PRoblems receiving mail

2 views
Skip to first unread message

The Doctor

unread,
Apr 10, 2007, 10:52:45 AM4/10/07
to
We are having problems receiving mail from large e-mail hosting companies
such as Yahoo, Hotmail, Bell Canada, Telus , Shaw and maybe other.

I hae used sendmail 8.13.8 and 8.14.1 and the problem is
ever-present.

Here is a snippet from my logs of an e-mail
that was supposed to go to me and never got to me:

Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<>, size=5575, class=0, nrcpts=1, msgid=<msgid>, proto=SMTP, daemon=MTA, relay=incomingmailserver [IP of incoming Mail Server]
Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <>
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean


What is needed to resolve the problem so that all mail can make it through?
--
Member - Liberal International
This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

Steve

unread,
Apr 10, 2007, 6:22:29 PM4/10/07
to
On Tue, 10 Apr 2007 14:52:45 +0000, The Doctor wrote:

> We are having problems receiving mail from large e-mail hosting companies
> such as Yahoo, Hotmail, Bell Canada, Telus , Shaw and maybe other.
>
> I hae used sendmail 8.13.8 and 8.14.1 and the problem is
> ever-present.
>
> Here is a snippet from my logs of an e-mail
> that was supposed to go to me and never got to me:
>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<>, size=5575, class=0, nrcpts=1, msgid=<msgid>, proto=SMTP, daemon=MTA, relay=incomingmailserver [IP of incoming Mail Server]
> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean
>
>
> What is needed to resolve the problem so that all mail can make it through?

Are you filtering on blank from: addresses??

PS. Clamav's at 0.90.1 now (:

The Doctor

unread,
Apr 10, 2007, 8:16:34 PM4/10/07
to
In article <pan.2007.04.10....@yobank.com>,

Not that I know of, still I removed in e-mailaddress
from theis example :-~

>PS. Clamav's at 0.90.1 now (:
>


Tried it and it backfired.

jma...@ttec.com

unread,
Apr 10, 2007, 9:22:52 PM4/10/07
to
On Apr 10, 10:52 am, doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> We are having problems receiving mail from large e-mail hosting companies
> such as Yahoo, Hotmail, Bell Canada, Telus , Shaw and maybe other.
>
> I hae used sendmail 8.13.8 and 8.14.1 and the problem is
> ever-present.
>
> Here is a snippet from my logs of an e-mail
> that was supposed to go to me and never got to me:
>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<>, size=5575, class=0, nrcpts=1, msgid=<msgid>, proto=SMTP, daemon=MTA, relay=incomingmailserver [IP of incoming Mail Server]
> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean
>
> What is needed to resolve the problem so that all mail can make it through?

More information, please post everything in the logs that matches
either the sendmail pid 1728 or the queue id l3721wnV001728

Please avoid munging if possible.

The Doctor

unread,
Apr 11, 2007, 8:46:38 AM4/11/07
to
In article <1176254572....@l77g2000hsb.googlegroups.com>,

As requested:

doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep l3721wnV001728
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<attilah...@yahoo.com>, size=5575, class=0, nrcpts=1, msgid=<880173....@web34508.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <attilah...@yahoo.com>


Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean

doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep 1728
Apr 6 20:01:58 doctor sendmail[1728]: NOQUEUE: connect from web34508.mail.mud.yahoo.com [66.163.178.174]
Apr 6 20:01:58 doctor sendmail[1728]: AUTH warning: no mechanisms
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<attilah...@yahoo.com>, size=5575, class=0, nrcpts=1, msgid=<880173....@web34508.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <attilah...@yahoo.com>


Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean

Steve

unread,
Apr 12, 2007, 2:05:23 AM4/12/07
to
On Wed, 11 Apr 2007 12:46:38 +0000, The Doctor wrote:

> As requested:
>
> doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep l3721wnV001728
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<attilah...@yahoo.com>, size=5575, class=0, nrcpts=1, msgid=<880173....@web34508.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <attilah...@yahoo.com>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean
> doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep 1728
> Apr 6 20:01:58 doctor sendmail[1728]: NOQUEUE: connect from web34508.mail.mud.yahoo.com [66.163.178.174]
> Apr 6 20:01:58 doctor sendmail[1728]: AUTH warning: no mechanisms
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: from=<attilah...@yahoo.com>, size=5575, class=0, nrcpts=1, msgid=<880173....@web34508.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean message from <attilah...@yahoo.com>
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add: header: X-Virus-Status: Clean

Are you running any other milters after clamav?

I do know that clam av released a main database update a couple of days
ago, which means a 6MB upgrade for 0.8x clients, although from your logs
it looks like the clamav stuff is completed and happy.

Would it be worth upping the debug level ( -d... ) for a bit to find out
exactly what's happening in sendmail?

The Doctor

unread,
Apr 12, 2007, 11:32:33 AM4/12/07
to
In article <pan.2007.04.12....@yobank.com>,

MailScanner, spam-assassin and clamav .

>
>I do know that clam av released a main database update a couple of days
>ago, which means a 6MB upgrade for 0.8x clients, although from your logs
>it looks like the clamav stuff is completed and happy.

Upgraded every hour.

>
>Would it be worth upping the debug level ( -d... ) for a bit to find out
>exactly what's happening in sendmail?

Can this be implemented in the mc file?

