[Mimedefang] Some Spam slipping through.

Brett Simpson Simpsonb at hillsboroughcounty.org
Tue Jan 13 09:03:55 EST 2004 

I'm noticing that Spam with occasionally slip through even during light load periods. Following several previous posts I disabled the SpamAssassin network tests, moved the Bayes journal to a ram disk, and moved the MimeDefang cache to a spool directory but I still get occasionally get an error. I've also adjusted my sendmail.mc file but I'm not sure if "INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:45s;R:45s')" is optimal.

ns2b log # grep i0DDmjEO001163 mail.log
Jan 13 08:48:46 ns2b sm-mta[1163]: i0DDmjEO001163: from=<1-729-58684-988772 at b.qqqqbi.com>, size=956, class=0, nrcpts=1, msgid=<729-58684-988772 at qqqqbi.com>, proto=SMTP, daemon=MTA, relay=[63.218.84.5]
Jan 13 08:48:46 ns2b mimedefang.pl[31680]: MDLOG,i0DDmjEO001163,totalmail,,,<1-729-58684-988772 at b.qqqqbi.com>,<protected at hillsborough.org>,The 4.9 trillion-dollar travel industry will pay you $1000 per week!
Jan 13 08:49:31 ns2b sm-mta[1163]: i0DDmjEO001163: Milter (mimedefang): timeout before data read
Jan 13 08:49:31 ns2b sm-mta[1163]: i0DDmjEO001163: Milter (mimedefang): to error state
Jan 13 08:49:31 ns2b sm-mta[1245]: i0DDmjEO001163: to=<protected at hillsborough.org>, delay=00:00:45, xdelay=00:00:00, mailer=esmtp, pri=30956, relay=smtpgate.hillsboroughcounty.org. [207.156.7.130], dsn=2.0.0, stat=Sent (Ok)
Jan 13 08:49:31 ns2b mimedefang.pl[31680]: MDLOG,i0DDmjEO001163,spam,121.162,63.218.84.5,<1-729-58684-988772 at b.qqqqbi.com>,<protected at hillsborough.org>,The 4.9 trillion-dollar travel industry will pay you $1000 per week!
Jan 13 08:49:31 ns2b mimedefang.pl[31680]: MDLOG,i0DDmjEO001163,spam_score_over_15,,,<1-729-58684-988772 at b.qqqqbi.com>,<protected at hillsborough.org>,The 4.9 trillion-dollar travel industry will pay you $1000 per week!
Jan 13 08:49:31 ns2b mimedefang[1164]: i0DDmjEO001163: smfi_chgheader returned MI_FAILURE
Jan 13 08:49:31 ns2b mimedefang[1164]: i0DDmjEO001163: smfi_addheader returned MI_FAILURE
Jan 13 08:49:31 ns2b mimedefang[1164]: i0DDmjEO001163: smfi_delrcpt returned MI_FAILURE
Jan 13 08:49:31 ns2b mimedefang[1164]: i0DDmjEO001163: smfi_addrcpt returned MI_FAILURE
Jan 13 08:49:31 ns2b mimedefang[1164]: i0DDmjEO001163: smfi_addheader returned MI_FAILURE



divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/sendmail.cf by running the following command:
dnl
dnl        m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`$Id: sendmail.mc,v 1.2 2002/07/04 04:55:29 g2boojum Exp $')dnl
OSTYPE(`linux')dnl
define(`MAIL_SETTINGS_DIR', `/etc/mail/')dnl
LOCAL_USER(`root')dnl
MASQUERADE_AS(`hillsboroughcounty.org')dnl
MASQUERADE_DOMAIN(`hillsboroughcounty.org')dnl
RELAY_DOMAIN(`hillsboroughcounty.org')dnl
dnl HACK(`anomy')dnl
define(`confCHECK_ALIASES', `True')dnl
define(`confFORWARD_PATH', `')dnl
define(`confPRIVACY_FLAGS', `novrfy,noexpn,authwarnings,nobodyreturn')dnl
define(`confQUEUE_LA', `24')dnl
define(`confTO_QUEUEWARN', `8h')dnl
define(`confQUEUE_SORT_ORDER', `time')dnl
define(`confREFUSE_LA', `32')dnl
define(`confSEPARATE_PROC', `True')dnl
define(`confMAX_DAEMON_CHILDREN', `100')dnl
dnl security hide mta type from scanners.
dnl define(`confSMTP_LOGIN_MSG',$j MTA $v/$Z; $b)dnl
define(`confSMTP_LOGIN_MSG',$j MTA $b)dnl
dnl this will wait 2 minutes for a command from the other mailer.
dnl this will timeout on mailers that are parasiting on my mailer.
dnl this has never caused problems on mail delivery, it just removes dnl troublesome mailers (spammers that won't resolve ip or similar.)
dnl TIMEOUTS (MANY OF THESE)...
define(`confTO_INITIAL', `30s')
define(`confTO_CONNECT', `30s')
define(`confTO_ICONNECT', `30s')
define(`confTO_HELO', `1m')
define(`confTO_MAIL', `2m')
define(`confTO_RCPT', `2m')
define(`confTO_DATAINIT', `2m')
define(`confTO_DATABLOCK', `2m')
define(`confTO_DATAFINAL', `5m')
define(`confTO_RESET', `1m')
define(`confTO_QUIT', `5m')
define(`confTO_MISC', `4m')
define(`confTO_COMMAND', `1m')
define(`confTO_IDENT', `30s')
define(`confTO_FILEOPEN', `1m')
define(`confTO_CONTROL', `4m')
define(`confTO_HOSTSTATUS', `5m')                                                                                                                                             
dnl define(`ConnectionCacheTimeout=30')dnl
dnl define(`confMAX_MESSAGE_SIZE',1500000)dnl
dnl 15 meg limit on message size
dnl set maximum deamon we can have
dnl max outoing message size.
define(`SMTP_MAILER_MAX',15000000)
dnl set max size to 15megs
define(`confMAX_MESSAGE_SIZE',15000000)dnl
dnl timeout on the initial outgoing connect
define(`TimoutIconnect=30s')dnl
dnl you will need high number then this on a high volume site.
define(`ConnectionRateThrottle',3')dnl limit number of connections per second that are permitted.
dnl define(`confDOMAIN_NAME', `mail.hillsboroughcounty.org')dnl
define(`confTO_QUEUERETURN', `3d')dnl
dnl define(`MAIL_HUB',`smtpgate.hillsboroughcounty.org')dnl
dnl define(`SMART_HOST',`smtpgate.hillsboroughcounty.org')dnl
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')
define(`confSMTP_LOGIN_MSG',`Private Mailserver v10.0')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=207.156.7.30, Name=MTA')dnl
dnl CLIENT_OPTIONS(`Addr=207.156.7.30')dnl
dnl define(`confRUN_AS_USER', `mail')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:45s;R:45s')
dnl FEATURE(`stickyhost')dnl
FEATURE(`mailertable')dnl
FEATURE(`nocanonify')
FEATURE(`accept_unqualified_senders')dnl
FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`smrsh')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable')
MAILER(`local')
MAILER(`smtp')
MAILER(`procmail')

More information about the MIMEDefang mailing list