Re: Mail discarded
On 6/25/10 4:24 AM, "Sasa" wrote: > Hi, from a few days much incomings mails are blocked and in log file I have > always 'discarded, UBE': That is the standard message from amavisd-new when the spamscore exceeds the discard threshold > but the domain 'email.it' (but I have this problem with much mail domains) > isn't in blacklist and this domain is certainly 'clean'. Spamassassin uses a scoring system, so there could be any number of reasons that the message is listed as spam, of which blacklists are only a small part. > My doubt is for what reason these mail are blocked ? Change your logging level to 2 in amavisd.conf so that you log the SPAM-TAG messages: Jun 23 11:16:50 ca amavis[18393]: (18393-14) SPAM-TAG, -> , No, score=3.823 tagged_above=-99 required=4.5 tests=[FUZZY_AMBIEN=1.851, HTML_MESSAGE=0.001, HTML_TITLE_SUBJ_DIFF=2.171, L_P0F_Unix=-1, MIME_HEADER_CTYPE_ONLY=1.996, MIME_HTML_ONLY=1.105, RCVD_IN_DNSWL_MED=-2.3, RELAY_US=0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled > On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: Mail discarded
On 25.06.10 11:24, Sasa wrote: > Hi, from a few days much incomings mails are blocked and in log file I > have always 'discarded, UBE': > > Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF: > from=, size=49182, nrcpt=1 (queue active) > Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: > to=, orig_to=y...@mydomain.com, > relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, > dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) > Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed > > but the domain 'email.it' (but I have this problem with much mail > domains) isn't in blacklist and this domain is certainly 'clean'. > My doubt is for what reason these mail are blocked ? > On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav. Why do you think this si SpamAssassin problem? Nothing in this log file indicates so. Check other log files and postfix configuration. Since you are running amavis, check amavis configuration too. I doubt SA has anything to do with this. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse
Mail discarded
Hi, from a few days much incomings mails are blocked and in log file I have always 'discarded, UBE': Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF: from=, size=49182, nrcpt=1 (queue active) Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: to=, orig_to=y...@mydomain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed but the domain 'email.it' (but I have this problem with much mail domains) isn't in blacklist and this domain is certainly 'clean'. My doubt is for what reason these mail are blocked ? On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav. Thanks. -- Salvatore.
Re: Mail discarded with http
On 5/21/10, Karsten Bräckelmann wrote: > On Fri, 2010-05-21 at 15:58 +0200, Sasa wrote: > > Hi, I have a problem with some mails that are discarded when in body message > > there is a web link with http prefix, i.e. with: > > http://www.example.com/example > > > > with this link the mail is discarded and in log file I have: > > You didn't show *any* traces of SA even being involved here. At the very > least, we'd need the rules hit. > > > [r...@mail ~]# grep 707F026A302 /var/log/maillog > > May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302: > > client=unknown[192.168.1.88], sasl_method=LOGIN, > > sasl_username=u...@mydomain.com > > May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302: > > message-id=000d01caf7f9$c95308e0$5bf91a...@com > > May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302: > > from=, size=3075, nrcpt=2 (queue active) > > So you're filtering outbound mail? > > > May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302: > > to=, relay=127.0.0.1[127.0.0.1]:10024,delay=23, > > delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, > > id=13116-02) > > SA does not discard mail. It merely classifies it, any action is left to > other tools in your chain. > > You just clearly showed that it is postfix discarding the mail. What's > missing from your pasted logs is the reason *why* postfix did that. > You'll need to dig deeper. > > > postfix 2.5.6 > > amavisd-new > > spamassassin > > clamav > > So, first question to check for in the logs is, which of these tools > even processed the message, and what the respective results are. > Actually, Postfix did not discard the mail, it delivered it to amavisd-new at 127.0.0.1:10024 and amavisd-new reported back to Postfic that it discarded the UBE mail. The mail is not necessarily discarded however, it may have been quarantined by amavisd-new. Of course this all depends on settings in amavisd-new. The first message shows the amavisd-new log entry where spamassassin scored Hits: 4.339 and this message was Passed CLEAN. You do not show the amavisd-new log entry for the second message. If the message has only this small amout of text it it, this seems like a pretty high score, so you do need to see which rules hit. If you increase amavisd-new $log_level to 2 during testing, you should see which rules were triggered. Here is a sample from amavisd-new 2.6.4: # tail -f /var/log/mail.log | grep SPAM May 23 02:55:54 filter amavis[3942]: (03942-01) SPAM-TAG, -> , No, score=1.317 required=6.1 tests=[ALL_TRUSTED=-1, AWL=0.549, DATE_IN_FUTURE_06_12=0.001, MISSING_SUBJECT=1.767] autolearn=no -- Gary V
Re: Mail discarded with http
On Fri, 2010-05-21 at 15:58 +0200, Sasa wrote:
> Hi, I have a problem with some mails that are discarded when in body message
> there is a web link with http prefix, i.e. with:
> http://www.example.com/example
>
> with this link the mail is discarded and in log file I have:
You didn't show *any* traces of SA even being involved here. At the very
least, we'd need the rules hit.
> [r...@mail ~]# grep 707F026A302 /var/log/maillog
> May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302:
> client=unknown[192.168.1.88], sasl_method=LOGIN,
> sasl_username=u...@mydomain.com
> May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302:
> message-id=000d01caf7f9$c95308e0$5bf91a...@com
> May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302:
> from=, size=3075, nrcpt=2 (queue active)
So you're filtering outbound mail?
> May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302:
> to=, relay=127.0.0.1[127.0.0.1]:10024,delay=23,
> delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE,
> id=13116-02)
SA does not discard mail. It merely classifies it, any action is left to
other tools in your chain.
You just clearly showed that it is postfix discarding the mail. What's
missing from your pasted logs is the reason *why* postfix did that.
You'll need to dig deeper.
> postfix 2.5.6
> amavisd-new
> spamassassin
> clamav
So, first question to check for in the logs is, which of these tools
even processed the message, and what the respective results are.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Mail discarded with http
Hi, I have a problem with some mails that are discarded when in body message there is a web link with http prefix, i.e. with: http://www.example.com/example with this link the mail is discarded and in log file I have: [r...@mail ~]# grep 707F026A302 /var/log/maillog May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302: client=unknown[192.168.1.88], sasl_method=LOGIN, sasl_username=u...@mydomain.com May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302: message-id=000d01caf7f9$c95308e0$5bf91a...@com May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302: from=, size=3075, nrcpt=2 (queue active) May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302: to=, relay=127.0.0.1[127.0.0.1]:10024,delay=23, delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=13116-02) now the same mail and the same 'from' and 'to' address but in body message I have: www.example.com/example ..therefore without http prefix, this mail is delivered to destination address without problem ! and in log file I have: May 20 11:02:49 mail amavis[15631]: (15631-01) Passed CLEAN, [192.168.1.88] [192.168.1.88] -> , Message-ID: <001501caf7fb$37dea2f0$a79be8...@com>, Hits: 4.339, 9381 ms May 20 11:02:49 mail postfix/smtp[15401]: 549B926A45C: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=5.2/3.1/0.07/9.6, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=15631-01, from MTA: 250 2.0.0 Ok: queued as A3CC026A424) May 20 11:02:52 mail postfix/smtp[14403]: A3CC026A424: to=, relay=mxdomain5.domain.it[212.52.84.83]:25, delay=3.6, delays=0.38/0/3.1/0.14, dsn=2.0.0, status=sent (250 ok: Message 140289514 accepted) On my mail server I have: postfix 2.5.6 amavisd-new spamassassin clamav Thanks. -- Salvatore.
