DOS attacked :(
Pete
pete at eatathome.com.au
Thu Mar 4 00:05:21 GMT 2004
Stephen Swaney wrote:
>I'm top posting so this won't get lost. This was written by one of our
>clients to handle a really severe Joe-job. His name shall be revealed if he
>let's me, but I don't know if he wants the credit for breaking RFC 1123
>(this certainly does). This deletes any incoming email that has a return
>address of "<>".
>
>BE CAREFUL WITH THE TABS. Don't cut 'n paste this tabs must separate the
>Left hand side from the right hand side rules and comments. The have been
>lost in the email transmission. You' know if you've missed a tab because
>sendmail will croak when you try and start it.
>
>I can't verify that this works but he insisted it saved his axx. He was so
>upset by the attack he stayed up for 30 hours straight and learned to write
>sendmail.cf files from scratch. No Small feat.
>
>Possible some sendmail guru whose not battling the bagel will be kind enough
>to put the hack into a sendmail.mc format.
>
>------------------ snip -----------------------------
>######################################################################
>######################################################################
>#####
>##### REWRITING RULES
>#####
>######################################################################
>######################################################################
>#Added by XXX to handle joe job on 020404
>
>HSubject: $>Check_Subject1
>D{MPat}Returned
>SCheck_Subject1
>R${MPat} $* $#discard
>
>
>######################################################################
>### check_mail -- check SMTP `MAIL FROM:' command argument
>######################################################################
>
>SLocal_check_mail
>Scheck_mail
>R$* $: $1 $| $>"Local_check_mail" $1
>R$* $| $#$* $#$2
>R$* $| $* $@ $>"Basic_check_mail" $1
>
>SBasic_check_mail
># check for deferred delivery mode
>R$* $: < $&{deliveryMode} > $1
>R< d > $* $@ deferred
>R< $* > $* $: $2
>
># authenticated?
>R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
>R$* $| $#$+ $#$2
>R$* $| $* $: $1
>
>#modified by XXX to handle joe job on 020404 Note: org line above
>#R<> $@ <OK> we MUST accept <> (RFC 1123)
>R<> $@ $#discard we MUST accept <> (RFC 1123)
>R$+ $: <?> $1
>R<?><$+> $: <@> <$1>
>R<?>$+ $: <@> <$1>
>R$* $: $&{daemon_flags} $| $1
>R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
>R$* u $* $| <@> < $* > $: <?> < $3 >
>R$* $| $* $: $2
># handle case of @localhost on address
>------------------ snip -----------------------------
>
>
>Steve
>
>Stephen Swaney
>President
>Fortress Systems Ltd.
>Steve.Swaney at FSL.com
>
>
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Pete
>>Sent: Wednesday, March 03, 2004 6:08 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: DOS attacked :(
>>
>>What should i do to rectify or prevent this? Nothing leave it to MS?
>>
>>Load avergae is stuck on 7 and almost nothing is wworking on this
>>machine, even ssh commands have a 10sec delay.
>>
>>Will deleting the offending email be the entire solution?
>>
>>
>>Mar 4 10:09:56 mail01 postfix/qmgr[14167]: 6D35733D27: from=<>,
>>size=3477, nrcpt=1 (queue active)
>>Mar 4 10:09:56 mail01 postfix/smtpd[15859]: disconnect from
>>adl0133.systems.sa.gov.au[143.216.236.20]
>>Mar 4 10:09:56 mail01 postfix/qmgr[14167]: 6D35733D27:
>>to=<lwelch at mteliza.com.au>, relay=none, delay=0, status=deferred
>>(deferred transport)
>>Mar 4 10:10:20 mail01 update.virus.scanners: Found clamav installed
>>Mar 4 10:10:20 mail01 update.virus.scanners: Running autoupdate for
>>clamav
>>Mar 4 10:10:27 mail01 MailScanner[14186]: SpamAssassin timed out and
>>was killed, consecutive failure 12 of 20
>>Mar 4 10:10:50 mail01 MailScanner[14171]: Commercial scanner
>>clamavmodule timed out!
>>Mar 4 10:10:50 mail01 MailScanner[14182]: Commercial scanner
>>clamavmodule timed out!
>>Mar 4 10:10:52 mail01 MailScanner[14171]: Virus Scanning: Denial Of
>>Service attack is in message A086133CDD
>>Mar 4 10:10:52 mail01 ClamAV-autoupdate[16032]: ClamAV did not need
>>updating
>>Mar 4 10:10:53 mail01 MailScanner[14182]: Virus Scanning: Denial Of
>>Service attack detected!
