clamav-users August 2007 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] What triggers "Suspicious

Re: [Clamav-users] What triggers "Suspicious recipient address blocked"?

From: Nigel Horne <njh_at_nospam>
Date: Wed Aug 29 2007 - 07:38:48 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>


micah wrote:
> I'm getting a number of these in my logs now that clamav-milter is
> chewing away at incoming SMTP requests:
>
> Aug 28 03:59:40 mx2 postfix/smtpd[30473]: NOQUEUE: milter-reject: RCPT
> from cho0.0.0.0-36-3.fbx.proxad.net[0.0.0.0]: 554 5.7.1 Suspicious
> recipient address blocked; from=<Beardjfpjh@tripperpalooza.com>
> proto=ESMTP helo=<cho0.0.0.0-36-3.fbx.proxad.net>
>
> but I'm not seeing what the recipient actually is.

Although you don't mention it, I take it you're getting this message in the syslog. The recipient is stored in ClamAV's log, see the LogFile directive in clamd.conf.

> Thanks for any information,
> Micah

-Nigel



Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html