HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Problem with Catchall function and Quarantine's target email (http://www.howtoforge.com/forums/showthread.php?t=40251)

farkinca71 20th October 2009 14:59

Problem with Catchall function and Quarantine's target email
 
Dear Experts,

I have installed a perfect server on Ubuntu 9.04, with postfix and Ispconfig 3. The system is up and running, getting and sending emails alright.:)
But I have a little problem with catchall function and a spamfilter policy quarantine's function as well. :(
Namely I created an account of sandbox@mydomain.com where i want to get all of the letters including spams and viruses. I put the email address for the necessary places in ISPconfig panel, but i do not get any letters for that sandbox account !
Any advise or tutorials would be welcome ! I am sort of lame in Linux world, so be patient with me please !
Thanks for the help in advance !

Farkinca

till 20th October 2009 16:12

Please take a look at the mail log of your system to find out what happends with the spam emails.

farkinca71 21st October 2009 09:59

Hello Till,

That was what I found in log

Oct 21 10:08:09 mail postfix/smtp[32695]: AD03910C3A6: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.58, delays=0.19/0/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 110AF10C39D)
Oct 21 10:08:09 mail postfix/qmgr[3029]: AD03910C3A6: removed

This means postfix removed the message before spamassassin?
If it is so, is there any way to put them in quarantine and check them later ?
The other question : I have about 4000 spam in one directory and i made sa-learn command upon that directory and it was said that journal was created or something. Is it working or not, how can I check it? I am using ISPconfig 3.

Thanks a lot for the help :o

till 21st October 2009 10:14

Quote:

This means postfix removed the message before spamassassin?
No. This means that postfix handed the message over to amavisd. Amavisd need some time to scan the email (about 10 - 20 seconds) does any lines got added after the lines you posted above?

farkinca71 21st October 2009 11:01

Dear Till

All the line here regarding the given message

Oct 21 10:08:08 mail postfix/pickup[31226]: AD03910C3A6: uid=5000 from=<>
Oct 21 10:08:08 mail postfix/pipe[32719]: 45A1410C3A0: to=, relay=maildrop, delay=0.48, delays=0.26/0.02/0/0.2, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 21 10:08:08 mail postfix/qmgr[3029]: 45A1410C3A0: removed
Oct 21 10:08:08 mail postfix/cleanup[32694]: AD03910C3A6: message-id=<31ae74420910210007l2bceb401j2b166956a2180736@m ail.gmail.com>
Oct 21 10:08:08 mail postfix/qmgr[3029]: AD03910C3A6: from=<>, size=3820, nrcpt=1 (queue active)
Oct 21 10:08:09 mail postfix/smtpd[32718]: connect from localhost[127.0.0.1]
Oct 21 10:08:09 mail postfix/smtpd[32718]: 110AF10C39D: client=localhost[127.0.0.1]
Oct 21 10:08:09 mail postfix/cleanup[32694]: 110AF10C39D: message-id=<31ae74420910210007l2bceb401j2b166956a2180736@m ail.gmail.com>
Oct 21 10:08:09 mail postfix/qmgr[3029]: 110AF10C39D: from=<>, size=4265, nrcpt=1 (queue active)
Oct 21 10:08:09 mail postfix/smtpd[32718]: disconnect from localhost[127.0.0.1]
Oct 21 10:08:09 mail amavis[2302]: (02302-04) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <31ae74420910210007l2bceb401j2b166956a2180736@mail .gmail.com>, mail_id: D97wiVcH1P1C, Hits: 0.383, size: 3820, queued_as: 110AF10C39D, dkim_id=@gmail.com,farkinca71@gmail.com, 382 ms
Oct 21 10:08:09 mail postfix/smtp[32695]: AD03910C3A6: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.58, delays=0.19/0/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 110AF10C39D)
Oct 21 10:08:09 mail postfix/qmgr[3029]: AD03910C3A6: removed
Oct 21 10:08:09 mail postfix/pipe[32719]: 110AF10C39D: to=, relay=maildrop, delay=0.23, delays=0.13/0/0/0.1, dsn=2.0.0, status=sent (delivered via maildrop service)


Amavis did not check it !

I sent 7 spam from gmail address to this account , 5 got caught, 2 passed

One of them is the following

Oct 21 10:08:52 mail postfix/smtpd[32718]: E214610C39D: client=localhost[127.0.0.1]
Oct 21 10:08:53 mail postfix/cleanup[32686]: E214610C39D: message-id=<31ae74420910210008j3f3858ddoa5a84b5ac8409554@m ail.gmail.com>
Oct 21 10:08:53 mail postfix/qmgr[3029]: E214610C39D: from=<>, size=5147, nrcpt=1 (queue active)
Oct 21 10:08:53 mail postfix/smtpd[32718]: disconnect from localhost[127.0.0.1]
Oct 21 10:08:53 mail amavis[2302]: (02302-05) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <31ae74420910210008j3f3858ddoa5a84b5ac8409554@mail .gmail.com>, mail_id: ByshamBHurT5, Hits: 0.368, size: 4702, queued_as: E214610C39D, dkim_id=@gmail.com,farkinca71@gmail.com, 354 ms
Oct 21 10:08:53 mail postfix/smtp[32695]: 99E4410C3A3: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.49, delays=0.13/0/0.01/0.36, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E214610C39D)
Oct 21 10:08:53 mail postfix/qmgr[3029]: 99E4410C3A3: removed
Oct 21 10:08:53 mail postfix/pipe[32719]: E214610C39D: to=, relay=maildrop, delay=0.22, delays=0.14/0/0/0.08, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 21 10:08:53 mail postfix/qmgr[3029]: E214610C39D: removed

Any solution for the other questions ?

Thanks a lot!

till 21st October 2009 11:10

Quote:

Amavis did not check it !
Thats wrong. Amavis checked it and the scoire was below the level to tag the email as spam:

Oct 21 10:08:09 mail amavis[2302]: (02302-04) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <31ae74420910210007l2bceb401j2b166956a2180736@ma il .gmail.com>, mail_id: D97wiVcH1P1C, Hits: 0.383, size: 3820, queued_as: 110AF10C39D, dkim_id=@gmail.com,farkinca71@gmail.com, 382 ms

Quote:

I sent 7 spam from gmail address to this account , 5 got caught, 2 passed
You can not test amavis like that. The above log lines show that amavis is working correctly.

farkinca71 21st October 2009 11:38

Still i do not understand something... I am using permissive policy and mail forward on that account, in policy I have set up sandbox@mydomain.com as a junkbox for that policy and all viruses and spam should gone over there, but nothig goes there !

Any advise on teaching spamassassin ?

Thanks a lot !

till 22nd October 2009 12:36

Make sure that you assigned the policy to the whole domain name as policys can not be assigned to forwards.

Also, clean messges do not get quarantined of course. Only messages recognized as spam will get quarantined.


All times are GMT +2. The time now is 07:38.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.