Forwarded spam email problem

Gao gao at pztop.com
Mon Sep 28 22:51:18 UTC 2015 

Hello,

I upgraded our mail server to a new server. I did fresh installation and 
configuration on the new server. Now I am having a problem: All the spam 
scored between 5 to 10 used to forward to an email address on the old 
server. But on the new server it is send to local postmaster 
mailer-daemon at szeta.mycompany.com, which in turn end up into my mail inbox.

My new system is CentOS7/MailScanner 4.8.5. The old system is 
CentOS5/MailScanner 4.8.1.

Here is the maillog from the new server:
Sep 28 13:03:54 szeta MailScanner[4853]: Spam Actions: message 
C12B74022E75A.A3B93 actions are forward,spamholder at mycompany.com
Sep 28 13:03:54 szeta MailScanner[4853]: Requeue: C12B74022E75A.A3B93 to 
2D8044022E767
Sep 28 13:03:54 szeta postfix/qmgr[4831]: 2D8044022E767: from=<>, 
size=1039, nrcpt=1 (queue active)
Sep 28 13:03:54 szeta MailScanner[4853]: Uninfected: Delivered 1 messages
Sep 28 13:03:54 szeta postfix/pickup[6681]: 9519C4022E75A: uid=5001 
from=<mailer-daemon>
Sep 28 13:03:54 szeta postfix/pipe[7329]: 2D8044022E767: 
to=<spamholder at mycompany.com>, relay=autoresponder, delay=3.1, 
delays=3.1/0/0/0.05, dsn=2.0.0, status=sent (delivered via autoresponder 
service)
Sep 28 13:03:54 szeta postfix/qmgr[4831]: 2D8044022E767: removed
*Sep 28 13:03:54 szeta postfix/cleanup[7315]: 9519C4022E75A: hold: 
header Received: by szeta.mycompany.com (Postfix, from userid 5001)??id 
9519C4022E75A; Mon, 28 Sep 2015 13:03:54 -0700 (PDT) from local; from=<> 
to=<MAILER-DAEMON at szeta.mycompany.com>*
Sep 28 13:03:54 szeta postfix/cleanup[7315]: 9519C4022E75A: 
message-id=<20150928200354.9519C4022E75A at szeta.mycompany.com>
Sep 28 13:03:54 szeta MailScanner[4853]: Deleted 1 messages from 
processing-database
Sep 28 13:03:54 szeta MailScanner[4853]: New Batch: Scanning 1 messages, 
2171 bytes
Sep 28 13:03:54 szeta MailScanner[4853]: Requeue: 9519C4022E75A.AF06D to 
BCE564022E767
Sep 28 13:03:54 szeta MailScanner[4853]: Unscanned: Delivered 1 messages
Sep 28 13:03:54 szeta postfix/qmgr[4831]: BCE564022E767: from=<>, 
size=1925, nrcpt=1 (queue active)
Sep 28 13:03:54 szeta MailScanner[4853]: Spam Checks: Starting
Sep 28 13:03:54 szeta postfix/cleanup[7315]: ACCC94022E75A: 
message-id=<20150928200354.9519C4022E75A at szeta.mycompany.com>
Sep 28 13:03:54 szeta postfix/local[7374]: BCE564022E767: 
to=<mailer-daemon at szeta.mycompany.com>, relay=local, delay=0.17, 
delays=0.13/0/0/0.04, dsn=2.0.0, status=sent (forwarded as ACCC94022E75A)
Sep 28 13:03:54 szeta postfix/qmgr[4831]: ACCC94022E75A: from=<>, 
size=2082, nrcpt=1 (queue active)
Sep 28 13:03:54 szeta postfix/qmgr[4831]: BCE564022E767: removed
Sep 28 13:03:54 szeta postfix/virtual[7339]: ACCC94022E75A: 
to=<gao at pztop.com>, relay=virtual, delay=0.09, delays=0.04/0/0/0.05, 
dsn=2.0.0, status=sent (delivered to maildir)
Sep 28 13:03:54 szeta postfix/qmgr[4831]: ACCC94022E75A: removed
Sep 28 13:03:54 szeta MailScanner[4853]: Deleted 1 messages from 
processing-database

