Hi René Berber,
Thank you for your solution. Now I'm able to get the "Virus
intercepted".
It was great to know you. This is my /var/log/maillog :
Jun 3 12:55:49 uetheta sendmail[8717]: j534t8CU008717:
from=<[EMAIL PROTECTED]>, size=1482, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=MTA, relay=uealpha [192.168.1.10]
Jun 3 12:55:49 uetheta sendmail[8717]: j534t8CU008717: Milter add:
header: X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version
0.85 on uetheta
Jun 3 12:55:49 uetheta sendmail[8717]: j534t8CU008717: Milter add:
header: X-Virus-Status: Infected with Eicar-Test-Signature
Jun 3 12:56:10 uetheta sendmail[8759]: j534tnMO008759: from=clamav,
size=1251, class=0, nrcpts=2,
msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Jun 3 12:56:10 uetheta sendmail[8770]: STARTTLS=server, relay=uetheta
[192.168.1.1], version=TLSv1/SSLv3, verify=NO,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 3 12:56:10 uetheta sendmail[8759]: STARTTLS=client,
relay=[192.168.1.1], version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 3 12:56:30 uetheta sendmail[8770]: j534uA54008770:
from=<[EMAIL PROTECTED]>, size=1486, class=0, nrcpts=2,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=uetheta [192.168.1.1]
Jun 3 12:56:30 uetheta sendmail[8770]: j534uA54008770: Milter add:
header: X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version
0.85 on uetheta
Jun 3 12:56:30 uetheta sendmail[8770]: j534uA54008770: Milter add:
header: X-Virus-Status: Clean
Jun 3 12:56:46 uetheta sendmail[8759]: j534tnMO008759:
to=<[EMAIL PROTECTED]>,[EMAIL PROTECTED], ctladdr=clamav (501/501),
delay=00:00:57, xdelay=00:00:36, mailer=relay, pri=61251,
relay=[192.168.1.1] [192.168.1.1], dsn=2.0.0, stat=Sent (j534uA54008770
Message accepted for delivery)
Jun 3 12:56:46 uetheta sendmail[8717]: j534t8CU008717: Milter: data,
reject=554 5.7.1 virus Eicar-Test-Signature detected by ClamAV -
http://www.clamav.net
Jun 3 12:56:46 uetheta sendmail[8717]: j534t8CU008717:
to=<[EMAIL PROTECTED]>, delay=00:00:57, pri=31482, stat=virus
Eicar-Test-Signature detected by ClamAV - http://www.clamav.net
Jun 3 12:57:02 uetheta sendmail[8779]: j534uA54008770:
to=<[EMAIL PROTECTED]>, ctladdr=<[EMAIL PROTECTED]>
(501/501), delay=00:00:42, xdelay=00:00:16, mailer=local, pri=62024,
dsn=2.0.0, stat=Sent
Jun 3 12:57:19 uetheta sendmail[8779]: j534uA54008770:
to=<[EMAIL PROTECTED]>, ctladdr=<[EMAIL PROTECTED]>
(501/501), delay=00:00:59, xdelay=00:00:17, mailer=esmtp, pri=62024,
relay=mx3.mail.yahoo.com. [4.79.181.12], dsn=2.0.0, stat=Sent (ok
dirdel)
And this is the email that I got,
A message sent from <[EMAIL PROTECTED]> to
<[EMAIL PROTECTED]>
contained Eicar-Test-Signature and has not been delivered.
The message in question has been quarantined as
/usr/local/clamav-0.85.1/quarantine/050603/j534nVeE008497.Eicar-Test-Sig
nature
The message was received by mydomain.com from <[EMAIL PROTECTED]> via
uealpha [192.168.1.10]
For your information, the original message headers were:
Received: from 192.168.1.10
(SquirrelMail authenticated user bonar)
by webmail. mydomain.com with HTTP;
Fri, 3 Jun 2005 12:50:03 +0800 (MYT)
Message-ID: <55890. [EMAIL PROTECTED]
mydomain.com>
Date: Fri, 3 Jun 2005 12:50:03 +0800 (MYT)
Subject: [Fwd: test virus]
From: "Bonar" <bonar@ mydomain.com>
To: [EMAIL PROTECTED]
Reply-To: bonar@ mydomain.com
User-Agent: SquirrelMail/1.4.4-1.FC3
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_20050603125003_47864"
X-Priority: 3 (Normal)
Importance: Normal
It was great. But I still have this problem
"ctladdr=<[EMAIL PROTECTED]> (501/501)". It's not been change
to [EMAIL PROTECTED]
Still need your advice. Thank you again.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of René Berber
Sent: Friday, June 03, 2005 11:56 AM
To: clamav-users@lists.clamav.net
Subject: [Clamav-users] Re: FW: 553 5.5.4
<[EMAIL PROTECTED]>...Real domain name required for sender
address
bonar wrote:
> I haven't make any alias address.
> Can u tell me how can I fix this problem or can u show me how do you
> start clamav-milter. I try to use this,
>
> CLAMAV_FLAGS="
> --config-file=/etc/clamd.conf
> --headers --quarantine-dir=/usr/local/clamav-0.85.1/quarantine
> --max-children=99999
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> --server=mydomain.com
> local:/var/milter/clmilter.sock"
>
> /usr/local/sbin/clamav-milter $CLAMAV_FLAGS
>
>
> But it still give me the same error in my log like below.
> (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name
> required for sender address)
>From your previous log, if you follow the mail messages, it was the
>bounce
message that was causing this error.
>From your info above I can't determine what caused the error. So I can
>only
guess, do you have more than one clam-milter daemon running? have you
checked that all proceses stop before you restarted the milter? did you
install any of these using rpm?
The last question is brought because the form of that address,
[EMAIL PROTECTED], looks like a default left by something
that was recently installed and not configured.
Sorry I don't have answers, only questions. In a case liike this I
would do a "cd /etc; find . -type f -exec grep localdomain {} \; -print"
and try to find where is that address defined.
--
René Berber
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
