MCP not working...

Discuss our MailScanner install script and MailScanner itself
Post Reply
dgnzcn
Junior Member
Posts: 3
Joined: 07 May 2011, 21:36

MCP not working...

Post by dgnzcn »

Hi,
i just install new mailscanner and mailscanner fronted but MCP look like not working. Any advice?

some lines from maillog are here but there are no MCP process in there:
Jan 25 10:25:16 server MailScanner: New Batch: Scanning 1 messages, 483015 bytes
Jan 25 10:25:16 server MailScanner: Virus and Content Scanning: Starting
Jan 25 10:25:20 server MailScanner: Uninfected: Delivered 1 messages
Jan 25 10:25:20 server MailScanner: Connected to MailControl MySQL database
Jan 25 10:25:20 server MailScanner: 1cWHxC-000BLE-U8: Received for MailControl Database
Jan 25 10:25:20 server MailScanner: 1cWHxC-000BLE-U8: Logged to MailControl Database
Jan 25 10:25:20 server dovecot: lmtp(43584): Connect from local

MailScanner.conf is:

%org-name% = Host

#%org-long-name% = Host

%web-site% = www.host.com

%etc-dir% = /usr/mailscanner/etc

%report-dir% = /usr/mailscanner/usr/share/MailScanner/reports/en

%rules-dir% = /usr/mailscanner/etc/rules

%mcp-dir% = /usr/mailscanner/etc/mcp



Max Children = 3

Run As User = mailnull

Run As Group = mail

Queue Scan Interval = 6

Incoming Queue Dir = /var/spool/exim_incoming/input/*

Outgoing Queue Dir = /var/spool/exim/input

Incoming Work Dir = /var/spool/MailScanner/incoming

Quarantine Dir = /var/spool/MailScanner/quarantine

PID file = /var/run/MailScanner.pid

Restart Every = 7200

MTA = exim

Sendmail = /usr/sbin/exim -oMr MailScanner

Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf

Incoming Work Group = mtagroup

Incoming Work Permissions = 0660

Quarantine User =
Quarantine Group =

Quarantine Permissions = 0660

Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

Max Normal Queue Size = 800

Scan Messages = yes

Reject Message = no

Maximum Processing Attempts = 0

Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db

Maximum Attachments Per Message = 200

Expand TNEF = yes

Use TNEF Contents = no

Deliver Unparsable TNEF = yes

TNEF Expander = internal

TNEF Timeout = 120

File Command = /usr/bin/file

File Timeout = 20

Gunzip Command = /bin/gunzip

Gunzip Timeout = 50

Unrar Command =

Unrar Timeout = 50

Find UU-Encoded Files = yes

Maximum Message Size = %rules-dir%/max.message.size.rules

Maximum Attachment Size = -1

Minimum Attachment Size = -1

Maximum Archive Depth = 8

Find Archives By Content = yes

Unpack Microsoft Documents = yes

Zip Attachments = no

Attachments Zip Filename = MessageAttachments.zip

Attachments Min Total Size To Zip = 100k

Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml

Add Text Of Doc = no

Antiword = /usr/bin/antiword -f

Antiword Timeout = 50

Unzip Maximum Files Per Archive = 0

Unzip Maximum File Size = 50k

Unzip Filenames = *.txt *.ini *.log *.csv

Unzip MimeType = text/plain

Virus Scanning = %rules-dir%/virus.scanning.rules

Virus Scanners = clamd

Virus Scanner Timeout = 300

Deliver Disinfected Files = no

Silent Viruses = HTML-IFrame All-Viruses

Still Deliver Silent Viruses = %rules-dir%/virus.delivery.rules

Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar

Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:

Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*

Block Encrypted Messages = no

Block Unencrypted Messages = no

Allow Password-Protected Archives = yes

Check Filenames In Password-Protected Archives = yes

Allowed Sophos Error Messages =

Sophos IDE Dir = /opt/sophos-av/lib/sav

Sophos Lib Dir = /opt/sophos-av/lib

Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide

Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd /usr/local/share/clamav/daily.inc/daily.info

ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250

Clamd Port = 3310
Clamd Socket = /var/clamd
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = yes

