Amavisd not identfying spam properly

Discussion in 'Installation/Configuration' started by Cracklefish, Oct 13, 2009.

  1. Cracklefish

    Cracklefish Member HowtoForge Supporter

    Amavisd does not seem to report spam properly.

    Suse, 11.1; Perfect Server; ISPC 3.0.1.4

    If I run debug I get what looks like an error "Pid_file already exists for running process (3076)... aborting"...

    Is this a good place to start?

    Code:
    amavisd debug
    Oct 13 17:21:12.686 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: starting.  /usr/sbin/amavisd at Golf1.greenway.co.uk amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
    Oct 13 17:21:12.687 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: user=, EUID: 65 (65);  group=, EGID: 113 113 (113 113)
    Oct 13 17:21:12.688 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: Perl version               5.010000
    Oct 13 17:21:12.923 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: INFO: no optional modules: IO::Socket::INET6
    Oct 13 17:21:14.253 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: INFO: SA version: 3.2.5, 3.002005, no optional modules: Net::CIDR::Lite Sys::Hostname::Long Mail::SpamAssassin::BayesStore::PgSQL Encode::Detect Razor2::Client::Agent IP::Country::Fast Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::ExpMail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::ipv6_n2d auto::NetAddr::IP::Util::ipv6_n2x Mail::SPF::Query Error
    Oct 13 17:21:14.255 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: SpamControl: init_pre_chroot on SpamAssassin done
    Pid_file already exists for running process (3076)... aborting
    Oct 13 17:21:14.260 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: (!)Net::Server: 2009/10/13-17:21:14 Pid_file already exists for running process (3076)... aborting\n\n  at line 277 in file /usr/lib/perl5/vendor_perl/5.10.0/Net/Server.pm
    Oct 13 17:21:14.262 Golf1.greenway.co.uk /usr/sbin/amavisd[4013]: Net::Server: 2009/10/13-17:21:14 Server closing!
    
    This is a typical header from a spam (in the POP box not the client)

    Code:
    Return-Path: <[email protected]>
    Received: from localhost (unknown [127.0.0.1])
    	by golf1.greenway.co.uk (Postfix) with ESMTP id 90FB0160F2;
    	Tue, 13 Oct 2009 15:19:56 +0000 (UTC)
    X-Virus-Scanned: amavisd-new at greenway.co.uk
    Received: from golf1.greenway.co.uk ([127.0.0.1])
    	by localhost (Golf1.greenway.co.uk [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id a4KQprg7P0im; Tue, 13 Oct 2009 16:19:42 +0100 (BST)
    Received: from ABTS-TN-dynamic-222.160.164.122.airtelbroadband.in (unknown [122.164.160.222])
    	by golf1.greenway.co.uk (Postfix) with ESMTP id 16835160EC;
    	Tue, 13 Oct 2009 16:19:40 +0100 (BST)
    Message-ID: <000d01ca4c18$8ed3c610$6400a8c0@leopoldbn3>
    From: "Carlo Blue" <[email protected]>
    To: <[email protected]>
    Subject: Apply for your diploma.
    Date: Tue, 13 Oct 2009 20:49:29 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    	boundary="----=_NextPart_000_0007_01CA4C18.8ED3C610"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    
    This is a multi-part message in MIME format.
    
    ------=_NextPart_000_0007_01CA4C18.8ED3C610
    Content-Type: text/plain;
    	charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Amavisd is not able to start as its pid file exists already. Please try to reboot the server.
     
  3. Cracklefish

    Cracklefish Member HowtoForge Supporter

    That helped. The PID file error has gone and now I get a normal debug report. Funny though the server has been rebooted several times lately for other reasons.

    The Amavis still does not seem to be behaving properly.

    I have reset the tags in ISPC to:

    SPAM tag level = 2.5
    SPAM tag2 level = 5
    SPAM kill level = 6.8

    But amavisd.conf shows

    $sa_tag_level_deflt = 2.0
    $sa_tag2_level_deflt = 6.2
    $sa_kill_level_deflt = 6.2


    I have never had an email with ***SPAM*** in the subject field

    Here is a header:

    Code:
    Return-Path: <[email protected]>
    Received: from localhost (unknown [127.0.0.1])
    	by golf1.sanitised (Postfix) with ESMTP id E0EEC160FF;
    	Fri, 16 Oct 2009 11:08:54 +0000 (UTC)
    X-Virus-Scanned: amavisd-new at sanitised
    X-Spam-Flag: NO
    X-Spam-Score: 6.07
    X-Spam-Level: ******
    X-Spam-Status: No, score=6.07 tagged_above=2 required=6.2 tests=[BAYES_60=1,
    	HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619, RDNS_NONE=0.1,
    	TVD_RCVD_SINGLE=1.351, URIBL_SBL=1.499, URIBL_WS_SURBL=1.5]
    Received: from golf1.sanitised ([127.0.0.1])
    	by localhost (Golf1.sanitised [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id rMYNV8KuaVzO; Fri, 16 Oct 2009 12:08:41 +0100 (BST)
    Received: from YPNCKGMG (unknown [77.120.129.178])
    	by golf1.sanitised (Postfix) with ESMTP id 421C016101;
    	Fri, 16 Oct 2009 12:08:41 +0100 (BST)
    Message-ID: <000d01ca4e51$0232c680$6400a8c0@custodianjxa121>
    From: "Ollie Dotson" <[email protected]>
    To: <wtop@sanitised>
    Subject: Unbelievable prices for spruce watches. 
    Date: Fri, 16 Oct 2009 14:08:36 +0200
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    	boundary="----=_NextPart_000_0007_01CA4E51.0232C680"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    
    
    Although the spam score is 6.07 the header has not been modified.

