Am Donnerstag, 26. Januar 2006 16:58 schrieb Al Bogner:
Am Mittwoch, 25. Januar 2006 23:18 schrieb David Haller:
Tut mir leid, das vorige Mail wurde versandt, obwohl es noch nicht fertig war.
Das ist also die Fortsetzung.
Wie verfolge ich am besten, welchen Weg das Mail nach der POP3-Abfrage
nimmt?
Fang mit 'fetchmail -vvv' an.
fetchmail: 6.2.5 fragt ab mail.FQDN (Protokoll POP3) um Do 26 Jan 2006
17:05:23 CET: Abfrage gestartet
fetchmail: POP3< +OK POP3 server [cppop 20.0] at [70.85.1.114]
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< UIDL
fetchmail: POP3< XSENDER
fetchmail: POP3< IMPLEMENTATION cppop
fetchmail: POP3< .
fetchmail: POP3> USER MYUSERNAME
fetchmail: POP3< +OK Need a password
fetchmail: POP3> PASS *
fetchmail: POP3< +OK You have 1 messages totaling 1706 octets
from /home/megalite/mail/FQDN/FQDN/inbox (full load)
fetchmail: POP3> STAT
fetchmail: POP3< +OK 1 1706
fetchmail: POP3> UIDL
fetchmail: POP3< +OK
fetchmail: POP3< 1 1450d8eafacbad21defa5a32021839c4
fetchmail: POP3< .
1 Nachricht für MYUSERNAME bei mail.FQDN (1706 Oktetts).
fetchmail: POP3> LIST 1
fetchmail: POP3< +OK 1 1706
fetchmail: POP3> TOP 1 99999999
fetchmail: POP3< +OK 1681 octets
Nachricht MYUSERNAME@mail.FQDN:1 von 1 wird gelesen (1706 Oktetts)
fetchmail: SMTP< 220 gw.local.FQDN2 ESMTP Postfix
fetchmail: SMTP> EHLO localhost
fetchmail: SMTP< 250-gw.local.FQDN2
fetchmail: SMTP< 250-PIPELINING
fetchmail: SMTP< 250-SIZE 25000000
fetchmail: SMTP< 250-VRFY
fetchmail: SMTP< 250-ETRN
fetchmail: SMTP< 250 8BITMIME
fetchmail: SMTP> MAIL FROM: BODY=7BIT SIZE=1706
fetchmail: SMTP< 250 Ok
fetchmail: SMTP> RCPT TO:
fetchmail: SMTP< 250 Ok
fetchmail: SMTP> DATA
fetchmail: SMTP< 354 End data with <CR><LF>.<CR><LF>
#***fetchmail: SMTP>. (EOM)
fetchmail: SMTP< 250 Ok: queued as 925C557E4B2
geflusht
fetchmail: POP3> DELE 1
fetchmail: POP3< +OK message 1 will be deleted when you logout
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye!
