| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8
Comments:
<0> hi, my clamav is named local mail as spam (if I send mail from me to myself), how I fix it ?
<1> When using postfix admin, do you add mailman aliases to the database, or to the aliases file?
<2> Depends on whether the domain is local(8) or virtual(8). Probably easier if local(8), in which case use aliases(5) file.
<0> hparker, I'm using virtual aliases on mysql
<1> It's all virtual
<1> Used to be....
<0> hparker, when I was using TLS with postfix, messages from me to myself wasn't named as ***SPAM***, but now, without TLS it is
<1> What rules is it hitting?
<0> hparker, eg: my email is daniel@lenhador.com, if I try to send a message from daniel@lenhador.com to daniel@lenhador.com it is labeled as spam
<1> rob0: postfixadmin spanked me, guess I'll have to setup a subdomain and run it that way
<0> hparker, are rules on /etc/amavis/amavisd.conf ?
<1> backz: Then quit spamming yourself! ;)
<0> hparker, nice!
<0> haha
<1> backz: No, what rules show up in the headers?
<1> Dog wants out, bbiaf
<0> i'll paste
<0> hparker, http://rafb.net/paste/results/Lhud6R15.html
<1> This is on the same machine? If so, send it to localhost, you hit two dynamic lists
<0> hparker, is the same machine
<0> hparker, send what to localhost ?
<1> The mail from clamav
<0> the mail labeled as SPAM?
<0> ok
<1> And you've got some rules I'm not familiar with, but losing the two dynamic hits should be enough
<0> hparker, done! I was sent it to daniel@localhost and openned with 'mail', I've same rules
<1> Still scored 5.9 when using 127.0.0.1?
<0> X-Spam-Status: Yes, hits=7.1 tagged_above=3.0 required=4.0 tests=AWL,
<0> from daniel@lenhador.com (virtual) to daniel@localhost
<1> Pastbin all of the headers, odd that it went up
<0> ok
<0> http://rafb.net/paste/results/6n2OpJ57.html
<1> The raw mail headers please
<1> Wow, that's an old version of amavisd-new.. Does that make it amavisd-old?
<0> http://rafb.net/paste/results/6BJa6v92.html
<0> I'm using sarge
<0> I followed this article: http://www.howtoforge.com/book/print/181
<1> Oh, I don't track debian, some old FC servers, and getting converted to Gentoo
<0> http://www.howtoforge.com/virtual_postfix_mysql_quota_courier
<0> hparker, u dont like debian ?
<1> backz: I'm a Gentoo dev ;)
<0> hparker, crazy! I dont know gentoo... =P
<0> but, I know ports of *bsd
<1> This is the line that looks to be killing you: Received: from [200.148.98.159] (200-148-98-159.dsl.telesp.net.br [200.148.98.159])
<1> You're sending from the real IP, not localhost
<0> hum
<0> how I enable to send mail from me of any IP ?
<0> 200.148.98.159 is my home
<1> Above you said it was mail from clamav, I'm thinking there's a setting in amavisd.conf to adjust that.. Don't hold me to that, I don't get in it often
<0> I'm from imap
<0> then, do u dont know how I do it ?
<0> if u want to see my amavisd.conf... i pastebin it
<1> Guess not, I don't see one in mine
<0> hparker, hahaha... thank you for patience
<1> But looking at the headers, it's coming to postfix From: localhost
<3> hey
<3> my mailqueue keeps being filled with the following:
<3> F38F81F2A 1224 Tue May 9 06:41:20 apache@david.pro-g.co.uk
<3> (delivery temporarily suspended: connect to example.com[192.0.34.166]: Operation timed out)
<3> dbmaster@example.com
<3> i can't detect where it's coming from
<3> but i'm talking about thousands of these messages
<3> any ideas?
<0> hparker, in my amavisd.conf I've $mydomain = 'localhost';
<1> Exnor: Is david.pro-g.co.uk your domain? If so, bad mail form I'd bet
<3> yeah domain
<3> bad mail form?
<3> its one server of many running a single site
<1> backz: Mine's set to my domain, don't remember how all I configured it.. That was months ago
<3> the other strange thing is that it seems to get filled during 5-7am
<1> Exnor: Something is causing apache to send mail
<3> hmm
<3> a script?