    There are 2 mailboxes on this domain, this one and a catchall
    Both have a filter set to transfer anything with ***SPAM in subject field to the spam folder (.Spam)

    The spam folder for the catchall box has lots of emails in it, the majority are "Considered UNSOLICITED BULK EMAIL..." with a header;

    Code:
    Return-Path: <MAILER-DAEMON>
    Received: from localhost (unknown [127.0.0.1])
    	by golf1.sanitised (Postfix) with ESMTP id E7E6516101
    	for <wtop@sanitised>; Fri, 16 Oct 2009 12:05:08 +0000 (UTC)
    Content-Type: multipart/report; report-type=delivery-status;
     boundary="----------=_1255694708-7025-2"
    Content-Transfer-Encoding: 7bit
    MIME-Version: 1.0
    Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
    In-Reply-To: <6704PBT.736021A7.26395804513273LFYMCSVWPYWJJND740@PC3>
    Message-ID: <[email protected]>
    From: "Content-filter at Golf1.sanitised" <[email protected]>
    To: <wtop@sanitised>
    Date: Fri, 16 Oct 2009 13:04:52 +0100 (BST)
    
    The header from a conventional spam looks like this:

    Code:
    Return-Path: <[email protected]>
    Received: from localhost (unknown [127.0.0.1])
    	by golf1.sanitised (Postfix) with ESMTP id 65C3616101
    	for <jmh711nsuk@sanitised>; Fri, 16 Oct 2009 12:09:21 +0000 (UTC)
    X-Virus-Scanned: amavisd-new at sanitised
    X-Spam-Flag: NO
    X-Spam-Score: 5.031
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.031 tagged_above=2 required=6.2 tests=[BAYES_95=3,
    	BODY_ENHANCEMENT=0.309, BODY_ENHANCEMENT2=0.001, HTML_MESSAGE=0.001,
    	RDNS_DYNAMIC=0.1, URI_NOVOWEL=1.62]
    Received: from golf1.sanitised ([127.0.0.1])
    	by localhost (Golf1.sanitised [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id fSmE7MdYLuzO for <jmh711nsuk@sanitised>;
    	Fri, 16 Oct 2009 13:09:05 +0100 (BST)
    Received: from host111-111-dynamic.14-87-r.retail.telecomitalia.it (host111-111-dynamic.14-87-r.retail.telecomitalia.it [87.14.111.111])
    	by golf1.sanitised (Postfix) with ESMTP id A74C8160FF
    	for <jmh711nsuk@sanitised>; Fri, 16 Oct 2009 13:09:04 +0100 (BST)
    Received: from 87.14.111.111 by mailhub13.yellgroup.com; Fri, 16 Oct 2009 14:09:00 +0100
    Message-ID: <000d01ca4e59$71e59e50$6400a8c0@pangingatcm5>
    From: "Major Daley" <[email protected]>
    To: <jmh711nsuk@sanitised>
    Subject: By enlarging your instrument you will manage to keep up your good name.
    Date: Fri, 16 Oct 2009 14:09:00 +0100
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    	boundary="----=_NextPart_000_0007_01CA4E59.71E59E50"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Set the loglevel in amavisd higher and check which tag levels get applied to a specific email.
     
  5. Cracklefish

    Cracklefish Member HowtoForge Supporter

    There are 2 entries in etc/amavisd.conf

    At line 37:
    Code:
    $log_level = 0;              # verbosity 0..5, -d
    $log_recip_templ = undef;    # disable by-recipient level-0 log entries
    $DO_SYSLOG = 1;              # log via syslogd (preferred)
    $syslog_facility = 'mail';   # Syslog facility as a string
               # e.g.: mail, daemon, user, local0, ... local7
    $syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
    and the penultimate line:
    Code:
    $DO_SYSLOG = 1;
    $LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
    
    $log_level = 5;                # (defaults to 0)
    
    There is no var/log/amavis.log

    I tried setting them both to 5 but still no logfile, or am I looking for the wrong file?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Amavisd should log into your syslog or mail log file as $DO_SYSLOG is set to 1. Please take a look in the mail log, you should find the debug output there.
     
