Re: Mails received with same message id every 15 - 20 seconds

Jeroen Geilman Tue, 26 Oct 2010 10:18:01 -0700

On 10/26/2010 01:40 PM, Sharma, Ashish wrote:

Hi,


I have SpamAssassin integrated on my postfix mail server via 'Amavisd-new'.

The problem that I am facing is that I am receiving same email every 15 second 
from same sender with same message-ID on my production mail servers, following 
are my postfix logs:

"Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: connect from 
webmail.warwick.net[204.255.24.104]

ok.

Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: 2EAAF23004C: 
client=webmail.warwick.net[204.255.24.104]

ok.

Oct 25 01:11:02 g2t0433g postfix/cleanup[6579]: 2EAAF23004C: 
message-id=<ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net>

ok

Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): webmail.warwick.net 
[204.255.24.104] not internal
Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): not authenticated
Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing domain 
match for `warwick.net'
Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing subdomain 
match for `warwick.net'


not postfix.

Oct 25 01:11:02 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: 
from=<pet...@warwick.net>, size=1987, nrcpt=1 (queue active)

ok.

Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: disconnect from 
webmail.warwick.net[204.255.24.104]

ok.

Oct 25 01:11:03 g2t0433g amavis[6492]: (06492-09) Passed CLEAN, [204.255.24.104] 
[204.255.24.104]<pet...@warwick.net>  ->  <775eejom36...@xxx.com>, 
Message-ID:<ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net>, mail_id: rJ8M8oQHBzWt, Hits: 
1.104, size: 2234, queued_as: 250 Ok, 946 ms

not postfix.

Oct 25 01:11:03 g2t0433g postfix/lmtp[6585]: 2EAAF23004C: 
to=<775eejom36...@xxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, 
delays=0.6/0/0.01/0.95, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=06492-09, from 
MTA([127.0.0.1]:10030): 250 Ok)

ok.

Oct 25 01:11:03 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: removed"

ok.

How to determine that such mail is genuine or SPAM?


With the normal Spamassassin ruleset, I'd imagine.

You're asking a rather strange question - if ONE of those identicalmessages is spam, then they're all spam - they're *identical*.

If one of those messages is NOT spam, then repeating it won't make it spam.

Is there any rule on spamassassin that I can set that will discard such mails?


Probably.

Right now I have added 'pet...@warwick.net' in my postfix 'main.cf' restriction 
list as follows:

smtpd_recipient_restrictions =
   check_sender_access hash:/etc/postfix/senderRestrictionList, 
   reject_unauth_destination,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net
   permit

Is it the right approach?


For what ?
What does /etc/postfix/senderRestrictionList do ?
If you want to reject that sender, sure, you can do that there.

--
J.

Re: Mails received with same message id every 15 - 20 seconds

Reply via email to