HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Amavisd not identfying spam properly (http://www.howtoforge.com/forums/showthread.php?t=40080)

Cracklefish 13th October 2009 19:53

Amavisd not identfying spam properly
 
Amavisd does not seem to report spam properly.

Suse, 11.1; Perfect Server; ISPC 3.0.1.4

If I run debug I get what looks like an error "Pid_file already exists for running process (3076)... aborting"...

Is this a good place to start?

Code:

amavisd debug
Oct 13 17:21:12.686 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: starting.  /usr/sbin/amavisd at Golf1.greenway.co.uk amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
Oct 13 17:21:12.687 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: user=, EUID: 65 (65);  group=, EGID: 113 113 (113 113)
Oct 13 17:21:12.688 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: Perl version              5.010000
Oct 13 17:21:12.923 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: INFO: no optional modules: IO::Socket::INET6
Oct 13 17:21:14.253 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Mail::SpamAssassin::BayesStore::PgSQL Encode::Detect Razor2::Client::Agent IP::Country::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::ExpMail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Mail::SPF::Query Error
Oct 13 17:21:14.255 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: SpamControl: init_pre_chroot on SpamAssassin done
Pid_file already exists for running process (3076)... aborting
Oct 13 17:21:14.260 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: (!)Net::Server: 2009/10/13-17:21:14 Pid_file already exists for running process (3076)... aborting\n\n  at line 277 in file /usr/lib/perl5/vendor_perl/5.10.0/Net/Server.pm
Oct 13 17:21:14.262 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: Net::Server: 2009/10/13-17:21:14 Server closing!

This is a typical header from a spam (in the POP box not the client)

Code:

Return-Path: <leopoldbn3@tigertcontractors.com>
Received: from localhost (unknown [127.0.0.1])
        by golf1.greenway.co.uk (Postfix) with ESMTP id 90FB0160F2;
        Tue, 13 Oct 2009 15:19:56 +0000 (UTC)
X-Virus-Scanned: amavisd-new at greenway.co.uk
Received: from golf1.greenway.co.uk ([127.0.0.1])
        by localhost (Golf1.greenway.co.uk [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id a4KQprg7P0im; Tue, 13 Oct 2009 16:19:42 +0100 (BST)
Received: from ABTS-TN-dynamic-222.160.164.122.airtelbroadband.in (unknown [122.164.160.222])
        by golf1.greenway.co.uk (Postfix) with ESMTP id 16835160EC;
        Tue, 13 Oct 2009 16:19:40 +0100 (BST)
Message-ID: <000d01ca4c18$8ed3c610$6400a8c0@leopoldbn3>
From: "Carlo Blue" <leopoldbn3@tigertcontractors.com>
To: <wtop@xxxxxxx.com>
Subject: Apply for your diploma.
Date: Tue, 13 Oct 2009 20:49:29 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01CA4C18.8ED3C610"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01CA4C18.8ED3C610
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


till 14th October 2009 10:11

Amavisd is not able to start as its pid file exists already. Please try to reboot the server.

Cracklefish 16th October 2009 15:38

Quote:

Originally Posted by till (Post 207347)
Amavisd is not able to start as its pid file exists already. Please try to reboot the server.

That helped. The PID file error has gone and now I get a normal debug report. Funny though the server has been rebooted several times lately for other reasons.

The Amavis still does not seem to be behaving properly.

I have reset the tags in ISPC to:

SPAM tag level = 2.5
SPAM tag2 level = 5
SPAM kill level = 6.8

But amavisd.conf shows

$sa_tag_level_deflt = 2.0
$sa_tag2_level_deflt = 6.2
$sa_kill_level_deflt = 6.2


I have never had an email with ***SPAM*** in the subject field

Here is a header:

Code:

Return-Path: <custodianjxa121@hotelbaboosoorya.com>
Received: from localhost (unknown [127.0.0.1])
        by golf1.sanitised (Postfix) with ESMTP id E0EEC160FF;
        Fri, 16 Oct 2009 11:08:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sanitised
X-Spam-Flag: NO
X-Spam-Score: 6.07
X-Spam-Level: ******
X-Spam-Status: No, score=6.07 tagged_above=2 required=6.2 tests=[BAYES_60=1,
        HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619, RDNS_NONE=0.1,
        TVD_RCVD_SINGLE=1.351, URIBL_SBL=1.499, URIBL_WS_SURBL=1.5]
Received: from golf1.sanitised ([127.0.0.1])
        by localhost (Golf1.sanitised [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id rMYNV8KuaVzO; Fri, 16 Oct 2009 12:08:41 +0100 (BST)
Received: from YPNCKGMG (unknown [77.120.129.178])
        by golf1.sanitised (Postfix) with ESMTP id 421C016101;
        Fri, 16 Oct 2009 12:08:41 +0100 (BST)
Message-ID: <000d01ca4e51$0232c680$6400a8c0@custodianjxa121>
From: "Ollie Dotson" <custodianjxa121@hotelbaboosoorya.com>
To: <wtop@sanitised>
Subject: Unbelievable prices for spruce watches.
Date: Fri, 16 Oct 2009 14:08:36 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01CA4E51.0232C680"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Although the spam score is 6.07 the header has not been modified.