  7. Cracklefish

    Cracklefish Member HowtoForge Supporter

    Here is 10 minutes of log at level 5



    Code:
    Oct 20 14:38:57 Golf1 amavis[23747]: starting.  /usr/sbin/amavisd at Golf1.domain.tld amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
    Oct 20 14:38:57 Golf1 amavis[23747]: Perl version               5.010000
    Oct 20 14:39:01 Golf1 amavis[23754]: Net::Server: Group Not Defined.  Defaulting to EGID '113 113'
    Oct 20 14:39:01 Golf1 amavis[23754]: Net::Server: User Not Defined.  Defaulting to EUID '65'
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Amavis::Conf        2.103
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Archive::Zip        1.24
    Oct 20 14:39:01 Golf1 amavis[23754]: Module BerkeleyDB          0.35
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Compress::Zlib      2.008
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Convert::TNEF       0.17
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Convert::UUlib      1.051
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Crypt::OpenSSL::RSA 0.25
    Oct 20 14:39:01 Golf1 amavis[23754]: Module DBD::mysql          4.010
    Oct 20 14:39:01 Golf1 amavis[23754]: Module DBI                 1.607
    Oct 20 14:39:01 Golf1 amavis[23754]: Module DB_File             1.816_1
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::MD5         2.36_01
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::SHA         5.45
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Digest::SHA1        2.11
    Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Entity        5.427
    Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Parser        5.427
    Oct 20 14:39:01 Golf1 amavis[23754]: Module MIME::Tools         5.427
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::DKIM          0.32
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::Header        2.04
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::Internet      2.04
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Mail::SpamAssassin  3.002005
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Net::DNS            0.63
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Net::Server         0.97
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Time::HiRes         1.9711
    Oct 20 14:39:01 Golf1 amavis[23754]: Module URI                 1.37
    Oct 20 14:39:01 Golf1 amavis[23754]: Module Unix::Syslog        0.100
    Oct 20 14:39:01 Golf1 amavis[23754]: Amavis::DB code      loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Amavis::Cache code   loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: SQL base code        NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: SQL::Log code        NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: SQL::Quarantine      NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Lookup::SQL code     NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Lookup::LDAP code    NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: AM.PDP-in proto code loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: SMTP-in proto code   loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Courier proto code   NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: SMTP-out proto code  loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Pipe-out proto code  NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: BSMTP-out proto code NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Local-out proto code loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: OS_Fingerprint code  NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-VIRUS code      loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-SPAM code       loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: ANTI-SPAM-SA code    loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Unpackers code       loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: DKIM code            loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Tools code           NOT loaded
    Oct 20 14:39:01 Golf1 amavis[23754]: Found $file            at /usr/bin/file
    Oct 20 14:39:01 Golf1 amavis[23754]: No $dspam,             not using it
    Oct 20 14:39:01 Golf1 amavis[23754]: No $altermime,         not using it
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .mail
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .asc 
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .uue 
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .hqx 
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .ync 
    Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .Z    at /usr/bin/uncompress
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .gz   at /usr/bin/gzip -d
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
    Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for       .lzo  tried: lzop -d
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .cpio at /usr/bin/pax
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .tar  at /usr/bin/pax
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .deb  at /usr/bin/ar
    Oct 20 14:39:01 Golf1 amavis[23754]: Internal decoder for .zip 
    Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for       .7z   tried: 7zr, 7za, 7z
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .rar  at /usr/bin/unrar
    Oct 20 14:39:01 Golf1 amavis[23754]: Found decoder for    .arj  at /usr/bin/unarj
    Oct 20 14:39:01 Golf1 amavis[23754]: No decoder for       .arc  tried: nomarch, arc
    Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .zoo  at /usr/bin/zoo
    Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .lha  at /usr/bin/lha
    Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .cab  at /usr/bin/cabextract
    Oct 20 14:39:02 Golf1 amavis[23754]: No decoder for       .tnef tried: tnef
    Oct 20 14:39:02 Golf1 amavis[23754]: Internal decoder for .tnef
    Oct 20 14:39:02 Golf1 amavis[23754]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
    Oct 20 14:39:02 Golf1 amavis[23754]: Using primary internal av scanner code for ClamAV-clamd
    Oct 20 14:39:02 Golf1 amavis[23754]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Oct 20 14:39:02 Golf1 amavis[23754]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.35, libdb 4.5
    Oct 20 14:39:57 Golf1 amavis[23786]: starting.  /usr/sbin/amavisd at Golf1.domain.tld amavisd-new-2.6.1 (20080629), Unicode aware, LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
    Oct 20 14:39:57 Golf1 amavis[23786]: Perl version               5.010000
    Oct 20 14:39:59 Golf1 amavis[23788]: Net::Server: Group Not Defined.  Defaulting to EGID '113 113'
    Oct 20 14:39:59 Golf1 amavis[23788]: Net::Server: User Not Defined.  Defaulting to EUID '65'
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Amavis::Conf        2.103
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Archive::Zip        1.24
    Oct 20 14:39:59 Golf1 amavis[23788]: Module BerkeleyDB          0.35
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Compress::Zlib      2.008
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Convert::TNEF       0.17
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Convert::UUlib      1.051