>>Mar 4 10:11:12 mail01 MailScanner[14186]: SpamAssassin timed out and
>>was killed, consecutive failure 13 of 20
>>Mar 4 10:11:35 mail01 postfix/smtpd[15859]: warning: 144.134.105.149:
>>hostname glpp-p-144-134-105-149.prem.tmns.net.au verification failed:
>>Host not found
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 802E233CF1: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 81A6B33CF8: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 319FC33CF6: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 7AB0F33CE7: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 7144633CEF: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 7BB5933CF5: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: B023533CFB: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: A086133CDD: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: A101F33CF9: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 632A833CE0: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 67E9533CE2: skipped, still
>>being delivered
>>Mar 4 10:11:46 mail01 postfix/qmgr[14167]: 593BD33984: skipped, still
>>being delivered
>>Mar 4 10:11:53 mail01 MailScanner[14186]: SpamAssassin timed out and
>>was killed, consecutive failure 14 of 20
>>Mar 4 10:12:37 mail01 MailScanner[14186]: SpamAssassin timed out and
>>was killed, consecutive failure 15 of 20
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>>
>>Fortress Systems Ltd.
>>www.fsl.com
>>
>>
>>
>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by Fortress Secure Mail Gateway
>and was found to be clean.
>
>Fortress Systems Ltd. - http://www.fsl.com
>
>
>
>
>
>
Sorry, i wasnt clear enough - this is a poistfix 2.016 - working
perfectly until this morning, even after upgrade yesterday and added DCC
and pyzor, although pyzor never worked and i didnt get a change to look
at it yet. I have tried changing the accellerated scanning mode to 40 (i
assume this means when the queue is 40+ deep it will accellerate the
scanning mode?
Can some one tell me how to use postfix to display the amount of
messages in the queue from command line, or any other usefull postfix
commands? I did mailq -v but this disaplays nothing.
The latest change i made was to clamavmodule from regular clamav, tried
changing it back but no luck. attached is my debug, nothing seems really
obviously broken?
Attached also is a log sample, complete, from immedietly after a service
MailScanner restart
Its getting worse and all i see is 100+ messages in the queue, changed
the batch mode to only do 10 at once but stikll all i get in the maillog is
Mar 4 11:00:32 mail01 MailScanner[3461]: SpamAssassin timed out and was
killed, consecutive failure 8 of 20
thanks in advance for ANY help i can get on this, its a big problem and
its getting worse by the minute :(
-------------- next part --------------
debug: running in taint mode? no
debug: ignore: test message to precompile patterns and load modules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: Score set 1 chosen.
debug: Initialising learner
debug: is Net::DNS::Resolver available? yes
debug: trying (3) microsoft.com...
debug: looking up MX for 'microsoft.com'
debug: MX for 'microsoft.com' exists? 1
debug: MX lookup of microsoft.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.27
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=1.27
debug: running uri tests; score so far=1.27
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.27
debug: Razor2 is not available
debug: Current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=35931 Fuz1=235142 Fuz2=235801
debug: leaving helper-app run mode
debug: all '*To' addrs:
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=1.27
debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
debug: received-header: parsed as [ ip=203.55.179.230 rdns=chedns02.simplot.com.au helo=chedns.simnetad.simplot.com.au by=mail01.mteliza.com.au ident= ]
debug: received-header: 'from' 203.55.179.230 is near to first 'by'
debug: received-header: relay 203.55.179.230 trusted? yes
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: rohan.hughes at simplot.com.au
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0.285
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.286
debug: running uri tests; score so far=0.286
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.286
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1 Fuz2=1
debug: leaving helper-app run mode
debug: all '*To' addrs: KKaddatz at mteliza.com.au
debug: DNS MX records found: 2
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=0.286
debug: is spam? score=0.286 required=5 tests=HTML_MESSAGE,NO_REAL_NAME
debug: received-header: parsed as [ ip=138.217.224.22 rdns=CPE-138-217-224-22.wa.bigpond.net.au helo=mteliza.com.au by=mail01.mteliza.com.au ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 138.217.224.22 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: ben.martin at wanews.com.au
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0.285
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.285
debug: running uri tests; score so far=0.285
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.285
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1
debug: leaving helper-app run mode
debug: all '*To' addrs: emp at mteliza.com.au
debug: DNS MX records found: 2
debug: forged-HELO: from=bigpond.net.au helo=mteliza.com.au by=mteliza.com.au
debug: forged-HELO: mismatch on HELO: 'mteliza.com.au' != 'bigpond.net.au'
debug: RBL: success for 9 of 9 queries