The Doctor

unread,
Apr 12, 2007, 1:03:02 PM4/12/07
to

Steve

unread,
Apr 12, 2007, 5:44:54 PM4/12/07
to
On Thu, 12 Apr 2007 17:03:02 +0000, The Doctor wrote:

>>Would it be worth upping the debug level ( -d... ) for a bit to find out
>>exactly what's happening in sendmail?
>
> Can this be implemented in the mc file?

Usually in /etc/init.d/sendmail

The Doctor

unread,
Apr 12, 2007, 6:42:28 PM4/12/07
to

THis BSD Box have no /etc/init.d facility.

patrick

unread,
Apr 12, 2007, 7:00:42 PM4/12/07
to
In news:evmckk$c9r$2...@gallifrey.nk.ca,
The Doctor <doc...@doctor.nl2k.ab.ca> wrote:

>> Usually in /etc/init.d/sendmail
>
> THis BSD Box have no /etc/init.d facility.

<sigh> /etc/rc.d/sendmail

The Doctor

unread,
Apr 12, 2007, 10:09:43 PM4/12/07
to
In article <587s10F...@mid.individual.net>,

Sorry this BSD Box only has /etc/rc and /etc/rc.local .

patrick

unread,
Apr 12, 2007, 11:26:14 PM4/12/07
to
In news:evmop7$kv5$7...@gallifrey.nk.ca,
The Doctor <doc...@doctor.nl2k.ab.ca> wrote:

>>>> Usually in /etc/init.d/sendmail
>>>
>>> THis BSD Box have no /etc/init.d facility.
>>
>> <sigh> /etc/rc.d/sendmail
>
> Sorry this BSD Box only has /etc/rc and /etc/rc.local .

How much hand-holding do you actually need?

grep -rl sendmail /etc/*

The Doctor

unread,
Apr 13, 2007, 10:02:29 AM4/13/07
to
In article <588bisF...@mid.individual.net>,

Enough messing around. which -d option? -d0.14 ?

Bill Cole

unread,
Apr 13, 2007, 11:10:45 AM4/13/07
to
In article <evo2hl$p4d$1...@gallifrey.nk.ca>,
doc...@doctor.nl2k.ab.ca (The Doctor) wrote:

> In article <588bisF...@mid.individual.net>,
> patrick <pt,ri....@stratrev.corn> wrote:
> >In news:evmop7$kv5$7...@gallifrey.nk.ca,
> >The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> >
> >>>>> Usually in /etc/init.d/sendmail
> >>>>
> >>>> THis BSD Box have no /etc/init.d facility.
> >>>
> >>> <sigh> /etc/rc.d/sendmail
> >>
> >> Sorry this BSD Box only has /etc/rc and /etc/rc.local .
> >
> >How much hand-holding do you actually need?
> >
> > grep -rl sendmail /etc/*
>
> Enough messing around. which -d option? -d0.14 ?

I'd suggest -d10-13.9 but be prepared for a lot of information (i.e.
this is not for a high volume production system...)

--
Now where did I hide that website...

The Doctor

unread,
Apr 13, 2007, 3:04:04 PM4/13/07
to
In article <bill-734FEC.1...@news.det.sbcglobal.net>,

Assuming high volume production system what then?

Bill Cole

unread,
Apr 13, 2007, 3:15:36 PM4/13/07
to
In article <evok74$dgl$1...@gallifrey.nk.ca>,
doc...@doctor.nl2k.ab.ca (The Doctor) wrote:

> In article <bill-734FEC.1...@news.det.sbcglobal.net>,
> Bill Cole <bi...@scconsult.com> wrote:
> >In article <evo2hl$p4d$1...@gallifrey.nk.ca>,
> > doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> >
> >> In article <588bisF...@mid.individual.net>,
> >> patrick <pt,ri....@stratrev.corn> wrote:
> >> >In news:evmop7$kv5$7...@gallifrey.nk.ca,
> >> >The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> >> >
> >> >>>>> Usually in /etc/init.d/sendmail
> >> >>>>
> >> >>>> THis BSD Box have no /etc/init.d facility.
> >> >>>
> >> >>> <sigh> /etc/rc.d/sendmail
> >> >>
> >> >> Sorry this BSD Box only has /etc/rc and /etc/rc.local .
> >> >
> >> >How much hand-holding do you actually need?
> >> >
> >> > grep -rl sendmail /etc/*
> >>
> >> Enough messing around. which -d option? -d0.14 ?
> >
> >I'd suggest -d10-13.9 but be prepared for a lot of information (i.e.
> >this is not for a high volume production system...)
> >
>
> Assuming high volume production system what then?

How broken is this?

If every message is failing, then you do not have a high volume
production system, you have a mail sink where you want a high volume
production system. Nothing is lost by clobbering performance and chewing
up storage.

If 0.1% of messages are failing on a machine getting tens or hundreds of
thousands messages/day, you have a hard question. If you have ample
disk space and CPU to spare, maybe you can get away with heavy
debugging. It's a judgment call.

