[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Bingo! That's it all right. Nice bit of sleuthing, Michael. My apologies to CJ as he was on the right track. I missed the bit about your local lan addresses being whitelisted though. Spamdyke's documentation at http://www.spamdyke.org/documentation/README.html#RELAYING says: Authenticated and whitelisted connections will be allowed to relay. So my question now is, why do you have your LAN whitelisted? -- -Eric 'shubes' On 01/11/2011 07:37 PM, Michael Colvin wrote: Eric.. Check this thread out... I think this may be pointing me in the right direction... http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html The 2nd paragraph... Because relay client is set, simscan doesn’t run the message through SpamAssassin (Since it's supposedly from a trusted source). Could spamdyke be passing a value for RELAYCLIENT? I've got the 192.168.100.0/24 (The private network my mail cluster is on) Whitelisted in spamdyke... Any place else that might be passing RELAYCLIENT? It's not in my tcp.smtp file. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 11:06 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvinmcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va r/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 - 0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying to explain it in an e-mail, I'm not sure *that* reason is valid, so I'll need to think about that one. :-) The particular servers we're looking at hear, handle inbound e-mail filtering only, then forward the mail to another cluster that's customer facing. So... Ok, now I need to figure out where it's getting that from, because, I'm not sure you saw the other message, but I removed the internal network from the whitelisting, and still nothing. And, now that I think about it, the e-mail isn't coming from an internal IP at the point we're looking at... The server has an internal IP, but it is the first server to handle the e-mail, so it's not getting it from another server with an internal IP. It has an internal IP because it's behind a load balancer. I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your comment is what got me looking in this direction) was the *second* cluster, which is getting the e-mail from the first cluster via internal IP's...I'm not concerned with that server not scanning w/spamassassin, since it should be scanned with the first cluster. :-) Besides, that second cluster is an older QMR server that I want to pull out, once I get it replaced with QMT servers... Here's the header from your e-mail. Notice the first few lines, with one containing qmail-scanner. Obviously, this isn't a Toaster. Further down, we see the Toaster's headers, which is still the area we were looking at with the simscan entries. (Continued after header!) - Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800 Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs); 12 Jan 2011 17:04:54 - X-Antivirus-NorCalISP-Mail-From: qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs Process 10085) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121) by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800 Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 - Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509 Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157) by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 - Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 - Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by ezmlm Precedence: bulk List-Post: mailto:qmailtoaster-list@qmailtoaster.com List-Help: mailto:qmailtoaster-list-h...@qmailtoaster.com List-Unsubscribe: mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com List-Subscribe: mailto:qmailtoaster-list-subscr...@qmailtoaster.com Reply-To: qmailtoaster-list@qmailtoaster.com Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 - X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.qmailtoaster.com X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00, DK_POLICY_SIGNALL autolearn=ham version=3.2.5 Received-SPF: pass (mail.qmailtoaster.com: SPF record at m.gmane.org designates 80.91.229.12 as permitted sender) X-Injected-Via-Gmane: http://gmane.org/ To: qmailtoaster-list@qmailtoaster.com From: Eric Shubert e...@shubes.net Date: Wed, 12 Jan 2011 10:03:15 -0700 Organization: Eric Shubert Associates Lines: 418 Message-ID: igkmsj$3n...@dough.gmane.org References: 01fb01cbb05c$cdadf280$6909d7...@com igdmcu$50...@dough.gmane.org 020301cbb068$a4405d00$ecc117...@com igdt2h$s1...@dough.gmane.org 020a01cbb07d$5e13af20$1a3b0d...@com igfcn4$hl...@dough.gmane.org 028301cbb18e$88fac7c0$9af057...@com 20110111081003.52761c20gaaza...@mail.yother.com igi0to$gn...@dough.gmane.org 000f01cbb1bb$3d1cf620$0200a...@homeoffice igi9n4$32...@dough.gmane.org 005101cbb201$9785c970$0200a...@homeoffice Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Complaints-To: use...@dough.gmane.org X-Gmane-NNTP-Posting-Host: rain.gmane.org User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 In-Reply-To: 005101cbb201$9785c970$0200a...@homeoffice Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