There are 2 mailboxes on this domain, this one and a catchall
Both have a filter set to transfer anything with ***SPAM in subject field to the spam folder (.Spam)

The spam folder for the catchall box has lots of emails in it, the majority are "Considered UNSOLICITED BULK EMAIL..." with a header;

Code:

Return-Path: <MAILER-DAEMON>
Received: from localhost (unknown [127.0.0.1])
        by golf1.sanitised (Postfix) with ESMTP id E7E6516101
        for <wtop@sanitised>; Fri, 16 Oct 2009 12:05:08 +0000 (UTC)
Content-Type: multipart/report; report-type=delivery-status;
 boundary="----------=_1255694708-7025-2"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
In-Reply-To: <6704PBT.736021A7.26395804513273LFYMCSVWPYWJJND740@PC3>
Message-ID: <SSY7d3JPt4eQwA@Golf1.greenway.co.uk>
From: "Content-filter at Golf1.sanitised" <postmaster@Golf1.sanitised>
To: <wtop@sanitised>
Date: Fri, 16 Oct 2009 13:04:52 +0100 (BST)

The header from a conventional spam looks like this:

Code:

Return-Path: <pangingatcm5@broadwayplastering.com>
Received: from localhost (unknown [127.0.0.1])
        by golf1.sanitised (Postfix) with ESMTP id 65C3616101
        for <jmh711nsuk@sanitised>; Fri, 16 Oct 2009 12:09:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sanitised
X-Spam-Flag: NO
X-Spam-Score: 5.031
X-Spam-Level: *****
X-Spam-Status: No, score=5.031 tagged_above=2 required=6.2 tests=[BAYES_95=3,
        BODY_ENHANCEMENT=0.309, BODY_ENHANCEMENT2=0.001, HTML_MESSAGE=0.001,
        RDNS_DYNAMIC=0.1, URI_NOVOWEL=1.62]
Received: from golf1.sanitised ([127.0.0.1])
        by localhost (Golf1.sanitised [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id fSmE7MdYLuzO for <jmh711nsuk@sanitised>;
        Fri, 16 Oct 2009 13:09:05 +0100 (BST)
Received: from host111-111-dynamic.14-87-r.retail.telecomitalia.it (host111-111-dynamic.14-87-r.retail.telecomitalia.it [87.14.111.111])
        by golf1.sanitised (Postfix) with ESMTP id A74C8160FF
        for <jmh711nsuk@sanitised>; Fri, 16 Oct 2009 13:09:04 +0100 (BST)
Received: from 87.14.111.111 by mailhub13.yellgroup.com; Fri, 16 Oct 2009 14:09:00 +0100
Message-ID: <000d01ca4e59$71e59e50$6400a8c0@pangingatcm5>
From: "Major Daley" <pangingatcm5@broadwayplastering.com>
To: <jmh711nsuk@sanitised>
Subject: By enlarging your instrument you will manage to keep up your good name.
Date: Fri, 16 Oct 2009 14:09:00 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01CA4E59.71E59E50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180


till 17th October 2009 10:58

Set the loglevel in amavisd higher and check which tag levels get applied to a specific email.

Cracklefish 19th October 2009 16:52

Quote:

Originally Posted by till (Post 207706)
Set the loglevel in amavisd higher and check which tag levels get applied to a specific email.

There are 2 entries in etc/amavisd.conf

At line 37:
Code:

$log_level = 0;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'mail';  # Syslog facility as a string
          # e.g.: mail, daemon, user, local0, ... local7
$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,

and the penultimate line:
Code:

$DO_SYSLOG = 1;
$LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)

$log_level = 5;                # (defaults to 0)

There is no var/log/amavis.log

I tried setting them both to 5 but still no logfile, or am I looking for the wrong file?

till 20th October 2009 11:19

Amavisd should log into your syslog or mail log file as $DO_SYSLOG is set to 1. Please take a look in the mail log, you should find the debug output there.

Cracklefish 23rd October 2009 12:51

Quote:

Originally Posted by till (Post 207925)
Amavisd should log into your syslog or mail log file as $DO_SYSLOG is set to 1. Please take a look in the mail log, you should find the debug output there.

Here is 10 minutes of log at level 5



Code:

Oct 20 14:38:57 Golf1 amavis[23747]: starting.  /usr/sbin/amavisd at Golf1.domain.tld amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
Oct 20 14:38:57 Golf1 amavis[23747]: Perl version              5.010000
Oct 20 14:39:01 Golf1 amavis[23754]: Net::Server: Group Not Defined.  Defaulting to EGID '113 113'
Oct 20 14:39:01 Golf1 amavis[23754]: Net::Server: User Not Defined.  Defaulting to EUID '65'
Oct 20 14:39:01 Golf1 amavis[23754]: Module Amavis::Conf        2.103
Oct 20 14:39:01 Golf1 amavis[23754]: Module Archive::Zip        1.24
Oct 20 14:39:01 Golf1 amavis[23754]: Module BerkeleyDB          0.35
Oct 20 14:39:01 Golf1 amavis[23754]: Module Compress::Zlib      2.008
Oct 20 14:39:01 Golf1 amavis[23754]: Module Convert::TNEF      0.17
Oct 20 14:39:01 Golf1 amavis[23754]: Module Convert::UUlib      1.051
Oct 20 14:39:01 Golf1 amavis[23754]: Module Crypt::OpenSSL::RSA 0.25
Oct 20 14:39:01 Golf1 amavis[23754]: Module DBD::mysql          4.010
Oct 20 14:39:01 Golf1 amavis[23754]: Module DBI                1.607
Oct 20 14:39:01 Golf1 amavis[23754]: Module DB_File            1.816_1
Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::MD5        2.36_01
Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::SHA        5.45
Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::SHA1        2.11
Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Entity        5.427
Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Parser        5.427
Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Tools        5.427
Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::DKIM          0.32
Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::Header        2.04
Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::Internet      2.04
Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::SpamAssassin  3.002005
Oct 20 14:39:01 Golf1 amavis[23754]: Module Net::DNS            0.63
Oct 20 14:39:01 Golf1 amavis[23754]: Module Net::Server        0.97
Oct 20 14:39:01 Golf1 amavis[23754]: Module Time::HiRes        1.9711
Oct 20 14:39:01 Golf1 amavis[23754]: Module URI                1.37
Oct 20 14:39:01 Golf1 amavis[23754]: Module Unix::Syslog        0.100
Oct 20 14:39:01 Golf1 amavis[23754]: Amavis::DB code      loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Amavis::Cache code  loaded
Oct 20 14:39:01 Golf1 amavis[23754]: SQL base code        NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: SQL::Log code        NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: SQL::Quarantine      NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Lookup::SQL code    NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Lookup::LDAP code    NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: AM.PDP-in proto code loaded
Oct 20 14:39:01 Golf1 amavis[23754]: SMTP-in proto code  loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Courier proto code  NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: SMTP-out proto code  loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Pipe-out proto code  NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: BSMTP-out proto code NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Local-out proto code loaded
Oct 20 14:39:01 Golf1 amavis[23754]: OS_Fingerprint code  NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-VIRUS code      loaded
Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-SPAM code      loaded
Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-SPAM-SA code    loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Unpackers code      loaded
Oct 20 14:39:01 Golf1 amavis[23754]: DKIM code            loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Tools code          NOT loaded
Oct 20 14:39:01 Golf1 amavis[23754]: Found $file            at /usr/bin/file
Oct 20 14:39:01 Golf1 amavis[23754]: No $dspam,            not using it
Oct 20 14:39:01 Golf1 amavis[23754]: No $altermime,        not using it
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .mail
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .asc
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .uue
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .hqx
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .ync
Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for      .F    tried: unfreeze, freeze -d, melt, fcat
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .Z    at /usr/bin/uncompress
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .gz  at /usr/bin/gzip -d
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for      .lzo  tried: lzop -d
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .cpio at /usr/bin/pax
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .tar  at /usr/bin/pax
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .deb  at /usr/bin/ar
Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .zip
Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for      .7z  tried: 7zr, 7za, 7z
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .rar  at /usr/bin/unrar
Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .arj  at /usr/bin/unarj
Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for      .arc  tried: nomarch, arc
Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .zoo  at /usr/bin/zoo
Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .lha  at /usr/bin/lha
Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .cab  at /usr/bin/cabextract
Oct 20 14:39:02 Golf1 amavis[23754]: No decoder for      .tnef tried: tnef
Oct 20 14:39:02 Golf1 amavis[23754]: Internal decoder for .tnef
Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
Oct 20 14:39:02 Golf1 amavis[23754]: Using primary internal av scanner code for ClamAV-clamd
Oct 20 14:39:02 Golf1 amavis[23754]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Oct 20 14:39:02 Golf1 amavis[23754]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.35, libdb 4.5
Oct 20 14:39:57 Golf1 amavis[23786]: starting.  /usr/sbin/amavisd at Golf1.domain.tld amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
Oct 20 14:39:57 Golf1 amavis[23786]: Perl version              5.010000
Oct 20 14:39:59 Golf1 amavis[23788]: Net::Server: Group Not Defined.  Defaulting to EGID '113 113'
Oct 20 14:39:59 Golf1 amavis[23788]: Net::Server: User Not Defined.  Defaulting to EUID '65'
Oct 20 14:39:59 Golf1 amavis[23788]: Module Amavis::Conf        2.103
Oct 20 14:39:59 Golf1 amavis[23788]: Module Archive::Zip        1.24
Oct 20 14:39:59 Golf1 amavis[23788]: Module BerkeleyDB          0.35
Oct 20 14:39:59 Golf1 amavis[23788]: Module Compress::Zlib      2.008
Oct 20 14:39:59 Golf1 amavis[23788]: Module Convert::TNEF      0.17
Oct 20 14:39:59 Golf1 amavis[23788]: Module Convert::UUlib      1.051
Oct 20 14:39:59 Golf1 amavis[23788]: Module Crypt::OpenSSL::RSA 0.25
Oct 20 14:39:59 Golf1 amavis[23788]: Module DBD::mysql          4.010
Oct 20 14:39:59 Golf1 amavis[23788]: Module DBI                1.607
Oct 20 14:39:59 Golf1 amavis[23788]: Module DB_File            1.816_1
Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::MD5        2.36_01
Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::SHA        5.45
Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::SHA1        2.11
Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Entity        5.427
Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Parser        5.427
Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Tools        5.427
Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::DKIM          0.32
Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::Header        2.04
Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::Internet      2.04
Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::SpamAssassin  3.002005
Oct 20 14:40:00 Golf1 amavis[23788]: Module Net::DNS            0.63
Oct 20 14:40:00 Golf1 amavis[23788]: Module Net::Server        0.97
Oct 20 14:40:00 Golf1 amavis[23788]: Module Time::HiRes        1.9711
Oct 20 14:40:00 Golf1 amavis[23788]: Module URI                1.37
Oct 20 14:40:00 Golf1 amavis[23788]: Module Unix::Syslog        0.100
Oct 20 14:40:00 Golf1 amavis[23788]: Amavis::DB code      loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Amavis::Cache code  loaded
Oct 20 14:40:00 Golf1 amavis[23788]: SQL base code        NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: SQL::Log code        NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: SQL::Quarantine      NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Lookup::SQL code    NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Lookup::LDAP code    NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: AM.PDP-in proto code loaded
Oct 20 14:40:00 Golf1 amavis[23788]: SMTP-in proto code  loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Courier proto code  NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: SMTP-out proto code  loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Pipe-out proto code  NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: BSMTP-out proto code NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Local-out proto code loaded
Oct 20 14:40:00 Golf1 amavis[23788]: OS_Fingerprint code  NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-VIRUS code      loaded
Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-SPAM code      loaded
Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-SPAM-SA code    loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Unpackers code      loaded
Oct 20 14:40:00 Golf1 amavis[23788]: DKIM code            loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Tools code          NOT loaded
Oct 20 14:40:00 Golf1 amavis[23788]: Found $file            at /usr/bin/file
Oct 20 14:40:00 Golf1 amavis[23788]: No $dspam,            not using it
Oct 20 14:40:00 Golf1 amavis[23788]: No $altermime,        not using it
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .mail
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .asc
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .uue
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .hqx
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .ync
Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for      .F    tried: unfreeze, freeze -d, melt, fcat
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .Z    at /usr/bin/uncompress
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .gz  at /usr/bin/gzip -d
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for      .lzo  tried: lzop -d
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .cpio at /usr/bin/pax
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .tar  at /usr/bin/pax
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .deb  at /usr/bin/ar
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .zip
Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for      .7z  tried: 7zr, 7za, 7z
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .rar  at /usr/bin/unrar
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .arj  at /usr/bin/unarj
Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for      .arc  tried: nomarch, arc
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .zoo  at /usr/bin/zoo
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .lha  at /usr/bin/lha
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .cab  at /usr/bin/cabextract
Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for      .tnef tried: tnef
Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .tnef
Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
Oct 20 14:40:00 Golf1 amavis[23788]: Using primary internal av scanner code for ClamAV-clamd
Oct 20 14:40:00 Golf1 amavis[23788]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Oct 20 14:40:00 Golf1 amavis[23788]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.35, libdb 4.5
Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: connect from localhost[127.0.0.1]
Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: disconnect from localhost[127.0.0.1]
Oct 20 14:40:05 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:40:05 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Oct 20 14:40:05 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:40:05 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Oct 20 14:41:38 Golf1 postfix/smtpd[23655]: connect from abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
Oct 20 14:41:39 Golf1 postfix/smtpd[23655]: 87D54160D8: client=abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
Oct 20 14:41:40 Golf1 postfix/cleanup[23887]: 87D54160D8: message-id=<1256040129.0465@wwdb.org>
Oct 20 14:41:40 Golf1 postfix/qmgr[3447]: 87D54160D8: from=<janiceangeliquesi@wwdb.org>, size=1612, nrcpt=7 (queue active)
Oct 20 14:41:41 Golf1 postfix/smtpd[23655]: disconnect from abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
Oct 20 14:41:55 Golf1 postfix/smtpd[23891]: connect from unknown[127.0.0.1]
Oct 20 14:41:55 Golf1 postfix/smtpd[23891]: AF38A160F1: client=unknown[127.0.0.1]
Oct 20 14:41:55 Golf1 postfix/cleanup[23887]: AF38A160F1: message-id=<1256040129.0465@wwdb.org>
Oct 20 14:41:55 Golf1 postfix/qmgr[3447]: AF38A160F1: from=<janiceangeliquesi@wwdb.org>, size=2162, nrcpt=7 (queue active)
Oct 20 14:41:56 Golf1 amavis[23843]: (23843-01) Passed CLEAN, [83.7.166.55] [83.7.166.55] <janiceangeliquesi@wwdb.org> -> <452eb65a.4080807@domain1.tld>,<jmh711nsuk@domain1.tld>,<nsuk@domain1.tld>,<rick@domain1.tld>,<siamvi@domain1.tld>,<wbix@domain1.tld>,<wtop@domain1.tld>, Message-ID: <1256040129.0465@wwdb.org>, mail_id: 6vGOLhJ5DO18, Hits: 2.001, size: 1611, queued_as: AF38A160F1, 15594 ms
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<452eb65a.4080807@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<jmh711nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<rick@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<siamvi@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<wbix@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<wtop@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
Oct 20 14:41:56 Golf1 postfix/qmgr[3447]: 87D54160D8: removed
