Headers are not inserted.

Andreas Neustifter andreas.neustifter at gmail.com
Thu Dec 1 14:37:25 CET 2011


Sorry List, forgot to CC you.

On 1 December 2011 14:16, Michael Scheidell
<michael.scheidell at secnap.com> wrote:
> Buy local, I mean it has to match the local domain flags in amavis.
> [...]

Yes: '@local_domains_acl = ( ".ourdomain.com" );' and the recipient is
xxx at ourdomain.com

Andi

> -----Original message-----
> From: Andreas Neustifter <andreas.neustifter at gmail.com>
> To: Michael Scheidell <michael.scheidell at secnap.com>
> Cc: Ramin Sabet <ramin.sabet at a-trust.at>
> Sent: Thu, Dec 1, 2011 13:12:33 GMT+00:00
> Subject: Re: Headers are not inserted.
>
> Hi Michael,
>
> thanks for the quick response!
>
> On 1 December 2011 13:10, Michael Scheidell
> <michael.scheidell at secnap.com> wrote:
>> On 12/1/11 7:02 AM, Andreas Neustifter wrote:
>> > Hi List!
>> >
>> > Sometimes a email gets forwarded from our spam filter (single machine,
>> > amavis+postfix+spamassassin+clamav, pretty simple setup) to the
>> > exchange server that have no spam headers (although
>> > '$sa_tag_level_deflt  = -999') and even have no received headers.
>> > Those mails do not appear in mail.log, but they do appear in the
>> > exchange logs as received from the spam filter.
>> >
>> > It seems as if those mails are materializing from thin air on the spam
>> > filter.
>> >
>> > Any ideas what could be the problem in this case? (I have checked the
>> > access logs, nothing out of the ordinary...)
>> >
>> submit port, 587?  someone sending directly to port 10025?  using imap(s) to
>> send emails?
>
> Port 587 is not configured, port 10025 is only bound to 127.0.0.1
> (verified from another machine). Can IMAP be used to send mail? AFAIK
> IMAP is only a mail retreival protocol.
>
>> other things, make sure that the 'sending' domain isn't your local domain?
>> (marked 'local=y' in db?  )
>
> This is already prevented in postfix with a header_check that rejects
> mails from our domain.
>
>> make sure receivng domain IS?
>
> This is also configured in postfix, only mails to our domain are accepted.
>
>> run tcpdump? tcpflow and see if you can catch it?
>
> Will try that.
>
>> being actually BOUNCED to/from the exchange server?
>
> Yes, the exchange logs say the mail is coming from the spam filter.
>
>> are they spam or legit?
>
> Spam. Unfortunately :)
>
> Andi


More information about the amavis-users mailing list