...@homeoffice Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Complaints-To: use...@dough.gmane.org X-Gmane-NNTP-Posting-Host: rain.gmane.org User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 In-Reply-To:005101cbb201$9785c970$0200a...@homeoffice Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro - So... I've checked my Spamdyke config, and don't see anything that would cause it to pass RELAYCLIENT... No whitelisted e-mails, domains, and I removed the IP's (Or narrowed them down to just the servers). Same result... But I think we might be on the right track... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:03 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Bingo! That's it all right. Nice bit of sleuthing, Michael. My apologies to CJ as he was on the right track. I missed the bit about your local lan addresses being whitelisted though. Spamdyke's documentation at http://www.spamdyke.org/documentation/README.html#RELAYING says: Authenticated and whitelisted connections will be allowed to relay. So my question now is, why do you have your LAN whitelisted? -- -Eric 'shubes' On 01/11/2011 07:37 PM, Michael Colvin wrote: Eric.. Check this thread out... I think this may be pointing me in the right direction... http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html The 2nd paragraph... Because relay client is set, simscan doesn’t run the message through SpamAssassin (Since it's supposedly from a trusted source). Could spamdyke be passing a value for RELAYCLIENT? I've got the 192.168.100.0/24 (The private network my mail cluster is on) Whitelisted in spamdyke... Any place else that might be passing RELAYCLIENT? It's not in my tcp.smtp file. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 11:06 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re-read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I think I understand. I did notice the QMR server further down the line and wondered a little about it. I'd remove spamdyke temporarily at this point and test. Then you'll know for sure if spamdyke setting RELAYCLIENT is the cause or not. P.S. I realize that web hosting servers are a pita, but configuring them to authenticate is a good practice imo. Then you don't need any open relaying. -- -Eric 'shubes' On 01/12/2011 10:35 AM, Michael Colvin wrote: Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying to explain it in an e-mail, I'm not sure *that* reason is valid, so I'll need to think about that one. :-) The particular servers we're looking at hear, handle inbound e-mail filtering only, then forward the mail to another cluster that's customer facing. So... Ok, now I need to figure out where it's getting that from, because, I'm not sure you saw the other message, but I removed the internal network from the whitelisting, and still nothing. And, now that I think about it, the e-mail isn't coming from an internal IP at the point we're looking at... The server has an internal IP, but it is the first server to handle the e-mail, so it's not getting it from another server with an internal IP. It has an internal IP because it's behind a load balancer. I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your comment is what got me looking in this direction) was the *second* cluster, which is getting the e-mail from the first cluster via internal IP's...I'm not concerned with that server not scanning w/spamassassin, since it should be scanned with the first cluster. :-) Besides, that second cluster is an older QMR server that I want to pull out, once I get it replaced with QMT servers... Here's the header from your e-mail. Notice the first few lines, with one containing qmail-scanner. Obviously, this isn't a Toaster. Further down, we see the Toaster's headers, which is still the area we were looking at with the simscan entries. (Continued after header!) - Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800 Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs); 12 Jan 2011 17:04:54 - X-Antivirus-NorCalISP-Mail-From: qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs Process 10085) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121) by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800 Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 - Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509 Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157) by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 - Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 - Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by ezmlm Precedence: bulk List-Post:mailto:qmailtoaster-list@qmailtoaster.com List-Help:mailto:qmailtoaster-list-h...@qmailtoaster.com List-Unsubscribe:mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com List-Subscribe:mailto:qmailtoaster-list-subscr...@qmailtoaster.com Reply-To: qmailtoaster-list@qmailtoaster.com Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 - X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.qmailtoaster.com X-Spam-Level: X-Spam-Status: No, score=-1.4
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Eric, I've checked all the places I can think of that it might be getting RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip and tcp.smtp) and I've removed any reference to my internal network... Still no luck. Any place else you can think of before I write the RELAYCLIENT flag as being the issue? Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 9:59 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re- read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I think I understand. I did notice the QMR server further down the line and wondered a little about it. I'd remove spamdyke temporarily at this point and test. Then you'll know for sure if spamdyke setting RELAYCLIENT is the cause or not. P.S. I realize that web hosting servers are a pita, but configuring them to authenticate is a good practice imo. Then you don't need any open relaying. -- -Eric 'shubes' On 01/12/2011 10:35 AM, Michael Colvin wrote: Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying to explain it in an e-mail, I'm not sure *that* reason is valid, so I'll need to think about that one. :-) The particular servers we're looking at hear, handle inbound e-mail filtering only, then forward the mail to another cluster that's customer facing. So... Ok, now I need to figure out where it's getting that from, because, I'm not sure you saw the other message, but I removed the internal network from the whitelisting, and still nothing. And, now that I think about it, the e-mail isn't coming from an internal IP at the point we're looking at... The server has an internal IP, but it is the first server to handle the e
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
On 01/11/2011 08:03 PM, Michael Colvin wrote: Eric, I've checked all the places I can think of that it might be getting RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip and tcp.smtp) and I've removed any reference to my internal network... Still no luck. Any place else you can think of before I write the RELAYCLIENT flag as being the issue? Michael J. Colvin NorCal Internet Services www.norcalisp.com - This just showed up. Is it old, or is the time on your computer off? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
It's old... I sent it last night while changing some of the relay stuff, and apparently cause some mail to start queuing on the customer facing servers... So, when I put everything back (This morning), the queue dumped. :-) Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 11:11 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/11/2011 08:03 PM, Michael Colvin wrote: Eric, I've checked all the places I can think of that it might be getting RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip and tcp.smtp) and I've removed any reference to my internal network... Still no luck. Any place else you can think of before I write the RELAYCLIENT flag as being the issue? Michael J. Colvin NorCal Internet Services www.norcalisp.com - This just showed up. Is it old, or is the time on your computer off? -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 9:59 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re- read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I think I understand. I did notice the QMR server further down the line and wondered a little about it. I'd remove spamdyke temporarily at this point and test. Then you'll know for sure if spamdyke setting RELAYCLIENT is the cause or not. P.S. I realize that web hosting servers are a pita, but configuring them to authenticate is a good practice imo. Then you don't need any open relaying. -- -Eric 'shubes' On 01/12/2011 10:35 AM, Michael Colvin wrote: Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 9:59 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re- read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok... Just to follow-up... I set the entries in the relay file as described in SpamDyke's documentation, same result. I remarked out the lines in the relay file, effectively making it Empty. SpamAssassin is still not called. Now, I'm not sure if calling an empty file is causing an issue When I ran the spamdyke tests, I didn't get any errors... I'm going to move over to SpamDyke's list now, and see what Sam thinks... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 12:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok...Just to wrap this thread up on this list, in case anyone searches this list The issue is apparently a known issue without an elegant solution currently. We pretty much nailed it down though on here... You can find Sam's response and description of the issue in the thread here: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg03033.html with a reference to the thread here: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg02032.html Reader's Digest version...If you're going to use the relay file, you'll have to patch SpamDyke, at least for now. The alternative is to put what you'd put in the relay file into tcp.smtp, and don't use the access-file in SpamDyke. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 1:15 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... Just to follow-up... I set the entries in the relay file as described in SpamDyke's documentation, same result. I remarked out the lines in the relay file, effectively making it Empty. SpamAssassin is still not called. Now, I'm not sure if calling an empty file is causing an issue When I ran the spamdyke tests, I didn't get any errors... I'm going to move over to SpamDyke's list now, and see what Sam thinks... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 12:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 - Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505 Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177) by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 - Received: by iwn38 with SMTP id 38so21353335iwn.36 for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=; b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs= MIME-Version: 1.0 Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Date: Tue, 11 Jan 2011 04:40:29 -0800 Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com Subject: Testing From: NorCal Internet norcalinter...@gmail.com To: Michael Colvin mcol...