Oct 20 14:41:56 Golf1 postfix/pipe[23900]: AF38A160F1: to=<rick@domain1.tld>, relay=maildrop, delay=0.69, delays=0.27/0.11/0/0.31, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:56 Golf1 postfix/pipe[23901]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<452eb65a.4080807@domain1.tld>, relay=maildrop, delay=0.84, delays=0.27/0.13/0/0.44, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:56 Golf1 postfix/pipe[23900]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<jmh711nsuk@domain1.tld>, relay=maildrop, delay=1.1, delays=0.27/0.57/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:57 Golf1 postfix/pipe[23901]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<nsuk@domain1.tld>, relay=maildrop, delay=1.5, delays=0.27/0.86/0/0.36, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:57 Golf1 postfix/pipe[23900]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<siamvi@domain1.tld>, relay=maildrop, delay=1.8, delays=0.27/1.2/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:57 Golf1 postfix/pipe[23901]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<wbix@domain1.tld>, relay=maildrop, delay=2.1, delays=0.27/1.5/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:58 Golf1 postfix/pipe[23900]: AF38A160F1: to=<mail@domain1.tld>, orig_to=<wtop@domain1.tld>, relay=maildrop, delay=2.4, delays=0.27/1.8/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:41:58 Golf1 postfix/qmgr[3447]: AF38A160F1: removed
Oct 20 14:44:09 Golf1 postfix/qmgr[3447]: D8E66160FD: from=<>, size=3799, nrcpt=1 (queue active)
Oct 20 14:44:09 Golf1 postfix/qmgr[3447]: 94A8D160CE: from=<>, size=4020, nrcpt=1 (queue active)
Oct 20 14:44:40 Golf1 postfix/smtp[24061]: connect to exchange.vascent.com[64.238.118.30]:25: Connection timed out
Oct 20 14:44:40 Golf1 postfix/smtp[24061]: 94A8D160CE: to=<xdvew@vascent.com>, relay=none, delay=428761, delays=428730/0.1/30/0, dsn=4.4.1, status=deferred (connect to exchange.vascent.com[64.238.118.30]:25: Connection timed out)
Oct 20 14:44:45 Golf1 postfix/smtp[24060]: connect to ekvatorturizm.com[85.159.64.4]:25: Connection timed out
Oct 20 14:44:45 Golf1 postfix/smtp[24060]: D8E66160FD: to=<aswaoqew@ekvatorturizm.com>, relay=none, delay=428768, delays=428733/0.13/35/0, dsn=4.4.1, status=deferred (connect to ekvatorturizm.com[85.159.64.4]:25: Connection timed out)
Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max connection rate 1/60s for (smtp:123.17.233.96) at Oct 20 14:37:25
Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max connection count 1 for (smtp:123.17.233.96) at Oct 20 14:37:25
Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max cache size 2 at Oct 20 14:38:20
Oct 20 14:45:03 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:45:03 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Oct 20 14:45:03 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:45:03 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: connect from localhost[127.0.0.1]
Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: disconnect from localhost[127.0.0.1]
Oct 20 14:46:17 Golf1 postfix/smtpd[24131]: connect from 3cclub.idv.tw[59.126.192.102]
Oct 20 14:46:18 Golf1 postfix/smtpd[24131]: DA96C160D8: client=3cclub.idv.tw[59.126.192.102]
Oct 20 14:46:19 Golf1 postfix/cleanup[24189]: DA96C160D8: message-id=<OFENKJHNELIPJFDHAKCKMBPHPGAA.andrea.mcIntyreug@erols.com>
Oct 20 14:46:19 Golf1 postfix/qmgr[3447]: DA96C160D8: from=<andrea.mcIntyreug@erols.com>, size=1919, nrcpt=1 (queue active)
Oct 20 14:46:20 Golf1 postfix/smtpd[24131]: disconnect from 3cclub.idv.tw[59.126.192.102]
Oct 20 14:46:34 Golf1 postfix/smtpd[24131]: warning: 125.163.214.15: hostname 15.subnet125-163-214.speedy.telkom.net.id verification failed: Name or service not known
Oct 20 14:46:34 Golf1 postfix/smtpd[24131]: connect from unknown[125.163.214.15]
Oct 20 14:46:34 Golf1 amavis[23844]: (23844-01) Blocked SPAM, [59.126.192.102] [59.126.192.102] <andrea.mcIntyreug@erols.com> -> <452eb65a.4080807@domain1.tld>, quarantine: spam-fjX8PjMtfxpl.gz, Message-ID: <OFENKJHNELIPJFDHAKCKMBPHPGAA.andrea.mcIntyreug@erols.com>, mail_id: fjX8PjMtfxpl, Hits: 11.597, size: 1919, 14625 ms
Oct 20 14:46:34 Golf1 postfix/smtp[24190]: DA96C160D8: to=<452eb65a.4080807@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.95/0.05/0.03/15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-01, DISCARD(bounce.suppressed))
Oct 20 14:46:34 Golf1 postfix/qmgr[3447]: DA96C160D8: removed
Oct 20 14:46:36 Golf1 postfix/smtpd[24131]: 040B5160D8: client=unknown[125.163.214.15]
Oct 20 14:46:43 Golf1 postfix/cleanup[24189]: 040B5160D8: message-id=<000e01ca518b$b441de00$0fd6a37d@sammimail.com>
Oct 20 14:46:43 Golf1 postfix/qmgr[3447]: 040B5160D8: from=<pill@sammimail.com>, size=2370, nrcpt=1 (queue active)
Oct 20 14:46:43 Golf1 postfix/smtpd[24131]: disconnect from unknown[125.163.214.15]
Oct 20 13:46:56 Golf1 postfix/smtpd[23891]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
Oct 20 13:46:56 Golf1 postfix/smtpd[23891]: disconnect from unknown[127.0.0.1]
Oct 20 14:46:56 Golf1 amavis[23843]: (23843-02) Blocked SPAM, [125.163.214.15] [84.199.110.121] <pill@sammimail.com> -> <nsuk@domain1.tld>, quarantine: spam-WZH3C2IX8Xlk.gz, Message-ID: <000e01ca518b$b441de00$0fd6a37d@sammimail.com>, mail_id: WZH3C2IX8Xlk, Hits: 13.049, size: 2370, 13724 ms
Oct 20 14:46:56 Golf1 postfix/smtp[24190]: 040B5160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=7.9/0/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-02, DISCARD(bounce.suppressed))
Oct 20 14:46:56 Golf1 postfix/qmgr[3447]: 040B5160D8: removed
Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:48:56 Golf1 pop3d: LOGIN, user=rick@domain1.tld, ip=[::ffff:82.70.171.142], port=[56496]
Oct 20 14:48:57 Golf1 pop3d: LOGIN, user=mail@domain3.tld, ip=[::ffff:82.70.171.142], port=[56498]
Oct 20 14:48:57 Golf1 pop3d: LOGIN, user=mail@domain2.tld, ip=[::ffff:82.70.171.142], port=[56497]
Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=mail@domain2.tld, ip=[::ffff:82.70.171.142], port=[56497], top=0, retr=0, rcvd=12, sent=39, time=0
Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=mail@domain3.tld, ip=[::ffff:82.70.171.142], port=[56498], top=0, retr=0, rcvd=24, sent=1208, time=0
Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=rick@domain1.tld, ip=[::ffff:82.70.171.142], port=[56496], top=0, retr=2147, rcvd=34, sent=9339, time=1
Oct 20 14:49:14 Golf1 postfix/smtpd[24288]: connect from unknown[41.130.16.19]
Oct 20 14:49:19 Golf1 postfix/smtpd[24288]: 52419160D8: client=unknown[41.130.16.19]
Oct 20 14:49:23 Golf1 postfix/cleanup[24299]: 52419160D8: message-id=<000e01ca518b$d9cee780$13108229@oxygen.ie>
Oct 20 14:49:24 Golf1 postfix/qmgr[3447]: 52419160D8: from=<viagra@oxygen.ie>, size=2351, nrcpt=1 (queue active)
Oct 20 14:49:24 Golf1 postfix/smtpd[24288]: disconnect from unknown[41.130.16.19]
Oct 20 14:49:24 Golf1 clamd[2640]: SelfCheck: Database status OK.
Oct 20 14:49:37 Golf1 postfix/smtpd[24303]: connect from unknown[127.0.0.1]
Oct 20 14:49:38 Golf1 postfix/smtpd[24303]: 11CCD160F1: client=unknown[127.0.0.1]
Oct 20 14:49:38 Golf1 postfix/cleanup[24299]: 11CCD160F1: message-id=<SS0sDgD2dWAmh0@Golf1.domain.tld>
Oct 20 14:49:38 Golf1 postfix/qmgr[3447]: 11CCD160F1: from=<>, size=3554, nrcpt=1 (queue active)
Oct 20 13:49:38 Golf1 postfix/smtpd[24303]: disconnect from unknown[127.0.0.1]