debug: running meta tests; score so far=6.241
debug: is spam? score=6.241 required=5 tests=MSGID_FROM_MTA_SHORT,NO_REAL_NAME,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS
debug: received-header: parsed as [ ip=144.136.10.124 rdns=CPE-144-136-10-124.vic.bigpond.net.au helo=mteliza.com.au by=mail01.mteliza.com.au ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 144.136.10.124 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: sales at rarreg.com
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0.285
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.285
debug: running uri tests; score so far=0.285
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.285
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=13 Fuz2=217
debug: leaving helper-app run mode
debug: all '*To' addrs: jjennings at mteliza.com.au
debug: DNS MX records found: 1
debug: forged-HELO: from=bigpond.net.au helo=mteliza.com.au by=mteliza.com.au
debug: forged-HELO: mismatch on HELO: 'mteliza.com.au' != 'bigpond.net.au'
debug: RBL: success for 9 of 9 queries
debug: running meta tests; score so far=6.241
debug: is spam? score=8.225 required=5 tests=MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS
debug: received-header: parsed as [ ip=210.86.15.147 rdns=mta204-rme.xtra.co.nz helo=mta204-rme.xtra.co.nz by=mail01.mteliza.com.au ident= ]
debug: received-header: parsed as [ ip=210.86.15.141 rdns=mta1-rme.xtra.co.nz helo= by=mta204-rme.xtra.co.nz ident= ]
debug: received-header: parsed as [ ip=219.89.124.118 rdns=worthyxp05 helo= by=mta1-rme.xtra.co.nz ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 210.86.15.147 trusted? no
debug: received-header: relay 210.86.15.141 trusted? no
debug: received-header: relay 219.89.124.118 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: worthynz at xtra.co.nz
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.7
debug: running uri tests; score so far=0.7
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.7
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=3 Fuz1=3 Fuz2=3
debug: leaving helper-app run mode
debug: all '*To' addrs: JScott at mteliza.com.au
debug: DNS MX records found: 1
debug: forged-HELO: from=xtra.co.nz helo=xtra.co.nz by=mteliza.com.au
debug: forged-HELO: from=xtra.co.nz helo= by=xtra.co.nz
debug: forged-HELO: from=worthyxp05 helo= by=xtra.co.nz
debug: RBL: success for 25 of 25 queries
debug: running meta tests; score so far=0.7
debug: is spam? score=0.961 required=5 tests=HTML_50_60,HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE,HTML_TAG_EXISTS_TBODY,LINES_OF_YELLING,LINES_OF_YELLING_2,UPPERCASE_25_50
debug: received-header: parsed as [ ip=210.193.192.21 rdns=mail.archergroup.com.au helo=melex01.archergroup.com.au by=mail01.mteliza.com.au ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 210.193.192.21 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: mmorgan at archergroup.com.au
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.171
debug: running uri tests; score so far=0.171
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.171
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1 Fuz2=1
debug: leaving helper-app run mode
debug: all '*To' addrs: gcocks at mteliza.com.au
debug: DNS MX records found: 2
debug: forged-HELO: from=archergroup.com.au helo=archergroup.com.au by=mteliza.com.au
debug: RBL: success for 9 of 9 queries
debug: running meta tests; score so far=0.171
debug: is spam? score=0.171 required=5 tests=EXCUSE_16
debug: is Net::DNS::Resolver available? yes
debug: looking up PTR record for '209.182.98.114'
debug: PTR for '209.182.98.114': 'la-209-182-98-114'
debug: received-header: parsed as [ ip=209.182.98.114 rdns=la-209-182-98-114 helo=mail.symlog.com by=mail01.mteliza.com.au ident= ]
debug: received-header: parsed as [ ip=24.94.11.195 rdns=bob helo= by=mail.symlog.com ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 209.182.98.114 trusted? no
debug: received-header: relay 24.94.11.195 trusted? no
debug: all '*From' addrs: bob at symlog.com
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.575
debug: running uri tests; score so far=0.575
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.575
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1 Fuz2=1
debug: leaving helper-app run mode
debug: all '*To' addrs: KMorley at mteliza.com.au CSykes at mteliza.com.au
debug: DNS MX records found: 1
debug: forged-HELO: from=la-209-182-98-114 helo=symlog.com by=mteliza.com.au
debug: forged-HELO: from=bob helo= by=symlog.com
debug: RBL: success for 17 of 17 queries
debug: running meta tests; score so far=0.675
debug: is spam? score=0.675 required=5 tests=HTML_40_50,HTML_FONTCOLOR_BLUE,HTML_MESSAGE,RCVD_IN_SORBS
debug: received-header: parsed as [ ip=211.29.105.109 rdns=winax12-109.dialup.optusnet.com.au helo=mteliza.com.au by=mail01.mteliza.com.au ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 211.29.105.109 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: jbdgwvi6825023 at aol.com
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=3.94
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=3.94
debug: running uri tests; score so far=3.94
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=3.94
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1
debug: leaving helper-app run mode
debug: all '*To' addrs: 3dfrobinson at mteliza.com.au
debug: DNS MX records found: 4
debug: forged-HELO: from=optusnet.com.au helo=mteliza.com.au by=mteliza.com.au
debug: forged-HELO: mismatch on HELO: 'mteliza.com.au' != 'optusnet.com.au'
