Your message dated Fri, 3 Jul 2009 16:19:30 +0200
with message-id <[email protected]>
and subject line [AMaViS-user] amavisd-new 2.6.2-2 failure: PRESERVING EVIDENCE
in /var/lib/amavis/tmp/amavis-20090524T224325-13688 (fwd)
has caused the Debian Bug report #530614,
regarding amavisd-new 2.6.2-2 failure: PRESERVING EVIDENCE in
/var/lib/amavis/tmp/amavis-20090524T224325-13688
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
530614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530614
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amavsid-new
Version: 2.6.2-2
I am running amavsid-new on Debian Testing and spotted this in the logs
the other day:
May 25 10:32:21 p34 postfix/smtpd[997]: connect from
mail.zepter.ro[212.146.103.126]
May 25 10:32:30 p34 postfix/geoip[1001]: address[212.146.103.126] country[RO, Romania] result[strictcheckslvl2]
May 25 10:32:32 p34 postfix/policyd-weight[23698]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 (check from: .zepter. - helo: .zepter. - helo-domain: .zepter.) CL_HOSTNAME_MATCHES_FROM(DOMAIN)=-1.2; <client=mail.zepter.ro[212.146.103.126]> <helo=zepter.ro> <[email protected]> <[email protected]>; rate: -4.2
May 25 10:32:32 p34 postfix/policyd-weight[23698]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 (check from: .zepter. - helo: .zepter. - helo-domain: .zepter.) CL_HOSTNAME_MATCHES_FROM(DOMAIN)=-1.2; rate: -4.2; <client=mail.zepter.ro[212.146.103.126]> <helo=zepter.ro> <[email protected]> <[email protected]>; delay: 1s
May 25 10:32:35 p34 grossd: #9360f950: a=trust d=242 w=0 c=212.146.103.126 [email protected] [email protected] h=zepter.ro
May 25 10:32:35 p34 postfix/policy-spf[1003]: : SPF None (No applicable sender policy available): Envelope-from: [email protected]
May 25 10:32:35 p34 postfix/policy-spf[1003]: handler sender_policy_framework: is decisive.
May 25 10:32:35 p34 postfix/policy-spf[1003]: : Policy action=PREPEND Received-SPF: none (zepter.ro: No applicable sender policy available) receiver=my.internal.lan; identity=mfrom; envelope-from="[email protected]"; helo=zepter.ro; client-ip=212.146.103.126
May 25 10:32:35 p34 postfix/smtpd[997]: AC8134112: client=mail.zepter.ro[212.146.103.126]
May 25 10:32:36 p34 postfix/cleanup[1004]: AC8134112:
message-id=<[email protected]>
May 25 10:32:37 p34 postfix/qmgr[16923]: AC8134112:
from=<[email protected]>, size=160850, nrcpt=1 (queue active)
May 25 10:32:37 p34 postfix/smtpd[1009]: connect from
localhost.localdomain[127.0.0.1]
May 25 10:32:37 p34 postfix/smtpd[1009]: warning: Illegal address syntax from
localhost.localdomain[127.0.0.1] in MAIL command: [email protected]
May 25 10:32:37 p34 amavis[13688]: (13688-06) Negative SMTP resp. to DATA: 403
4.5.1 Error: need RCPT command
May 25 10:32:37 p34 postfix/smtpd[1009]: disconnect from
localhost.localdomain[127.0.0.1]
May 25 10:32:37 p34 amavis[13688]: (13688-06) (!)SEND via SMTP:
[email protected] ->
<[email protected]>,[email protected] 401 4.1.7
TempFailed, id=13688-06, from MTA([127.0.0.1]:10025): 401 4.1.7 Bad sender address syntax
May 25 10:32:37 p34 amavis[13688]: (13688-06) (!!)TROUBLE in check_mail:
quar+notif FAILED: temporarily unable to notify admin: 401 4.1.7 TempFailed,
id=13688-06, from MTA([127.0.0.1]:10025): 401 4.1.7 Bad sender address syntax
at /usr/sbin/amavisd-new line 12548.
May 25 10:32:37 p34 amavis[13688]: (13688-06) (!)PRESERVING EVIDENCE in
/var/lib/amavis/tmp/amavis-20090524T224325-13688
May 25 10:32:37 p34 postfix/lmtp[1005]: AC8134112: to=<[email protected]>,
relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=15/0/0/0.33, dsn=4.5.0,
status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing,
id=13688-06, quar+notif FAILED: temporarily unable to notify admin: 401 4.1.7
TempFailed, id=13688-06, from MTA([127.0.0.1]:10025): 401 4.1.7 Bad sender address
syntax at /usr/sbin/amavisd-new line 12548. (in reply to end of DATA command))
May 25 10:32:50 p34 postfix/smtpd[997]: disconnect from
mail.zepter.ro[212.146.103.126]
I was able to raise the debug level to 5 and the sender tried again, so I
was able to capture all necessary information (hopefully) required:
http://home.comcast.net/~jpiszcz/20090526/mail.log
As well as the EVIDENCE directory (this contains the attachment from the
e-mail, which is Worm.Gibe.F):
http://home.comcast.net/~jpiszcz/20090526/amavis-20090525T235848-16067.tar.gz
# file email.txt
email.txt: ASCII mail text
# file parts/*
parts/p001: HTML document text
parts/p002: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
# clamscan parts/p002
parts/p002: Worm.Gibe.F FOUND
----------- SCAN SUMMARY -----------
Known viruses: 561692
Engine version: 0.95.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.10 MB
Data read: 0.10 MB (ratio 1.00:1)
Time: 0.918 sec (0 m 0 s)
If anyone could shed some light on what is happening here with
amavisd-new, it would be much appreciated, thanks!
Justin.
--- End Message ---
--- Begin Message ---
Hi,
this has been fixed with 1:2.6.3-1, for some unknown reason I missed to close
this
bugs.
Thanks
Alex
--- End Message ---