The Doctor

unread,
Apr 13, 2007, 10:16:42 PM4/13/07
to
In article <bill-1A1FD0.1...@news.det.sbcglobal.net>,

Getting back to the question at hand:

egrep tist\@yahoo /var/log/maillog
Apr 13 15:59:16 doctor doctor[28]: clamav-milter[22800]: clamfi_envfrom: <attilah...@yahoo.com>
Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: from=<attilah...@yahoo.com>, size=6624, class=0, nrcpts=1, msgid=<677131....@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34506.mail.mud.yahoo.com [66.163.178.172]
Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: clamfi_header: From: Attila Hypnotist <attilah...@yahoo.com>
Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: l3DLxFrL009110: clean message from <attilah...@yahoo.com>

And pid 9100 gives us:

Apr 13 15:59:15 doctor sendmail[9110]: NOQUEUE: connect from web34506.mail.mud.yahoo.com [66.163.178.172]
Apr 13 15:59:15 doctor sendmail[9110]: AUTH warning: no mechanisms
Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: from=<attilah...@yahoo.com>, size=6624, class=0, nrcpts=1, msgid=<677131....@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34506.mail.mud.yahoo.com [66.163.178.172]
Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: l3DLxFrL009110: clean message from <attilah...@yahoo.com>
Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: Milter add: header: X-Virus-Status: Clean

patrick

unread,
Apr 14, 2007, 12:35:35 PM4/14/07
to
In news:evpdia$5id$8...@gallifrey.nk.ca,
The Doctor <doc...@doctor.nl2k.ab.ca> wrote:

>> Now where did I hide that website...
>
> Getting back to the question at hand:

And that is ... what? Your continual posting of unrelated snippets does
_nothing_ to clarify your question or address the solutions offered.

Bill Cole

unread,
Apr 14, 2007, 1:12:05 PM4/14/07
to
In article <evpdia$5id$8...@gallifrey.nk.ca>,
doc...@doctor.nl2k.ab.ca (The Doctor) wrote:

Which does not include debug info, and so is no more help than before.

I also realize now that I forgot some important things about using -d
flags on a daemon. It's really not a great idea. I should not have
suggested it. It can break clients directly that are not adequately
permissive.

You will find a safer way to deeper details from adjusting the LogLevel
up in sendmail.cf. You also want to make sure your syslog config is
sending mail.* somewhere (not just mail.info, which is a common
practice.)

The Doctor

unread,
Apr 14, 2007, 9:07:40 PM4/14/07
to
In article <bill-302ED8.1...@news.det.sbcglobal.net>,

No problem. I have the LogLevel set at 14.

How far up should it be?

jma...@ttec.com

unread,
Apr 14, 2007, 9:55:09 PM4/14/07
to
On Apr 14, 9:07 pm, doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> In article <bill-302ED8.13120514042...@news.det.sbcglobal.net>,
> Bill Cole <b...@scconsult.com> wrote:
>
>
>
> >In article <evpdia$5i...@gallifrey.nk.ca>,
> > doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
>
> >> In article <bill-1A1FD0.15153613042...@news.det.sbcglobal.net>,
> >> Bill Cole <b...@scconsult.com> wrote:
> >> >In article <evok74$dg...@gallifrey.nk.ca>,
> >> > doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
>
> >> >> In article <bill-734FEC.11104513042...@news.det.sbcglobal.net>,
> >> >> Bill Cole <b...@scconsult.com> wrote:
> >> >> >In article <evo2hl$p4d...@gallifrey.nk.ca>,
> >> >> > doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
>
> >> >> >> In article <588bisF2faev...@mid.individual.net>,
> >> >> >> patrick <pt,ri....@stratrev.corn> wrote:
> >> >> >> >Innews:evmop7$kv5$7...@gallifrey.nk.ca,
> >> <attilahypnot...@yahoo.com>

> >> Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110:
> >> from=<attilahypnot...@yahoo.com>, size=6624, class=0, nrcpts=1,
> >> msgid=<677131.22658...@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA,

> >> relay=web34506.mail.mud.yahoo.com [66.163.178.172]
> >> Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: clamfi_header: From:
> >> Attila Hypnotist <attilahypnot...@yahoo.com>

> >> Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: l3DLxFrL009110:
> >> clean message from <attilahypnot...@yahoo.com>

>
> >> And pid 9100 gives us:
>
> >> Apr 13 15:59:15 doctor sendmail[9110]: NOQUEUE: connect from
> >> web34506.mail.mud.yahoo.com [66.163.178.172]
> >> Apr 13 15:59:15 doctor sendmail[9110]: AUTH warning: no mechanisms
> >> Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110:
> >> from=<attilahypnot...@yahoo.com>, size=6624, class=0, nrcpts=1,
> >> msgid=<677131.22658...@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA,

> >> relay=web34506.mail.mud.yahoo.com [66.163.178.172]
> >> Apr 13 15:59:17 doctor doctor[28]: clamav-milter[22800]: l3DLxFrL009110:
> >> clean message from <attilahypnot...@yahoo.com>

> >> Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: Milter add: header:
> >> X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on
> >> doctor.nl2k.ab.ca
> >> Apr 13 15:59:17 doctor sendmail[9110]: l3DLxFrL009110: Milter add: header:
> >> X-Virus-Status: Clean
>
> >Which does not include debug info, and so is no more help than before.
>
> >I also realize now that I forgot some important things about using -d
> >flags on a daemon. It's really not a great idea. I should not have
> >suggested it. It can break clients directly that are not adequately
> >permissive.
>
> >You will find a safer way to deeper details from adjusting the LogLevel
> >up in sendmail.cf. You also want to make sure your syslog config is
> >sending mail.* somewhere (not just mail.info, which is a common
> >practice.)
>
> No problem. I have the LogLevel set at 14.
>
> How far up should it be?

That should be far enough. Can you post your sendmail.mc sans
comments?