debug: RBL: success for 9 of 9 queries
debug: running meta tests; score so far=9.896
debug: is spam? score=11.88 required=5 tests=ADDR_NUMS_AT_BIGSITE,FROM_ENDS_IN_NUMS,FROM_WEBMAIL_END_NUMS6,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS
debug: received-header: parsed as [ ip=137.157.8.253 rdns=tachyon.gw.ansto.gov.au helo=tachyon.gw.ansto.gov.au by=mail01.mteliza.com.au ident= ]
debug: received-header: parsed as [ ip=137.157.13.219 rdns=hadron.ansto.gov.au helo= by=tachyon.gw.ansto.gov.au ident= ]
debug: received-header: parsed as [ ip=137.157.58.208 rdns=paradise.ansto.gov.au helo=paradise.ansto.gov.au by=hadron.ansto.gov.au ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 137.157.8.253 trusted? no
debug: received-header: relay 137.157.13.219 trusted? no
debug: received-header: relay 137.157.58.208 trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: hhx at ansto.gov.au
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0
debug: running uri tests; score so far=0
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1 Fuz2=1
debug: leaving helper-app run mode
debug: all '*To' addrs: JGuillot at mteliza.com.au
debug: DNS MX records found: 2
debug: forged-HELO: from=ansto.gov.au helo=ansto.gov.au by=mteliza.com.au
debug: forged-HELO: from=ansto.gov.au helo= by=ansto.gov.au
debug: forged-HELO: from=ansto.gov.au helo=ansto.gov.au by=ansto.gov.au
debug: RBL: success for 25 of 25 queries
debug: running meta tests; score so far=0
debug: is spam? score=0 required=5 tests=
debug: is Net::DNS::Resolver available? yes
debug: looking up PTR record for '199.40.206.2'
debug: PTR for '199.40.206.2': ''
debug: received-header: parsed as [ ip=199.40.206.2 rdns=199.40.206.2 helo=gateway5a.dhl.com by=mail01.mteliza.com.au ident= ]
debug: received-header: ignoring localhost handover
debug: IP is reserved, not looking up PTR
debug: received-header: parsed as [ ip=10.192.8.73 rdns=10.192.8.73 helo=viruswall by=atlas.syd-co.au.dhl.com ident= ]
debug: IP is reserved, not looking up PTR
debug: received-header: parsed as [ ip=10.192.23.88 rdns=10.192.23.88 helo=Unknown by=viruswall ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 199.40.206.2 trusted? no
debug: received-header: relay 10.192.8.73 trusted? no
debug: received-header: relay 10.192.23.88 trusted? no
debug: all '*From' addrs: michelle.dagamapinto at dhl.com
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=2.155
debug: running uri tests; score so far=2.155
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=2.155
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=1 Fuz1=1 Fuz2=1
debug: leaving helper-app run mode
debug: all '*To' addrs: cdagamap at mteliza.com.au mariebeatrice at rediffmail.com frank_calderone at cathaypacific.com gina at acpworldwide.com.au michael.da.gama.pinto at au.pwcglobal.com monishamendes at aol.com paulita_dgp at hotmail.com Audrey_Pinto at mcgraw-hill.com
debug: DNS MX records found: 4
debug: forged-HELO: from=199.40.206.2 helo=dhl.com by=mteliza.com.au
debug: forged-HELO: mismatch on HELO: 'dhl.com' != '199.40.206.2'
debug: forged-HELO: from=10.192.8.73 helo=viruswall by=dhl.com
debug: forged-HELO: mismatch on from: '199.40.206.2' != 'dhl.com'
debug: RBL: success for 9 of 9 queries
debug: running meta tests; score so far=2.155
debug: is spam? score=2.318 required=5 tests=EXCUSE_16,HTML_50_60,HTML_MESSAGE,J_CHICKENPOX_12,J_CHICKENPOX_36,J_CHICKENPOX_56,MIME_BOUND_NEXTPART
debug: received-header: parsed as [ ip=144.140.71.11 rdns=gizmo01ps.bigpond.com helo=gizmo01ps.bigpond.com by=mail01.mteliza.com.au ident= ]
debug: is Net::DNS::Resolver available? yes
debug: looking up PTR record for '144.135.25.78'
debug: PTR for '144.135.25.78': 'psmam04.bigpond.com'
debug: received-header: parsed as [ ip=144.135.25.78 rdns=psmam04.bigpond.com helo=psmam04.bigpond.com by=gizmo01ps.bigpond.com ident= ]
debug: looking up PTR record for '138.217.40.190'
debug: PTR for '138.217.40.190': 'CPE-138-217-40-190.vic.bigpond.net.au'
debug: received-header: parsed as [ ip=138.217.40.190 rdns=CPE-138-217-40-190.vic.bigpond.net.au helo=cpe-138-217-40-190.vic.bigpond.net.au by=psmam04.bigpond.com!MAM ident= ]
debug: received-header: 'by' mail01.mteliza.com.au has public IP 203.55.54.21
debug: received-header: relay 144.140.71.11 trusted? no
debug: received-header: relay 144.135.25.78 trusted? no
debug: received-header: relay 138.217.40.190 trusted? no
debug: all '*From' addrs: jlassoc at bigpond.com
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=0.575
debug: running uri tests; score so far=0.575
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0.575
debug: Razor2 is not available
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: /usr/bin/python2: can't open file '/usr/bin/pyzor'
debug: leaving helper-app run mode
debug: Pyzor: couldn't grok response "/usr/bin/python2: can't open file '/usr/bin/pyzor'"
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: mail01.mteliza.com.au 1201; Body=3 Fuz1=3 Fuz2=3
debug: leaving helper-app run mode
debug: all '*To' addrs: FRobinson at mteliza.com.au TMandler at mteliza.com.au
debug: DNS MX records found: 1
debug: forged-HELO: from=bigpond.com helo=bigpond.com by=mteliza.com.au
debug: forged-HELO: from=bigpond.com helo=bigpond.com by=bigpond.com
debug: RBL: success for 25 of 25 queries
debug: running meta tests; score so far=0.675
debug: is spam? score=0.675 required=5 tests=HTML_40_50,HTML_FONTCOLOR_BLUE,HTML_MESSAGE,RCVD_IN_SORBS
Stopping now as you are debugging me.