I looked the maillog from the old system and it looks like this:
Sep 26 04:26:02 zeta MailScanner[2970]: Spam Actions: message 
0774980C8.A80AC actions are spamholder at mycompany.com,forward
Sep 26 04:26:02 zeta MailScanner[2970]: Requeue: 0774980C8.A80AC to 
3CD1780D3
Sep 26 04:26:02 zeta MailScanner[2970]: Uninfected: Delivered 1 messages
Sep 26 04:26:02 zeta postfix/qmgr[2966]: 3CD1780D3: from=<>, size=1409, 
nrcpt=1 (queue active)
Sep 26 04:26:02 zeta MailScanner[2970]: Deleted 1 messages from 
processing-database
Sep 26 04:26:02 zeta postfix/pickup[2965]: C9F6C8127: uid=5001 
from=<mailer-daemon>
Sep 26 04:26:02 zeta postfix/cleanup[3350]: C9F6C8127: hold: header 
Received: by zeta.mycompany.com (Postfix, from userid 5001)??id C9F6$
Sep 26 04:26:02 zeta postfix/pipe[3358]: 3CD1780D3: 
to=<spamholder at mycompany.com>, relay=autoresponder, delay=8.2, 
delays=8.2/0.01/0/0.02, d$
Sep 26 04:26:02 zeta postfix/qmgr[2966]: 3CD1780D3: removed
Sep 26 04:26:02 zeta postfix/cleanup[3350]: C9F6C8127: 
message-id=<20150926112555.0774980C8 at zeta.mycompany.com>
Sep 26 04:26:06 zeta MailScanner[2973]: New Batch: Scanning 1 messages, 
1718 bytes
Sep 26 04:26:06 zeta MailScanner[2973]: Virus and Content Scanning: Starting
Sep 26 04:26:07 zeta MailScanner[2973]: Spam Checks: Starting
Sep 26 04:26:08 zeta MailScanner[2973]: Message C9F6C8127.A12D0 from 
127.0.0.1 () to mycompany.com is spam, SpamAssassin (not cached, sc$
Sep 26 04:26:08 zeta MailScanner[2973]: Spam Checks: Found 1 spam messages
Sep 26 04:26:08 zeta MailScanner[2973]: Spam Actions: message 
C9F6C8127.A12D0 actions are spamholder at mycompany.com,forward
Sep 26 04:26:08 zeta MailScanner[2973]: Requeue: C9F6C8127.A12D0 to 
0689F80C8
Sep 26 04:26:08 zeta postfix/qmgr[2966]: 0689F80C8: from=<>, size=1745, 
nrcpt=1 (queue active)
Sep 26 04:26:08 zeta MailScanner[2973]: Uninfected: Delivered 1 messages
Sep 26 04:26:08 zeta MailScanner[2973]: Deleted 1 messages from 
processing-database
Sep 26 04:26:08 zeta postfix/virtual[3373]: 0689F80C8: 
to=<spamholder at mycompany.com>, relay=virtual, delay=5.9, 
delays=5.9/0.01/0/0.01, dsn=$
Sep 26 04:26:08 zeta postfix/qmgr[2966]: 0689F80C8: removed

I couldn't figure out what happend here on my new server. Could someone 
give me a help to troubleshoot this issue please?

Here is my master.cf
[root at szeta postfix]# cat master.cf | egrep -v "^\#"
smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=autoresponder:dummy
   -o smtpd_tls_security_level=none
   -o smtpd_sasl_auth_enable=no
submission inet n       -       n       -       -       smtpd
   -o content_filter=autoresponder:dummy
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       - trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
autoresponder unix -     n       n       -       -       pipe
      flags=Fq user=autoresponse argv=/usr/local/sbin/autoresponse -s 
${sender} -r ${original_recipient} -S ${sasl_username} -C ${client_address}
policy     unix  -       n       n       -       -       spawn
         user=nobody argv=/usr/bin/perl 
/usr/local/sbin/postfix-policyd-spf-perl


Here I use an autoresponder which is a bash script. see 
http://nefaria.com/autoresponse/


Thanks a lot!

Gao

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150928/77b8c548/attachment.html>

More information about the MailScanner mailing list