Also, check your queue directories for this queue id.

debian's sendmail allow you to set a debug output file, which is much
safer than the standard out, which cant be used on the smtp daemon.


Bill Cole

unread,
Apr 14, 2007, 10:30:16 PM4/14/07
to
In article <evrtss$brk$2...@gallifrey.nk.ca>,
doc...@doctor.nl2k.ab.ca (The Doctor) wrote:


That very much depends on what the problem is. 14 clearly isn't showing
you enough to figure out the problem. 40 might. 99 might not. I would
start at 20 and bump it up by 10 at a time as needed until the failure
stands out in the logs.

Kees Theunissen

unread,
Apr 15, 2007, 4:43:47 AM4/15/07
to
Let's go back to basics. I've seen too much messages in this thread
focusing on raising the sendmail log level, while the general picture
isn't clear (at least not to me).

The quoted text above shows a message arriving and being scanned for
viruses by clamav milter. At this stage sendmail is supposed to have
queued the message.

>> Are you running any other milters after clamav?
>
> MailScanner, spam-assassin and clamav .

Mailscanner will poccess the mail queue and handle each message,
probably launching spamassassin to do the spam detection. Afterwards
mailscanner will hand over the message to sendmail again, via a
separate mail queue, for final delivery.

Why is everybody focusing on the first stage of the whole process,
the arrival of the message, and not on the filtering by mailscanner/
spamassassin?
What is mailscanner doing with detected spam?
-- bounching? (a very bad thing to do in my opinion)
-- silently dropping? (also bad)
-- dropping with recipient notification?
-- quarantine with recipient notification?
-- mark as spam and deliver?

Could this message be a false positive of mailscanner/spamassassin?
The spam filter is the first place where I would look when messages
were arriving at my server but not being delivered.

Regards,

Kees.

--
Kees Theunissen.

The Doctor

unread,
Apr 15, 2007, 10:11:50 AM4/15/07
to
In article <1176602109.0...@w1g2000hsg.googlegroups.com>,

I use bsd.

The mc file:


include(`../m4/cf.m4')
VERSIONID(`@(#)BSDI bsdi.mc,v 1.5 1998/06/02 21:28:12 polk Exp')dnl
OSTYPE(`bsdi')dnl
DOMAIN(`generic')dnl
FEATURE(relay_entire_domain)
FEATURE(relay_based_on_MX)
FEATURE(access_db)
FEATURE(blacklist_recipients)
FEATURE(use_cw_file)
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 Mail refused - "$&{client_name}" listed by Spamhaus DNSBL (http://www.spamhaus.org)"', `')dnl
dnl ## FEATURE(`dnsbl', `l1.spews.dnsbl.sorbs.net', `"550 5.7.1 Mail refused - "$&{client_name}" listed by SPEWS DNSBL (http://www.spews.org/)"', `')dnl
FEATURE(`dnsbl', `list.dsbl.org', `"550 5.7.1 Mail refused - "$&{client_name}" listed by dsbl.org DNSBL (http://dsbl.org/)"', `')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"550 5.7.1 Mail refused - "$&{client_addr}" listed by njabl DNSBL (http://njabl.org/)"', `')dnl
FEATURE(`dnsbl', `multi.surbl.org', `"550 5.7.1 Mail refused - "$&{client_addr}" listed by SURBL DNSBL (http://www.surbl.org/)"', `')dnl
FEATURE(dnsbl,`flowgoaway.com',`Flowgoaway Spam - see http://www.flowgoaway.com')dnl
FEATURE(`enhdnsbl', `multi.uribl.com', `"Spam blocked see: http://lookup.uribl.com/?"$&{client_addr}', `t')dnl

define(`confPRIVACY_FLAGS', `goaway,noetrn,nobodyreturn,noreceipts')dnl
define(`confTO_INITIAL', `1d')dnl
define(`confTO_COMMAND', `1d')dnl
define(`confTO_IDENT', `0s')dnl
define(`confMAX_DAEMON_CHILDREN', `256')dnl enlarge if it's required
define(`confCONNECTION_RATE_THROTTLE', `100')dnl enlarge if it's required
define(`confBAD_RCPT_THROTTLE', `10')dnl Sendmail v8.12+
FEATURE(`greet_pause', `500')dnl Sendmail v8.13+

define(`confTO_QUEUERETURN', 24h)
define(`confTO_QUEUEWARN', 12h)
define(`confREFUSE_LA',10)
define(`confDELAY_LA',10)
define(`confMAX_HEADERS_LENGTH',65536)dnl

define(`confMAX_MESSAGE_SIZE',20000000)
define(`SMTP_MAILER_MAX',20000000)

define(`LUSER_RELAY', ``local:spam'')

define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`CERT_DIR', `/etc/mail/CA')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mail.nk.ca.crt')dnl
define(`confSERVER_KEY', `CERT_DIR/ns1.cert.key')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/client.cert.crt')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/client.cert.key')dnl
dnl define(`confSERVER_CERT', `CERT_DIR/newcert.pem')dnl
dnl define(`confSERVER_KEY', `CERT_DIR/newreq.pem')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/newcert.pem')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/newreq.pem')dnl
dnl define(`confCRL', `CERT_DIR/crl.pem')dnl

define(`confLOG_LEVEL', `14')dnl

FEATURE(`delay_checks',`friend')dnl

define(`confDONT_BLAME_SENDMAIL',`groupwritabledirpathsafe')