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Crypt::OpenSSL::RSA 0.25
    Oct 20 14:39:59 Golf1 amavis[23788]: Module DBD::mysql          4.010
    Oct 20 14:39:59 Golf1 amavis[23788]: Module DBI                 1.607
    Oct 20 14:39:59 Golf1 amavis[23788]: Module DB_File             1.816_1
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::MD5         2.36_01
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::SHA         5.45
    Oct 20 14:39:59 Golf1 amavis[23788]: Module Digest::SHA1        2.11
    Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Entity        5.427
    Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Parser        5.427
    Oct 20 14:40:00 Golf1 amavis[23788]: Module MIME::Tools         5.427
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::DKIM          0.32
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::Header        2.04
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::Internet      2.04
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Mail::SpamAssassin  3.002005
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Net::DNS            0.63
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Net::Server         0.97
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Time::HiRes         1.9711
    Oct 20 14:40:00 Golf1 amavis[23788]: Module URI                 1.37
    Oct 20 14:40:00 Golf1 amavis[23788]: Module Unix::Syslog        0.100
    Oct 20 14:40:00 Golf1 amavis[23788]: Amavis::DB code      loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Amavis::Cache code   loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: SQL base code        NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: SQL::Log code        NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: SQL::Quarantine      NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Lookup::SQL code     NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Lookup::LDAP code    NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: AM.PDP-in proto code loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: SMTP-in proto code   loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Courier proto code   NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: SMTP-out proto code  loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Pipe-out proto code  NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: BSMTP-out proto code NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Local-out proto code loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: OS_Fingerprint code  NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-VIRUS code      loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-SPAM code       loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: ANTI-SPAM-SA code    loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Unpackers code       loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: DKIM code            loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Tools code           NOT loaded
    Oct 20 14:40:00 Golf1 amavis[23788]: Found $file            at /usr/bin/file
    Oct 20 14:40:00 Golf1 amavis[23788]: No $dspam,             not using it
    Oct 20 14:40:00 Golf1 amavis[23788]: No $altermime,         not using it
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .mail
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .asc 
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .uue 
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .hqx 
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .ync 
    Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .Z    at /usr/bin/uncompress
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .gz   at /usr/bin/gzip -d
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
    Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for       .lzo  tried: lzop -d
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .cpio at /usr/bin/pax
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .tar  at /usr/bin/pax
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .deb  at /usr/bin/ar
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .zip 
    Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for       .7z   tried: 7zr, 7za, 7z
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .rar  at /usr/bin/unrar
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .arj  at /usr/bin/unarj
    Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for       .arc  tried: nomarch, arc
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .zoo  at /usr/bin/zoo
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .lha  at /usr/bin/lha
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .cab  at /usr/bin/cabextract
    Oct 20 14:40:00 Golf1 amavis[23788]: No decoder for       .tnef tried: tnef
    Oct 20 14:40:00 Golf1 amavis[23788]: Internal decoder for .tnef
    Oct 20 14:40:00 Golf1 amavis[23788]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/unarj
    Oct 20 14:40:00 Golf1 amavis[23788]: Using primary internal av scanner code for ClamAV-clamd
    Oct 20 14:40:00 Golf1 amavis[23788]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Oct 20 14:40:00 Golf1 amavis[23788]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.35, libdb 4.5
    Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: connect from localhost[127.0.0.1]
    Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 14:40:05 Golf1 postfix/smtpd[23655]: disconnect from localhost[127.0.0.1]
    Oct 20 14:40:05 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:40:05 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 20 14:40:05 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:40:05 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 20 14:41:38 Golf1 postfix/smtpd[23655]: connect from abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
    Oct 20 14:41:39 Golf1 postfix/smtpd[23655]: 87D54160D8: client=abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
    Oct 20 14:41:40 Golf1 postfix/cleanup[23887]: 87D54160D8: message-id=<[email protected]>
    Oct 20 14:41:40 Golf1 postfix/qmgr[3447]: 87D54160D8: from=<[email protected]>, size=1612, nrcpt=7 (queue active)
    Oct 20 14:41:41 Golf1 postfix/smtpd[23655]: disconnect from abjy55.neoplus.adsl.tpnet.pl[83.7.166.55]
    Oct 20 14:41:55 Golf1 postfix/smtpd[23891]: connect from unknown[127.0.0.1]
    Oct 20 14:41:55 Golf1 postfix/smtpd[23891]: AF38A160F1: client=unknown[127.0.0.1]
    Oct 20 14:41:55 Golf1 postfix/cleanup[23887]: AF38A160F1: message-id=<[email protected]>
    Oct 20 14:41:55 Golf1 postfix/qmgr[3447]: AF38A160F1: from=<[email protected]>, size=2162, nrcpt=7 (queue active)
    Oct 20 14:41:56 Golf1 amavis[23843]: (23843-01) Passed CLEAN, [83.7.166.55] [83.7.166.55] <[email protected]> -> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, Message-ID: <[email protected]>, mail_id: 6vGOLhJ5DO18, Hits: 2.001, size: 1611, queued_as: AF38A160F1, 15594 ms
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/smtp[23888]: 87D54160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=1/0.05/0.04/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23843-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AF38A160F1)