fetchmail: 6.2.5 fragt ab mail.FQDN (Protokoll POP3) um Do 26 Jan 2006
17:05:28 CET: Abfrage beendet
Jan 26 17:05:03 gw postfix/smtpd[14497]: connect from localhost[127.0.0.1]
Jan 26 17:05:03 gw postfix/smtpd[14497]: 7AFA857E4C3:
client=localhost[127.0.0.1]
Jan 26 17:05:03 gw postfix/cleanup[14490]: 7AFA857E4C3:
message-id=<43D8F324.nailCEC1ZGJ1K@ml061.FQDN>
Jan 26 17:05:03 gw postfix/smtpd[14497]: disconnect from localhost[127.0.0.1]
Jan 26 17:05:03 gw postfix/qmgr[5644]: 7AFA857E4C3:
from=, size=944, nrcpt=1 (queue active)
Jan 26 17:05:03 gw amavis[14800]: (14800-08) Passed CLEAN,
-> , Message-ID:
<43D8F324.nailCEC1ZGJ1K@ml061.FQDN>, Hits: -5.892
Jan 26 17:05:03 gw postfix/smtp[14704]: 287A657E4B2:
to=, relay=127.0.0.1[127.0.0.1], delay=11,
status=sent (250 2.6.0 Ok, id=14800-08, from MTA: 250 Ok: queued as
7AFA857E4C3)
Jan 26 17:05:03 gw postfix/qmgr[5644]: 287A657E4B2: removed
Jan 26 17:05:05 gw postfix/smtp[16168]: 7AFA857E4C3:
to=, relay=n04c-nospam.FQDN[70.85.1.114], delay=2,
status=sent (250 OK id=1F29cQ-0006RA-Ku)
Jan 26 17:05:05 gw postfix/qmgr[5644]: 7AFA857E4C3: removed
Jan 26 17:05:28 gw postfix/smtpd[16277]: connect from localhost[127.0.0.1]
Jan 26 17:05:28 gw postfix/smtpd[16277]: 925C557E4B2:
client=localhost[127.0.0.1]
Jan 26 17:05:28 gw postfix/cleanup[14490]: 925C557E4B2:
message-id=<43D8F324.nailCEC1ZGJ1K@ml061.FQDN>
Jan 26 17:05:28 gw postfix/qmgr[5644]: 925C557E4B2:
from=, size=1971, nrcpt=1 (queue active)
Jan 26 17:05:30 gw postfix/smtpd[14497]: connect from localhost[127.0.0.1]
Jan 26 17:05:30 gw postfix/smtpd[14497]: 6BD1957E4C3:
client=localhost[127.0.0.1]
Jan 26 17:05:30 gw postfix/cleanup[14490]: 6BD1957E4C3:
message-id=<43D8F324.nailCEC1ZGJ1K@ml061.FQDN>
Jan 26 17:05:30 gw postfix/smtpd[14497]: disconnect from localhost[127.0.0.1]
Jan 26 17:05:30 gw postfix/qmgr[5644]: 6BD1957E4C3:
from=, size=2241, nrcpt=1 (queue active)
Jan 26 17:05:30 gw postfix/local[14798]: 6BD1957E4C3:
to=, relay=local, delay=0, status=sent (delivered
to mailbox)
Jan 26 17:05:30 gw postfix/qmgr[5644]: 6BD1957E4C3: removed
Jan 26 17:05:30 gw amavis[11442]: (11442-10) Passed CLEAN, [85.124.104.243]
-> , Message-ID:
<43D8F324.nailCEC1ZGJ1K@ml061.FQDN>, Hits: -1.652
Jan 26 17:05:30 gw postfix/smtp[14753]: 925C557E4B2:
to=, orig_to=, relay=127.0.0.1
[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=11442-10, from MTA: 250
Ok: queued as 6BD1957E4C3)
Jan 26 17:05:30 gw postfix/qmgr[5644]: 925C557E4B2: removed
Jan 26 17:06:28 gw postfix/smtpd[16277]: disconnect from localhost[127.0.0.1]
Und pruefe auch noch die postfix Konfiguration, du kannst die Mails ja
auch ohne Amavis von postfix durch SA schleusen.
Irgendwas in dieser Richtung stelle ich mir vor, dass das Mail eben machmal
nicht über amavis läuft. Ich habe es aber noch nicht geschafft ein Virus zu
versenden:
nail -r suse-linux@ml061.FQDN
-a /var/spool/amavis/virusmails/virus-20060122-225543-22431-10
no-spam@n04c-nospam.FQDN
Jan 26 17:16:13 gw amavis[14800]: (14800-10) Blocked INFECTED (Worm/Sober.Y),
<> -> , quarantine: virus-20060126-171539-14800-10,
Message-ID: <43D8F5A6.nailEO41YDJLD@ml061.FQDN>, Hits: -
Jan 26 17:16:13 gw postfix/smtp[19059]: 16D1B57E813:
to=, relay=127.0.0.1[127.0.0.1], delay=39,
status=sent (250 2.7.1 Ok, discarded, id=14800-10 - VIRUS: Worm/Sober.Y,
Worm/Sober.Y)
Al