FEATURE(mailertable)
FEATURE(virtusertable)
define(`VIRTUSER_CLASS', `T')
define(`VIRTUSER_ERR_NOUSER', 1)

FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Name=MTA')
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')

MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)dnl

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/smf-sav/smf-sav.sock, T=S:30s;R:4m')dnl

define(`PROCMAIL_MAILER_ARGS', `procmail -m $h $g $u')dnl
define(`PROCMAIL_MAILER_FLAGS', `mSDFMhun')dnl

define(`_FFR_MILTER', `1')dnl

define(`confLOG_LEVEL', `14')dnl

define(`confMILTER_LOG_LEVEL', 14)dnl

define(`_FFR_MILTER', `1')dnl

define(`confMILTER_LOG_LEVEL', 9)dnl

define(`_FFR_MILTER', `1')dnl

define(`confLOG_LEVEL', `14')dnl

define(
`confMILTER_MACROS_CONNECT', `j, _, {daemon_name}, {if_name}, '
`{if_addr}, {client_addr}, {client_name}, {client_port}, {client_resolve}'
)dnl

define(
`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT`,
{client_addr}, {client_name}, {client_port}, {client_resolve}'
)dnl
define(
`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`,
{verify}'
)dnl

define(`_FFR_MILTER', `1')dnl

define(`_FFR_MILTER', `1')dnl

define(`MILTER', 1)


define(`MILTER', 1)

define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM`, {msg_size}')

define(`_FFR_MILTER',`true')
INPUT_MAIL_FILTER(`clamav', `S=local:/var/lib/clamav-milter/socket, F=, T=S:4m;R:4m')dnl
define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

LOCAL_CONFIG
FT/etc/sendmail.cT

LOCAL_RULE_0
HSubject: $>local_check_header
HSUJBECT: $>local_check_header
D{NoSubjectMessage}"553 This message may contain No Subject Header, and thus has been rejected. Please resubmit your e-mail with a subject header. Please email postmaster@$j if you have questions."
D{MelissaMessage}"553 This message may contain the Melissa virus, and thus has been rejected. Please email postmaster@$j if you have questions."
D{HostileVirusMessage}"553 This message may contain the Gibe/Swen virus, and thus has been rejected. Please email postmaster@$j if you have questions. Also fix your Windows and/or call in the police"
D{AdultSpamMessage}"553 This message contain Offensive content, and thus has been rejected. Your postmaster and the authority have been notified."

SLocal_check_rcpt

Slocal_check_header

HFrom: $> NoBogusFromHeaders

SNoBogusFromHeaders
R$* $: $&{currHeader}
R$* $+@$+ $* $: $2@$3
R$+@$+ $#OK
R$* $#error $@ 5.7.1 $: "550 Sorry, we prefer to know who is emailing us."


LOCAL_CONFIG
HSubject: $>Check_Subject

LOCAL_RULESETS
SCheck_Subject
R $* got one VoiceMessage! $#error $@ 5.7.1 $: "Subject rejected"
R $* worry, be happy! $#error $@ 5.7.1 $: "Subject rejected"
R $* $@OK


dnl ## AntiSircam Setup

LOCAL_RULESETS

Kchkcontent regex -a@REJ Outlook_Express_message_boundary
HContent-Type: $>CheckContent
SCheckContent
R$* $: $(chkcontent $&{currHeader} $)
R@REJ $#error $: "553 Delivery Blocked --- Sircam virus detected"

dnl # HACKs


HACK(check_local_patterns)dnl

HACK(`check_header', `Received', `HRC', `', `parse_received', `+header', `!general')dnl
HACK(`check_header', `X-Spam-Again', `HSA', `match_all')dnl
HACK(`check_header', `From', `HFR', `', `parse_address', `+header')dnl
HACK(`check_header', `To', `HTO', `', `parse_address', `+toheader')dnl
HACK(`check_header', `Message-Id', `MIFORMAT,MIACCESS,MIDNS', `test_message_id',`parse_message_id', `+header', `!general', `dns_message_id')dnl
HACK(`check_header_end', `opt Spam_header_tag', `opt initial_hc_switch_value', `opt bogusdomain_resolve_matchclass')dnl

HACK(reject_bad_from)dnl

MAILER(procmail)dnl
LOCAL_CONFIG
CPprocmail
LOCAL_RULESETS

LOCAL_RULE_0
R$* < @ $=w > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=w. > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=R > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=R. > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @$* .procmail. > $* $1<@$2.>$3 Already filtered, map to original address

The Doctor

unread,
Apr 15, 2007, 10:12:21 AM4/15/07
to
In article <bill-71610C.2...@news.det.sbcglobal.net>,


Already set to 40. Let's see.