@norcalisp.com Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea No change on the simscan line... I still don't see anything in qmlog spamd, other than the Startup stuff that was there from my last post... In fact, there's nothing but what I posted last time, since the server hasn't restarted... There's been no log entries in spamd since 1/9/2011... SpamAssassin is On in the default QMT, right? I mean, it's obviously installed on the system, and SimScan is running... It just seems like something is missing, and it's on both servers... I know this is going to end in one of those Duh! moments... :-) Mike -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvin mcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 - Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505 Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177) by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 - Received: by iwn38 with SMTP id 38so21353335iwn.36 for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=; b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs= MIME-Version: 1.0 Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Date: Tue, 11 Jan 2011 04:40:29 -0800 Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com Subject: Testing From: NorCal Internet norcalinter...@gmail.com To: Michael Colvin mcol...@norcalisp.com Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea No change on the simscan line... I still don't see anything in qmlog spamd, other than the Startup stuff that was there from my last post... In fact, there's nothing but what I posted last time, since the server hasn't restarted... There's been no log entries in spamd since 1/9/2011... SpamAssassin is On in the default QMT, right? I mean, it's obviously installed on the system, and SimScan is running... It just seems like something is missing, and it's on both servers... I know this is going to end in one of those Duh! moments... :-) Mike -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvin mcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 - Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505 Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177) by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 - Received: by iwn38 with SMTP id 38so21353335iwn.36 for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=; b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs= MIME-Version: 1.0 Received: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Date: Tue, 11 Jan 2011 04:40:29 -0800 Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com Subject: Testing From: NorCal Internet norcalinter...@gmail.com To: Michael Colvin mcol...@norcalisp.com Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea No change on the simscan line... I still don't see anything in qmlog spamd, other than the Startup stuff that was there from my last post... In fact, there's nothing but what I posted last time, since the server hasn't restarted... There's been no log entries in spamd since 1/9/2011... SpamAssassin is On in the default QMT, right? I mean, it's obviously installed on the system, and SimScan is running... It just seems like something is missing, and it's on both servers... I know this is going to end in one of those Duh! moments... :-) Mike -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers
Re: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Tue 21 Dec 2010 09:54:47 AM PST Install Date: Tue 21 Dec 2010 10:04:51 AM PST Build Host: laetitia.area510.net Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickers j...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif [r...@laetitia ~]# On 01/11/2011 08:36 AM, Eric Shubert wrote: rpm -qi simscan-toaster -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | http://yother.com Check out the new Volvo classified resource http://www.volvoclassified.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickers j...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvin mcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va r/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 - Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505 Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177) by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 - Received: by iwn38 with SMTP id 38so21353335iwn.36 for mcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=; b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs= MIME-Version: 1.0 Received
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvinmcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va r/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 - Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505 Received: from unknown (HELO mail-iw0-f177.google.com) (209.85.214.177) by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 - Received: by iwn38 with SMTP id 38so21353335iwn.36 formcol...@norcalisp.com; Tue, 11 Jan 2011 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=; b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Eric.. Check this thread out... I think this may be pointing me in the right direction... http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html The 2nd paragraph... Because relay client is set, simscan doesnt run the message through SpamAssassin (Since it's supposedly from a trusted source). Could spamdyke be passing a value for RELAYCLIENT? I've got the 192.168.100.0/24 (The private network my mail cluster is on) Whitelisted in spamdyke... Any place else that might be passing RELAYCLIENT? It's not in my tcp.smtp file. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 11:06 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvinmcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va r/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 - 0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok. Will do later today/this evening and let you know. Thanks for the suggestion! Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/co ntrol/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
