X-Amavis-Alert: BANNED, message contains x.com
Thomas Barth
tbarth at txbweb.de
Tue Jul 16 18:48:58 CEST 2024
Hello,
today a mail has been banned (false positive). It says message contains
x.com
X-Quarantine-ID: <gUr-nLm4MOSm>
X-Amavis-Alert: BANNED, message contains x.com
I couldnt find x.com in the mail body itself, but the mail had a zipfile
as an attachment. The zip file probably contains invoices.
I grepped for x.com in the config files, but I couldnt find a rule.
grep -nri "x.com" /etc/amavis/
/etc/amavis/conf.d/20-debian_defaults:123:# [ qr'^\.(Z|gz|bz2)$'
=> 0 ], # allow any in Unix-compressed
/etc/amavis/conf.d/20-debian_defaults:200:
#'clusternews at linuxnetworx.com' => -3.0,
In the journal:
Jul 16 14:55:07 mx2 amavis[578842]: (578842-12) Blocked BANNED (x.com)
{DiscardedInbound,Quarantined}, [209.85.128.42]:58456
[2a02:2455:17d4:d000:2d23:f49f:1017:f822] <user at fromexample.com> ->
<user at toexample.com>, quarantine: q/banned->
Jul 16 14:55:07 mx2 postfix/smtpd[582562]: proxy-accept: END-OF-MESSAGE:
250 2.7.0 Ok, discarded, id=578842-12 - BANNED: x.com; ...
Anyone have any idea what's going wrong here?
Thomas B
More information about the amavis-users
mailing list