Hi
I have MailScanner on three servers, as of the start of the month on one serve ronly spam has been getting through even if I lower the setting to say 4 and 15
This makes me think it is not workiong
any suggestions
Derek
spam being let through
-
derekchambers
- Junior Member
- Posts: 4
- Joined: 11 Aug 2007, 12:05
- Location: London, UK
- Contact:
-
derekchambers
- Junior Member
- Posts: 4
- Joined: 11 Aug 2007, 12:05
- Location: London, UK
- Contact:
Is the spam getting through to all domains or just some of them? Can you post examples of the email headers of some of this spam? Perhaps you could upload a few of these in full raw message form somewhere that we can download them and run them through one of our systems.
To ensure that there's not some issue between spamassassin and mailscanner, you could try running one of them through SA alone, using the following command:
spamassassin -t -D < /path/to/spamemail.txt
Regards,
Sarah
To ensure that there's not some issue between spamassassin and mailscanner, you could try running one of them through SA alone, using the following command:
spamassassin -t -D < /path/to/spamemail.txt
Regards,
Sarah
-
derekchambers
- Junior Member
- Posts: 4
- Joined: 11 Aug 2007, 12:05
- Location: London, UK
- Contact:
spam being let through
There are some examples of spam at http://www.aip.co.uk/spam-examples.txt (in a text file). There is still lots more spam getting through, although some is being stopped. It all started on 1 June which just happened to be when the server was rebooted...
I tried a couple of these on one of our servers and one scored over 20 points and the other over 40 points. Both of them triggered both DCC and Razor, plus a lot of URIBLs.
Are DNS lookups working on your server? Are you running named and a caching nameserver on the server, and if so, is the server's own IP the first one listed in /etc/resolv.conf? When you try a dig on a random domain name, how long does it take to return the result?
Have you done a spamassassin lint test in MailWatch? Are there any errors?
I'd recommend testing one of those emails using the command I gave earlier and see whether the network tests are where it bogs down. Just paste one whole message into a text file, for instance spam.txt in your /root/ directory, then do the following:
Make sure you are logged into SSH as root.
Watch the output carefully and see where it pauses. Make sure your screen buffer in your SSH client is big enough to go back through the output and check for any errors.
Regards,
Sarah
Are DNS lookups working on your server? Are you running named and a caching nameserver on the server, and if so, is the server's own IP the first one listed in /etc/resolv.conf? When you try a dig on a random domain name, how long does it take to return the result?
Have you done a spamassassin lint test in MailWatch? Are there any errors?
I'd recommend testing one of those emails using the command I gave earlier and see whether the network tests are where it bogs down. Just paste one whole message into a text file, for instance spam.txt in your /root/ directory, then do the following:
Code: Select all
spamassassin -t -D < /root/spam.txtWatch the output carefully and see where it pauses. Make sure your screen buffer in your SSH client is big enough to go back through the output and check for any errors.
Regards,
Sarah