FAILED to notify admin: 501 5.1.3 Failed, id=, from MTA([127.0.0.1]:10025)
Simon Brereton
simon.brereton at buongiorno.com
Wed Nov 9 16:39:10 CET 2011
Apologies for forgetting to put a subject.!
> -----Original Message-----
> From: amavis-users-bounces+simon.brereton=buongiorno.com at amavis.org
> [mailto:amavis-users-
> bounces+simon.brereton=buongiorno.com at amavis.org] On Behalf Of Simon
> Brereton
> Sent: Wednesday, November 09, 2011 10:24 AM
> To: amavis-users at amavis.org
> Subject:
>
> Hi
>
> Can someone tell me what's going on here :)
>
> Nov 8 16:09:37 mail postfix/smtpd[30205]: connect from
> unknown[94.20.38.50] Nov 8 16:09:41 mail postfix/smtpd[30205]:
> C985FC8C005: client=unknown[94.20.38.50] Nov 8 16:09:50 mail
> postfix/cleanup[30235]: C985FC8C005: message-
> id=<000e01cc51a0$5768b980$3226145e at eftps.com>
> Nov 8 16:10:07 mail postfix/qmgr[30195]: C985FC8C005:
> from=<message.daemon at eftps.com>, size=30170, nrcpt=1 (queue active)
> Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15) ESMTP::10024
> /var/lib/amavis/tmp/amavis-20111108T130836-28776:
> <message.daemon at eftps.com> -> <joseph.sun at mydomain.net> SIZE=30170
> Received: from mail.myserverdomain.net ([127.0.0.1]) by
> amavisd.myserverdomain.net (mail.myserverdomain.net [127.0.0.1])
> (amavisd-new, port 10024) with ESMTP for <joseph.sun at mydomain.net>;
> Tue, 8 Nov 2011 16:10:07 +0000 (UTC) Nov 8 16:10:07 mail amavisd-
> new[28776]: (28776-15) Checking: QWIgMcifqXRS [94.20.38.50]
> <message.daemon at eftps.com> -> <joseph.sun at mydomain.net> Nov 8
> 16:10:07 mail amavisd-new[28776]: (28776-15) p003 1 Content-Type:
> multipart/mixed Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15)
> p001 1/1 Content-Type: text/plain, size: 574 B, name:
> Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15) p002 1/2 Content-
> Type: text/plain, size: 20750 B, name: report.18653.pdf Nov 8
> 16:10:07 mail amavisd-new[28776]: (28776-15) p.path BANNED:1
> joseph.sun at mydomain.net: "P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=text/plain,T=zip,N=report.18653.pdf |
> P=p004,L=1/2/1,T=exe,T=exe-ms,N=report.18653.pdf.exe",
> matching_key="(?i-
> xsm:\\.[^./]*\\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\\.?$)"
> Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15) local delivery:
> <message.daemon at eftps.com> -> banned-quarantine,
> mbx=/var/spool/mail/quarantine/banned-QWIgMcifqXRS
> Nov 8 16:10:07 mail postfix/smtpd[30243]: connect from
> localhost[127.0.0.1] Nov 8 16:10:07 mail postfix/smtpd[30243]:
> warning: Illegal address syntax from localhost[127.0.0.1] in RCPT
> command: <postmaster@!change-mydomain-variable!.example.com>
> Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15) smtp resp to RCPT
> (pip) (<postmaster@!change-mydomain-variable!.example.com>): 501
> 5.1.3 Bad recipient address syntax Nov 8 16:10:07 mail amavisd-
> new[28776]: (28776-15) Negative SMTP resp. to DATA: 554 5.5.1 Error:
> no valid recipients Nov 8 16:10:07 mail postfix/smtpd[30243]:
> disconnect from localhost[127.0.0.1] Nov 8 16:10:07 mail amavisd-
> new[28776]: (28776-15) (!)SEND via SMTP:
> <postmaster at mail.myserverdomain.net> -> <postmaster@!change-mydomain-
> variable!.example.com>,ENVID=AM..20111108T161007Z at mail.myserverdomain
> .net 501 5.1.3 Failed, id=28776-15, from MTA([127.0.0.1]:10025): 501
> 5.1.3 Bad recipient address syntax Nov 8 16:10:07 mail amavisd-
> new[28776]: (28776-15) (!)FAILED to notify admin: 501 5.1.3 Failed,
> id=28776-15, from MTA([127.0.0.1]:10025): 501 5.1.3 Bad recipient
> address syntax Nov 8 16:10:07 mail amavisd-new[28776]: (28776-15)
> Blocked BANNED (.exe,.exe-ms,report.18653.pdf.exe), [94.20.38.50]
> [12.36.213.133] <message.daemon at eftps.com> ->
> <joseph.sun at mydomain.net>, quarantine: banned-QWIgMcifqXRS, Message-
> ID: <000e01cc51a0$5768b980$3226145e at eftps.com>, mail_id:
> QWIgMcifqXRS, Hits: -, size: 30169, 232 ms Nov 8 16:10:07 mail
> postfix/smtp[30237]: C985FC8C005: to=<joseph.sun at mydomain.net>,
> relay=127.0.0.1[127.0.0.1]:10024, delay=27, delays=27/0/0/0.23,
> dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=28776-15 -
> BANNED: .exe,.exe-ms,report.18653.pdf.exe)
> Nov 8 16:10:07 mail postfix/qmgr[30195]: C985FC8C005: removed Nov 8
> 16:10:07 mail amavisd-new[28776]: (28776-15) TIMING [total 234 ms] -
> SMTP greeting: 1 (0%)0, SMTP EHLO: 0 (0%)1, SMTP pre-MAIL: 0 (0%)1,
> SMTP pre-DATA-flush: 1 (0%)1, SMTP DATA: 39 (17%)18, check_init: 0
> (0%)18, digest_hdr: 1 (0%)18, digest_body_dkim: 0 (0%)18,
> gen_mail_id: 1 (0%)19, mime_decode: 7 (3%)22, get-file-type2: 12
> (5%)27, decompose_part: 21 (9%)36, get-file-type1: 11 (5%)40,
> decompose_part: 30 (13%)53, parts_decode: 0 (0%)53, check_header: 1
> (0%)53, AV-scan-1: 43 (18%)72, update_cache: 1 (0%)72,
> decide_mail_destiny: 1 (0%)73, notif-quar: 1 (0%)73, stat-mbx: 1
> (1%)74, open-mbx: 0 (0%)74, write-header: 0 (0%)74, save-to-local-
> mailbox: 0 (0%)74, fwd-connect: 52 (22%)96, fwd-mail-pip: 1 (0%)97,
> fwd-rcpt-pip: 0 (0%)97, fwd-data-chkpnt: 0 (0%)97, fwd-end-chkpnt: 1
> (0%)97, prepare-dsn: 1 (0%)97, main_log_entry: 4 (2%)99, update_snmp:
> 2 (1%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100,
> unlink-2-files: 0 (0%)100, rundown: 0 (0%)100 Nov 8 16:10:08 mail
> postfix/smtpd[30205]: disconnect from unknown[94.20.38.50]
>
>
> What I understand is:
>
> - The sending host connected and postfix accepted the mail
> - postfix passed the message to amavis
> - who found a banned file
> - and tried to notify someone.
>
> But it's not clear to me who it tried to notify. I don't want it
> trying to notify the sender because this (was in this case and almost
> always) is a virus. I don't really want it notifying me
> (postmaster at myserverdomain.net) because that's where the mail was
> quarantined anyway.
>
> Who is it trying to notify and why? And how do I turn it off?
>
> Thanks.
>
> Simon
>
>
More information about the amavis-users
mailing list