Sv: Re: Some messages gets stuck in postfix/hold

Andreas Svensson andreas.svensson at HALLSBERG.SE
Wed Jan 5 08:35:26 GMT 2005 

It looks like it's working now. It have probably passed a couple of 1000
mails and no mails hanging in hold now...
I have put clamav before panda and have mailwatch disabled.
Will try to enable mailwatch now and see if it still works out.
If, then the problem is Panda in some way..
/Andreas, Hallsberg, Sweden.


>>> Glenn.Steen at AP1.SE 2005-01-04 15:04:25 >>>
Do you get anything more interresting if you run it through with just
one of the av-scanners?
Or if you run it in debug mode?

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Andreas Svensson
> Sent: den 4 januari 2005 08:40
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Some messages gets stuck in postfix/hold
>
>
> Good Morning.
> I have a problem with Mailscanner on Postfix running as a gateway in
> front of my Groupwise server.
> Some, very few messages gets stuck in hold directory of postfix
spool.
> It looks like these messages only are spam or virus.
> Yesterday i had like 20 mails from the past two weeks.
> Its like 1 or 2 mails per day gets stuck there.
> So i cleaned it up manually yesterday but this morning i had 1 new.
>
> The server is a Compaq DL360 with
> SuSE Linux Enterprise 9
> postfix-2.1.1-1.4
> MailScanner  4.36.4
> SpamAssassin 3.0.1
>
> Thanks for any help!
> /Andreas Svensson, Hallsberg, Sweden.
> -Here comes a cut from the log from tonights:
>
> Jan  3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from
> unknown[84.217.26.111]
> Jan  3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF:
> client=unknown[84.217.26.111]
> Jan  3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold:
> header Received: from hallsberg.se (unknown [84.217.26.111])??by
> mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for
> <ann.lagerlof at hallsberg.se>; Mon,  3 Jan 2005 23:04:00 +0100 (CET)
> from unknown[84.217.26.111]; from=<info.lekbiten.akerbloms at umea.com>
> to=<ann.lagerlof at hallsberg.se> proto=SMTP helo=<hallsberg.se>
> Jan  3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF:
> message-id=<20050103220400.00E7B1BFCF at mg-hbg17.hallsberg.se>
> Jan  3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from
> unknown[84.217.26.111]
> Jan  3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting
> Jan  3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:21 mg-hbg17 MailScanner[22584]:
> /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr'
=>
> W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame##
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail
Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database
> connection
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising
> database connection
> Jan  3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting
> Jan  3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:30 mg-hbg17 MailScanner[22560]:
> /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr'
=>
> W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame##
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail
Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database
> connection
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising
> database connection
> Jan  3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting
> Jan  3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:38 mg-hbg17 MailScanner[24059]:
> /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
> Jan  3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base:
> /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr'
=>
> W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame##
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda
> found 2 infections
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message
> 00E7B1BFCF came from 84.217.26.111
> Jan  3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2
> viruses
> Jan  3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1
> messages, 42859 bytes
> Jan  3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail
Virus
> Scanner version 4.36.4 starting...
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom
> init function MailWatchLogging
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database
> connection
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising
> database connection
> Jan  3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock
> Jan  3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock
> Jan  3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content
> Scanning: Starting
> Jan  3 23:04:48 mg-hbg17 MailScanner[22410]:
> /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr:
> Worm.SomeFool.P FOUND
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list