SpamAssassin x86_64 3.4.0 CentOS 6.el7 release Postfix 2.10.1 unbound 1.6.6
Expanded defences to include dnswl. Recommendation to install local dns caching server followed. Once installed, large numbers of messages started to appear in maillog. Intended to only access the one white-list service. Have I accidentally released a hydra of services/checks? Is there a way to reduce all of these log-lines? (many times longer than the actual email message itself) Apologies for first-post, learner, ignorance. Web-searching has not revealed the secret. Will appreciate pointers to relevant docs! Here is an example interaction from maillog:- NB outbound message from one of server's domains to two recipients on two separate domains. May 28 22:12:54 vps517507 postfix/smtpd[22251]: Anonymous TLS connection established from 118-92-199-252.dsl.dyn.ihug.co.nz[118.92.199.252]: TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits) May 28 22:12:55 vps517507 postfix/smtpd[22251]: DAE2B6AAE: client=118-92-199-252.dsl.dyn.ihug.co.nz[118.92.199.252], sasl_method=PLAIN, sasl_username=domainadmin@rangi.cloud May 28 22:12:57 vps517507 postfix/cleanup[22259]: DAE2B6AAE: message-id=<ac8ddad5-8516-162e-cb7e-a4eb7bf07...@etelligence.info> May 28 22:12:57 vps517507 opendkim[16791]: DAE2B6AAE: DKIM-Signature field added (s=staff, d=etelligence.info) May 28 22:12:57 vps517507 postfix/qmgr[22236]: DAE2B6AAE: from=<nz...@etelligence.info>, size=17034, nrcpt=2 (queue active) May 28 22:12:57 vps517507 spamd[11912]: spamd: connection from localhost [::1]:49920 to port 783, fd 6 May 28 22:12:57 vps517507 spamd[11912]: spamd: setuid to spamd succeeded May 28 22:12:57 vps517507 spamd[11913]: spamd: connection from localhost [::1]:49922 to port 783, fd 6 May 28 22:12:57 vps517507 spamd[11912]: spamd: processing message <ac8ddad5-8516-162e-cb7e-a4eb7bf07...@etelligence.info> for spamd:2001 May 28 22:12:57 vps517507 spamd[11913]: spamd: setuid to spamd succeeded May 28 22:12:57 vps517507 spamd[11913]: spamd: processing message <ac8ddad5-8516-162e-cb7e-a4eb7bf07...@etelligence.info> for spamd:2001 May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 31575/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; HEADER SECTION * followed by a series of messages reminiscent of dig output May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; HEADER SECTION May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; id = 31575 May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = REFUSED May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; qdcount = 0 ancount = 0 nscount = 0 arcount = 0 May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; do = 0 May 28 22:12:57 vps517507 spamd[11912]: dns: [...] May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; QUESTION SECTION (0 records) May 28 22:12:57 vps517507 spamd[11912]: dns: [...] May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; ANSWER SECTION (0 records) May 28 22:12:57 vps517507 spamd[11912]: dns: [...] May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; AUTHORITY SECTION (0 records) May 28 22:12:57 vps517507 spamd[11912]: dns: [...] May 28 22:12:57 vps517507 spamd[11912]: dns: [...] ;; ADDITIONAL SECTION (0 records)May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 31575/IN/A/etelligence.info.multi.uribl.com May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 48855/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) * rinse and repeat with id = 48855, then id 2327, then id 46114 When reaches id of 16631, report changes to NS record: May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 16631/IN/NS/etelligence.info May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 45958/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) * but carries on with id = 45958, which reports: May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 45958/IN/A/etelligence.info May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 2089/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) * which hands-over to id = 2089, which reports differently: May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 2089/IN/A/twl06.py.multi.uribl.com May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 8583/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) * the game continues with id = 8583 reporting the same as above. Then, id = 10302, produces: May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 10302/IN/A/twl06.py.dob.sibl.support-intelligence.net May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 37129/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) * and id = 37129: May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 37129/IN/A/twl06.py.dbl.spamhaus.org May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 52352/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 52352/IN/NS/twl06.py May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 43281/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 43281/IN/A/twl06.py May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 33346/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 33346/IN/MX/etelligence.info May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 63084/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 63084/IN/A/etelligence.info.multi.surbl.org May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 27888/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 27888/IN/A/etelligence.info.multi.uribl.com May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 38041/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 38041/IN/A/etelligence.info.dob.sibl.support-intelligence.net May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 62928/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 62928/IN/A/etelligence.info.dbl.spamhaus.org May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 6720/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 6720/IN/NS/etelligence.info May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 25105/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 25105/IN/A/etelligence.info May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 39380/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 39380/IN/A/twl06.py.multi.surbl.org May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 59823/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 59823/IN/A/twl06.py.multi.uribl.com May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 22095/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 22095/IN/A/twl06.py.dob.sibl.support-intelligence.net May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 28493/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 28493/IN/A/twl06.py.dbl.spamhaus.org May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 8203/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 8203/IN/NS/twl06.py May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 23333/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 23333/IN/A/twl06.py May 28 22:12:57 vps517507 spamd[11913]: dns: no callback for id 33861/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11913]: dns: a likely matching query: 33861/IN/MX/etelligence.info May 28 22:12:57 vps517507 postfix/smtpd[22251]: disconnect from 118-92-199-252.dsl.dyn.ihug.co.nz[118.92.199.252] ehlo=2 starttls=1 auth=1 mail=1 rcpt=2 data=1 quit=1 commands=9 May 28 22:12:57 vps517507 spamd[11912]: dns: no callback for id 49279/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:57 vps517507 spamd[11912]: dns: a likely matching query: 49279/IN/A/etelligence.info.lookup.dkimwl.org May 28 22:12:59 vps517507 spamd[11913]: dns: no callback for id 46685/NO_QUESTION_IN_PACKET, ignored; packet: ;; Answer received from 127.0.0.1 (12 bytes) ... May 28 22:12:59 vps517507 spamd[11913]: dns: a likely matching query: 46685/IN/A/etelligence.info.lookup.dkimwl.org * and finally, the message is 'approved' for transmission: May 28 22:13:12 vps517507 spamd[11913]: spamd: clean message (-5.2/5.0) for spamd:2001 in 15.9 seconds, 17271 bytes. May 28 22:13:12 vps517507 spamd[11913]: spamd: result: . -5 - ALL_TRUSTED,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,T_SCC_BODY_TEXT_LINE scantime=15.9,size=17271,user=spamd,uid=2001,required_score=5.0,rhost=localhost,raddr=::1,rport=49922,mid=<ac8ddad5-8516-162e-cb7e-a4eb7bf07...@etelligence.info>,bayes=0.000000,autolearn=ham autolearn_force=no May 28 22:13:13 vps517507 postfix/pipe[22261]: DAE2B6AAE: to=<nathan-t...@hotmail.com>, relay=spamassassin, delay=17, delays=1.5/0.03/0/16, dsn=2.0.0, status=sent (delivered via spamassassin service) -- Regards, =dn
