Re: [Declude.JunkMail] Message not scanned

[NIck Hayer]

Hi Dan, Here are some thoughts - I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). Hijack cares about the senders - not the recipients I do believe I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday). What do hijack the logs say?  [They may explain just what happened. If not run on high so next time more info may be avail] Were all the held mail prefaced with the gateway ip? [Just to be sure they all came from the gateway] Do you have the line in hijack.cfg  "ALLOWIP  <gateway ip > ? ["An ALLOWIP line will let an IP address send unlimited E-mail"] Best, -Nick I still don't know why these messages were delivered without being scanned by Declude (unless that is a "feature" of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 01, 2005 2:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Message not scanned Did you not see my response to your earlier post? John T eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line "X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net" was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A600000A71 does not appear. Neither does a07e000006888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. --------IMAIL LOG-------- SMTPD (9f3b01a600000a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a600000a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a600000a71) [68.118.154.7] MAIL FROM:<[EMAIL PROTECTED]> SMTPD (9f3b01a600000a71) [68.118.154.7] RCPT TO:<[EMAIL PROTECTED]> SMTPD (9f3b01a600000a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a600000a71) [68.118.154.7] DATA SMTPD (9f3b01a600000a71) [68.118.154.7] S:\imail\spool\D9f3b01a600000a71.SMD 4808 SMTP (0000000000000000) Info - Adding Queue file S:\imail\spool\Q9F3B01A600000A71.SMD SMTP (9f3b01a600000a71) processing S:\imail\spool\Q9F3B01A600000A71.SMD SMTP (9f3b01a600000a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a600000a71) forwarded message to [EMAIL PROTECTED] using new file: a07e000006888a82 SMTP (9f3b01a600000a71) finished S:\imail\spool\Q9F3B01A600000A71.SMD status=1 --------HEADERS---------- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A600000A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for <[EMAIL PROTECTED]>; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for <[EMAIL PROTECTED]>; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: "Feli Ridgeway" <[EMAIL PROTECTED]> To: "Napier Kincaid" <[EMAIL PROTECTED]> Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0057_01C5669E.F7E87600" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Jun 2005 11:48:14.0907 (UTC) FILETIME=[CB72F8B0:01C5669F] ------=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0057_01C5669E.F7E87600-- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.