store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 2:56 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: qmail-scanner message size problem
Unread postPosted: Thu Oct 30, 2014 2:00 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Christoph and I have discovered what seems to be an annoying issue with qmail-scanner

He noticed that some messages, including spam, were not being scanned by Spamassassin and were generating a log entry like this:

Code:
qmail-scanner-queue.pl: qmail-scanner[2663]: Clear:RC:0(sending-ip-address):SA:0(?/?): (message details....)


Note the "?/?" from SA

After going round in circles and looking at logs and going absolutely nuts, I discovered that the messages in question all had attachments or inline images. Not huge ones though. Just typical attachments - a pdf here, a jpeg there.

For example, one message was just 2.3Mb in size including some inline images.

Looking at the qmail-scanner-queue.pl, I noticed two things:
1) At the top, in the configure detail line, it shows: --sa-maxsize 1024000 --- This is 1Mb.
2) In the bowels of the file, the following code can be found:

Code:
# st: I have returned to my own way to set the  (1.25st)
my $spamc_binary='/usr/bin/spamc';
my $sa_timeout='120';
my $sa_maxsize='1024000';

[snip snip]

$spamc_binary.=" -t $sa_timeout" if ($sa_timeout ne "");
$spamc_binary.=" -s $sa_maxsize" if ($sa_maxsize ne "");


Again this is 1Mb.

Quote:
-s max_size
Set the maximum message size which will be sent to spamd -- any bigger than this threshold and the message will be returned unprocessed (default: 250 KB). If spamc gets handed a message bigger than this, it won't be passed to spamd.
The size is specified in bytes, as a positive integer greater than 0. For example, -s 250000.



Editing my $sa_maxsize='1024000'; to add another 0 in the live qmail-scannerqueue.pl instantly caused the messages that were not being scanned to be scanned.

So......

from looking at /usr/share/qmail-scanner/qmail-scanner-queue.template, it looked like you could change the value of this through the configuration file. So I added
SA_MAXSIZE="10240000" (i.e. an extra 0) to qmail-scanner.ini, did a qmail-scanner-reconfigure and


errr...EDIT!...I thought it worked! But it doesn't!

Does anybody have any suggestions about how to get this to stick through a reinstall or a reconfigure?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: qmail-scanner message size problem
Unread postPosted: Thu Oct 30, 2014 2:53 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 01, 2006 2:45 pm
Posts: 573
Location: Netherlands
Spam is rarely that large and it will take full message rules in SpamAssassin exponentially more resources scanning it. I would never raise this limit to anything more than 1 MB.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
Reply with quote  
 Post subject: Re: qmail-scanner message size problem
Unread postPosted: Thu Oct 30, 2014 4:39 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
That's sensible advice, but nevertheless we're seeing unwanted messages on this system (from Africa) that are larger than 2Megs.

I don't know how frequently they get sent. We'll keep an eye on it.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: qmail-scanner message size problem
Unread postPosted: Sat Feb 07, 2015 1:18 pm 
Offline
Forum User
Forum User

Joined: Thu Jan 08, 2009 4:31 am
Posts: 35
Location: Fort Worth, TX
Hey Guys -

I took a look through my maillogs, and this happens on my servers too.

[root@server ~]# cat /var/log/mail* | grep -i '(?/?)' > /root/mailparsed

100% of the e-mails that this happens on are legitimate e-mails created by clients -- none were spam.

I second prupert's logic.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group