Oct 20 14:49:38 Golf1 amavis[23844]: (23844-02) Blocked SPAM, [41.130.16.19] [55.30.105.136] <viagra@oxygen.ie> -> <nsuk@domain1.tld>, quarantine: spam-0sDgD2dWAmh0.gz, Message-ID: <000e01ca518b$d9cee780$13108229@oxygen.ie>, mail_id: 0sDgD2dWAmh0, Hits: 8.492, size: 2351, 14242 ms
Oct 20 14:49:38 Golf1 postfix/smtp[24300]: 52419160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=19, delays=5.1/0.04/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-02, BOUNCE)
Oct 20 14:49:38 Golf1 postfix/qmgr[3447]: 52419160D8: removed
Oct 20 14:49:44 Golf1 postfix/smtp[24312]: 11CCD160F1: to=<viagra@oxygen.ie>, relay=qs513.pair.com[216.92.192.123]:25, delay=6.2, delays=0.25/0.11/5.7/0.21, dsn=5.0.0, status=bounced (host qs513.pair.com[216.92.192.123] said: 554 <viagra@oxygen.ie>: Recipient address rejected: Access denied (in reply to RCPT TO command))
Oct 20 14:49:44 Golf1 postfix/qmgr[3447]: 11CCD160F1: removed
Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: connect from localhost[127.0.0.1]
Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: disconnect from localhost[127.0.0.1]
Oct 20 14:50:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:50:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Oct 20 14:50:02 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:50:02 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Oct 20 14:52:00 Golf1 postfix/smtpd[24398]: warning: 189.231.63.26: hostname dsl-189-231-63-26-dyn.prod-infinitum.com.mx verification failed: Name or service not known
Oct 20 14:52:00 Golf1 postfix/smtpd[24398]: connect from unknown[189.231.63.26]
Oct 20 14:52:01 Golf1 postfix/smtpd[24398]: 5C2DF160D8: client=unknown[189.231.63.26]
Oct 20 14:52:02 Golf1 postfix/cleanup[24409]: 5C2DF160D8: message-id=<GURSUEL79582.5456FE4@DELCANA007>
Oct 20 14:52:02 Golf1 postfix/qmgr[3447]: 5C2DF160D8: from=<nsuk@domain1.tld>, size=3963, nrcpt=1 (queue active)
Oct 20 14:52:02 Golf1 postfix/smtpd[24398]: disconnect from unknown[189.231.63.26]
Oct 20 14:52:16 Golf1 postfix/smtpd[24442]: connect from unknown[127.0.0.1]
Oct 20 14:52:16 Golf1 postfix/smtpd[24442]: B4DD6160F1: client=unknown[127.0.0.1]
Oct 20 14:52:16 Golf1 postfix/cleanup[24409]: B4DD6160F1: message-id=<SSyBz0hyShIUqD@Golf1.domain.tld>
Oct 20 14:52:16 Golf1 postfix/qmgr[3447]: B4DD6160F1: from=<>, size=3333, nrcpt=1 (queue active)
Oct 20 13:52:16 Golf1 postfix/smtpd[24442]: disconnect from unknown[127.0.0.1]
Oct 20 14:52:17 Golf1 amavis[23843]: (23843-03) Blocked SPAM, [189.231.63.26] [189.231.63.26] <nsuk@domain1.tld> -> <nsuk@domain1.tld>, quarantine: spam-yBz0hyShIUqD.gz, Message-ID: <GURSUEL79582.5456FE4@DELCANA007>, mail_id: yBz0hyShIUqD, Hits: 7.751, size: 3957, 14386 ms
Oct 20 14:52:17 Golf1 postfix/smtp[24438]: 5C2DF160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=1.5/0.07/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-03, BOUNCE)
Oct 20 14:52:17 Golf1 postfix/qmgr[3447]: 5C2DF160D8: removed
Oct 20 14:52:17 Golf1 postfix/pipe[24450]: B4DD6160F1: to=<mail@domain1.tld>, orig_to=<nsuk@domain1.tld>, relay=maildrop, delay=0.67, delays=0.25/0.07/0/0.35, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:52:17 Golf1 postfix/qmgr[3447]: B4DD6160F1: removed
Oct 20 14:52:23 Golf1 postfix/smtpd[24398]: connect from www.tv-bay.com[62.128.157.204]
Oct 20 14:52:23 Golf1 postfix/smtpd[24398]: NOQUEUE: reject: RCPT from www.tv-bay.com[62.128.157.204]: 554 5.7.1 <info@domain2.tld>: Relay access denied; from=<apache@tv-bay.com> to=<info@domain2.tld> proto=ESMTP helo=<dlx35962.fm.netbenefit.co.uk>
Oct 20 14:52:24 Golf1 postfix/smtpd[24398]: disconnect from www.tv-bay.com[62.128.157.204]
Oct 20 14:55:03 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:55:03 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Oct 20 14:55:03 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
Oct 20 14:55:03 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: connect from localhost[127.0.0.1]
Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: disconnect from localhost[127.0.0.1]
Oct 20 14:55:37 Golf1 postfix/smtpd[24565]: connect from unknown[142.166.73.66]
Oct 20 14:55:37 Golf1 postfix/smtpd[24565]: B6372160D8: client=unknown[142.166.73.66]
Oct 20 14:55:38 Golf1 postfix/cleanup[24591]: B6372160D8: message-id=<BKJAU47680.ECBDC73@River002>
Oct 20 14:55:38 Golf1 postfix/qmgr[3447]: B6372160D8: from=<part1.02010404.00070304@domain1.tld>, size=3947, nrcpt=1 (queue active)
Oct 20 14:55:38 Golf1 postfix/smtpd[24565]: disconnect from unknown[142.166.73.66]
Oct 20 14:55:52 Golf1 postfix/smtpd[24595]: connect from unknown[127.0.0.1]
Oct 20 14:55:52 Golf1 postfix/smtpd[24595]: 46F25160F1: client=unknown[127.0.0.1]
Oct 20 14:55:52 Golf1 postfix/cleanup[24591]: 46F25160F1: message-id=<SSlhZEysqrVHfG@Golf1.domain.tld>
Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: 46F25160F1: from=<>, size=3481, nrcpt=1 (queue active)
Oct 20 13:55:52 Golf1 postfix/smtpd[24595]: disconnect from unknown[127.0.0.1]
Oct 20 14:55:52 Golf1 amavis[23844]: (23844-03) Blocked SPAM, [142.166.73.66] [142.166.73.66] <part1.02010404.00070304@domain1.tld> -> <part1.02010404.00070304@domain1.tld>, quarantine: spam-lhZEysqrVHfG.gz, Message-ID: <BKJAU47680.ECBDC73@River002>, mail_id: lhZEysqrVHfG, Hits: 7.901, size: 3941, 14061 ms
Oct 20 14:55:52 Golf1 postfix/smtp[24592]: B6372160D8: to=<part1.02010404.00070304@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.95/0.04/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-03, BOUNCE)
Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: B6372160D8: removed
Oct 20 14:55:52 Golf1 postfix/pipe[24604]: 46F25160F1: to=<mail@domain1.tld>, orig_to=<part1.02010404.00070304@domain1.tld>, relay=maildrop, delay=0.67, delays=0.25/0.07/0/0.35, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: 46F25160F1: removed
Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max connection rate 1/60s for (smtp:59.126.192.102) at Oct 20 14:46:17
Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max connection count 1 for (smtp:59.126.192.102) at Oct 20 14:46:17
Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max cache size 2 at Oct 20 14:46:34
Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=rick@domain1.tld, ip=[::ffff:82.70.171.142], port=[56553]
Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=mail@domain3.tld, ip=[::ffff:82.70.171.142], port=[56555]
Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=mail@domain2.tld, ip=[::ffff:82.70.171.142], port=[56554]
Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=mail@domain2.tld, ip=[::ffff:82.70.171.142], port=[56554], top=0, retr=0, rcvd=12, sent=39, time=0
Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=mail@domain3.tld, ip=[::ffff:82.70.171.142], port=[56555], top=0, retr=0, rcvd=24, sent=1208, time=0
Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=rick@domain1.tld, ip=[::ffff:82.70.171.142], port=[56553], top=0, retr=0, rcvd=24, sent=7107, time=0
Oct 20 14:59:09 Golf1 postfix/qmgr[3447]: 358A716101: from=<>, size=3464, nrcpt=1 (queue active)