    Oct 20 14:41:56 Golf1 postfix/qmgr[3447]: 87D54160D8: removed
    Oct 20 14:41:56 Golf1 postfix/pipe[23900]: AF38A160F1: to=<[email protected]>, relay=maildrop, delay=0.69, delays=0.27/0.11/0/0.31, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:56 Golf1 postfix/pipe[23901]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=0.84, delays=0.27/0.13/0/0.44, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:56 Golf1 postfix/pipe[23900]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=1.1, delays=0.27/0.57/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:57 Golf1 postfix/pipe[23901]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=1.5, delays=0.27/0.86/0/0.36, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:57 Golf1 postfix/pipe[23900]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=1.8, delays=0.27/1.2/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:57 Golf1 postfix/pipe[23901]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=2.1, delays=0.27/1.5/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:58 Golf1 postfix/pipe[23900]: AF38A160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=2.4, delays=0.27/1.8/0/0.29, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:41:58 Golf1 postfix/qmgr[3447]: AF38A160F1: removed
    Oct 20 14:44:09 Golf1 postfix/qmgr[3447]: D8E66160FD: from=<>, size=3799, nrcpt=1 (queue active)
    Oct 20 14:44:09 Golf1 postfix/qmgr[3447]: 94A8D160CE: from=<>, size=4020, nrcpt=1 (queue active)
    Oct 20 14:44:40 Golf1 postfix/smtp[24061]: connect to exchange.vascent.com[64.238.118.30]:25: Connection timed out
    Oct 20 14:44:40 Golf1 postfix/smtp[24061]: 94A8D160CE: to=<[email protected]>, relay=none, delay=428761, delays=428730/0.1/30/0, dsn=4.4.1, status=deferred (connect to exchange.vascent.com[64.238.118.30]:25: Connection timed out)
    Oct 20 14:44:45 Golf1 postfix/smtp[24060]: connect to ekvatorturizm.com[85.159.64.4]:25: Connection timed out
    Oct 20 14:44:45 Golf1 postfix/smtp[24060]: D8E66160FD: to=<[email protected]>, relay=none, delay=428768, delays=428733/0.13/35/0, dsn=4.4.1, status=deferred (connect to ekvatorturizm.com[85.159.64.4]:25: Connection timed out)
    Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max connection rate 1/60s for (smtp:123.17.233.96) at Oct 20 14:37:25
    Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max connection count 1 for (smtp:123.17.233.96) at Oct 20 14:37:25
    Oct 20 14:45:01 Golf1 postfix/anvil[23657]: statistics: max cache size 2 at Oct 20 14:38:20
    Oct 20 14:45:03 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:45:03 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 20 14:45:03 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:45:03 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: connect from localhost[127.0.0.1]
    Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 14:45:03 Golf1 postfix/smtpd[24131]: disconnect from localhost[127.0.0.1]
    Oct 20 14:46:17 Golf1 postfix/smtpd[24131]: connect from 3cclub.idv.tw[59.126.192.102]
    Oct 20 14:46:18 Golf1 postfix/smtpd[24131]: DA96C160D8: client=3cclub.idv.tw[59.126.192.102]
    Oct 20 14:46:19 Golf1 postfix/cleanup[24189]: DA96C160D8: message-id=<[email protected]>
    Oct 20 14:46:19 Golf1 postfix/qmgr[3447]: DA96C160D8: from=<[email protected]>, size=1919, nrcpt=1 (queue active)
    Oct 20 14:46:20 Golf1 postfix/smtpd[24131]: disconnect from 3cclub.idv.tw[59.126.192.102]
    Oct 20 14:46:34 Golf1 postfix/smtpd[24131]: warning: 125.163.214.15: hostname 15.subnet125-163-214.speedy.telkom.net.id verification failed: Name or service not known
    Oct 20 14:46:34 Golf1 postfix/smtpd[24131]: connect from unknown[125.163.214.15]
    Oct 20 14:46:34 Golf1 amavis[23844]: (23844-01) Blocked SPAM, [59.126.192.102] [59.126.192.102] <[email protected]> -> <[email protected]>, quarantine: spam-fjX8PjMtfxpl.gz, Message-ID: <[email protected]>, mail_id: fjX8PjMtfxpl, Hits: 11.597, size: 1919, 14625 ms
    Oct 20 14:46:34 Golf1 postfix/smtp[24190]: DA96C160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.95/0.05/0.03/15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-01, DISCARD(bounce.suppressed))
    Oct 20 14:46:34 Golf1 postfix/qmgr[3447]: DA96C160D8: removed
    Oct 20 14:46:36 Golf1 postfix/smtpd[24131]: 040B5160D8: client=unknown[125.163.214.15]
    Oct 20 14:46:43 Golf1 postfix/cleanup[24189]: 040B5160D8: message-id=<000e01ca518b$b441de00$[email protected]>
    Oct 20 14:46:43 Golf1 postfix/qmgr[3447]: 040B5160D8: from=<[email protected]>, size=2370, nrcpt=1 (queue active)
    Oct 20 14:46:43 Golf1 postfix/smtpd[24131]: disconnect from unknown[125.163.214.15]
    Oct 20 13:46:56 Golf1 postfix/smtpd[23891]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
    Oct 20 13:46:56 Golf1 postfix/smtpd[23891]: disconnect from unknown[127.0.0.1]
    Oct 20 14:46:56 Golf1 amavis[23843]: (23843-02) Blocked SPAM, [125.163.214.15] [84.199.110.121] <[email protected]> -> <[email protected]>, quarantine: spam-WZH3C2IX8Xlk.gz, Message-ID: <000e01ca518b$b441de00$[email protected]>, mail_id: WZH3C2IX8Xlk, Hits: 13.049, size: 2370, 13724 ms
    Oct 20 14:46:56 Golf1 postfix/smtp[24190]: 040B5160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=7.9/0/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-02, DISCARD(bounce.suppressed))
    Oct 20 14:46:56 Golf1 postfix/qmgr[3447]: 040B5160D8: removed
    Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:48:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:48:56 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56496]
    Oct 20 14:48:57 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56498]
    Oct 20 14:48:57 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56497]
    Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56497], top=0, retr=0, rcvd=12, sent=39, time=0
    Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56498], top=0, retr=0, rcvd=24, sent=1208, time=0
    Oct 20 14:48:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56496], top=0, retr=2147, rcvd=34, sent=9339, time=1
    Oct 20 14:49:14 Golf1 postfix/smtpd[24288]: connect from unknown[41.130.16.19]
    Oct 20 14:49:19 Golf1 postfix/smtpd[24288]: 52419160D8: client=unknown[41.130.16.19]
    Oct 20 14:49:23 Golf1 postfix/cleanup[24299]: 52419160D8: message-id=<000e01ca518b$d9cee780$[email protected]>
    Oct 20 14:49:24 Golf1 postfix/qmgr[3447]: 52419160D8: from=<[email protected]>, size=2351, nrcpt=1 (queue active)
    Oct 20 14:49:24 Golf1 postfix/smtpd[24288]: disconnect from unknown[41.130.16.19]
    Oct 20 14:49:24 Golf1 clamd[2640]: SelfCheck: Database status OK.
    Oct 20 14:49:37 Golf1 postfix/smtpd[24303]: connect from unknown[127.0.0.1]
    Oct 20 14:49:38 Golf1 postfix/smtpd[24303]: 11CCD160F1: client=unknown[127.0.0.1]
    Oct 20 14:49:38 Golf1 postfix/cleanup[24299]: 11CCD160F1: message-id=<[email protected]>
    Oct 20 14:49:38 Golf1 postfix/qmgr[3447]: 11CCD160F1: from=<>, size=3554, nrcpt=1 (queue active)
    Oct 20 13:49:38 Golf1 postfix/smtpd[24303]: disconnect from unknown[127.0.0.1]
