Ummm... Mainly I think it was laziness so that the web hosting servers
could send via these servers. (Instead of listing just the specific
internal IP's, since I add servers occasionally...)
I think there was another reason involving how my outbound mail is working,
but now that I'm trying to explain it in an e-mail, I'm not sure *that*
reason is valid, so I'll need to think about that one. :-)
The particular servers we're looking at hear, handle inbound e-mail
filtering only, then forward the mail to another cluster that's customer
facing.
So... Ok, now I need to figure out where it's getting that from, because,
I'm not sure you saw the other message, but I removed the internal network
from the whitelisting, and still nothing.
And, now that I think about it, the e-mail isn't coming from an internal IP
at the point we're looking at... The server has an internal IP, but it is
the first server to handle the e-mail, so it's not getting it from another
server with an internal IP. It has an internal IP because it's behind a
load balancer.
I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your
comment is what got me looking in this direction) was the *second* cluster,
which is getting the e-mail from the first cluster via internal IP's...I'm
not concerned with that server not scanning w/spamassassin, since it should
be scanned with the first cluster. :-) Besides, that second cluster is an
older QMR server that I want to pull out, once I get it replaced with QMT
servers...
Here's the header from your e-mail. Notice the first few lines, with one
containing "qmail-scanner". Obviously, this isn't a Toaster. Further down,
we see the Toaster's headers, which is still the area we were looking at
with the simscan entries.
(Continued after header!)
-----------------------------------------
Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800
Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from
<qmailtoaster-list-return-9149-mcolvin=norcalisp....@qmailtoaster.com>, uid
1008) with qmail-scanner-1.25-st-qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms.
Clear:RC:1(192.168.100.121):.
Processed in 0.058344 secs); 12 Jan 2011 17:04:54 -0000
X-Antivirus-NorCalISP-Mail-From:
qmailtoaster-list-return-9149-mcolvin=norcalisp....@qmailtoaster.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):. Processed
in 0.058344 secs Process 10085)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121)
by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800
Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 -0000
Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509
Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157)
by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 -0000
Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 -0000
Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by ezmlm
Precedence: bulk
List-Post:<mailto:qmailtoaster-list@qmailtoaster.com>
List-Help:<mailto:qmailtoaster-list-h...@qmailtoaster.com>
List-Unsubscribe:<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
List-Subscribe:<mailto:qmailtoaster-list-subscr...@qmailtoaster.com>
Reply-To: qmailtoaster-list@qmailtoaster.com
Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com
Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.qmailtoaster.com
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,
DK_POLICY_SIGNALL autolearn=ham version=3.2.5
Received-SPF: pass (mail.qmailtoaster.com: SPF record at m.gmane.org
designates 80.91.229.12 as permitted sender)
X-Injected-Via-Gmane: http://gmane.org/
To: qmailtoaster-list@qmailtoaster.com
From: Eric Shubert<e...@shubes.net>
Date: Wed, 12 Jan 2011 10:03:15 -0700
Organization: Eric Shubert& Associates
Lines: 418
Message-ID:<igkmsj$3n...@dough.gmane.org>
References:<01fb01cbb05c$cdadf280$6909d7...@com>
<igdmcu$50...@dough.gmane.org> <020301cbb068$a4405d00$ecc117...@com>
<igdt2h$s1...@dough.gmane.org> <020a01cbb07d$5e13af20$1a3b0d...@com>
<igfcn4$hl...@dough.gmane.org> <028301cbb18e$88fac7c0$9af057...@com>
<20110111081003.52761c20gaaza...@mail.yother.com>
<igi0to$gn...@dough.gmane.org> <000f01cbb1bb$3d1cf620$0200a...@homeoffice>
<igi9n4$32...@dough.gmane.org> <005101cbb201$9785c970$0200a...@homeoffice>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: use...@dough.gmane.org
X-Gmane-NNTP-Posting-Host: rain.gmane.org
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13)
Gecko/20101208 Thunderbird/3.1.7
In-Reply-To:<005101cbb201$9785c970$0200a...@homeoffice>
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
-----------------------------------------
So... I've checked my Spamdyke config, and don't see anything that would
cause it to pass RELAYCLIENT... No whitelisted e-mails, domains, and I
removed the IP's (Or narrowed them down to just the servers). Same
result...
