Some messages gets stuck in postfix/hold
Martin Wozenilek
mail at wozenilek.de
Tue Jan 4 08:35:12 GMT 2005
[ The following text is in the "UTF-8" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Permissions? In MailScanner.conf?
--
Martin Wozenilek
Am Langberg 91a
21033 Hamburg
mailto: >mail at wozenilek.de
PGP-Key-ID: 0x00105C52
----- Originalnachricht -----
Betreff:Â Some messages gets stuck in postfix/hold
Von: Â Andreas Svensson <andreas.svensson at HALLSBERG.SE>
An:Â
Datum:Â 04-01-2005 8:51
Good Morning.
I have a problem with Mailscanner on Postfix running as a
gateway in
front of my Groupwise server.
Some, very few messages gets stuck in hold directory of
postfix spo ol.
It looks like these messages only are spam or virus.
Yesterday i had like 20 mails from the past two weeks.
Its like 1 or 2 mails per day gets stuck there.
So i cleaned it up manually yesterday but this morning i had
1 new.
The server is a Compaq DL360 with
SuSE Linux Enterprise 9
postfix-2.1.1-1.4
MailScanner 4.36.4
SpamAssassin 3.0.1
Thanks for any help!
/Andreas Svensson, Hallsberg, Sweden.
-Here comes a cut from the log from tonights:
Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from
unknown[84.217.26.111]
Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF:
client=unknown[84.217.26.111]
Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF:
hold:
header Received: from hallsberg.se (unknown
[84.217.26.111])??by
mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for
<ann.lagerlof at hallsberg.se>; Mon, 3 Jan 2005 23:04:00 +0100
(CET)
from unknown[84.217.26.111];
from=<info.lekbiten.akerbloms at umea.com>
to=<ann.lagerlof at hallsberg.se> proto=SMTP helo=<hallsberg.se>
Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF:
message-id=<20050103220400.00E7B1BFCF at mg-hbg17.hallsberg.se>
Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from
unknown[84.217.26.111]
Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch:
Scanning 1
messages, 42859 bytes
Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks:
Starting
Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content
Scanning: Starting
Jan 3 23:04:21 mg-hbg17 MailScanner[22584]:
/var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr:
Worm.SomeFool.P FOUND
Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning:
ClamAV
found 1 infections
Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base:
/var/spool/MailScanner/incoming/22584##1:
'00E7B1BFCF/message.scr' =>
W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' =>
Exploit/iFrame##
Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning:
Panda
found 2 infections
Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message
00E7B1BFCF came from 84.217.26.111
Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning:
Found 2
viruses
Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner
E-Mail Virus
Scanner version 4.36.4 starting...
Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling
custom
init function MailWatchLogging
Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising
database
connection
Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished
initialising
database connection
Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling
SpamAssassin
auto-whitelist functionality...
Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch:
Scanning 1
messages, 42859 bytes
Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks:
Starting
Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content
Scanning: Starting
Jan 3 23:04:30 mg-hbg17 MailScanner[22560]:
/var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr:
Worm.SomeFool.P FOUND
Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning:
ClamAV
found 1 infections
Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base:
/var/spool/MailScanner/incoming/22560##1:
'00E7B1BFCF/message.scr' =>
W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' =>
Exploit/iFrame##
Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning:
Panda
found 2 infections
Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message
00E7B1BFCF came from 84.217.26.111
Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning:
Found 2
viruses
J an 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner
E-Mail Virus
Scanner version 4.36.4 starting...
Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling
custom
init function MailWatchLogging
Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising
database
connection
Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished
initialising
database connection
Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling
SpamAssassin
auto-whitelist functionality...
Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype =
flock
Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch:
Scanning 1
messages, 42859 bytes
Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks:
Starting
Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content
Scanning: Starting
Jan 3 23:04:38 mg-hbg17 MailScanner[24059]:
/var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr:
Worm.SomeFool.P FOUND
Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning:
ClamAV
found 1 infections
Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base:
/var/spool/MailScanner/incoming/24059##1:
'00E7B1BFCF/message.scr' =>
W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' =>
Exploit/iFrame##
Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning:
Panda
found 2 infections
Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message
00E7B1BFCF came from 84.217.26.111
Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning:
Found 2
viruses
Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch:
Scanning 1
messages, 42859 bytes
Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks:
Starting
Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner
E-Mail Virus
Scanner version 4.36.4 starting...
Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling
custom
init function MailWatchLoggingJan 3 23:04:43 mg-hbg17
MailScanner[24107]: Initialising database
connection
Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished
initialising
database connection
Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling
SpamAssassin
auto-whitelist functionality...
Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype =
flock
Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype =
flock
Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content
Scanning: Starting
Jan 3 23:04:48 mg-hbg17 MailScanner[22410]:
/var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr:
Worm.SomeFool.P FOUND
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and
the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean. ------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list