Headers are not inserted.
andreas.neustifter at gmail.com
Thu Dec 1 14:37:25 CET 2011
Sorry List, forgot to CC you.
On 1 December 2011 14:16, Michael Scheidell
<michael.scheidell at secnap.com> wrote:
> Buy local, I mean it has to match the local domain flags in amavis.
Yes: '@local_domains_acl = ( ".ourdomain.com" );' and the recipient is
xxx at ourdomain.com
> -----Original message-----
> From: Andreas Neustifter <andreas.neustifter at gmail.com>
> To: Michael Scheidell <michael.scheidell at secnap.com>
> Cc: Ramin Sabet <ramin.sabet at a-trust.at>
> Sent: Thu, Dec 1, 2011 13:12:33 GMT+00:00
> Subject: Re: Headers are not inserted.
> Hi Michael,
> thanks for the quick response!
> On 1 December 2011 13:10, Michael Scheidell
> <michael.scheidell at secnap.com> wrote:
>> On 12/1/11 7:02 AM, Andreas Neustifter wrote:
>> > Hi List!
>> > Sometimes a email gets forwarded from our spam filter (single machine,
>> > amavis+postfix+spamassassin+clamav, pretty simple setup) to the
>> > exchange server that have no spam headers (although
>> > '$sa_tag_level_deflt = -999') and even have no received headers.
>> > Those mails do not appear in mail.log, but they do appear in the
>> > exchange logs as received from the spam filter.
>> > It seems as if those mails are materializing from thin air on the spam
>> > filter.
>> > Any ideas what could be the problem in this case? (I have checked the
>> > access logs, nothing out of the ordinary...)
>> submit port, 587? someone sending directly to port 10025? using imap(s) to
>> send emails?
> Port 587 is not configured, port 10025 is only bound to 127.0.0.1
> (verified from another machine). Can IMAP be used to send mail? AFAIK
> IMAP is only a mail retreival protocol.
>> other things, make sure that the 'sending' domain isn't your local domain?
>> (marked 'local=y' in db? )
> This is already prevented in postfix with a header_check that rejects
> mails from our domain.
>> make sure receivng domain IS?
> This is also configured in postfix, only mails to our domain are accepted.
>> run tcpdump? tcpflow and see if you can catch it?
> Will try that.
>> being actually BOUNCED to/from the exchange server?
> Yes, the exchange logs say the mail is coming from the spam filter.
>> are they spam or legit?
> Spam. Unfortunately :)
More information about the amavis-users