Amavis and mail logs question

Discussion in 'Server Operation' started by thavaht, Nov 25, 2009.

  1. thavaht

    thavaht New Member

    Hi,
    I’m integrating amavis into Postfix on Debian Lenny with system users, without Ispconfig, and it seems to work, but I’ve some questions I’d like to clarify:
    The first question is about /etc/spamassassin/local.cf file
    Code:
    mail:~# cat /etc/spamassassin/local.cf
    […]
    #dcc
    use_dcc 1
    dcc_path /usr/local/bin/dccproc
    #dcc_add_header 1
    #dcc_dccifd_path /usr/local/bin/dccifd
    #dcc_dccifd_path /var/dcc/libexec/dccifd
    
    #pyzor
    use_pyzor 1
    pyzor_path /usr/bin/pyzor
    #pyzor_add_header 1
    
    #razor
    use_razor2 1
    razor_config /etc/razor/razor-agent.conf
    […]
    If uncommenting either lines under #dcc or #pyzor spamassassin --lint gives errors. Are those lines no longer needed on Lenny?

    Another question is about de mail logs.
    When sending mails out I see logs like this:
    Code:
    mail:~# tail -f /var/log/mail.log
    […]
    Nov 25 10:15:11 mail postfix/cleanup[7893]: E21F148037: message-id=<[email protected]>
    Nov 25 10:15:11 mail postfix/qmgr[2903]: E21F148037: from=<[email protected]>, size=3591, nrcpt=1 (queue active)
    Nov 25 10:15:11 mail postfix/smtpd[7823]: disconnect from localhost.localdomain[127.0.0.1]
    Nov 25 10:15:11 mail amavis[7826]: (07826-02) Passed CLEAN, LOCAL [127.0.0.1] [196.28.239.21] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: L3vM+FnbyohV, Hits: -1.179, size: 3136, queued_as: E21F148037, 7086 ms
    Nov 25 10:15:15 mail postfix/smtp[7988]: E21F148037: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[216.239.59.27]:25, delay=3.5, delays=0.01/0.01/2.6/0.84, dsn=2.0.0, status=sent (250 2.0.0 OK 1259136916 m5si12852518gve.27)
    Nov 25 10:15:15 mail postfix/qmgr[2903]: E21F148037: removed
    […]
    When receiving:
    Code:
    […]
    Nov 25 10:25:38 mail postfix/cleanup[8227]: 0664C48037: message-id=<[email protected]>
    Nov 25 10:25:38 mail postfix/qmgr[2903]: 0664C48037: from=<[email protected]>, size=13573, nrcpt=1 (queue active)
    Nov 25 10:25:38 mail postfix/smtpd[8237]: disconnect from localhost.localdomain[127.0.0.1]
    Nov 25 10:25:38 mail postfix/local[8238]: 0664C48037: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
    Nov 25 10:25:38 mail postfix/qmgr[2903]: 0664C48037: removed
    
    Nov 25 10:25:38 mail amavis[7826]: (07826-06) Passed CLEAN, [209.85.217.223] [209.85.217.223] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: tk-uc0SXks0l, Hits: 0, size: 13120, queued_as: 0664C48037, 7682 ms
    Nov 25 10:25:38 mail postfix/smtp[8232]: 35E3D48036: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=28, delays=21/0.01/0/7.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=07826-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0664C48037)
    […]
    I wonder about the order in which reports about amavis filtering appear. When receiving mails, reports about amavis appear after mail being reported as “delivered to maildir”. Is that the normal operation?

    TIA
    thavaht
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Correct, these lines aren't needed anymore.
     
  3. thavaht

    thavaht New Member

    And what about the mail logs? Is it not supposed the order in which the logs follow to reflect the order in which the message is processed?
     
  4. falko

    falko Super Moderator ISPConfig Developer

    I guess these are two different mails. The one that is delivered to Maildir has the ID 0664C48037, and the other one that is processed by amavisd has the ID 35E3D48036.
     
  5. thavaht

    thavaht New Member

    I made a test sendig (only) one message from [email protected] to [email protected]. The message seems to take two different IDs on the same time.
    In [email protected] inbox a received only one message. I even checked the message header. The two IDs are there, but this time logs order looks different.
    Any way, since I configured Amavis and RBL following your howtos, I stoped receiving Viagra adds. I’m still looking to hear from my colleagues that were complaining too much. Tanks for the howtos.


