Hi,
Some fake users mail addresses are created in mysql database. These
mail addresses use our domain name, but they don't exist in our ldap
directory.
/Debian squeeze
DSPAM 3.9.1 RC1/
Here some logs and conf files:
/_
_fake_u...@cire.fr is our example._
mail.info
_Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 4E7813406C7:
from=<we...@att.net>, size=46089, nrcpt=1 (queue active)
Feb 22 08:43:43 srv08savsmtp01 postfix/lmtp[20464]: 5D865340918:
to=<//fake_user//@cire.fr>, relay=127.0.0.1[127.0.0.1]:25000,
delay=7.1, delays=6.3/0.01/0.04/0.71, dsn=2.6.0, status=sent (250
2.6.0 <//fake_user//@cire.fr> Message accepted for delivery)
Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 5D865340918: removed
Feb 22 08:43:43 srv08savsmtp01 postfix/smtp[20403]: 4E7813406C7:
to=<fake_u...@cire.fr>, relay=10.0.0.232[10.0.0.232]:25, delay=0.22,
delays=0.14/0/0.01/0.08, dsn=5.1.1, status=bounced (host
10.0.0.232[10.0.0.232] said: 550 5.1.1 <//fake_user//@cire.fr>... User
Unknown (in reply to RCPT TO command))
Feb 22 08:43:43 srv08savsmtp01 postfix/cleanup[20398]: 7BD64340918:
message-id=<20110222074343.7bd64340...@smtp.cire.fr>
Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 7BD64340918:
from=<>, size=47919, nrcpt=1 (queue active)
Feb 22 08:43:43 srv08savsmtp01 postfix/bounce[20466]: 4E7813406C7:
sender non-delivery notification: 7BD64340918
Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 4E7813406C7: removed
Feb 22 08:43:43 srv08savsmtp01 postfix/smtp[20403]: 7BD64340918:
to=<we...@att.net>, relay=10.0.0.232[10.0.0.232]:25, delay=0.06,
delays=0.01/0/0.01/0.04, dsn=5.7.1, status=bounced (host
10.0.0.232[10.0.0.232] said: 550 5.7.1 <we...@att.net>... Relaying
denied. IP name lookup failed [10.0.4.232] (in reply to RCPT TO command))
Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 7BD64340918: removed/_
dspam.debug
_/16399: [02/22/2011 08:43:42] External Lookup: found 0 LDAP entries
16399: [02/22/2011 08:43:42] External Lookup: Backend search failure:
no entries found.
16399: [02/22/2011 08:43:42] DSPAM Instance Startup
16399: [02/22/2011 08:43:42] input args: dspam --deliver=innocent -d %u
16399: [02/22/2011 08:43:42] pass-thru args: -d %u
16399: [02/22/2011 08:43:42] processing user fake_u...@cire.fr
16399: [02/22/2011 08:43:42] uid = 103, euid = 103, gid = 105, egid = 105
16399: [02/22/2011 08:43:42] loading preferences for user
fake_u...@cire.fr
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: fake_u...@cire.fr
16399: [02/22/2011 08:43:42] Loading preferences for uid 154
16399: [02/22/2011 08:43:42] Loading preferences for uid 0
16399: [02/22/2011 08:43:42] Loading preferences for uid 0
16399: [02/22/2011 08:43:42] loaded default preferences externally
16399: [02/22/2011 08:43:42] using
/var/spool/dspam/opt-in/cire.fr/fake_user.dspam as path
16399: [02/22/2011 08:43:42] using
/var/spool/dspam/opt-out/cire.fr/fake_user.nodspam as path
16399: [02/22/2011 08:43:42] adding user to merged group dspam_group
16399: [02/22/2011 08:43:42] sedation level set to: 0
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: fake_u...@cire.fr
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: dspam_group
16399: [02/22/2011 08:43:42] Connecting to 127.0.0.1:3310 for virus check
16399: [02/22/2011 08:43:42] Connecting to 127.0.0.1:1499 for virus
stream transmission
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: fake_u...@cire.fr
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: dspam_group
16399: [02/22/2011 08:43:42] DSPAM Instance Shutdown. Exit Code: 0
16399: [02/22/2011 08:43:42] checking trusted user list for dspam(103)
16399: [02/22/2011 08:43:42] Loading 1 BNR patterns
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: fake_u...@cire.fr
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: dspam_group
16399: [02/22/2011 08:43:42] Whitelist threshold: 10
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*Tue+22
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue+22
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue+22
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*cire.fr>+Tue
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*cire.fr>+Tue
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*cire.fr>+Tue
(3frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*Tue (3frq,
0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue (3frq,
0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue (3frq,
0s, 5i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*21+Feb (1frq,
0s, 13i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*21+Feb (1frq,
0s, 13i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*12 (1frq, 0s, 7i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*12 (1frq, 0s, 7i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*12 (1frq,
0s, 7i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*12 (1frq,
0s, 7i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*Mon (1frq, 0s, 11i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*Mon (1frq, 0s, 11i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*0000 (4frq,
0s, 3i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*0000 (4frq,
0s, 3i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*0800 (1frq, 0s, 3i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*0800 (1frq, 0s, 3i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*invoked+by
(1frq, 0s, 6i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*invoked+by
(1frq, 0s, 6i)
16399: [02/22/2011 08:43:42] [graham] [0.010000]
DKIM-Signature*a=rsa+sha256 (1frq, 0s, 11i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
DKIM-Signature*a=rsa+sha256 (1frq, 0s, 11i)
16399: [02/22/2011 08:43:42] [graham] [0.010000]
X-PMX-Spam*Probability=88% (1frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
X-PMX-Spam*Probability=88% (1frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [graham] [0.010000]
DKIM-Signature*c=relaxed/relaxed (1frq, 0s, 19i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
DKIM-Signature*c=relaxed/relaxed (1frq, 0s, 19i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*Mon+21 (1frq,
0s, 11i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*Mon+21 (1frq,
0s, 11i)
16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*invoked
(1frq, 0s, 7i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*invoked
(1frq, 0s, 7i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
DKIM-Signature*Version (1frq, 0s, 3i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*uid (1frq,
0s, 6i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] DKIM-Signature*sha256
(1frq, 0s, 11i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*22+Feb
(7frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*22+Feb
(7frq, 0s, 5i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
DomainKey-Signature*a=rsa (1frq, 0s, 14i)
16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Mon+21
(1frq, 0s, 14i)
16399: [02/22/2011 08:43:42] [burton] [0.010000]
DomainKey-Signature*c=nofws (1frq, 0s, 6i)
16399: [02/22/2011 08:43:42] Graham-Bayesian Probability: 0.000000
Samples: 15
16399: [02/22/2011 08:43:42] Burton-Bayesian Probability: 0.000000
Samples: 27
16399: [02/22/2011 08:43:42] no factors specified; using default
16399: [02/22/2011 08:43:42] Result Confidence: 0.99
16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning
struct for name: fake_u...@cire.fr
16399: [02/22/2011 08:43:43] Control: [10 10] [10 11] Delta: [0 1]
16399: [02/22/2011 08:43:43] total processing time: 0.43014s
16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name
fake_u...@cire.fr.