-------------- next part --------------
Mar 4 11:09:36 mail01 postfix/smtpd[4624]: disconnect from strangecosmos.com[209.50.251.60]
Mar 4 11:09:37 mail01 MailScanner[4657]: MailScanner E-Mail Virus Scanner version 4.27.7 starting...
Mar 4 11:09:38 mail01 MailScanner[4657]: Config: calling custom init function MailWatchLogging
Mar 4 11:09:39 mail01 MailScanner[4657]: Initialising database connection
Mar 4 11:09:39 mail01 MailScanner[4657]: Finished initialising database connection
Mar 4 11:09:41 mail01 MailScanner[4622]: Using locktype = flock
Mar 4 11:09:43 mail01 MailScanner[4622]: New Batch: Found 119 messages waiting
Mar 4 11:09:43 mail01 MailScanner[4622]: New Batch: Scanning 10 messages, 740375 bytes
Mar 4 11:09:43 mail01 MailScanner[4622]: Spam Checks: Starting
Mar 4 11:09:47 mail01 MailScanner[4670]: MailScanner E-Mail Virus Scanner version 4.27.7 starting...
Mar 4 11:09:48 mail01 MailScanner[4670]: Config: calling custom init function MailWatchLogging
Mar 4 11:09:49 mail01 MailScanner[4670]: Initialising database connection
Mar 4 11:09:49 mail01 MailScanner[4670]: Finished initialising database connection
Mar 4 11:09:54 mail01 postfix/smtpd[4624]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:09:54 mail01 postfix/smtpd[4624]: 3E96633E13: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:09:57 mail01 MailScanner[4641]: Using locktype = flock
Mar 4 11:09:56 mail01 postfix/cleanup[4626]: 3E96633E13: message-id=<20040304000954.3E96633E13 at mail01.mteliza.com.au>
Mar 4 11:09:57 mail01 MailScanner[4641]: New Batch: Found 119 messages waiting
Mar 4 11:09:57 mail01 MailScanner[4641]: New Batch: Scanning 10 messages, 119970 bytes
Mar 4 11:09:57 mail01 MailScanner[4641]: Spam Checks: Starting
Mar 4 11:09:57 mail01 postfix/qmgr[4497]: 3E96633E13: from=<m_tannahill at bigpond.com>, size=1019, nrcpt=1 (queue active)
Mar 4 11:09:57 mail01 postfix/qmgr[4497]: 3E96633E13: to=<into at mteliza.com.au>, relay=none, delay=3, status=deferred (deferred transport)
Mar 4 11:09:58 mail01 postfix/smtpd[4624]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:04 mail01 postfix/smtpd[4624]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:05 mail01 postfix/smtpd[4624]: 0420833E11: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:13 mail01 postfix/cleanup[4626]: 0420833E11: message-id=<20040304001005.0420833E11 at mail01.mteliza.com.au>
Mar 4 11:10:13 mail01 postfix/smtpd[4701]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:13 mail01 postfix/smtpd[4701]: 8508933E10: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:13 mail01 postfix/smtpd[4624]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:14 mail01 postfix/qmgr[4497]: 0420833E11: from=<miln at leaders.net.au>, size=1003, nrcpt=1 (queue active)
Mar 4 11:10:16 mail01 postfix/qmgr[4497]: 0420833E11: to=<10 at mteliza.com.au>, relay=none, delay=10, status=deferred (deferred transport)
Mar 4 11:10:19 mail01 postfix/cleanup[4626]: 8508933E10: message-id=<20040304001013.8508933E10 at mail01.mteliza.com.au>
Mar 4 11:10:21 mail01 postfix/qmgr[4497]: 8508933E10: from=<fremdgp at ozemail.com.au>, size=1016, nrcpt=1 (queue active)
Mar 4 11:10:21 mail01 postfix/smtpd[4701]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:21 mail01 postfix/qmgr[4497]: 8508933E10: to=<orley at mteliza.com.au>, relay=none, delay=8, status=deferred (deferred transport)
Mar 4 11:10:29 mail01 MailScanner[4657]: Using locktype = flock
Mar 4 11:10:29 mail01 postfix/smtpd[4624]: connect from CPE-144-137-52-32.vic.bigpond.net.au[144.137.52.32]
Mar 4 11:10:30 mail01 MailScanner[4599]: SpamAssassin timed out and was killed, consecutive failure 1 of 20
Mar 4 11:10:31 mail01 postfix/smtpd[4624]: 6D13C33E12: client=CPE-144-137-52-32.vic.bigpond.net.au[144.137.52.32]
Mar 4 11:10:34 mail01 MailScanner[4657]: New Batch: Found 122 messages waiting
Mar 4 11:10:34 mail01 MailScanner[4657]: New Batch: Scanning 10 messages, 206807 bytes
Mar 4 11:10:34 mail01 MailScanner[4657]: Spam Checks: Starting