    Oct 20 14:49:38 Golf1 amavis[23844]: (23844-02) Blocked SPAM, [41.130.16.19] [55.30.105.136] <[email protected]> -> <[email protected]>, quarantine: spam-0sDgD2dWAmh0.gz, Message-ID: <000e01ca518b$d9cee780$[email protected]>, mail_id: 0sDgD2dWAmh0, Hits: 8.492, size: 2351, 14242 ms
    Oct 20 14:49:38 Golf1 postfix/smtp[24300]: 52419160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=19, delays=5.1/0.04/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-02, BOUNCE)
    Oct 20 14:49:38 Golf1 postfix/qmgr[3447]: 52419160D8: removed
    Oct 20 14:49:44 Golf1 postfix/smtp[24312]: 11CCD160F1: to=<[email protected]>, relay=qs513.pair.com[216.92.192.123]:25, delay=6.2, delays=0.25/0.11/5.7/0.21, dsn=5.0.0, status=bounced (host qs513.pair.com[216.92.192.123] said: 554 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command))
    Oct 20 14:49:44 Golf1 postfix/qmgr[3447]: 11CCD160F1: removed
    Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: connect from localhost[127.0.0.1]
    Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 14:50:02 Golf1 postfix/smtpd[24288]: disconnect from localhost[127.0.0.1]
    Oct 20 14:50:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:50:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 20 14:50:02 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:50:02 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 20 14:52:00 Golf1 postfix/smtpd[24398]: warning: 189.231.63.26: hostname dsl-189-231-63-26-dyn.prod-infinitum.com.mx verification failed: Name or service not known
    Oct 20 14:52:00 Golf1 postfix/smtpd[24398]: connect from unknown[189.231.63.26]
    Oct 20 14:52:01 Golf1 postfix/smtpd[24398]: 5C2DF160D8: client=unknown[189.231.63.26]
    Oct 20 14:52:02 Golf1 postfix/cleanup[24409]: 5C2DF160D8: message-id=<GURSUEL79582.5456FE4@DELCANA007>
    Oct 20 14:52:02 Golf1 postfix/qmgr[3447]: 5C2DF160D8: from=<[email protected]>, size=3963, nrcpt=1 (queue active)
    Oct 20 14:52:02 Golf1 postfix/smtpd[24398]: disconnect from unknown[189.231.63.26]
    Oct 20 14:52:16 Golf1 postfix/smtpd[24442]: connect from unknown[127.0.0.1]
    Oct 20 14:52:16 Golf1 postfix/smtpd[24442]: B4DD6160F1: client=unknown[127.0.0.1]
    Oct 20 14:52:16 Golf1 postfix/cleanup[24409]: B4DD6160F1: message-id=<[email protected]>
    Oct 20 14:52:16 Golf1 postfix/qmgr[3447]: B4DD6160F1: from=<>, size=3333, nrcpt=1 (queue active)
    Oct 20 13:52:16 Golf1 postfix/smtpd[24442]: disconnect from unknown[127.0.0.1]
    Oct 20 14:52:17 Golf1 amavis[23843]: (23843-03) Blocked SPAM, [189.231.63.26] [189.231.63.26] <[email protected]> -> <[email protected]>, quarantine: spam-yBz0hyShIUqD.gz, Message-ID: <GURSUEL79582.5456FE4@DELCANA007>, mail_id: yBz0hyShIUqD, Hits: 7.751, size: 3957, 14386 ms
    Oct 20 14:52:17 Golf1 postfix/smtp[24438]: 5C2DF160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=1.5/0.07/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-03, BOUNCE)
    Oct 20 14:52:17 Golf1 postfix/qmgr[3447]: 5C2DF160D8: removed
    Oct 20 14:52:17 Golf1 postfix/pipe[24450]: B4DD6160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=0.67, delays=0.25/0.07/0/0.35, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:52:17 Golf1 postfix/qmgr[3447]: B4DD6160F1: removed
    Oct 20 14:52:23 Golf1 postfix/smtpd[24398]: connect from www.tv-bay.com[62.128.157.204]
    Oct 20 14:52:23 Golf1 postfix/smtpd[24398]: NOQUEUE: reject: RCPT from www.tv-bay.com[62.128.157.204]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<dlx35962.fm.netbenefit.co.uk>
    Oct 20 14:52:24 Golf1 postfix/smtpd[24398]: disconnect from www.tv-bay.com[62.128.157.204]
    Oct 20 14:55:03 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:55:03 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 20 14:55:03 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 14:55:03 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: connect from localhost[127.0.0.1]
    Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 14:55:03 Golf1 postfix/smtpd[24565]: disconnect from localhost[127.0.0.1]
    Oct 20 14:55:37 Golf1 postfix/smtpd[24565]: connect from unknown[142.166.73.66]
    Oct 20 14:55:37 Golf1 postfix/smtpd[24565]: B6372160D8: client=unknown[142.166.73.66]
    Oct 20 14:55:38 Golf1 postfix/cleanup[24591]: B6372160D8: message-id=<BKJAU47680.ECBDC73@River002>
    Oct 20 14:55:38 Golf1 postfix/qmgr[3447]: B6372160D8: from=<[email protected]>, size=3947, nrcpt=1 (queue active)
    Oct 20 14:55:38 Golf1 postfix/smtpd[24565]: disconnect from unknown[142.166.73.66]
    Oct 20 14:55:52 Golf1 postfix/smtpd[24595]: connect from unknown[127.0.0.1]
    Oct 20 14:55:52 Golf1 postfix/smtpd[24595]: 46F25160F1: client=unknown[127.0.0.1]
    Oct 20 14:55:52 Golf1 postfix/cleanup[24591]: 46F25160F1: message-id=<[email protected]>
    Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: 46F25160F1: from=<>, size=3481, nrcpt=1 (queue active)
    Oct 20 13:55:52 Golf1 postfix/smtpd[24595]: disconnect from unknown[127.0.0.1]
    Oct 20 14:55:52 Golf1 amavis[23844]: (23844-03) Blocked SPAM, [142.166.73.66] [142.166.73.66] <[email protected]> -> <[email protected]>, quarantine: spam-lhZEysqrVHfG.gz, Message-ID: <BKJAU47680.ECBDC73@River002>, mail_id: lhZEysqrVHfG, Hits: 7.901, size: 3941, 14061 ms
    Oct 20 14:55:52 Golf1 postfix/smtp[24592]: B6372160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.95/0.04/0.01/14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-03, BOUNCE)
    Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: B6372160D8: removed
    Oct 20 14:55:52 Golf1 postfix/pipe[24604]: 46F25160F1: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=0.67, delays=0.25/0.07/0/0.35, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 14:55:52 Golf1 postfix/qmgr[3447]: 46F25160F1: removed
    Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max connection rate 1/60s for (smtp:59.126.192.102) at Oct 20 14:46:17
    Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max connection count 1 for (smtp:59.126.192.102) at Oct 20 14:46:17
    Oct 20 14:56:17 Golf1 postfix/anvil[24180]: statistics: max cache size 2 at Oct 20 14:46:34
    Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:58:56 Golf1 pop3d: Connection, ip=[::ffff:82.70.171.142]
    Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56553]
    Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56555]
    Oct 20 14:58:57 Golf1 pop3d: LOGIN, user=[email protected], ip=[::ffff:82.70.171.142], port=[56554]
    Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56554], top=0, retr=0, rcvd=12, sent=39, time=0
    Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56555], top=0, retr=0, rcvd=24, sent=1208, time=0
    Oct 20 14:58:57 Golf1 pop3d: LOGOUT, user=[email protected], ip=[::ffff:82.70.171.142], port=[56553], top=0, retr=0, rcvd=24, sent=7107, time=0
    Oct 20 14:59:09 Golf1 postfix/qmgr[3447]: 358A716101: from=<>, size=3464, nrcpt=1 (queue active)
    Oct 20 14:59:26 Golf1 postfix/smtp[24764]: 358A716101: to=<[email protected]>, relay=maximoaudio.com[174.120.151.250]:25, delay=349012, delays=348995/0.16/5.9/11, dsn=4.0.0, status=deferred (host maximoaudio.com[174.120.151.250] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
