Re: [Clamav-users] What triggers "Suspicious recipient address blocked"?

From: Nigel Horne <njh_at_nospam>
Date: Wed Aug 29 2007 - 07:38:48 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

micah wrote:
> I'm getting a number of these in my logs now that clamav-milter is
> chewing away at incoming SMTP requests:
>
> Aug 28 03:59:40 mx2 postfix/smtpd[30473]: NOQUEUE: milter-reject: RCPT
> from cho0.0.0.0-36-3.fbx.proxad.net[0.0.0.0]: 554 5.7.1 Suspicious
> recipient address blocked; from=<Beardjfpjh@tripperpalooza.com>
> proto=ESMTP helo=<cho0.0.0.0-36-3.fbx.proxad.net>
>
> but I'm not seeing what the recipient actually is.

Although you don't mention it, I take it you're getting this message in the syslog. The recipient is stored in ClamAV's log, see the LogFile directive in clamd.conf.

> Thanks for any information,
> Micah

-Nigel

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

This message: [ Message body ]
Next message: Tilman Schmidt: "Re: [Clamav-users] As soon as Sourcefire starts charging for viru... STOP it already"
Previous message: Schramm e.K. [ Deutschland ]: "Re: [Clamav-users] Script update"
In reply to: micah: "[Clamav-users] What triggers "Suspicious recipient address blocked"?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]