=<r...@marinesoftware.co.uk> rejected after DATA: This message contains a 
virus (Eicar-Test-Signature).

I commented out the following two lines in the acl_check_data section of the 
exim.conf file
drop malware = *
message = This message conatins a virus ($malware_name).

Now the message is being acepted and passed into the inbound queue for 
processing. Yay!


BUT . I have a really big issue with SPEED of processing. This server is not in 
a production environment yet and is only processing my test eMails.

What logs / settings should I be looking at to speed up the processing and 
delivery?

I send a message through to the server for local network delivery with a zip 
file containing the eicar test file.
This is what I see in my /var/log/exim/main.log file

2013-06-19 16:19:30 no host name found for IP address 192.168.0.109
2013-06-19 16:19:30 1UpKAU-000625-Os <= r...@mydomain.co.uk H=(rpfext) 
[192.168.0.109] P=smtp S=6415 id=2c7024047b73435e8c20dd9652eea...@mydomain.ext
2013-06-19 16:19:30 1UpKAU-000625-Os == ritchie.fra...@mydomain.co.uk 
R=message_checks defer (-1): queued for message checks

It's currently 16:41 and this mail STILL hasn't been cleaned / quarantined or 
delivered. This message is just sitting in the Inbound queue...

Eventually... 25 minutes later...

2013-06-19 16:44:05 1UpKYH-0006CQ-9p <= postmas...@marge.mydomain.ext U=exim 
P=local S=1778
2013-06-19 16:44:06 1UpKYH-0006CQ-9p => ad...@mydomain.co.uk 
<postmas...@marge.mydomain.ext> R=deliver_clean_randomize T=remote_smtp 
H=192.168.0.101 [192.168.0.101] X=TLSv1:AES128-SHA:128
2013-06-19 16:44:06 1UpKYH-0006CQ-9p Completed

...and I get this email...

The following e-mails were found to have: Other Bad Content Detected



    Sender: r...@mydomain.co.uk<mailto:r...@mydomain.co.uk>

IP Address: 192.168.0.109

Recipient: ritchie.fra...@mydomain.co.uk<mailto:ritchie.fra...@mydomain.co.uk>

   Subject:  virus scan performance test 1

MessageID: 1UpKAU-000625-Os

Quarantine: /var/spool/MailScanner/quarantine/20130619/1UpKAU-000625-Os

    Report: MailScanner: Message attempted to kill MailScanner



Full headers are:



Received: from [192.168.0.109] (helo=rpfext)

               by marge.mydomain.ext with smtp (Baruwa 2.0)

               (envelope-from <r...@mydomain.co.uk<mailto:r...@mydomain.co.uk>>)

               id 1UpKAU-000625-Os ret-id none;

               
forritchie.fra...@mydomain.co.uk<mailto:ritchie.fra...@mydomain.co.uk>; Wed, 19 
Jun 2013 16:19:30 +0100

Message-ID: <2C7024047B73435E8C20DD9652EEACBE@ 
mydomain.EXT<mailto:2c7024047b73435e8c20dd9652eea...@marinesoftware.ext>>

Reply-To: "Ritchie" <r...@mydomain.co.uk<mailto:r...@mydomain.co.uk>>

From: "Ritchie" <r...@mydomain.co.uk<mailto:r...@mydomain.co.uk>>

To: <ritchie.fra...@mydomain.co.uk<mailto:ritchie.fra...@mydomain.co.uk>>

Subject: virus scan performance test 1

Date: Wed, 19 Jun 2013 16:18:40 +0100

Organization: My Company Ltd

MIME-Version: 1.0

Content-Type: multipart/mixed;

               boundary="----=_NextPart_000_0031_01CE6D08.A935BBC0"

X-Priority: 3

X-MSMail-Priority: Normal

Importance: Normal

X-Mailer: Microsoft Windows Live Mail 15.4.3555.308

X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308





--

Baruwa

Email Security

Kind Regards,
Ritchie Fraser
Systems Administrator

T : +44 (0) 1304 840506
F : +44 (0) 1304 840075
W : http://www.marinesoftware.co.uk

Marine Software Limited
Planned Maintenance, Stock Control, Project (Refit) Management, Purchasing,
Safety and ISM Document Management systems for the Marine Industry since 1991.
---------------------------------------------------------------------------------------------------------------------------
Unless otherwise agreed expressly in writing by Marine Software Limited, This 
communication and attachments are to be treated as confidential and the 
information in it may not be used or disclosed except for the purpose for which 
it was sent. If you are not the intended recipient of this communication you 
should notify the sender immediately, then destroy it without copying, 
disclosing or otherwise using its contents. Marine Software Limited. Registered 
in England & Wales. No 2576494 Registered Office. 4 Ozengell Place, Eurokent 
Business Park, Ramsgate. Kent. United Kingdom. Internet communications cannot 
be guaranteed to be secure or error-free as information could be intercepted, 
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. 
Therefore, we do not accept responsibility for any errors or omissions that are 
present in this message, or any attachment, that have arisen as a result of 
e-mail transmission. Any views or opinions presented are solely those of the 
author and do not necessarily represent those of the company.


_______________________________________________
http://pledgie.com/campaigns/12056