The Doctor

unread,
Apr 15, 2007, 11:33:21 AM4/15/07
to
In article <evtbs5$pbg$2...@gallifrey.nk.ca>,

And we get:

Apr 15 06:10:34 doctor sendmail[3046]: l3FC9Adl002221: to=root, delay=00:01:06,
xdelay=00:00:00, mailer=local, pri=129261, dsn=2.0.0, stat=Sent
Apr 15 08:01:19 doctor sendmail[29261]: NOQUEUE: connect from web34503.mail.mud.yahoo.com [66.163.178.169]
Apr 15 08:01:19 doctor sendmail[29261]: AUTH: available mech=OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: --- 220 doctor.nl2k.ab.ca ESMTP Sendmail 8.14.1/8.14.1; Sun, 15 Apr 2007 08:01:19 -0600 (MDT)
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: <-- HELO web34503.mail.mud.yahoo.com
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: --- 250 doctor.nl2k.ab.ca Hello web34503.mail.mud.yahoo.com [66.163.178.169], pleased to meet you
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: <-- MAIL FROM:<attilah...@yahoo.com>
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: --- 250 2.1.0 <attilah...@yahoo.com>... Sender ok
Apr 15 08:01:19 doctor sendmail[29261]: l3FE1J0Y029261: <-- RCPT TO:<ro...@doctor.nl2k.ab.ca>
Apr 15 08:01:20 doctor sendmail[29261]: l3FE1J0Y029261: --- 250 2.1.5 <ro...@doctor.nl2k.ab.ca>... Recipient ok
Apr 15 08:01:20 doctor sendmail[29261]: l3FE1J0Y029261: <-- DATA
Apr 15 08:01:20 doctor sendmail[29261]: l3FE1J0Y029261: --- 354 Enter mail, end
with "." on a line by itself
Apr 15 08:01:20 doctor sendmail[29261]: l3FE1J0Y029261: from=<attilah...@yahoo.com>, size=13697, class=0, nrcpts=1, msgid=<176141....@web34503.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34503.mail.mud.yahoo.com [66.163.178.169]
Apr 15 08:01:21 doctor clamav-milter[870]: l3FE1J0Y029261: clean message from <attilah...@yahoo.com>
Apr 15 08:01:21 doctor sendmail[29261]: l3FE1J0Y029261: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 15 08:01:21 doctor sendmail[29261]: l3FE1J0Y029261: Milter add: header: X-Virus-Status: Clean
Apr 15 08:01:21 doctor sendmail[29261]: l3FE1J0Y029261: --- 250 2.0.0 l3FE1J0Y029261 Message accepted for delivery
Apr 15 08:01:21 doctor sendmail[29261]: l3FE1J0Z029261: <-- QUIT
Apr 15 08:01:21 doctor sendmail[29261]: l3FE1J0Z029261: --- 221 2.0.0 doctor.nl2k.ab.ca closing connection

Bill Cole

unread,
Apr 15, 2007, 12:26:50 PM4/15/07
to
In article <evtgk1$t2n$1...@gallifrey.nk.ca>,
doc...@doctor.nl2k.ab.ca (The Doctor) wrote:

That's every line with 'l3FE1J0Z029261' in it?

Did you confirm that your syslog configuration is writing out mail.debug
messages to that log as well?

One thing this nails down with certainty (because the entire SMTP chat
is logged) is that you are accepting the message. If the messages are
not piling up in /var/spool/mqueue, it seems that the culprit would have
to be your local delivery agent, which a previous post indicates is
procmail. Not having used procmail as a local delivery agent in almost a
decade, I can't assist with that.

The Doctor

unread,
Apr 15, 2007, 3:55:53 PM4/15/07
to
In article <bill-3225AF.1...@news.det.sbcglobal.net>,

Yes.

>
>Did you confirm that your syslog configuration is writing out mail.debug
>messages to that log as well?

Yes.

>
>One thing this nails down with certainty (because the entire SMTP chat
>is logged) is that you are accepting the message. If the messages are
>not piling up in /var/spool/mqueue, it seems that the culprit would have
>to be your local delivery agent, which a previous post indicates is
>procmail. Not having used procmail as a local delivery agent in almost a
>decade, I can't assist with that.

I have not changed procmail in some time.

>
>--
>Now where did I hide that website...

The Doctor

unread,
Apr 15, 2007, 8:32:10 PM4/15/07
to
In article <evu009$ajp$1...@gallifrey.nk.ca>,

Here is /etc/procmailrc


DROPPRIVS=yes
:0fw
| /usr/contrib/bin/spamassassin
:0
* ^X-Spam-Status: Yes
$HOME/spam
:0 w
! -oi -f "$@"

jma...@ttec.com

unread,
Apr 15, 2007, 9:03:54 PM4/15/07
to
On Apr 15, 4:43 am, Kees Theunissen <theun...@rijnh.nl> wrote:
> The Doctor wrote:
> > In article <pan.2007.04.12.06.05.18.119...@yobank.com>,

> > Steve <s...@yobank.com> wrote:
> >> On Wed, 11 Apr 2007 12:46:38 +0000, The Doctor wrote:
>
> >>> As requested:
>
> >>> doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep l3721wnV001728
> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728:
> >> from=<attilahypnot...@yahoo.com>, size=5575, class=0, nrcpts=1,
> >> msgid=<880173.93559...@web34508.mail.mud.yahoo.com>, proto=SMTP,

> >> daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
> >>> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean
> >> message from <attilahypnot...@yahoo.com>

> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add:
> >> header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version
> >> 0.88.7 on doctor.nl2k.ab.ca
> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add:
> >> header: X-Virus-Status: Clean
> >>> doctor.nl2k.ab.ca/~/News$gzcat /var/log/maillog.4.gz | egrep 1728
> >>> Apr 6 20:01:58 doctor sendmail[1728]: NOQUEUE: connect from
> >> web34508.mail.mud.yahoo.com [66.163.178.174]
> >>> Apr 6 20:01:58 doctor sendmail[1728]: AUTH warning: no mechanisms
> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728:
> >> from=<attilahypnot...@yahoo.com>, size=5575, class=0, nrcpts=1,
> >> msgid=<880173.93559...@web34508.mail.mud.yahoo.com>, proto=SMTP,