ClamAV Full Message Scan = yes

Fpscand Port = 10200

Dangerous Content Scanning = %rules-dir%/virus.scanning.rules

Allow External Message Bodies = no

Find Phishing Fraud = no

Also Find Numeric Phishing = yes

Use Stricter Phishing Net = yes

Highlight Phishing Fraud = yes

Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf

Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf

Country Sub-Domains List = %etc-dir%/country.domains.conf

Allow IFrame Tags = disarm

Allow Form Tags = disarm

Allow Script Tags = disarm

Allow WebBugs = disarm

Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim

Known Web Bug Servers = msgtag.com

Web Bug Replacement = https://s3.amazonaws.com/msv5/images/spacer.gif
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Archives Are = zip rar ole
Allow Filenames =
Deny Filenames =
Filename Rules = %rules-dir%/filename.rules.rules
Allow Filetypes =
Allow File MIME Types =
Deny Filetypes =
Deny File MIME Types =
Filetype Rules = %rules-dir%/filetype.rules.rules
Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
Default Rename Pattern = __FILENAME__.disarmed
Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = no
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Information Header = X-%org-name%-MailScanner-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
ID Header = X-%org-name%-MailScanner-ID:
IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 20
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = yes
Multiple Headers = append
Place New Headers At Top Of Message = no
Hostname = The %org-name% ($HOSTNAME) MailScanner
Sign Messages Already Processed = no
Sign Clean Messages = no
Attach Image To Signature = no
Attach Image To HTML Message Only = yes
Allow Multiple HTML Signatures = no
Dont Sign HTML If Headers Exist = # In-Reply-To: References:
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages = %rules-dir%/virus.delivery.rules
Notify Senders = yes
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Blocked Size Attachments = no
Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = start
Virus Subject Text = {Virus?}
Filename Modify Subject = start
Filename Subject Text = {Filename?}
Content Modify Subject = start.
Content Subject Text = {Dangerous Content?}
Size Modify Subject = start
Size Subject Text = {Size}
Disarmed Modify Subject = start
Disarmed Subject Text = {Disarmed}
Phishing Modify Subject = no
Phishing Subject Text = {Fraud?}
Spam Modify Subject = start
Spam Subject Text = {Spam?}
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Definitely Spam?}
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1
Archive Mail =
Missing Mail Archive Is = directory
Send Notices = no
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner
Notices To = postmaster
Local Postmaster = postmaster
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Spam Checks = %rules-dir%/spam.scanning.rules
Spam List =
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 1
Spam List Timeout = 10
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 20
Max Spam Check Size = 600k
Use Watermarking = no
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = nothing
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-Watermark:
Use SpamAssassin = %rules-dir%/spam.scanning.rules
Max SpamAssassin Size = 200k
Required SpamAssassin Score = %rules-dir%/spam.score.rules
High SpamAssassin Score = %rules-dir%/spamhigh.score.rules
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10

# The total number of SpamAssassin attempts during which "Max SpamAssassin
# Timeouts" will cause SpamAssassin to stop doing all network-based tests.
# If double the timeout value is reached (i.e. it continues to timeout at
# the same frequency as before) then it is marked as "unavailable".
# See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
# 20 attempts will trigger the behaviour described above, until the next
# periodic restart (see "Restart Every").
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = no
Include Binary Attachments In SpamAssassin = no
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Spam Actions = %rules-dir%/spam.action.rules
High Scoring Spam Actions = %rules-dir%/spamhigh.action.rules
Non Spam Actions = store deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no
Syslog Facility = mail
Log Speed = no
Log Spam = no
Log Non Spam = no
Log Delivery And Non-Delivery = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Permitted File MIME Types = no
Log Silent Viruses = no
Log Dangerous HTML Tags = no
Log SpamAssassin Rule Actions = yes
SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir =
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir =
DB DSN =
DB Username =
DB Password =
SQL Serial Number =
SQL Quick Peek =
SQL Config =
SQL Ruleset =
SQL SpamAssassin Config =
SQL Debug = no

MCP Checks = yes

# Do the spam checks first, or the MCP checks first?
# This cannot be the filename of a ruleset, only a fixed value.
First Check = MCP

# The rest of these options are clones of the equivalent spam options
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 15
MCP Error Score = 1

MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = delete
High Scoring MCP Actions = delete
Bounce MCP As Attachment = no

MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}

Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no

MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10

MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spamassassin.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Use Default Rules With Multiple Recipients = no
Read IP Address From Received Header = no
Spam Score Number Format = %d
MailScanner Version Number = 5.0.2
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = no
Run In Foreground = no
Always Looked Up Last = &MailControlLogging
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = yes
Lockfile Dir = /var/spool/MailScanner/incoming/Locks
Custom Functions Dir = /usr/mailscanner/usr/share/MailScanner/perl/custom
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported
include /usr/mailscanner/etc/conf.d/*
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: MCP not working...

Post by Sergio »

EDIT:
I am also interested in know about this question.

I have tested an MCP rule and it is working, what is happening is that new MailControl is not marking the MCP matches as the old MailWatch did, but actually MCP is working.

Regards,
Sergio
kh61
Junior Member
Posts: 8
Joined: 10 May 2017, 02:08

Re: MCP not working...

Post by kh61 »

Did anyone have any success getting MCP working?
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: MCP not working...

Post by Sergio »

kh61 wrote: 07 Mar 2018, 05:13 Did anyone have any success getting MCP working?
Mine is working great, but I decided to move all my MCP rules to SpamAssassin and now I am only using the MCP BlackList that my antispam app can add in there the emails or domains that I want to block.

Also, read my previous post if you are using MailControl, as with MailControl you will not see the blocks made by MCP. but MCP is actually working.

Sergio
Post Reply