<3> really can't think of any scripts that would be doing that ...
<3> hmm
<1> Last one I ran into was a script with predifined To:, so it was just them getting spammed
<3> yeah but it means you have to call up taht script
<3> to execute it
<3> i totally dont get it
<1> Check your apache logs
<3> for what?
<3> no idea what this script, if its a script causing it, would be called
<1> Ok, that log shows it trying to deliver.. Got one for it arriving?
<3> well this is the mailq
<3> hmm
<3> i should be able to see actually yeah, in the postfox log
<3> moment
<4> I'm not so sure of what I'm saying so if I make no sense, please forgive me ... we p*** messages coming in on port 25 to a perl script, it then makes a decision to send them on by injecting them on another port (25250 I think) ...
<4> Now if we have a lot of messages waiting to get to the perl script, they're all queued up.
<4> Confirm for me if you would .. there's just one queue: So messages destined for the port 25250 handler wait in line for the port 25 messages..
<4> Or, because they're going in a different port, do they get handled immediately?
<3> i cant see it in the log
<3> i mean there are millions of attempts
<3> to send to example.com
<1> They've got to be coming from somewhere
<3> May 10 00:03:07 david postfix/pickup[1506]: 268421596: uid=80 from=<apache>
<3> May 10 00:03:07 david postfix/cleanup[2768]: 268421596: message-id=<200605092303.518665280874@www.pro-g.co.uk>
<3> May 10 00:03:07 david postfix/qmgr[590]: 268421596: from=<apache@david.pro-g.co.uk>, size=1798, nrcpt=1 (queue active)
<3> this is perhaps it
<3> tones of entries like this
<3> then it doesn't get delivered and just keeps retrying
<1> Yup, that's from your web server, top line shows it
<3> 7262 times
<3> yea
<3> man
<3> i did a m*** find and replace on all the scripts on the server
<3> at least my development machine, which is almost an exact copy, bar config files
<3> of all scripts
<3> didnt see any example.com
<3> baffling
<3> i actually have no idea
<3> at all
<3> just searched the scripts again, thought it could be vBulletin, some forum software that's running, but it doesn't appear to have anything set iwth example.com
<1> If they can get through it, they can set the domain.. Check their website and compare versions, and look for vulnurabilities, updates, etc...
<3> this isn't anyone else doing this
<3> the server has had this behavour since it launched
<3> since the site launched, rather
<3> it's a config problem or *something*
<1> All I know from the log snippet is apache is sending it.. Can't say how, might look for oddities in it's log around the same time as the snippet you pasted
<3> well what i sent didnt specify a detination
<3> so i'm not sure that's the email
<3> there are loads of legit mails sent all the time as well
<4> I ***ume noone knows the answer to my question?
<1> Not I
<0> hparker, do u admin webservers ?
<1> backz: I just sold my ISP
<1> Still do hosting though
<0> hparker, then u use postfix with virtual emails ?
<0> using mysql ?
<3> how can I delete all emails in the queue?
<1> I use postfixadmin, and followed the instructions at high5.net
<1> Exnor: Look for postqueue at sf.net or you packages for your distro
<3> yeah i did already
<3> but there doesnt seem to be a switch
<3> for postqueue
<3> i can flush the queue
<3> but that isn't deleting the queue
<3> need a delete option
<0> hparker, do u use spam******in and clamav ?
<1> Thought it had a delete...
<1> backz: Yup
<0> hparker, I think if I must turn off spam******in and clamav
<0> =P
<3> -c, -f, -p, -s, -v
<3> none of which are delete
<1> Ugh, that's not what I'm thinking of...
<0> hparker, I'm using postfix with patch vda
<0> hparker, to use quota and virtual email with mysql
<1> Never messed with vda
<0> http://web.onda.com.br/nadal/
<1> Exnor: pfqueue is what I was thinking of
Return to
#postfix
or
Go to some related
logs:
xrandr suse twinview
gentoo64 mplayer win32codecs
/usr/local/ssl/misc/CA.pl: No such file or directory
#debian
ftp_fget stdout
coneited quotes
ati 3D RAGE iic xubuntu
gxine DVD
fc4 sysimage fstab missing
slap.h gentoo
|
|