Re: Milter no longer rejects spam (postfix

Wed, 15 Jun 2011 03:40:43 -0700 

Hi Damian,

Thank-you for the perl script. The milter does reject when hit on the
socket. Ugly output below.


When I tried to send this email with the full debug o/p my mail server
did reject it:
"5.7.1 Detected virus detected in your email : Eicar-Test-Signature..
Please check the message and try again."
But this is a red herring because it was caused from ClamAV milter with
SaneSecurity. However it shows that a milter was called.
I wonder if postfix ignores the other milters when the first one is
passed? Unsure.


# milter_watch -d local:/var/spool/postfix/spamass/spamass.sock
D milter_watch-0.6 by Damian Menscher <[email protected]>
D Submit_message called with """
SNIP- REMOVED
SNIP- REMOVED
"""
D Sending: O?
D Milter returned 0xd bytes: O
D Requested actions: 0x1; Undesired content 0x0
D Sending: DCjlocalhost.localdomain_localhost.localdomain
[127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
D Sending: Clocalhost.localdomain4'127.0.0.1
D Milter returned 0x1 bytes: a
D Sending: DH
D Sending:
DMimilter_watch{mail_mailer}esmtp{mail_host}infected.invalid.{mail_addr}[email protected]
D Sending: [email protected]
D Milter returned 0x1 bytes: c
D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
D Sending: Rvictim
D Milter returned 0x1 bytes: c
D Sending: N
D Milter returned 0x1 bytes: c
D Sending: BTo: victim
Subject: milter test message
Content-Transfer-Encoding: BASE64

SNIP- REMOVED

SNIP- REMOVED

D Milter returned 0x1 bytes: c
D Sending: E
D Milter returned 0x1 bytes: c
D Sending: Q
I Milter properly allowed clean mail through
D Submit_message called with """
SNIP- REMOVED

SNIP- REMOVED
"""
D Sending: O?
D Milter returned 0xd bytes: O
D Requested actions: 0x1; Undesired content 0x0
D Sending: DCjlocalhost.localdomain_localhost.localdomain
[127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
D Sending: Clocalhost.localdomain4'127.0.0.1
D Milter returned 0x1 bytes: a
D Sending: DH
D Sending:
DMimilter_watch{mail_mailer}esmtp{mail_host}infected.invalid.{mail_addr}[email protected]
D Sending: [email protected]
D Milter returned 0x1 bytes: c
D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
D Sending: Rvictim
D Milter returned 0x1 bytes: c
D Sending: N
D Milter returned 0x1 bytes: c
D Sending: BTo: victim
Subject: milter test message
Content-Transfer-Encoding: BASE64

SNIP- REMOVED

SNIP- REMOVED

D Milter returned 0x1 bytes: c
D Sending: E
D Milter returned 0x23 bytes: y550 5.7.1 Blocked by SpamAssassin
D Sending: Q
I Milter blocked a spam/virus


On 06/14/2011 08:49 PM, Damian Menscher wrote:
> Just a thought, but you can also confirm the milter is working
> correctly by sending it test requests with milter_watch:
> http://www.itg.uiuc.edu/itg_software/milter_watch/
>
> That at least lets you isolate the problem to being in the
> milter/spamassassin config, or in the postfix config.
>
> Damian
>
> On Tue, Jun 14, 2011 at 5:07 AM, J4K <[email protected]> wrote:
>> Hi there everyone,
>>
>>    I noticed that my spamass-milter was not rejecting spam over the
>> threshold and I wonder if someone might help me with some debug options
>> on the spamass-milter.
>>
>> ****  My  question ****
>> What debug options should I use to enable logging to try and find out
>> why it did not either be called by postfix or reject the email?
>>    -d debugflags
>>             Enables logging.  debugflags is a comma-separated list of
>> tokens:
>>             func    Entry and exit of internal functions.
>>             misc    Other non-verbose logging.
>>             net     Lookups of the ignored netblocks list.
>>             poll    Low-level I/O to the child spamc process.
>>             rcpt    Recipient processing.
>>             spamc  High-level I/O to the child spamc process.
>>             str     Calls to field lookup and string comparison functions.
>>             uori    Calls to the update_or_insert function.
>>             1       (historical) Same as func,misc.
>>             2       (historical) Same as func,misc,poll.
>>             3       (historical) Same as func,misc,poll,str,uori.
>>
>>
>>
>> **** Some backup info in case someone thinks that I am barking up the
>> wrong tree ****
>>
>> Spamass-milter is called as a before milter in Postfix:-
>>    # postconf -n  | grep milter
>>    milter_default_action = tempfail
>>    non_smtpd_milters = unix:/dkim-filter/dkim-filter.sock
>>    smtpd_milters = unix:/clamav/clamav-milter.ctl,
>> unix:/spamass/spamass.sock, unix:/dkim-filter/dkim-filter.sock
>>
>> The spamass trigger threshold is 11 and the emails getting through often
>> have sigh scores like 15, and I would like to check that spamass-milter
>> is even receiving any email to check.  I did not see anything being
>> rejected.
>>
>> The process runs as :
>> /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
>> /var/spool/postfix/spamass/spamass.sock -u nobody -M -r 11 -i 127.0.0.1
>>
>> And the socket is there:-
>> srw-rw---- 1 postfix postfix 0 Jun 14 13:48
>> /var/spool/postfix/spamass/spamass.sock
>>
>> I did not read any errors about milters in the postfix logs
>> (/var/log/mail.*),  other than the usual macro complaint which I think
>> can be ignored.
>> mail.log:Jun 14 13:50:05 logout spamass-milter[21468]: Could not
>> retrieve sendmail macro "i"!.  Please add it to
>> confMILTER_MACROS_ENVFROM for better spamassassin results
>>
>>
>>
>> Best regards, Simon.
>>
>>
>>
>> _______________________________________________
>> Spamass-milt-list mailing list
>> [email protected]
>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
>>
>
>


_______________________________________________
Spamass-milt-list mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/spamass-milt-list

Reply via email to