    Oct 20 15:00:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 15:00:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 20 15:00:02 Golf1 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 15:00:02 Golf1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: connect from localhost[127.0.0.1]
    Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 15:00:02 Golf1 postfix/smtpd[24830]: disconnect from localhost[127.0.0.1]
    Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: connect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: lost connection after CONNECT from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:21 Golf1 postfix/smtpd[24830]: disconnect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:24 Golf1 postfix/smtpd[24830]: connect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:24 Golf1 postfix/smtpd[24830]: D576B160D8: client=170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:25 Golf1 postfix/cleanup[24857]: D576B160D8: message-id=005401ca519e$55cfba00$016f2e00$@com
    Oct 20 15:00:25 Golf1 postfix/qmgr[3447]: D576B160D8: from=<[email protected]>, size=6119, nrcpt=1 (queue active)
    Oct 20 15:00:25 Golf1 postfix/smtpd[24830]: disconnect from 170.pool85-58-85.dynamic.orange.es[85.58.85.170]
    Oct 20 15:00:25 Golf1 clamd[2640]: SelfCheck: Database status OK.
    Oct 20 15:00:40 Golf1 amavis[23843]: (23843-04) Blocked SPAM, [85.58.85.170] [85.58.85.170] <[email protected]> -> <[email protected]>, quarantine: spam-S6tPzPTQ1e1I.gz, Message-ID: <005401ca519e$55cfba00$016f2e00$@com>, mail_id: S6tPzPTQ1e1I, Hits: 13.234, size: 6119, 14700 ms
    Oct 20 15:00:40 Golf1 postfix/smtp[24858]: D576B160D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.67/0.04/0.02/15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-04, DISCARD(bounce.suppressed))
    Oct 20 15:00:40 Golf1 postfix/qmgr[3447]: D576B160D8: removed
    Oct 20 15:01:27 Golf1 postfix/smtpd[24830]: connect from unknown[119.65.45.94]
    Oct 20 15:01:28 Golf1 postfix/smtpd[24830]: C42A5160D8: client=unknown[119.65.45.94]
    Oct 20 15:01:29 Golf1 postfix/cleanup[24857]: C42A5160D8: message-id=<000d01ca518d$88d576d0$6400a8c0@jailer9>
    Oct 20 15:01:29 Golf1 postfix/qmgr[3447]: C42A5160D8: from=<[email protected]>, size=4671, nrcpt=1 (queue active)
    Oct 20 15:01:30 Golf1 postfix/smtpd[24830]: disconnect from unknown[119.65.45.94]
    Oct 20 15:01:41 Golf1 amavis[23844]: (23844-04) Blocked SPAM, [119.65.45.94] [119.65.45.94] <jailer9@reed.com> -> <nsuk@domain1.tld>, quarantine: spam-ZT6zg4WJSe-N.gz, Message-ID: <000d01ca518d$88d576d0$6400a8c0@jailer9>, mail_id: ZT6zg4WJSe-N, Hits: 17.179, size: 4671, 11449 ms
    Oct 20 15:01:41 Golf1 postfix/smtp[24858]: C42A5160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.81/0/0.01/11, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23844-04, DISCARD(bounce.suppressed))
    Oct 20 15:01:41 Golf1 postfix/qmgr[3447]: C42A5160D8: removed
    Oct 20 15:04:09 Golf1 postfix/qmgr[3447]: 09BB0160F3: from=<>, size=3712, nrcpt=1 (queue active)
    Oct 20 15:04:09 Golf1 postfix/qmgr[3447]: 31407160E6: from=<>, size=3646, nrcpt=1 (queue active)
    Oct 20 15:04:09 Golf1 postfix/smtp[25002]: 31407160E6: to=<slanderousv7@skater.ru>, relay=nmx4.masterhost.ru[90.156.155.45]:25, delay=25621, delays=25620/0.08/0.46/0, dsn=4.4.2, status=deferred (lost connection with nmx4.masterhost.ru[90.156.155.45] while performing the HELO handshake)
    Oct 20 15:04:21 Golf1 postfix/smtpd[25005]: connect from unknown[117.198.210.189]
    Oct 20 15:04:22 Golf1 postfix/smtpd[25005]: 4519B160D8: client=unknown[117.198.210.189]
    Oct 20 15:04:25 Golf1 postfix/cleanup[25016]: 4519B160D8: message-id=<000d01ca518e$3803cee0$6400a8c0@impersonatedvh0>
    Oct 20 15:04:25 Golf1 postfix/qmgr[3447]: 4519B160D8: from=<impersonatedvh0@ramaticiins.com>, size=2097, nrcpt=1 (queue active)
    Oct 20 15:04:25 Golf1 postfix/smtp[25001]: 09BB0160F3: to=<purasute@www.therandomizerscript.com>, relay=therandomizerscript.com[216.246.41.218]:25, delay=21386, delays=21370/0.18/5.5/11, dsn=4.0.0, status=deferred (host therandomizerscript.com[216.246.41.218] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
    Oct 20 15:04:26 Golf1 postfix/smtpd[25021]: connect from sendc.actemarketing.com[216.241.183.73]
    Oct 20 15:04:26 Golf1 postfix/smtpd[25021]: 936C9160F1: client=sendc.actemarketing.com[216.241.183.73]
    Oct 20 15:04:26 Golf1 postfix/cleanup[25016]: 936C9160F1: message-id=<0000158c02191f07d9@[10.10.11.66]>
    Oct 20 15:04:27 Golf1 postfix/smtpd[25005]: disconnect from unknown[117.198.210.189]
    Oct 20 15:04:28 Golf1 postfix/qmgr[3447]: 936C9160F1: from=<news@tv-bay.com>, size=55669, nrcpt=1 (queue active)
    Oct 20 15:04:28 Golf1 postfix/smtpd[25021]: disconnect from sendc.actemarketing.com[216.241.183.73]
    Oct 20 15:04:38 Golf1 amavis[23843]: (23843-05) Blocked SPAM, [117.198.210.189] [117.198.210.189] <impersonatedvh0@ramaticiins.com> -> <nsuk@domain1.tld>, quarantine: spam-paUFx9VqpXqa.gz, Message-ID: <000d01ca518e$3803cee0$6400a8c0@impersonatedvh0>, mail_id: paUFx9VqpXqa, Hits: 10.312, size: 2097, 12965 ms
    Oct 20 15:04:38 Golf1 postfix/smtp[25017]: 4519B160D8: to=<nsuk@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=3/0.05/0.01/13, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=23843-05, DISCARD(bounce.suppressed))
    Oct 20 15:04:38 Golf1 postfix/qmgr[3447]: 4519B160D8: removed
    Oct 20 15:04:43 Golf1 postfix/smtpd[25028]: connect from unknown[127.0.0.1]
    Oct 20 15:04:43 Golf1 postfix/smtpd[25028]: E5C66160D8: client=unknown[127.0.0.1]
    Oct 20 15:04:43 Golf1 postfix/cleanup[25016]: E5C66160D8: message-id=<0000158c02191f07d9@[10.10.11.66]>
    Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: E5C66160D8: from=<news@tv-bay.com>, size=56110, nrcpt=1 (queue active)
    Oct 20 14:04:44 Golf1 postfix/smtpd[25028]: disconnect from unknown[127.0.0.1]
    Oct 20 15:04:44 Golf1 amavis[23844]: (23844-05) Passed CLEAN, [216.241.183.73] [216.241.183.73] <news@tv-bay.com> -> <rick@domain1.tld>, Message-ID: <0000158c02191f07d9@[10.10.11.66]>, mail_id: dsPMiv7j-8GP, Hits: 0.061, size: 55668, queued_as: E5C66160D8, 15965 ms
    Oct 20 15:04:44 Golf1 postfix/smtp[25026]: 936C9160F1: to=<rick@domain1.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=1.6/0.11/0.01/16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23844-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5C66160D8)
    Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: 936C9160F1: removed
    Oct 20 15:04:44 Golf1 postfix/pipe[25030]: E5C66160D8: to=<rick@domain1.tld>, relay=maildrop, delay=0.48, delays=0.14/0.04/0/0.3, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 20 15:04:44 Golf1 postfix/qmgr[3447]: E5C66160D8: removed
    Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: connect from localhost[127.0.0.1]
    Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: lost connection after CONNECT from localhost[127.0.0.1]
    Oct 20 15:05:02 Golf1 postfix/smtpd[25005]: disconnect from localhost[127.0.0.1]
    Oct 20 15:05:02 Golf1 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 20 15:05:02 Golf1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    
    