    The logs:

    Nov 28 16:29:34 mail postfix/cleanup[5474]: 54113EA6E3: message-id=<[email protected]>
    Nov 28 16:29:35 mail postfix/qmgr[2909]: 54113EA6E3: from=<[email protected]>, size=25555, nrcpt=1 (queue active)
    Nov 28 16:29:48 mail postfix/smtpd[5480]: connect from localhost.localdomain[127.0.0.1]
    Nov 28 16:29:48 mail postfix/smtpd[5480]: 5806BEA6E4: client=localhost.localdomain[127.0.0.1]
    Nov 28 16:29:48 mail postfix/cleanup[5474]: 5806BEA6E4: message-id=<[email protected]>
    Nov 28 16:29:48 mail postfix/qmgr[2909]: 5806BEA6E4: from=<[email protected]>, size=26008, nrcpt=1 (queue active)
    Nov 28 16:29:48 mail postfix/smtpd[5480]: disconnect from localhost.localdomain[127.0.0.1]
    Nov 28 16:29:48 mail amavis[1233]: (01233-19) Passed CLEAN, [209.85.210.184] [209.85.210.184] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: euvuBWpEBpSK, Hits: 0, size: 25555, queued_as: 5806BEA6E4, 12644 ms
    Nov 28 16:29:48 mail postfix/local[5481]: 5806BEA6E4: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
    Nov 28 16:29:48 mail postfix/qmgr[2909]: 5806BEA6E4: removed
    Nov 28 16:29:48 mail postfix/smtp[5475]: 54113EA6E3: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=37, delays=24/0.01/0/13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=01233-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5806BEA6E4)
    Nov 28 16:29:48 mail postfix/qmgr[2909]: 54113EA6E3: removed
    Nov 28 16:30:06 mail postfix/smtpd[5471]: disconnect from mail-yx0-f184.google.com[209.85.210.184]


    The message header:

    Return-Path: <[email protected]>
    X-Original-To: [email protected]
    Delivered-To: [email protected]
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.ustm.mz (Postfix) with ESMTP id 5806BEA6E4
    for <[email protected]>; Sat, 28 Nov 2009 16:29:48 +0200 (CAT)
    X-Virus-Scanned: Debian amavisd-new at ustm.mz
    Received: from mail.ustm.mz ([127.0.0.1])
    by localhost (mail.ustm.mz [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id euvuBWpEBpSK for <[email protected]>;
    Sat, 28 Nov 2009 16:29:35 +0200 (CAT)
    Received: from mail-yx0-f184.google.com (mail-yx0-f184.google.com [209.85.210.184])
    by mail.ustm.mz (Postfix) with ESMTP id 54113EA6E3
    for <[email protected]>; Sat, 28 Nov 2009 16:29:11 +0200 (CAT)
    Received: by yxe14 with SMTP id 14so1903621yxe.7
    for <[email protected]>; Sat, 28 Nov 2009 06:29:16 -0800 (PST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=gamma;
    h=domainkey-signature:mime-version:received:in-reply-to:references
    :date:message-id:subject:from:to:content-type;
    bh=/7Q0t7DpCIlKfgRU/YgL+BYViwvZBIMU2iPMc4/JD/M=;
    b=NwDCSeFChYtAY7ChyBGQ09eu077haUBGFJ3Qv86v6YxTkCE48ap2k0BxTFq6dvAhA2
    63Tv4DAhPXFYms0JDaKxITGw+YWe79f+Iq+wLCs+rrsFyC0HlqENK7QjYKocWt2qVHAb
    CkpDP/Gcy/3qJDs6kH77H4teeC+JvHgEgkaR4=
    DomainKey-Signature: a=rsa-sha1; c=nofws;
    d=gmail.com; s=gamma;
    h=mime-version:in-reply-to:references:date:message-id:subject:from:to
    :content-type;
    b=cWQ9kQ4nZYNZfvAy3hKaPt4+o0YRqFrFssevVfloBl+eawyLVMKoQo31gfW86UA512
    CmK2elSOZEK4qyvgov3jFPiVMfIKo9HwSjuCEybMDPAvHx/6+adAuAOkftNk2J37QMeC
    CLX0pVMpZRDK395VtflEm+0j5roS4DRPKs6mE=
    MIME-Version: 1.0
    Received: by 10.101.213.35 with SMTP id p35mr950144anq.72.1259418556388; Sat,
    28 Nov 2009 06:29:16 -0800 (PST)
    In-Reply-To: <4116479.1248966877713.JavaMail.developer@mcel_bill_mon>
    References: <4116479.1248966877713.JavaMail.developer@mcel_bill_mon>
    Date: Sat, 28 Nov 2009 16:29:16 +0200
    Message-ID: <[email protected]>
    Subject: Invoice for 16/07/2009
    From: =?ISO-8859-1?Q?Aleixo_Sim=E3o_Muchanga?= <[email protected]>
    To: [email protected]
    Content-Type: multipart/mixed; boundary=001636c92b3aad595604796f3b72
     

Share This Page