Oct 20 14:59:26 Golf1 postfix/smtp[24764]: 358A716101: to=<naitret1994@www.maximoaudio.com>, relay=maximoaudio.com[174.120.151.250]:25, delay=349012, delays=348995/0.16/5.9/11, dsn=4.0.0, status=deferred (host maximoaudio.com[174.120.151.250] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Oct 20 15:00:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 15:00:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Oct 20 15:00:02 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
Oct 20 15:00:02 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: connect from localhost[127.0.0.1]
Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: disconnect from localhost[127.0.0.1]
Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: connect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: lost connection after CONNECT from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: disconnect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:24 Golf1 postfix/smtpd[24830]: connect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:24 Golf1 postfix/smtpd[24830]: D576B160D8: client=170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:25 Golf1 postfix/cleanup[24857]: D576B160D8: message-id=005401ca519e$55cfba00$016f2e00$@com
Oct 20 15:00:25 Golf1 postfix/qmgr[3447]: D576B160D8: from=<spearhead1away@kentuckydcp.com>, size=6119, nrcpt=1 (queue active)
Oct 20 15:00:25 Golf1 postfix/smtpd[24830]: disconnect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
Oct 20 15:00:25 Golf1 clamd[2640]: SelfCheck: Database status OK.
Oct 20 15:00:40 Golf1 amavis[23843]: (23843-04) Blocked SPAM, [85.58.85.170] [85.58.85.170] <spearhead1away@kentuckydcp.com> -> <siamvi@domain1.tld>, quarantine: spam-S6tPzPTQ1e1I.gz, Message-ID: <005401ca519e$55cfba00$016f2e00$@com>, mail_id: S6tPzPTQ1e1I, Hits: 13.234, size: 6119, 14700 ms
Oct 20 15:00:40 Golf1 postfix/smtp[24858]: D576B160D8: to=<siamvi@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.67/0.04/0.02/15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-04, DISCARD(bounce.suppressed))
Oct 20 15:00:40 Golf1 postfix/qmgr[3447]: D576B160D8: removed
Oct 20 15:01:27 Golf1 postfix/smtpd[24830]: connect from unknown[119.65.45.94]
Oct 20 15:01:28 Golf1 postfix/smtpd[24830]: C42A5160D8: client=unknown[119.65.45.94]
Oct 20 15:01:29 Golf1 postfix/cleanup[24857]: C42A5160D8: message-id=<000d01ca518d$88d576d0$6400a8c0@jailer9>
Oct 20 15:01:29 Golf1 postfix/qmgr[3447]: C42A5160D8: from=<jailer9@reed.com>, size=4671, nrcpt=1 (queue active)
Oct 20 15:01:30 Golf1 postfix/smtpd[24830]: disconnect from unknown[119.65.45.94]
Oct 20 15:01:41 Golf1 amavis[23844]: (23844-04) Blocked SPAM, [119.65.45.94] [119.65.45.94] <jailer9@reed.com> -> <nsuk@domain1.tld>, quarantine: spam-ZT6zg4WJSe-N.gz, Message-ID: <000d01ca518d$88d576d0$6400a8c0@jailer9>, mail_id: ZT6zg4WJSe-N, Hits: 17.179, size: 4671, 11449 ms
Oct 20 15:01:41 Golf1 postfix/smtp[24858]: C42A5160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.81/0/0.01/11, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-04, DISCARD(bounce.suppressed))
Oct 20 15:01:41 Golf1 postfix/qmgr[3447]: C42A5160D8: removed
Oct 20 15:04:09 Golf1 postfix/qmgr[3447]: 09BB0160F3: from=<>, size=3712, nrcpt=1 (queue active)
Oct 20 15:04:09 Golf1 postfix/qmgr[3447]: 31407160E6: from=<>, size=3646, nrcpt=1 (queue active)
Oct 20 15:04:09 Golf1 postfix/smtp[25002]: 31407160E6: to=<slanderousv7@skater.ru>, relay=nmx4.masterhost.ru[90.156.155.45]:25, delay=25621, delays=25620/0.08/0.46/0, dsn=4.4.2, status=deferred (lost connection with nmx4.masterhost.ru[90.156.155.45] while performing the HELO handshake)
Oct 20 15:04:21 Golf1 postfix/smtpd[25005]: connect from unknown[117.198.210.189]
Oct 20 15:04:22 Golf1 postfix/smtpd[25005]: 4519B160D8: client=unknown[117.198.210.189]
Oct 20 15:04:25 Golf1 postfix/cleanup[25016]: 4519B160D8: message-id=<000d01ca518e$3803cee0$6400a8c0@impersonatedvh0>
Oct 20 15:04:25 Golf1 postfix/qmgr[3447]: 4519B160D8: from=<impersonatedvh0@ramaticiins.com>, size=2097, nrcpt=1 (queue active)
Oct 20 15:04:25 Golf1 postfix/smtp[25001]: 09BB0160F3: to=<purasute@www.therandomizerscript.com>, relay=therandomizerscript.com[216.246.41.218]:25, delay=21386, delays=21370/0.18/5.5/11, dsn=4.0.0, status=deferred (host therandomizerscript.com[216.246.41.218] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Oct 20 15:04:26 Golf1 postfix/smtpd[25021]: connect from sendc.actemarketing.com[216.241.183.73]
Oct 20 15:04:26 Golf1 postfix/smtpd[25021]: 936C9160F1: client=sendc.actemarketing.com[216.241.183.73]
Oct 20 15:04:26 Golf1 postfix/cleanup[25016]: 936C9160F1: message-id=<0000158c02191f07d9@[10.10.11.66]>
Oct 20 15:04:27 Golf1 postfix/smtpd[25005]: disconnect from unknown[117.198.210.189]
Oct 20 15:04:28 Golf1 postfix/qmgr[3447]: 936C9160F1: from=<news@tv-bay.com>, size=55669, nrcpt=1 (queue active)
Oct 20 15:04:28 Golf1 postfix/smtpd[25021]: disconnect from sendc.actemarketing.com[216.241.183.73]
Oct 20 15:04:38 Golf1 amavis[23843]: (23843-05) Blocked SPAM, [117.198.210.189] [117.198.210.189] <impersonatedvh0@ramaticiins.com> -> <nsuk@domain1.tld>, quarantine: spam-paUFx9VqpXqa.gz, Message-ID: <000d01ca518e$3803cee0$6400a8c0@impersonatedvh0>, mail_id: paUFx9VqpXqa, Hits: 10.312, size: 2097, 12965 ms
Oct 20 15:04:38 Golf1 postfix/smtp[25017]: 4519B160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=3/0.05/0.01/13, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-05, DISCARD(bounce.suppressed))
Oct 20 15:04:38 Golf1 postfix/qmgr[3447]: 4519B160D8: removed
Oct 20 15:04:43 Golf1 postfix/smtpd[25028]: connect from unknown[127.0.0.1]
Oct 20 15:04:43 Golf1 postfix/smtpd[25028]: E5C66160D8: client=unknown[127.0.0.1]
Oct 20 15:04:43 Golf1 postfix/cleanup[25016]: E5C66160D8: message-id=<0000158c02191f07d9@[10.10.11.66]>
Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: E5C66160D8: from=<news@tv-bay.com>, size=56110, nrcpt=1 (queue active)
Oct 20 14:04:44 Golf1 postfix/smtpd[25028]: disconnect from unknown[127.0.0.1]
Oct 20 15:04:44 Golf1 amavis[23844]: (23844-05) Passed CLEAN, [216.241.183.73] [216.241.183.73] <news@tv-bay.com> -> <rick@domain1.tld>, Message-ID: <0000158c02191f07d9@[10.10.11.66]>, mail_id: dsPMiv7j-8GP, Hits: 0.061, size: 55668, queued_as: E5C66160D8, 15965 ms
Oct 20 15:04:44 Golf1 postfix/smtp[25026]: 936C9160F1: to=<rick@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=1.6/0.11/0.01/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23844-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5C66160D8)
Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: 936C9160F1: removed
Oct 20 15:04:44 Golf1 postfix/pipe[25030]: E5C66160D8: to=<rick@domain1.tld>, relay=maildrop, delay=0.48, delays=0.14/0.04/0/0.3, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: E5C66160D8: removed
Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: connect from localhost[127.0.0.1]
Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: lost connection after CONNECT from localhost[127.0.0.1]
Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: disconnect from localhost[127.0.0.1]
Oct 20 15:05:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Oct 20 15:05:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]


