The Perfect SpamSnake - Jaunty

[Tyiell]

Hi all,

Having followed this guide as closely as possible, it all seems to be going wrong!! Ive already had some help from the author, but to save consistently PMing him in my ineptitude I thought Id bother you all with it as well

The main issues I have here are:

1: Section 16.1 - when I sorrectly postmap the line to hold emails for mailscanner the system holds ALL external mail, regardless of its validity.

2: Whether I set postfix to hold the mail for mailscanner or not, all mail shows up in the Incoming Queue on the Mailwatch frontend until it fills up the memory. It doesnt, however, seem to scan it in any way, nothing is moved to quarantine, etc.

3: If I run any reports on MailWatch I just get "Error: no rows retreived from database". Not entirely sure if this is because there is not data because its not scanning or because of an access problem with the database...

Any thoughts would be welcome!!

Cheers,

Paul

[Rocky]

Hey,
First, can you verify that mailscanner is running? If mail is being held, then mailscanner should pick it up, scan it and reinject it for delivery. Post a sample of your mail.log file.

[Tyiell]

Hi,

Thanks for your reply. Im pretty sure the mailscanner is working - the process starts correctly and I installed the webmin module which says it is up and running. Whether Ive got it running correctly is clearly another matter

Theres a section of the mail.log:

Quote:

Oct 23 13:31:46 BWD-SPAM-01 postfix/smtp[24581]: 4FE2949B4F7: to=<c1595@ms31.hinet.net>, relay=10.36.84.49[10.36.84.49]:25, conn_use=2, delay=30214, delays=12132/18028/5/50, dsn=5.7.1, status=bounced (host 10.36.84.49[10.36.84.49] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command))
Oct 23 13:31:46 BWD-SPAM-01 postfix/smtp[24644]: 3CC7449BB01: to=<arychw@ms26.hinet.net>, relay=10.36.84.49[10.36.84.49]:25, conn_use=5, delay=28004, delays=9922/18018/5/60, dsn=5.7.1, status=bounced (host 10.36.84.49[10.36.84.49] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command))
Oct 23 13:31:46 BWD-SPAM-01 postfix/smtp[24129]: 4AEAD49F66B: to=<hluzv@hotmail.com>, relay=10.36.84.49[10.36.84.49]:25, conn_use=2, delay=21386, delays=3304/18063/5/15, dsn=5.7.1, status=bounced (host 10.36.84.49[10.36.84.49] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command))

Cheers,

Paul

[Tyiell]

Oh, you can probably guess, but 10.36.84.49 is the exchange server that the spamsnake forwards on to. The spamsnake itself is on 10.36.84.12.

Many thanks,

Paul

[Tyiell]

Hmm, or maybe you're right and it isnt working - sorry, it seems my knowledge of Linux isn't what it should be after these years of using it!!! below is what I get from a

Code:

ps -ef | grep Mail

command:

Quote:

postfix 4176 1 0 Oct24 ? 00:04:51 MailScanner: starting child
postfix 6640 1 0 07:47 ? 00:00:00 MailWatch SQL
postfix 11203 4176 5 08:30 ? 00:00:01 [MailScanner] <defunct>
postfix 11209 4176 7 08:30 ? 00:00:01 [MailScanner] <defunct>
postfix 11215 4176 11 08:30 ? 00:00:01 [MailScanner] <defunct>
postfix 11222 4176 18 08:30 ? 00:00:01 [MailScanner] <defunct>
postfix 11228 4176 60 08:30 ? 00:00:01 MailScanner: waiting for messages
root 11235 9141 0 08:30 pts/0 00:00:00 grep Mail

I think its running, but theres a few too many "defuncts" in there for me to be entirely confident!!!

Many thanks,

Paul

[Tyiell]

Here are the logs from mail.log since I checked the mysql setup, did the postmapping thing again and tweaked a few permissions that looked suspect to me:

Quote:

Oct 27 11:23:38 BWD-SPAM-01 postfix/smtpd[25802]: connect from bwd-isa-01.bws-ed.bullerswood.bromley.sch.uk[10.36.84.48]
Oct 27 11:23:39 BWD-SPAM-01 postfix/smtpd[25802]: 45AE849A002: client=bwd-isa-01.bws-ed.bullerswood.bromley.sch.uk[10.36.84.48]
Oct 27 11:23:39 BWD-SPAM-01 postfix/cleanup[25805]: 45AE849A002: hold: header Received: from snt0-omc4-s12.snt0.hotmail.com (bwd-isa-01.bws-ed.bullerswood.bromley.sch.uk [10.36.84.48])??by BWD-SPAM-01.bws-ed.bullerswood.bromley.sch.uk (Postfix) with ESMTP id 45AE849A002??for <p from bwd-isa-01.bws-ed.bullerswood.bromley.sch.uk[10.36.84.48]; from=<tyiell@live.com> to=<pbrown@bullerswood.bromley.sch.uk> proto=ESMTP helo=<snt0-omc4-s12.snt0.hotmail.com>
Oct 27 11:23:39 BWD-SPAM-01 postfix/cleanup[25805]: 45AE849A002: message-id=<SNT114-W509026099890BF0647C659A2B90@phx.gbl>
Oct 27 11:23:39 BWD-SPAM-01 postfix/smtpd[25802]: disconnect from bwd-isa-01.bws-ed.bullerswood.bromley.sch.uk[10.36.84.48]

Now this is different to what I had before - all mail is being stopped andheld in the Inbound queue in MailWatch. It was in Outbound before

MailWatch still doesn't show anything in the Todays Totals - implying to me that it is not actually processing them. No emails were then forwarded out of the system to be delivered.

Any thoughts?

Many thanks,

Paul

[Rocky]

MailScanner defunct is no good. When did this start happening?

[Tyiell]

Well annoyingly, I'm not sure - after the first time I got it working, I never questioned it everytime I restarted it or whatever because it didn't give me an error. Lesson learned

I am also getting the same error as Frogman in the other post - the Mail Transport Unavailable error, but my MailScanner still doesnt log any messages, and there are no rows in the database.

Wierd

[Tyiell]

Aaaand just as annoyingly it has stopped doing this now (see output below), but occasionally when restarting the service I get an error saying "cannot touch '/var/lock/subsys/MailScanner' No such file or dir". I make the subsys directory and it works, but it disappears again in a day or so...

Code:

postfix  30832     1  0 08:40 ?        00:00:00 MailWatch SQL
postfix  30834     1  0 08:40 ?        00:00:00 MailScanner: starting children
postfix  30835 30834 12 08:40 ?        00:00:01 MailScanner: waiting for messages
postfix  30846 30834 30 08:40 ?        00:00:01 MailScanner: waiting for messages
root     30853 30477  0 08:40 pts/0    00:00:00 grep Mail

But it still doesn't log anything!

[Rocky]

After you've recreated the subsys directory, redo section 16.2 to fix the subsys deletion problem.

Rocky