But I think we might be on the right track...
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Wednesday, January 12, 2011 9:03 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Bingo! That's it all right. Nice bit of sleuthing, Michael.
My apologies to CJ as he was on the right track. I missed the bit about
your local lan addresses being whitelisted though.
Spamdyke's documentation at
http://www.spamdyke.org/documentation/README.html#RELAYING says:
"Authenticated and whitelisted connections will be allowed to relay."
So my question now is, why do you have your LAN whitelisted?
--
-Eric 'shubes'
On 01/11/2011 07:37 PM, Michael Colvin wrote:
Eric.. Check this thread out... I think this may be pointing me in the
right direction...
http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html
The 2nd paragraph... "Because relay client is set, simscan doesn’t run
the
message through SpamAssassin (Since it's supposedly from a trusted
source).
Could spamdyke be passing a value for "RELAYCLIENT"? I've got the
192.168.100.0/24 (The private network my mail cluster is on)
"Whitelisted"
in spamdyke...
Any place else that might be passing RELAYCLIENT? It's not in my
tcp.smtp
file.
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 11:06 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
I'm at a loss Michael. I think I'd look closer into spamassassin at
this
point. Can you invoke SA 'manually'?
On 01/11/2011 11:13 AM, Michael Colvin wrote:
Here you go Eric. Both servers had identical outputs, other than one
being
installed the day after this one. :-)
Name : simscan-toaster Relocations: (not
relocatable)
Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Fri 29 Oct
2010
02:28:37 AM PDT
Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host:
mail-1.norcalisp.com
Group : Networking/Other Source RPM:
simscan-toaster-1.4.0-1.3.8.src.rpm
Size : 113364 License: GPL
Signature : (none)
Packager : Jake Vickers<j...@qmailtoaster.com>
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :
SimScan is a simplified scanner for qmail similar to qmail-scanner and
qscand.
It uses clamav, trophie, and/or spamassassin. It also supports
attachment
blocking by extension. Simscan is written entirely in C to ensure
maximum
speed. There are several options to allow simscan to scan per domain,
and
reject spam mail.
Current settings
---------------------------------------
user = clamav
qmail directory = /var/qmail
work directory = /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program = /var/qmail/bin/qmail-queue
clamdscan program = /usr/bin/clamdscan
clamav scan = ON
trophie scanning = OFF
attachement scan = ON
ripmime program = /usr/bin/ripmime
custom smtp reject = ON
drop message = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = ON
add received header = ON
spam scanning = ON
spamc program = /usr/bin/spamc
spamc arguments =
spamc user = OFF
authenticated users scanned = OFF
spam passthru = OFF
spam hits = 40
Current simcontrol config
----------------------------------------------------------
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Tuesday, January 11, 2011 8:36 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by
SimContro
I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA
still scans. Authenticated submissions aren't scanned though.
Michael, can you post your
# rpm -qi simscan-toaster
(just double checking)
--
-Eric 'shubes'
On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote:
Isn't there something about LAN addresses not being scanned?
Quoting "Michael J. Colvin"<mcol...@norcalisp.com>:
OK. Tcp.smtp now looks like:
:allow,BADMIMETYPE="",SENDER_NOCHECK="1",BADLOADERTYPE="M",QMAILQUEUE="/va
r/
qmail/bin/simscan",NOP0FCHECK="1"
Header information is still the same:
Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 -
0800
Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from
<norcalinter...@gmail.com>, uid 1008) with qmail-scanner-1.25-st-
qms
(clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-
qms.
Clear:RC:1(192.168.100.122):.
Processed in 0.066093 secs); 11 Jan 2011 12:41:02 -0000
X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via
mail.norcalisp.com
X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):.
