|Main Archive Page > Month Archives > spamassassin-users archives|
On 26/10/10 12:40, Sharma, Ashish wrote:
> I have SpamAssassin integrated on my postfix mail server via 'Amavisd-new'.
> The problem that I am facing is that I am receiving same email every 15 second from same sender with same message-ID on my production mail servers, following are my postfix logs:
> "Oct 25 01:11:02 g2t0433g postfix/smtpd: connect from webmail.warwick.net[18.104.22.168]
> Oct 25 01:11:02 g2t0433g postfix/smtpd: 2EAAF23004C: client=webmail.warwick.net[22.214.171.124]
> Oct 25 01:11:02 g2t0433g postfix/cleanup: 2EAAF23004C: message-id=<CE130ED7-D498-4461-B076-E3B8AB55B462@warwick.net>
> Oct 25 01:11:02 g2t0433g opendkim: (unknown-jobid): webmail.warwick.net [126.96.36.199] not internal
> Oct 25 01:11:02 g2t0433g opendkim: (unknown-jobid): not authenticated
> Oct 25 01:11:02 g2t0433g opendkim: (unknown-jobid): no signing domain match for `warwick.net'
> Oct 25 01:11:02 g2t0433g opendkim: (unknown-jobid): no signing subdomain match for `warwick.net'
> Oct 25 01:11:02 g2t0433g postfix/qmgr: 2EAAF23004C: from=<email@example.com>, size=1987, nrcpt=1 (queue active)
> Oct 25 01:11:02 g2t0433g postfix/smtpd: disconnect from webmail.warwick.net[188.8.131.52]
> Oct 25 01:11:03 g2t0433g amavis: (06492-09) Passed CLEAN, [184.108.40.206] [220.127.116.11]<firstname.lastname@example.org> -> <email@example.com>, Message-ID:<CE130ED7-D498-4461-B076-E3B8AB55B462@warwick.net>, mail_id: rJ8M8oQHBzWt, Hits: 1.104, size: 2234, queued_as: 250 Ok, 946 ms
> Oct 25 01:11:03 g2t0433g postfix/lmtp: 2EAAF23004C: to=<firstname.lastname@example.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.6/0/0.01/0.95, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=06492-09, from MTA([127.0.0.1]:10030): 250 Ok)
> Oct 25 01:11:03 g2t0433g postfix/qmgr: 2EAAF23004C: removed"
What happens to the message next? It's been passed to Amavis (and
accepted) and so removed from the queue, but what happens when Amavis
hands it back/on to the next MTA?
I don't know if you've redacted the domain, but should you be accepting
delivery of a message for that recipient at all? It doesn't *look* like
a real destination.
> How to determine that such mail is genuine or SPAM?
> Is there any rule on spamassassin that I can set that will discard such mails?
> Right now I have added 'email@example.com' in my postfix 'main.cf' restriction list as follows:
> smtpd_recipient_restrictions =
> check_sender_access hash:/etc/postfix/senderRestrictionList,
How is this file set up? Is it unintentionally allowing some senders to
bypass reject_unauth_destination (see
http://www.postfix.org/SMTPD_ACCESS_README.html) - I would have expected
a permit_mynetworks in there - alternatively are your relay domains set
correctly? You could also consider reject_unverified_recipient.
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.spamcop.net
> Is it the right approach?
> Please help
> Thanks in advance
> Ashish Sharma