On 01/09/2011 05:24 PM, Michael J. Colvin wrote: I did some checking in the archives, but didn’t find a solution, although I found some similar items, none of them seemed to point me in the right direction… I just realized that, for some reason, mail on two newly created servers is not being scanned by SpamAssassin, or at least it appears as though it isn’t… E-mails arrive with the following contained in the headers: Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 Which leads me to believe that only “attach” and “clamav” are being invoked. Here’s my tcp.smtp: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/qmail/bin/simscan Here’s simcontrol: :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif I’ve got two servers, both new builds using the ISO, that are behaving identical. Obviously, I made some changes to tcp.smtp, but other than that, I haven’t made any changes to any files that I’m aware of, that effect invoking simscan, and then spamassassin…. Any thoughts? Additional info: qtp-whatami v0.3.7 Sun Jan 9 16:18:36 PST 2011 DISTRO=CentOS OSVER=5.5 QTARCH=i686 QTKERN=2.6.18-194.8.1.el5 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat Thanks in advance! Mike The Received: by simscan information won't show when a message is scanned by spamassassin. Look for X-Spam-* headers for an indication of this. You should check the spamd log (qmlog spamd) to verify the condition of spamassassin. Any errors will show there, as well as messages pertaining to scans. Also, all messages aren't scanned by SA. Intra-host messages (more specifically, messages submitted with authentication) are not scanned, nor are messages above a certain size. I don't recall off hand what that size limit is, or where it's specified. It'd be nice if that were documented on the wiki if it's not already. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Thanks for the replay Eric. Here's the full header: Received: (qmail 11511 invoked by uid 1010); 9 Jan 2011 16:09:23 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from michael.col...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.094059 secs); 10 Jan 2011 00:09:23 - X-Antivirus-NorCalISP-Mail-From: michael.col...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.094059 secs Process 11504) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 9 Jan 2011 16:09:23 -0800 Received: (qmail 2795 invoked by uid 89); 10 Jan 2011 00:09:21 - Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 Received: from unknown (HELO mail-yi0-f49.google.com) (209.85.218.49) by mail.norcalisp.com with SMTP; 10 Jan 2011 00:09:21 - Received: by yib2 with SMTP id 2so5429037yib.36 for mcol...@norcalisp.com; Sun, 09 Jan 2011 16:08:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=GMPLCtUDsw0tenqLVZLtyBTLSH7m83E9a36NIFIzX9g=; b=bWDAXb5wt2YuhvYKE7ro9LDiNbkPOGFqmKDyzpOJjorI1+fPSMQeg4O9y8xKt2WXRM dUeOdL8G59F79xUsHPTDODYlT1pL6/PCDS9dONYO4LRce/OACwGjn+sn+vA1xrOMcasi 45mLzT4w+UxhAjN474zs8TBauKQtTxYJwoXPI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Tai3/7m8KcMRAUo7vQvthAx35Er2+qbRq+OsI548wcn3rH9m/3wvFrP3MPhkShqa35 Zhv9HOjRaxuw4w+afZhYWdwF53IkzI77UYQ5UZTIgVvpDSAfP61wmAOwSS7PcMdBOT25 NOxzSWtxSdbj9D9wFQ+ULFH5OAUp5P85IBvOQ= MIME-Version: 1.0 Received: by 10.100.48.4 with SMTP id v4mr488017anv.47.1294618130674; Sun, 09 Jan 2011 16:08:50 -0800 (PST) Received: by 10.100.120.20 with HTTP; Sun, 9 Jan 2011 16:08:50 -0800 (PST) Date: Sun, 9 Jan 2011 16:08:50 -0800 Message-ID: aanlkti=tmjszfszjr7ngoxjhcar4meaorua2jxhz1...@mail.gmail.com Subject: Testing From: Michael Colvin michael.col...@gmail.com To: Michael Colvin mcol...@norcalisp.com Content-Type: multipart/alternative; boundary=0016e642d6a8cc75ba049972c53e This message is sent, obviously, from Gmail, so it's not an intra-host e-mail, and no authentication is involved... Qmlog spamd shows: 01-09 16:01:46 [2113] info: spamd: server started on port 783/tcp (running version 3.2.5) 01-09 16:01:46 [2113] info: spamd: server pid: 2113 01-09 16:01:46 [2113] info: spamd: server successfully spawned child process, pid 2387 01-09 16:01:46 [2113] info: spamd: server successfully spawned child process, pid 2388 01-09 16:01:46 [2113] info: prefork: child states: II These are the only entries since the last reboot... Shouldn't the header line: scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 also show spamd though? In other posts that I'd found in the archive, there was a notation on that line that indicated spamassassin was invoked... To me, it looks like qmlog spamd doesn't have any errors, but should it show that messages were scanned too? I don't think spamassassin isn't running, it just doesn't look like simscan is sending messages from qmail to spamassassin... That's just a guess though... Thanks again for your input! Mike -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Sunday, January 09, 2011 5:12 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 05:24 PM, Michael J. Colvin wrote: I did some checking in the archives, but didn't find a