16399: [02/22/2011 08:43:43] saving signature as 4d63692f163991827145673
16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name
fake_u...@cire.fr.
16399: [02/22/2011 08:43:43] libdspam returned probability of 0.000000
16399: [02/22/2011 08:43:43] message result: NOT SPAM
16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name
fake_u...@cire.fr.
16399: [02/22/2011 08:43:43] delivering message
16399: [02/22/2011 08:43:43] Establishing connection to 127.0.0.1:25001
16399: [02/22/2011 08:43:43] Connection established
16399: [02/22/2011 08:43:43] DSPAM Instance Shutdown. Exit Code: 0
16399: [02/22/2011 08:43:43] checking trusted user list for dspam(103)
16399: [02/22/2011 08:45:11] connection id 8 from 127.0.0.1.
16399: [02/22/2011 08:45:11] checking trusted user list for dspam(103)
16399: [02/22/2011 08:45:11] No QuarantineAgent option found. Using
standard quarantine.
16399: [02/22/2011 08:45:11] using database handle id 2
16399: [02/22/2011 08:45:11] handle locked/_
main.cf_/
_
_/######### On indique le nom de dommaine ###########
mydomain = cire.fr
myhostname = smtp.cire.fr
mydestination = $myhostname, localh...@cire.fr, localh...@cire-pcb.com
myorigin = $mydomain
relayhost = 10.0.0.232
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
######## On rend le helo obligatoire, on change le message de
bienvenue ###
smtpd_helo_requied = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname
smtpd_banner = Bienvenue sur le serveur de courrier du groupe CIRE
append_dot_mydomain = no
delay_warning_time = 4h
readme_directory = no
local_domains_maps=([".$mydomain", '.cire-pcb.com'])
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#tail des mails max de 5 MO fonction biff désactivé procmail
désactivée pour la livraison des mails
#courier imap et pop utilisé le format Maildir pas de quota sur les bals
message_size_limit = 0
mailbox_size_limit = 0
recipient_delimiter = +
biff = no
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unverified_recipient
######## on definie le reseau local et on ecoute toutes les interfaces
#####
mynetworks = 127.0.0.0/8, 10.0.0.0/8
inet_interfaces = all
transport_maps = hash:/etc/postfix/transports
content_filter = smtp-dspam:[127.0.0.1]:25000
/_extlookup.conf_/
ExtLookup on # Turns on/off
external lookup
ExtLookupMode strict # available
modes are 'verify', 'map' and 'strict'.
# 'strict'
enforces both verify and map
ExtLookupDriver ldap # Currently
only ldap and program are supported.
# There are
plans to support both MySQL and Postgres.
ExtLookupServer directory.cire.fr # Can
either be a database hostname or the full path to
# an
executable lookup program and its arguments.
ExtLookupPort 389 # Desired port
when connecting to the lookup database.
ExtLookupDB "ou=users,dc=cire.fr,dc=local" # Can either
be an LDAP search base or a database name (TODO).
ExtLookupQuery
"(&(objectClass=*)(|(mail=%u)(mailAlias=%u)))" # Can either be an
LDAP search filter or an SQL query (TODO)
ExtLookupLDAPAttribute "uid" # Attribute to
be used when ExtLookupDriver is 'ldap'
# and
ExtLookupMode 'map' or 'strict'
ExtLookupLDAPScope base # Can be set
to 'base', 'sub' or 'one'. Only used when ExtLookupDriver is 'ldap'.
ExtLookupLDAPVersion 3 # Sets the
LDAP protocol version (1, 2 or 3)
#ExtLookupLogin "cn=admin,dc=domain,dc=com" # Login to be
used when connecting to any direct database backend.
#ExtLookupPassword itsasecret # Password to
use with ExtLookupLogin.
#ExtLookupCrypto tls # Sets the use
of TLS on backend communication (only compatible with LDAPv3)
Any help would be appreciated
Thanks
Bests regards,
Mickael.