> >> daemon=MTA, relay=web34508.mail.mud.yahoo.com [66.163.178.174]
> >>> Apr 6 20:02:00 doctor clamav-milter[805]: l3721wnV001728: clean
> >> message from <attilahypnot...@yahoo.com>

> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add:
> >> header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version
> >> 0.88.7 on doctor.nl2k.ab.ca
> >>> Apr 6 20:02:00 doctor sendmail[1728]: l3721wnV001728: Milter add:
> >> header: X-Virus-Status: Clean
>
> Let's go back to basics. I've seen too much messages in this thread
> focusing on raising the sendmail log level, while the general picture
> isn't clear (at least not to me).
>
> The quoted text above shows a message arriving and being scanned for
> viruses by clamav milter. At this stage sendmail is supposed to have
> queued the message.

Check the queue directory for qf Qf df Df queueid files.

Please post sendmail.mc sans comments like so

grep -v '^dnl' < sendmail.mc

In any event, the sendmail log doesnt include lines with stat=sent or
similar, so thats suspicous.

I would suggest ensuring that SuperSafe is not set to postmilter,
there is the chance that sendmail is crashing between the SMTP . and
quit and the postmilter queue sync up.

Also milter has its own log level - try increasing that.


The Doctor

unread,
Apr 15, 2007, 10:26:03 PM4/15/07
to
In article <1176685434.4...@y80g2000hsf.googlegroups.com>,

I will look at clamav-milter to see how to do that.

Right with the log level set to 95 we get:

Apr 15 19:43:06 doctor sendmail[19406]: l3G1h630019406: assigned id
Apr 15 19:43:06 doctor sendmail[19406]: NOQUEUE: connect from web34506.mail.mud.yahoo.com [66.163.178.172]
Apr 15 19:43:06 doctor sendmail[19406]: AUTH: available mech=OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: --- 220 doctor.nl2k.ab.ca ESMTP Sendmail 8.14.1/8.14.1; Sun, 15 Apr 2007 19:43:06 -0600 (MDT)
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: <-- HELO web34506.mail.mud.yahoo.com
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: --- 250 doctor.nl2k.ab.ca Hello web34506.mail.mud.yahoo.com [66.163.178.172], pleased to meet you
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: <-- MAIL FROM:<attilah...@yahoo.com>
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: --- 250 2.1.0 <attilah...@yahoo.com>... Sender ok
Apr 15 19:43:07 doctor sendmail[19406]: l3G1h630019406: <-- RCPT TO:<ro...@doctor.nl2k.ab.ca>
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 250 2.1.5 <ro...@doctor.nl2k.ab.ca>... Recipient ok
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: <-- DATA
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 354 Enter mail, end


with "." on a line by itself

Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: from=<attilah...@yahoo.com>, size=2574, class=0, nrcpts=1, msgid=<620282....@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34506.mail.mud.yahoo.com [66.163.178.172]
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: l3G1h630019406: clean message from <attilah...@yahoo.com>
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: Milter add: header: X-Virus-Status: Clean
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 250 2.0.0 l3G1h630019406 Message accepted for delivery
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: dropenvelope, e_flags=0x4604042, OpMode=d, pid=19406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: unlock
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: assigned id
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: <-- QUIT
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: --- 221 2.0.0 doctor.nl2k.ab.ca closing connection
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: disconnect level 1
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: in background, pid=19406Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: dropenvelope, e_flags=0x4001, OpMode=d, pid=19406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: unlock
Apr 15 19:43:08 doctor sendmail[19406]: NOQUEUE: finis, pid=19406

As for the mc file:


include(`../m4/cf.m4')
VERSIONID(`@(#)BSDI bsdi.mc,v 1.5 1998/06/02 21:28:12 polk Exp')dnl
OSTYPE(`bsdi')dnl
DOMAIN(`generic')dnl


FEATURE(relay_entire_domain)
FEATURE(relay_based_on_MX)
FEATURE(access_db)
FEATURE(blacklist_recipients)
FEATURE(use_cw_file)
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 5.7.1 Mail refused - "$&{client_name}" listed by Spamhaus DNSBL (http://www.spamhaus.org)"', `')dnl

define(`confLOG_LEVEL', `14')dnl



MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)dnl


define(`confMILTER_LOG_LEVEL', 14)dnl


define(`confMILTER_LOG_LEVEL', 9)dnl


define(`MILTER', 1)


define(`MILTER', 1)

LOCAL_CONFIG
FT/etc/sendmail.cT

LOCAL_RULE_0

SLocal_check_rcpt

Slocal_check_header

HFrom: $> NoBogusFromHeaders


LOCAL_CONFIG
HSubject: $>Check_Subject

LOCAL_RULESETS

Kchkcontent regex -a@REJ Outlook_Express_message_boundary
HContent-Type: $>CheckContent
SCheckContent
R$* $: $(chkcontent $&{currHeader} $)
R@REJ $#error $: "553 Delivery Blocked --- Sircam virus detected"

HACK(check_local_patterns)dnl

HACK(`check_header', `Received', `HRC', `', `parse_received', `+header', `!general')dnl
HACK(`check_header', `X-Spam-Again', `HSA', `match_all')dnl
HACK(`check_header', `From', `HFR', `', `parse_address', `+header')dnl
HACK(`check_header', `To', `HTO', `', `parse_address', `+toheader')dnl
HACK(`check_header', `Message-Id', `MIFORMAT,MIACCESS,MIDNS', `test_message_id',`parse_message_id', `+header', `!general', `dns_message_id')dnl
HACK(`check_header_end', `opt Spam_header_tag', `opt initial_hc_switch_value', `opt bogusdomain_resolve_matchclass')dnl