Mar 4 11:10:37 mail01 MailScanner[4641]: SpamAssassin timed out and was killed, consecutive failure 1 of 20
Mar 4 11:10:40 mail01 MailScanner[4622]: SpamAssassin timed out and was killed, consecutive failure 1 of 20
Mar 4 11:10:42 mail01 postfix/cleanup[4626]: 6D13C33E12: message-id=<20040304001031.6D13C33E12 at mail01.mteliza.com.au>
Mar 4 11:10:42 mail01 postfix/qmgr[4497]: 6D13C33E12: from=<blossompalmiter at velnet.com>, size=1011, nrcpt=1 (queue active)
Mar 4 11:10:42 mail01 postfix/qmgr[4497]: 6D13C33E12: to=<nkemp at mteliza.com.au>, relay=none, delay=11, status=deferred (deferred transport)
Mar 4 11:10:43 mail01 MailScanner[4610]: SpamAssassin timed out and was killed, consecutive failure 1 of 20
Mar 4 11:10:44 mail01 postfix/smtpd[4624]: disconnect from CPE-144-137-52-32.vic.bigpond.net.au[144.137.52.32]
Mar 4 11:10:54 mail01 postfix/smtpd[4701]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:54 mail01 postfix/smtpd[4701]: 8A80533E17: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:58 mail01 MailScanner[4670]: Using locktype = flock
Mar 4 11:10:58 mail01 postfix/smtpd[4624]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:58 mail01 MailScanner[4670]: New Batch: Found 123 messages waiting
Mar 4 11:10:58 mail01 MailScanner[4670]: New Batch: Scanning 10 messages, 81945 bytes
Mar 4 11:10:59 mail01 MailScanner[4670]: Spam Checks: Starting
Mar 4 11:10:59 mail01 postfix/cleanup[4626]: 8A80533E17: message-id=<20040304001054.8A80533E17 at mail01.mteliza.com.au>
Mar 4 11:10:59 mail01 postfix/smtpd[4624]: 2C5A533E18: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:59 mail01 postfix/smtpd[4701]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:10:59 mail01 postfix/qmgr[4497]: 8A80533E17: from=<macross_k at hotmail.com>, size=1015, nrcpt=1 (queue active)
Mar 4 11:10:59 mail01 postfix/qmgr[4497]: 8A80533E17: to=<uillot at mteliza.com.au>, relay=none, delay=5, status=deferred (deferred transport)
Mar 4 11:11:06 mail01 postfix/smtpd[4701]: warning: 200.232.207.120: hostname 200-232-207-120.dsl.telesp.net.br verification failed: Host not found
Mar 4 11:11:06 mail01 postfix/smtpd[4701]: connect from unknown[200.232.207.120]
Mar 4 11:11:08 mail01 postfix/smtpd[4853]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:08 mail01 postfix/smtpd[4701]: D381A33E19: client=unknown[200.232.207.120]
Mar 4 11:11:09 mail01 postfix/smtpd[4853]: 46C5733E1B: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:09 mail01 postfix/cleanup[4626]: 2C5A533E18: message-id=<20040304001059.2C5A533E18 at mail01.mteliza.com.au>
Mar 4 11:11:10 mail01 postfix/qmgr[4497]: 2C5A533E18: from=<20728 at c4m01.postdirect.com>, size=1013, nrcpt=1 (queue active)
Mar 4 11:11:10 mail01 postfix/qmgr[4497]: 2C5A533E18: to=<revillyan at mteliza.com.au>, relay=none, delay=11, status=deferred (deferred transport)
Mar 4 11:11:11 mail01 postfix/smtpd[4624]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:12 mail01 postfix/smtpd[4624]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:13 mail01 postfix/smtpd[4624]: 117BB33E16: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:13 mail01 postfix/cleanup[4836]: D381A33E19: message-id=<a69001c4017b$427c53a0$9159585c at VCBouR>
Mar 4 11:11:14 mail01 postfix/qmgr[4497]: D381A33E19: from=<clops at partylinegaga.com>, size=5600, nrcpt=1 (queue active)
Mar 4 11:11:14 mail01 MailScanner[4657]: Message 3E96633E13 from 150.101.123.85 (m_tannahill at bigpond.com) to mteliza.com.au is spam, SpamAssassin (score=8.225, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:11:14 mail01 postfix/qmgr[4497]: D381A33E19: to=<atonkin at mteliza.com.au>, relay=none, delay=6, status=deferred (deferred transport)
Mar 4 11:11:15 mail01 postfix/cleanup[4858]: 46C5733E1B: message-id=<20040304001109.46C5733E1B at mail01.mteliza.com.au>
Mar 4 11:11:16 mail01 postfix/smtpd[4701]: disconnect from unknown[200.232.207.120]
Mar 4 11:11:16 mail01 postfix/qmgr[4497]: 46C5733E1B: from=<howdymate at bigpond.com>, size=1009, nrcpt=1 (queue active)
