Problem with Catchall function and Quarantine's target email

Discussion in 'General' started by farkinca71, Oct 20, 2009.

  1. farkinca71

    farkinca71 New Member

    Dear Experts,

    I have installed a perfect server on Ubuntu 9.04, with postfix and Ispconfig 3. The system is up and running, getting and sending emails alright.:)
    But I have a little problem with catchall function and a spamfilter policy quarantine's function as well. :(
    Namely I created an account of [email protected] where i want to get all of the letters including spams and viruses. I put the email address for the necessary places in ISPconfig panel, but i do not get any letters for that sandbox account !
    Any advise or tutorials would be welcome ! I am sort of lame in Linux world, so be patient with me please !
    Thanks for the help in advance !

    Farkinca
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please take a look at the mail log of your system to find out what happends with the spam emails.
     
  3. farkinca71

    farkinca71 New Member

    Hello Till,

    That was what I found in log

    Oct 21 10:08:09 mail postfix/smtp[32695]: AD03910C3A6: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.58, delays=0.19/0/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 110AF10C39D)
    Oct 21 10:08:09 mail postfix/qmgr[3029]: AD03910C3A6: removed

    This means postfix removed the message before spamassassin?
    If it is so, is there any way to put them in quarantine and check them later ?
    The other question : I have about 4000 spam in one directory and i made sa-learn command upon that directory and it was said that journal was created or something. Is it working or not, how can I check it? I am using ISPconfig 3.

    Thanks a lot for the help :eek:
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No. This means that postfix handed the message over to amavisd. Amavisd need some time to scan the email (about 10 - 20 seconds) does any lines got added after the lines you posted above?
     
  5. farkinca71

    farkinca71 New Member

    Dear Till

    All the line here regarding the given message

    Oct 21 10:08:08 mail postfix/pickup[31226]: AD03910C3A6: uid=5000 from=<>
    Oct 21 10:08:08 mail postfix/pipe[32719]: 45A1410C3A0: to=, relay=maildrop, delay=0.48, delays=0.26/0.02/0/0.2, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 21 10:08:08 mail postfix/qmgr[3029]: 45A1410C3A0: removed
    Oct 21 10:08:08 mail postfix/cleanup[32694]: AD03910C3A6: message-id=<[email protected]>
    Oct 21 10:08:08 mail postfix/qmgr[3029]: AD03910C3A6: from=<>, size=3820, nrcpt=1 (queue active)
    Oct 21 10:08:09 mail postfix/smtpd[32718]: connect from localhost[127.0.0.1]
    Oct 21 10:08:09 mail postfix/smtpd[32718]: 110AF10C39D: client=localhost[127.0.0.1]
    Oct 21 10:08:09 mail postfix/cleanup[32694]: 110AF10C39D: message-id=<[email protected]>
    Oct 21 10:08:09 mail postfix/qmgr[3029]: 110AF10C39D: from=<>, size=4265, nrcpt=1 (queue active)
    Oct 21 10:08:09 mail postfix/smtpd[32718]: disconnect from localhost[127.0.0.1]
    Oct 21 10:08:09 mail amavis[2302]: (02302-04) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <[email protected]>, mail_id: D97wiVcH1P1C, Hits: 0.383, size: 3820, queued_as: 110AF10C39D, dkim_id=@gmail.com,[email protected], 382 ms
    Oct 21 10:08:09 mail postfix/smtp[32695]: AD03910C3A6: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.58, delays=0.19/0/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 110AF10C39D)
    Oct 21 10:08:09 mail postfix/qmgr[3029]: AD03910C3A6: removed
    Oct 21 10:08:09 mail postfix/pipe[32719]: 110AF10C39D: to=, relay=maildrop, delay=0.23, delays=0.13/0/0/0.1, dsn=2.0.0, status=sent (delivered via maildrop service)


    Amavis did not check it !

    I sent 7 spam from gmail address to this account , 5 got caught, 2 passed

    One of them is the following

    Oct 21 10:08:52 mail postfix/smtpd[32718]: E214610C39D: client=localhost[127.0.0.1]
    Oct 21 10:08:53 mail postfix/cleanup[32686]: E214610C39D: message-id=<[email protected]>
    Oct 21 10:08:53 mail postfix/qmgr[3029]: E214610C39D: from=<>, size=5147, nrcpt=1 (queue active)
    Oct 21 10:08:53 mail postfix/smtpd[32718]: disconnect from localhost[127.0.0.1]
    Oct 21 10:08:53 mail amavis[2302]: (02302-05) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <[email protected]>, mail_id: ByshamBHurT5, Hits: 0.368, size: 4702, queued_as: E214610C39D, dkim_id=@gmail.com,[email protected], 354 ms
    Oct 21 10:08:53 mail postfix/smtp[32695]: 99E4410C3A3: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.49, delays=0.13/0/0.01/0.36, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02302-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E214610C39D)
    Oct 21 10:08:53 mail postfix/qmgr[3029]: 99E4410C3A3: removed
    Oct 21 10:08:53 mail postfix/pipe[32719]: E214610C39D: to=, relay=maildrop, delay=0.22, delays=0.14/0/0/0.08, dsn=2.0.0, status=sent (delivered via maildrop service)
    Oct 21 10:08:53 mail postfix/qmgr[3029]: E214610C39D: removed

    Any solution for the other questions ?

    Thanks a lot!
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats wrong. Amavis checked it and the scoire was below the level to tag the email as spam:

    Oct 21 10:08:09 mail amavis[2302]: (02302-04) Passed CLEAN, [127.0.0.1] [209.85.220.225] <> -> , Message-ID: <31ae74420910210007l2bceb401j2b166956a2180736@mail .gmail.com>, mail_id: D97wiVcH1P1C, Hits: 0.383, size: 3820, queued_as: 110AF10C39D, dkim_id=@gmail.com,[email protected], 382 ms

    You can not test amavis like that. The above log lines show that amavis is working correctly.
     
  7. farkinca71

    farkinca71 New Member

  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Make sure that you assigned the policy to the whole domain name as policys can not be assigned to forwards.

    Also, clean messges do not get quarantined of course. Only messages recognized as spam will get quarantined.
     

Share This Page