HACK(reject_bad_from)dnl

MAILER(procmail)dnl
LOCAL_CONFIG
CPprocmail
LOCAL_RULESETS

LOCAL_RULE_0
R$* < @ $=w > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=w. > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=R > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @ $=R. > $* $#procmail $@ /etc/mail/procmailrc $: $1<@$2.procmail.>$3
R$* < @$* .procmail. > $* $1<@$2.>$3 Already filtered, map to original address

The Doctor

unread,
Apr 16, 2007, 9:07:01 PM4/16/07
to
In article <evumrr$t2$1...@gallifrey.nk.ca>,

Just adding further for the maillog:

gzcat /var/log/maillog.0.gz | egrep 19\:43\:08
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_envrcpt: <ro...@doctor.nl2k.ab.ca>


Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 250 2.1.5 <ro...@doctor.nl2k.ab.ca>... Recipient ok
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: <-- DATA
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 354 Enter mail, end
with "." on a line by itself
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: from=<attilah...@yahoo.com>, size=2574, class=0, nrcpts=1, msgid=<620282....@web34506.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web34506.mail.mud.yahoo.com [66.163.178.172]

Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Received: (qmail 64784 invoked by uid 60001); 16 Apr 2007 01:39:11 -0000
Apr 15 19:43:08 doctor clamd[864]: Accepted connection on port 1447, fd 9
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;\n s=s1024; d=yahoo.com;\n h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;\n b=e4ALBjfaOBJvpXfEiNJlC5tTVgSpZkI/SFhQmN6o1VIoZv0hdSLbORH6y2BAjf9s9TSFAo2Vz1E/12NqicGulvWXuzkyJMBcsm1byENzcsVXWplcbPm1H32LC/AixKR3c0O5fVnztNQflUmLs1KXNUzCqMMxhYoiXNDtawLeskE=;
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: X-YMail-OSG: tFw96YgVM1mBtA9IEaDoaSt2pMc4t22lSAKdcfnUHJtWt8CSzrom8LaBnFCjpk3XjsZ_BxvfkaU5eaNgvKKjBiZYX51kilnhAF34ZEm1JGlldGDnbeQ-
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Received: from [24.70.95.204] by web34506.mail.mud.yahoo.com via HTTP; Sun, 15 Apr 2007
18:39:10 PDT
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Date: Sun, 15 Apr 2007 18:39:10 -0700 (PDT)
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: From: Attila Hypnotist <attilah...@yahoo.com>
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Subject:
Sunday night
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: To: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" <ro...@doctor.nl2k.ab.ca>
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: MIME-Version: 1.0
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Content-Type: multipart/alternative; boundary="0-584086310-1176687550=:63987"
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Content-Transfer-Encoding: 8bit
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_header: Message-ID: <620282....@web34506.mail.mud.yahoo.com>
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_eoh
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_envbody: 1534 bytes
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_eom
Apr 15 19:43:08 doctor clamd[864]: stream: OK
Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_eom: read stream: OK


Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: l3G1h630019406: clean message from <attilah...@yahoo.com>
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on doctor.nl2k.ab.ca
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: Milter add: header: X-Virus-Status: Clean
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 250 2.0.0 l3G1h630019406 Message accepted for delivery
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: dropenvelope, e_flags=0x4604042, OpMode=d, pid=19406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: unlock
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: assigned id
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: <-- QUIT
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: --- 221 2.0.0 doctor.nl2k.ab.ca closing connection
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: disconnect level 1
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: in background, pid=19406Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: dropenvelope, e_flags=0x4001, OpMode=d, pid=19406
Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: unlock

Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_close


Apr 15 19:43:08 doctor sendmail[19406]: NOQUEUE: finis, pid=19406

Could there be an issue with MailScanner?

jma...@ttec.com

unread,
Apr 16, 2007, 11:09:43 PM4/16/07
to
On Apr 16, 9:07 pm, doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> In article <evumrr$t...@gallifrey.nk.ca>,
>
> The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> >In article <1176685434.473890.217...@y80g2000hsf.googlegroups.com>,
> >jmai...@ttec.com <jmai...@ttec.com> wrote:

> >>Check the queue directory for qf Qf df Df queueid files.
>

> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: --- 250 2.0.0 l3G1h630019406 Message accepted for delivery
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: dropenvelope, e_flags=0x4604042, OpMode=d, pid=19406
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: queueup ./qfl3G1h630019406
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h630019406: unlock
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: assigned id
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: <-- QUIT
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: --- 221 2.0.0 doctor.nl2k.ab.ca closing connection
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: disconnect level 1
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: in background, pid=19406Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: dropenvelope, e_flags=0x4001, OpMode=d, pid=19406
> Apr 15 19:43:08 doctor sendmail[19406]: l3G1h631019406: unlock
> Apr 15 19:43:08 doctor doctor[28]: clamav-milter[10363]: clamfi_close
> Apr 15 19:43:08 doctor sendmail[19406]: NOQUEUE: finis, pid=19406


So is it in the queue or not?

> Could there be an issue with MailScanner?

Thats already been suggested.


Reply all
Reply to author
Forward
0 new messages