You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by bubba <bu...@cwazy.co.uk> on 2005/01/13 11:38:10 UTC

SA 2.63 Not Processing All Email

Hi,
 
I'm running Spamassassin 2.63, which is successfully tagging *most*
messages. However, some mail is getting through untagged.

The main differences between the headers of those that are tagged and those
that aren't are the "for" secion in each received section.

Example headers from a succesfully tagged message:

**************
Received: from srv.my_server.com (root@localhost)
    by my_domain.com (8.21.6/8.21.6) with ESMTP id j0DABKT13250
    for <my...@my_domain.com>; Thu, 13 Jan 2005 10:11:20 GMT
X-ClientAddr: 195.10.244.146
Received: from dylan.cwazy.net (dylan.cwazy.net [195.10.244.146])
    by srv.my_server.com (8.21.6/8.21.6) with ESMTP id j0DABJv13245
    for <my...@my_domain.com>; Thu, 13 Jan 2005 10:11:19 GMT
Received: from www.valid.co.uk (localhost [127.0.0.1])
    by dylan.cwazy.net (Postfix) with ESMTP id 82478CBFBB
    for <my...@my_domain.com>; Thu, 13 Jan 2005 10:21:27 +0000 (GMT)
Received: from 213.219.49.18
       (SquirrelMail authenticated user bubba);
       by www.cwazy.net with HTTP;
       Thu, 13 Jan 2005 10:21:27 -0000 (GMT)



... And headers from a message that hasn't been tagged:

**************
Received: from srv.my_server.com (root@localhost)
    by my_domain.com (8.21.6/8.21.6) with ESMTP id j0D4pTe1562;
    Thu, 13 Jan 2005 04:51:29 GMT
X-ClientAddr: 209.30.229.186
Received: from adsl-209-30-229-186.dsl.ksc2mo.swbell.net
(adsl-209-30-229-186.dsl.ksc2mo.swbell.net [209.30.229.186])
    by srv.my_server.com (8.21.6/8.21.6) with SMTP id j0D4pSv10556;
    Thu, 13 Jan 2005 04:51:28 GMT
Received: from dnjachwdxq.jskk.com (lbbrgyjnsg.jskk.com [62.208.240.214]) by
209.30.229.186 Microsoft SMTPSVC(5.0.2195.6713);
     Wed, 12 Jan 2005 23:06:08 -0600


Any obvious reason why this might be happening?

milan.

Re: SA 2.63 Not Processing All Email

Posted by Matt Kettler <mk...@comcast.net>.

At 05:38 AM 1/13/2005, bubba wrote:
>
>I'm running Spamassassin 2.63, which is successfully tagging *most*
>messages. However, some mail is getting through untagged.
>
>The main differences between the headers of those that are tagged and those
>that aren't are the "for" secion in each received section.

Hmm, the "for" bit really should not matter, but you've really told us 
nothing about your setup..

1) are you using spamc/spamd? If so, is the unscanned message over the scan 
size limit for spamc?

2) any chance the unscanned message is exploiting the DoS vulnerability in 
2.63? (You do know that's why 2.64 was released, right?)

3) Any chance of timeouts?

Really, look at you mail logs. You've got the ESMTP ID, so grep for that in 
your logs, see what happened to it.

Re: SA 2.63 Not Processing All Email

Posted by Martin Hepworth <ma...@solid-state-logic.com>.

Bubba

timeouts?

anything in any log files around the time these emails where processed?

How are you running SA - spamd/spamc, procmail, amavis-new, 
MailScanner...???

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


bubba wrote:
> Hi,
>  
> I'm running Spamassassin 2.63, which is successfully tagging *most*
> messages. However, some mail is getting through untagged.
> 
> The main differences between the headers of those that are tagged and those
> that aren't are the "for" secion in each received section.
> 
> Example headers from a succesfully tagged message:
> 
> **************
> Received: from srv.my_server.com (root@localhost)
>     by my_domain.com (8.21.6/8.21.6) with ESMTP id j0DABKT13250
>     for <my...@my_domain.com>; Thu, 13 Jan 2005 10:11:20 GMT
> X-ClientAddr: 195.10.244.146
> Received: from dylan.cwazy.net (dylan.cwazy.net [195.10.244.146])
>     by srv.my_server.com (8.21.6/8.21.6) with ESMTP id j0DABJv13245
>     for <my...@my_domain.com>; Thu, 13 Jan 2005 10:11:19 GMT
> Received: from www.valid.co.uk (localhost [127.0.0.1])
>     by dylan.cwazy.net (Postfix) with ESMTP id 82478CBFBB
>     for <my...@my_domain.com>; Thu, 13 Jan 2005 10:21:27 +0000 (GMT)
> Received: from 213.219.49.18
>        (SquirrelMail authenticated user bubba);
>        by www.cwazy.net with HTTP;
>        Thu, 13 Jan 2005 10:21:27 -0000 (GMT)
> 
> 
> 
> ... And headers from a message that hasn't been tagged:
> 
> **************
> Received: from srv.my_server.com (root@localhost)
>     by my_domain.com (8.21.6/8.21.6) with ESMTP id j0D4pTe1562;
>     Thu, 13 Jan 2005 04:51:29 GMT
> X-ClientAddr: 209.30.229.186
> Received: from adsl-209-30-229-186.dsl.ksc2mo.swbell.net
> (adsl-209-30-229-186.dsl.ksc2mo.swbell.net [209.30.229.186])
>     by srv.my_server.com (8.21.6/8.21.6) with SMTP id j0D4pSv10556;
>     Thu, 13 Jan 2005 04:51:28 GMT
> Received: from dnjachwdxq.jskk.com (lbbrgyjnsg.jskk.com [62.208.240.214]) by
> 209.30.229.186 Microsoft SMTPSVC(5.0.2195.6713);
>      Wed, 12 Jan 2005 23:06:08 -0600
> 
> 
> Any obvious reason why this might be happening?
> 
> milan.
> 

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************