Mar 4 11:11:16 mail01 postfix/smtpd[4853]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:16 mail01 postfix/qmgr[4497]: 46C5733E1B: to=<arvey at mteliza.com.au>, relay=none, delay=7, status=deferred (deferred transport)
Mar 4 11:11:17 mail01 postfix/smtpd[4701]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:17 mail01 postfix/smtpd[4701]: 6983133E1C: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:19 mail01 postfix/cleanup[4626]: 117BB33E16: message-id=<20040304001113.117BB33E16 at mail01.mteliza.com.au>
Mar 4 11:11:19 mail01 MailScanner[4657]: Message 8508933E10 from 150.101.123.85 (fremdgp at ozemail.com.au) to mteliza.com.au is spam, SpamAssassin (score=8.225, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:11:19 mail01 postfix/qmgr[4497]: 117BB33E16: from=<brad.stevens at optus.com.au>, size=1025, nrcpt=1 (queue active)
Mar 4 11:11:19 mail01 postfix/smtpd[4624]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:19 mail01 postfix/qmgr[4497]: 117BB33E16: to=<cdagamap at mteliza.com.au>, relay=none, delay=6, status=deferred (deferred transport)
Mar 4 11:11:21 mail01 MailScanner[4599]: SpamAssassin timed out and was killed, consecutive failure 2 of 20
Mar 4 11:11:22 mail01 postfix/smtpd[4853]: connect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:22 mail01 postfix/smtpd[4853]: 6D0A233E1E: client=ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:22 mail01 MailScanner[4622]: SpamAssassin timed out and was killed, consecutive failure 2 of 20
Mar 4 11:11:25 mail01 postfix/cleanup[4858]: 6D0A233E1E: message-id=<20040304001122.6D0A233E1E at mail01.mteliza.com.au>
Mar 4 11:11:28 mail01 postfix/cleanup[4836]: 6983133E1C: message-id=<20040304001117.6983133E1C at mail01.mteliza.com.au>
Mar 4 11:11:29 mail01 MailScanner[4610]: SpamAssassin timed out and was killed, consecutive failure 2 of 20
Mar 4 11:11:29 mail01 postfix/qmgr[4497]: 6D0A233E1E: from=<317 at au.eyi.com>, size=1025, nrcpt=1 (queue active)
Mar 4 11:11:29 mail01 postfix/smtpd[4853]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:29 mail01 postfix/qmgr[4497]: 6D0A233E1E: to=<rlparker.mmbs at mteliza.com.au>, relay=none, delay=7, status=deferred (deferred transport)
Mar 4 11:11:29 mail01 postfix/qmgr[4497]: 6983133E1C: from=<anna-greta.pearl at business.nsw.gov.au>, size=1031, nrcpt=1 (queue active)
Mar 4 11:11:29 mail01 postfix/qmgr[4497]: 6983133E1C: to=<jtrevillyan at mteliza.com.au>, relay=none, delay=12, status=deferred (deferred transport)
Mar 4 11:11:30 mail01 postfix/smtpd[4701]: disconnect from ppp123-85.lns1.syd2.internode.on.net[150.101.123.85]
Mar 4 11:11:31 mail01 MailScanner[4657]: Message 93A4F33D14 from 67.83.169.199 (ssadler_zo at draware.dk) to mteliza.com.au is spam, SpamAssassin (score=8.248, required 5, HTML_30_40 0.81, HTML_MESSAGE 0.00, MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10, RCVD_IN_BL_SPAMCOP_NET 2.25, RCVD_IN_DSBL 1.10, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_DIALUP 0.53, RCVD_IN_SORBS 0.10)
Mar 4 11:11:36 mail01 MailScanner[4641]: Message 5021C33DFB from 150.101.123.85 (barbara_carr at t-online.de) to mteliza.com.au is spam, SpamAssassin (score=8.225, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:11:36 mail01 postfix/smtpd[4624]: warning: 209.216.97.71: hostname smtp216.tam10.com verification failed: Host not found
Mar 4 11:11:36 mail01 postfix/smtpd[4624]: connect from unknown[209.216.97.71]
Mar 4 11:11:37 mail01 postfix/smtpd[4624]: 2521A33E1A: client=unknown[209.216.97.71]
Mar 4 11:11:37 mail01 MailScanner[4670]: Message 962ED33E0E from 150.101.123.85 (566 at syd02.aimnsw.com.au) to mteliza.com.au is spam, SpamAssassin (score=12.932, required 5, FROM_ALL_NUMS 1.16, FROM_ENDS_IN_NUMS 0.87, FROM_STARTS_WITH_NUMS 1.57, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_DNS_FOR_FROM 1.10, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:11:39 mail01 postfix/cleanup[4626]: 2521A33E1A: message-id=<20040304001137.2521A33E1A at mail01.mteliza.com.au>
