How to examine spam - ISPConfig 3

[zogthegreat]

Hi everyone,

My ISPConfig 3 server has been up and running solid for a week now, (yeah!!), and I have a question about spam filtering.

Is there a way to look at the files in /var/virusmails to see if they are actual spam or emails that were wrongly marked as spam?

Been googling for this, but haven't been able to find an answer.

Thanks

zog

[till]

The default in ispconfig 3 is to mark spam in the subject and not to put it in a folder. So if you us ethe defaults and filter the spam emails in the client, then every user can see if a email is marked wrong.

[zogthegreat]

Hi till,

I am not receiving the spam in my users mail boxes. However, when I check /var/virusmail, this is what I get:

[root@server1 virusmails]# ls
spam-00QRFjIhMdqP.gz spam-5c1sVvcKcmfA.gz spam-CTJFcM6TEyaD.gz spam-g6gZKZNt6soO.gz spam-o-MEBylUDuJj.gz spam-T8EX7rOB7zdc.gz spam-yTbW8AzKwEW1.gz
spam-0trMP3oZK98Y.gz spam-7+SVkjK9v3Ji.gz spam-D1b6on0CtQbb.gz spam-guzGAm1OqCsT.gz spam-pS9UR7G1xpIV.gz spam-tZBMgl4ldEjX.gz spam-ZUmKL-DBD5NU.gz
spam-1Y-Ni+WjICDC.gz spam-82DU04NG9sKn.gz spam-d7cbVFUkhVQC.gz spam-kMByf2Q9mToZ.gz spam-Q+xDG-TWnz1v.gz spam-u3ppu87jqAnE.gz virus-LswKgZPRZRsk
spam-2NbdkQVXfvdx.gz spam-anJTJEzzcwWb.gz spam-DnwuyWX0cGhX.gz spam-KxCRf9ASa-fE.gz spam-qxMxAdpdvJDh.gz spam-UiFxg4551c5A.gz virus-tFaEh2CZNM6v
spam-2SRJL-IKHnEB.gz spam-avjK0Li2pmFq.gz spam-EqF0pVkmeFJT.gz spam-lH27OYJnctTv.gz spam-rBibi3-9JVJQ.gz spam-uJFJV8T9oq5J.gz virus-XQxSEn7gEWqi
spam-3FNuKME6Pt6H.gz spam-b9bgqYjTPZkr.gz spam-euKpeEIpTPcj.gz spam-mPCo5FRmWphb.gz spam-rBlFnUce2vY8.gz spam-VWz+zzuyHJy5.gz
spam-3j+FZwbMoriI.gz spam-BHQwa31ET471.gz spam-F-23ALiJnQdk.gz spam-MYxaZ2-VyNAy.gz spam-RDsH4qf7rhkS.gz spam-WyOiyXXUPhGj.gz
spam-4IuVHctAFeoG.gz spam-CHkwGeRNZRz6.gz spam-f2gUccK+7OFK.gz spam-OHqjOkhyD4bP.gz spam-sGtbcyCBiJPW.gz spam-Yb0OVrZ99+4K.gz

Is this something that I can ignore, or do I have a configuration problem some where?

Thanks

zog

[till]

Which Linux distribution?

[zogthegreat]

CentOS 5.4

BTW, while reading the FAQ's and manual, I noticed that ISPConfig was originally written for Debian. I am using CentOS because I know Redhat better than Debian.

Would I be better off in the long run switching to debian, (i.e. less problems/headaches?)

Thanks

zog

[Toucan]

Zog, I'm not sure why your mails are ending up there. All my mail goes to /var/vmail/usersmailboxesetc. You can read these mails from the root account using the command vi filename or cat filename. There are three directories with mail: cur, tmp and new.

Like you, I started off using other distributions but in the end switched over to debian using this tutorial:
http://www.howtoforge.com/perfect-se...nny-ispconfig3

Although other distros are supported it's worth bearing in mind that ISPconfig3 was developed on debian and this is what the developers are using, so when you ask for support, and you've used that guide, who ever is good enough to help knows exactly what your have in place already.

[zogthegreat]

Hi Toucan,

My mail is going to the same place. Do you think that I can safely ignore these files? Should I delete them or leave them be?

I came across the problem while checking the server logs;

################### Logwatch 7.3 (03/24/06) ####################

--------------------- amavis Begin ------------------------

6 messages checked and passed.
1 virus infected messages were found.
14 spam messages were found.


**Unmatched Entries**
(!!)WARN: all primary virus scanners failed, considering backups: 21 Time(s)
Found decoder for .tar at /usr/bin/pax: 2 Time(s)
Internal decoder for .zip : 2 Time(s)
Found decoder for .F at /usr/bin/unfreeze: 2 Time(s)
Internal decoder for .tnef: 2 Time(s)
Found decoder for .deb at /usr/bin/ar: 2 Time(s)
Found decoder for .zoo at /usr/bin/zoo: 2 Time(s)
Found decoder for .arc at /usr/bin/nomarch: 2 Time(s)
AM.PDP-in proto code loaded: 2 Time(s)
Found decoder for .7z at /usr/bin/7za: 2 Time(s)
Found decoder for .cpio at /usr/bin/pax: 2 Time(s)
Local-out proto code loaded: 2 Time(s)
Found decoder for .rpm at /usr/bin/rpm2cpio: 2 Time(s)
SQL::Quarantine NOT loaded: 2 Time(s)
Internal decoder for .uue : 2 Time(s)
Found decoder for .cab at /usr/bin/cabextract: 2 Time(s)
Found decoder for .lha at /usr/bin/lha: 2 Time(s)
Creating db in /var/amavis/db/; BerkeleyDB 0.41, libdb 4.3: 2 Time(s)
starting. /usr/sbin/amavisd at server1.example.com amavisd-new-2.6.4 (20090625),
Unicode aware, LANG="en_US.UTF-8": 2 Time(s)
Internal decoder for .ync : 2 Time(s)
Found decoder for .gz at /usr/bin/gzip -d: 2 Time(s)
Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj: 2 Time(s)
Found decoder for .rar at /usr/bin/unrar: 2 Time(s)
Internal decoder for .hqx : 2 Time(s)
Found decoder for .arj at /usr/bin/arj: 2 Time(s)
Internal decoder for .mail: 2 Time(s)
Found decoder for .Z at /usr/bin/uncompress: 2 Time(s)
Found decoder for .lzo at /usr/bin/lzop -d: 2 Time(s)
Internal decoder for .asc : 2 Time(s)
No decoder for .tnef tried: tnef: 2 Time(s)
Found decoder for .bz2 at /usr/bin/bzip2 -d: 2 Time(s)

---------------------- amavis End -------------------------


Thanks for your help

zog

[Toucan]

I'm afraid I'm not best suited to help with this one by virtue of the fact I only work in debian and any knowledge I've gained is as a result of help from this forum and research. Hence it was difficult for Till to give advice without knowing your distro and exactly how you'd set it up to get to where you are.

Saying that, there are some real experts in varying distros. Sorry I can't help any further.