    
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Amavisd is working correctly and identifies spam. But you configured it to quarantine spam instead of deleting it or marking it as spam in the header, so all spam mails get stored in the quarantine directory of amavis.
     
  9. Cracklefish

    Cracklefish Member HowtoForge Supporter

    Sorry for the delay but I had to go away on another job.

    So the problem is my setup.

    I have a .Spam directory on each of the mailboxes, created by ispc but there is no mail in it. Where is it going and how do I correct this? Is it an amavisd.conf or a mysql error?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The .Spam directory is not from ispconfig and amavisd has no function to move spam to such a directoyr. You mix up the amavisd quarantine (which is not used or implemented in ispconfig setups) with the .Spam dir which is most likely created by a webmail or other imap client.

    If you want to move spam to a local spam dir, you have to select that amavisd rewrites the ubject of the emails and then use a email fiter to move the emails based on this subject to your spam dir.
     
  11. Cracklefish

    Cracklefish Member HowtoForge Supporter

    I thought the .Spam folder was made when I set up a custom rule to move tagged emails there but it might have been Squirrelmail. I am now so confused with this setup. I have been hacking at it for weeks. I have just discovered the quarantine directory with more than 35,000 files in it which I have deleted. I have set up a cron job to delete aged stuff. What I'm trying to achieve is giving each mail domain the option of tagging or deleteing spam but I don't seem to have found answer yet. My amavisd.conf is posted earlier in this thread. Any help will be gratefully received.
     
  12. Cracklefish

    Cracklefish Member HowtoForge Supporter

    On further investigation, it would seem that amavis is not reading the settings from mysql but using the settings in amavisd.conf
     

Share This Page