Some messages gets stuck in postfix/hold

Steen, Glenn Glenn.Steen at AP1.SE
Tue Jan 4 14:04:25 GMT 2005


Do you get anything more interresting if you run it through with just
one of the av-scanners?
Or if you run it in debug mode?

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Andreas Svensson
> Sent: den 4 januari 2005 08:40
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Some messages gets stuck in postfix/hold
> 
> 
> Good Morning.
> I have a problem with Mailscanner on Postfix running as a gateway in
> front of my Groupwise server.
> Some, very few messages gets stuck in hold directory of postfix spool.
> It looks like these messages only are spam or virus.
> Yesterday i had like 20 mails from the past two weeks.
> Its like 1 or 2 mails per day gets stuck there.
> So i cleaned it up manually yesterday but this morning i had 1 new.
> 
> The server is a Compaq DL360 with
> SuSE Linux Enterprise 9
> postfix-2.1.1-1.4
> MailScanner  4.36.4
> SpamAssassin 3.0.1
> 
> Thanks for any help!
> /Andreas Svensson, Hallsberg, Sweden.
> -Here comes a cut from the log from tonights:
> 
> Jan  3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from
> unknown[84.217.26.111]
> Jan  3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF:
> client=unknown[84.217.26.111]
> Jan  3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold:
> header Received: from hallsberg.se (unknown [84.217.26.111])??by
> mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for
> <ann.lagerlof at hallsberg.se>; Mon,  3 Jan 2005 23:04:00 +0100 (CET)
> from unknown[84.217.26.111]; from=<info.lekbiten.akerbloms at umea.com>
> to=<ann.lagerlof at hallsberg.se> proto=SMTP helo=<hallsberg.se>
> Jan  3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF:
> message-id=<20050103220400.00E7B1BFCF at mg-hbg17.hallsberg.se>
> Jan  3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from
> unknown[84.217.26.111]
> Jan  3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting
> Jan  3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:21 mg-hbg17 MailScanner[22584]:
> /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' =>
> W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame##
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database
> connection
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising
> database connection
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting
> Jan  3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:30 mg-hbg17 MailScanner[22560]:
> /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' =>
> W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame##
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database
> connection
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising
> database connection
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting
> Jan  3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:38 mg-hbg17 MailScanner[24059]:
> /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' =>
> W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame##
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database
> connection
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising
> database connection
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock
> Jan  3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock
> Jan  3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:48 mg-hbg17 MailScanner[22410]:
> /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list