till 24th October 2009 18:39

Quote:

Oct 20 15:04:38 Golf1 amavis[23843]: (23843-05) Blocked SPAM, [117.198.210.189] [117.198.210.189] <impersonatedvh0@ramaticiins.com> -> <nsuk@domain1.tld>, quarantine: spam-paUFx9VqpXqa.gz, Message-ID: <000d01ca518e$3803cee0$6400a8c0@impersonatedvh0> , mail_id: paUFx9VqpXqa, Hits: 10.312, size: 2097, 12965 ms
Amavisd is working correctly and identifies spam. But you configured it to quarantine spam instead of deleting it or marking it as spam in the header, so all spam mails get stored in the quarantine directory of amavis.

Cracklefish 11th December 2009 16:01

Quote:

Originally Posted by till (Post 208382)
Amavisd is working correctly and identifies spam. But you configured it to quarantine spam instead of deleting it or marking it as spam in the header, so all spam mails get stored in the quarantine directory of amavis.

Sorry for the delay but I had to go away on another job.

So the problem is my setup.

I have a .Spam directory on each of the mailboxes, created by ispc but there is no mail in it. Where is it going and how do I correct this? Is it an amavisd.conf or a mysql error?

till 14th December 2009 17:32

The .Spam directory is not from ispconfig and amavisd has no function to move spam to such a directoyr. You mix up the amavisd quarantine (which is not used or implemented in ispconfig setups) with the .Spam dir which is most likely created by a webmail or other imap client.

If you want to move spam to a local spam dir, you have to select that amavisd rewrites the ubject of the emails and then use a email fiter to move the emails based on this subject to your spam dir.


All times are GMT +2. The time now is 14:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.