solution, although I found some similar items, none of them seemed to point me in the right direction. I just realized that, for some reason, mail on two newly created servers is not being scanned by SpamAssassin, or at least it appears as though it isn't. E-mails arrive with the following contained in the headers: Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 Which leads me to believe that only attach and clamav are being invoked. Here's my tcp.smtp: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/var/ qmail/bin/simscan Here's simcontrol: :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif I've got two servers, both new builds using the ISO, that are behaving identical. Obviously, I made some changes to tcp.smtp, but other than that, I haven't made any changes to any files that I'm aware of, that effect invoking simscan, and then spamassassin.. Any thoughts? Additional info: qtp-whatami v0.3.7 Sun
[qmailtoaster] Re: SpamAssassin not being invoked by SimContro
On 01/09/2011 06:49 PM, Michael J. Colvin wrote: Thanks for the replay Eric. Here's the full header: Received: (qmail 11511 invoked by uid 1010); 9 Jan 2011 16:09:23 -0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from michael.col...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.094059 secs); 10 Jan 2011 00:09:23 - X-Antivirus-NorCalISP-Mail-From: michael.col...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.094059 secs Process 11504) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 9 Jan 2011 16:09:23 -0800 Received: (qmail 2795 invoked by uid 89); 10 Jan 2011 00:09:21 - Received: by simscan 1.4.0 ppid: 2790, pid: 2791, t: 0.0720s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 Received: from unknown (HELO mail-yi0-f49.google.com) (209.85.218.49) by mail.norcalisp.com with SMTP; 10 Jan 2011 00:09:21 - Received: by yib2 with SMTP id 2so5429037yib.36 formcol...@norcalisp.com; Sun, 09 Jan 2011 16:08:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=GMPLCtUDsw0tenqLVZLtyBTLSH7m83E9a36NIFIzX9g=; b=bWDAXb5wt2YuhvYKE7ro9LDiNbkPOGFqmKDyzpOJjorI1+fPSMQeg4O9y8xKt2WXRM dUeOdL8G59F79xUsHPTDODYlT1pL6/PCDS9dONYO4LRce/OACwGjn+sn+vA1xrOMcasi 45mLzT4w+UxhAjN474zs8TBauKQtTxYJwoXPI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Tai3/7m8KcMRAUo7vQvthAx35Er2+qbRq+OsI548wcn3rH9m/3wvFrP3MPhkShqa35 Zhv9HOjRaxuw4w+afZhYWdwF53IkzI77UYQ5UZTIgVvpDSAfP61wmAOwSS7PcMdBOT25 NOxzSWtxSdbj9D9wFQ+ULFH5OAUp5P85IBvOQ= MIME-Version: 1.0 Received: by 10.100.48.4 with SMTP id v4mr488017anv.47.1294618130674; Sun, 09 Jan 2011 16:08:50 -0800 (PST) Received: by 10.100.120.20 with HTTP; Sun, 9 Jan 2011 16:08:50 -0800 (PST) Date: Sun, 9 Jan 2011 16:08:50 -0800 Message-ID:aanlkti=tmjszfszjr7ngoxjhcar4meaorua2jxhz1...@mail.gmail.com Subject: Testing From: Michael Colvinmichael.col...@gmail.com To: Michael Colvinmcol...@norcalisp.com Content-Type: multipart/alternative; boundary=0016e642d6a8cc75ba049972c53e This message is sent, obviously, from Gmail, so it's not an intra-host e-mail, and no authentication is involved... Qmlog spamd shows: 01-09 16:01:46 [2113] info: spamd: server started on port 783/tcp (running version 3.2.5) 01-09 16:01:46 [2113] info: spamd: server pid: 2113 01-09 16:01:46 [2113] info: spamd: server successfully spawned child process, pid 2387 01-09 16:01:46 [2113] info: spamd: server successfully spawned child process, pid 2388 01-09 16:01:46 [2113] info: prefork: child states: II These are the only entries since the last reboot... No SA scanning is happening then, as you've said. Shouldn't the header line: scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12497 also show spamd though? In other posts that I'd found in the archive, there was a notation on that line that indicated spamassassin was invoked... Yes is should, now that I look back on things. I'm seeing this: Received: by simscan 1.4.0 ppid: 31845, pid: 31846, t: 2.8534s scanners: attach: 1.4.0 clamav: 0.96.5 /m:51/d:10306 spam: 3.2.5 I think it's odd that the 3rd line isn't indented like the 2nd, but I'm seeing it now (missed the 3rd line before). To me, it looks like qmlog spamd doesn't have any errors, but should it show that messages were scanned too? Right, it should show messages for each email that's scanned, like this: 01-09 19:39:32 [2535] info: prefork: child states: II 01-09 19:54:10 [30403] info: spamd: connection from tacs-mail.shubes.net [127.0.0.1] at port 56763 01-09 19:54:10 [30403] info: spamd: processing message 20110110025403.60073b708...@web4.breastcancer.org for clamav:89 01-09 19:54:11 [30403] info: spamd: clean message (-2.9/3.7) for clamav:89 in 0.8 seconds, 2509 bytes. 01-09 19:54:11 [30403] info: spamd: result: . -2 - AWL,BAYES_00 scantime=0.8,size=2509,user=clamav,uid=89,required_score=3.7,rhost=tacs-mail.shubes.net,raddr=127.0.0.1,rport=56763,mid=20110110025403.60073b708...@web4.breastcancer.org,bayes=0.00,autolearn=ham 01-09 19:54:11 [2535] info: prefork: child states: II I don't think spamassassin isn't running, Right. The child states line in the log indicates that it's running. You'll see those processing running (with ps) as well. FWIW, I think that if spamd wasn't running and simscan tried to invoke it, then qmail-smtp would fail with a (quite elusive and nondescript) qq softfail message. it just doesn't look like simscan is sending messages from qmail to spamassassin...
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Have you run # qmailctl cdb recently? -- -Eric 'shubes' Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