Processed
in 0.066093 secs Process 28558)
Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122)
by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800
Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41:01 -
0000
Received: by simscan 1.4.0 ppid: 12605, pid: 12606, t: 0.0623s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12505
Received: from unknown (HELO mail-iw0-f177.google.com)
(209.85.214.177)
by mail.norcalisp.com with SMTP; 11 Jan 2011 12:41:01 -0000
Received: by iwn38 with SMTP id 38so21353335iwn.36
for<mcol...@norcalisp.com>; Tue, 11 Jan 2011 04:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:date:message-
id
:subject:from:to:content-type;
bh=4s2kmb0Iocy2ztenUiYdvwfIbdXrWGJeKE8RR03gj6M=;
b=AeiBKelfTf69Q/7TaoVAOqclbwmsAtr9RHblGmZZ5oL2ItVlbR3QbvwR2P0mijE3BM
KT9zmta/DCJW18pRpoKgLalMbWis+Uc7DBF1wPG+cbKidqL0aIctyYzASvBT93LYtepG
cVdflalC1w9g0xudt1bjHwJkg4FmtC0EkoZ9A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pFOBpl0EItTK62RMwoCVcr8N0UknO/Rwu9KA9n4puf1BIOTWDBWLhUqThVh1DXvTjY
jibiALvAE5jyGJCwqA2UgmqdcvNSeZQ7ylhYp5KLxYoa9CqyX0qohG9Xvn4M0g3dX/yJ
M1bLffv+FTJoqp9sKJ0ro4s/+EhvWQpm2cQGs=
MIME-Version: 1.0
Received: by 10.42.241.199 with SMTP id
lf7mr4139326icb.93.1294749629840;
Tue,
11 Jan 2011 04:40:29 -0800 (PST)
Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800
(PST)
Date: Tue, 11 Jan 2011 04:40:29 -0800
Message-ID:
<aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com>
Subject: Testing
From: NorCal Internet<norcalinter...@gmail.com>
To: Michael Colvin<mcol...@norcalisp.com>
Content-Type: multipart/alternative;
boundary=20cf305496a9c27d9b04999163ea
No change on the "simscan" line... I still don't see anything in
qmlog
spamd, other than the "Startup" stuff that was there from my last
post...
In fact, there's nothing but what I posted last time, since the
server
hasn't restarted... There's been no log entries in spamd since
1/9/2011...
SpamAssassin is "On" in the default QMT, right? I mean, it's
obviously
installed on the system, and SimScan is running... It just seems
like
something is missing, and it's on both servers... I know this is
going
to
end in one of those "Duh!" moments... :-)
Mike
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Monday, January 10, 2011 8:39 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by
SimContro
On 01/09/2011 09:17 PM, Michael J. Colvin wrote:
Have you run
# qmailctl cdb
recently?
Several times, and even rebooted the whole server (Both of them)
to
make
sure the new cdb files were loaded. The cdb file's date stamp is
being
updated when I run qmailctl cdb.
Again, what I think is the strangest part is, this is happening on
two
totally separate machines, both with basically "Stock" ISO
installs
on
them... If it was happening to just one, I'd lean towards a config
error...
But with two of them, it's either something I did too both of them
(Possible, of course) or something else... And, like I said, I
haven't
changed much from the stock install... Just the rcpthosts,
smtproutes,
tcp.smtp (As posted) and I think that's about it..
(Shrug)...
Mike
Here's my tcp.smtp entry:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRO
NG
RCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/cont
ro
l/domainkeys/%/private",NOP0FCHECK="1"
You appear to be missing NOP0FCHECK="1" in your configuration.
IIRC,
you
really need that. I don't recall what happens w/out it, but I'd put
it
in and see if that fixes things.
--
-Eric 'shubes'
-------------------------------------------------------------------
--
--
-----
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
-------------------------------------------------------------------
--
--
-----
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-------------------------------------------------------------------
--
--
----------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
-------------------------------------------------------------------
--
--
----------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-
h...@qmailtoaster.com
cj's
2318 Clement Ave
Alameda, CA 94501
http://www.yother.com
Check out the new Volvoclassified! http://www.volvoclassified.com
--------------------------------------------------------------------
--
--
---------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------
--
---
-------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
---------------------------------------------------------------------
--
---
-------
Please visit qmailtoaster.com for the latest news, updates,
and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-
h...@qmailtoaster.com
----------------------------------------------------------------------
--
---------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
--
-Eric 'shubes'
-----------------------------------------------------------------------
---
-------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
-----------------------------------------------------------------------
---
-------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-
h...@qmailtoaster.com
------------------------------------------------------------------------
---------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
--------------------------------------------------------------------------
-------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
--------------------------------------------------------------------------
-------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-
h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