Mar 4 11:11:40 mail01 postfix/qmgr[4497]: 2521A33E1A: from=<OWNER-NOLIST-DAILY*nstirrup**mteliza*-com*-au at mds1mail.com>, size=4273, nrcpt=1 (queue active)
Mar 4 11:11:40 mail01 postfix/qmgr[4497]: 2521A33E1A: to=<nstirrup at mteliza.com.au>, relay=none, delay=3, status=deferred (deferred transport)
Mar 4 11:11:40 mail01 postfix/smtpd[4624]: disconnect from unknown[209.216.97.71]
Mar 4 11:11:44 mail01 postfix/smtpd[4701]: connect from level-3-right-153.newcastle.edu.au[134.148.196.153]
Mar 4 11:11:44 mail01 postfix/smtpd[4701]: D3BD033E1D: client=level-3-right-153.newcastle.edu.au[134.148.196.153]
Mar 4 11:11:46 mail01 postfix/cleanup[4858]: D3BD033E1D: message-id=<20040304001144.D3BD033E1D at mail01.mteliza.com.au>
Mar 4 11:11:46 mail01 postfix/qmgr[4497]: D3BD033E1D: from=<onlyyou at moneytoday.co.kr>, size=1024, nrcpt=1 (queue active)
Mar 4 11:11:46 mail01 postfix/smtpd[4701]: disconnect from level-3-right-153.newcastle.edu.au[134.148.196.153]
Mar 4 11:11:46 mail01 postfix/qmgr[4497]: D3BD033E1D: to=<susan.ellis at mteliza.com.au>, relay=none, delay=2, status=deferred (deferred transport)
Mar 4 11:11:54 mail01 MailScanner[4641]: Message 54EF233CEC from 202.126.109.6 (lawriedrew at optusnet.com.au) to mteliza.com.au is spam, SpamAssassin (score=5.579, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83)
Mar 4 11:11:58 mail01 postfix/smtpd[4853]: connect from unknown[203.55.54.254]
Mar 4 11:11:58 mail01 postfix/smtpd[4853]: 8441733E1F: client=unknown[203.55.54.254]
Mar 4 11:11:58 mail01 postfix/cleanup[4836]: 8441733E1F: message-id=<200403040000.i24006UC000752 at HylaFAX>
Mar 4 11:12:00 mail01 postfix/qmgr[4497]: 8441733E1F: from=<fax at HylaFAX.mteliza.com.au>, size=129573, nrcpt=1 (queue active)
Mar 4 11:12:00 mail01 postfix/smtpd[4853]: disconnect from unknown[203.55.54.254]
Mar 4 11:12:00 mail01 postfix/qmgr[4497]: 8441733E1F: to=<mfax at mteliza.com.au>, relay=none, delay=2, status=deferred (deferred transport)
Mar 4 11:12:05 mail01 MailScanner[4599]: SpamAssassin timed out and was killed, consecutive failure 3 of 20
Mar 4 11:12:06 mail01 MailScanner[4622]: SpamAssassin timed out and was killed, consecutive failure 3 of 20
Mar 4 11:12:10 mail01 MailScanner[4670]: Message 90E8D33D05 from 144.137.47.17 (3 at mta08ps.p) to mteliza.com.au is spam, SpamAssassin (score=10.489, required 5, FROM_ALL_NUMS 1.16, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_DNS_FOR_FROM 1.10, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:12:11 mail01 MailScanner[4610]: SpamAssassin timed out and was killed, consecutive failure 3 of 20
Mar 4 11:12:47 mail01 MailScanner[4599]: SpamAssassin timed out and was killed, consecutive failure 4 of 20
Mar 4 11:12:48 mail01 MailScanner[4622]: SpamAssassin timed out and was killed, consecutive failure 4 of 20
Mar 4 11:12:50 mail01 MailScanner[4657]: Message 97DD833D3D from 202.53.34.134 (chiltons at netspace.net.au) to mteliza.com.au is spam, SpamAssassin (score=5.579, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83)
Mar 4 11:12:50 mail01 MailScanner[4657]: Spam Checks: Found 4 spam messages
Mar 4 11:12:50 mail01 MailScanner[4657]: Spam Actions: message 3E96633E13 actions are store
Mar 4 11:12:50 mail01 MailScanner[4657]: Spam Actions: message 8508933E10 actions are store
Mar 4 11:12:50 mail01 MailScanner[4657]: Spam Actions: message 93A4F33D14 actions are store
Mar 4 11:12:50 mail01 MailScanner[4670]: Message 6D13C33E12 from 144.137.52.32 (blossompalmiter at velnet.com) to mteliza.com.au is spam, SpamAssassin (score=8.225, required 5, MISSING_MIMEOLE 1.15, MSGID_FROM_MTA_SHORT 3.31, NO_REAL_NAME 0.28, PRIORITY_NO_NAME 0.83, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10)
Mar 4 11:12:51 mail01 MailScanner[4657]: Spam Actions: message 97DD833D3D actions are store
Mar 4 11:12:52 mail01 MailScanner[4610]: SpamAssassin timed out and was killed, consecutive failure 4 of 20
More information about the MailScanner
mailing list