Amavis removing mail items?

Ask questions about your setup or get help installing ZCS server (ZD section below).
Labsy
Outstanding Member
Outstanding Member
Posts: 367
Joined: Sat Sep 13, 2014 12:52 am

Amavis removing mail items?

Postby Labsy » Tue Mar 13, 2018 1:21 pm

Hi,

few days after upgrade to 8.8.7 many users begun complaining, that they simply do not receive SOME mails. It's hard to diagnose, but I managed to get hands on some samples....but there are THOUSANDS of such cases:
- mail arives
- Zimbra accepts it
- mail BLINKS for short mail in user's mailbox
- then it dissapears from mailbox

I managed to trace one of those:

Code: Select all

Mar 13 13:05:42 seven postfix/smtpd[23962]: NOQUEUE: filter: RCPT from antispam.proxy.com[11.22.33.44]: <sender@domain.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<sender@domain.com> to=<recipient@zimbraserver.com> proto=ESMTP helo=<antispam.proxy.com>
Mar 13 13:05:42 seven postfix/smtpd[23962]: NOQUEUE: filter: RCPT from antispam.proxy.com[11.22.33.44]: <sender@domain.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<sender@domain.com> to=<recipient@zimbraserver.com> proto=ESMTP helo=<antispam.proxy.com>
Mar 13 13:05:42 seven postfix/cleanup[24359]: B20C4168F50E: message-id=<01bc01d3bac3$9872b640$c95822c0$@surnamesender@domain.com>
Mar 13 13:05:42 seven postfix/qmgr[17668]: B20C4168F50E: from=<sender@domain.com>, size=49536, nrcpt=1 (queue active)

Amavis?
What filter is triggered?
This is MASSIVE now, practically ALL users are missing some mails.


phoenix
Ambassador
Ambassador
Posts: 25817
Joined: Fri Sep 12, 2014 9:56 pm

Re: Amavis removing mail items?

Postby phoenix » Tue Mar 13, 2018 1:42 pm

Does your mynetworks have a valid entry for your spam proxies to send to the ZCS server and is the mynetworks setting also reflected in this file: /opt/zimbra/conf/amavisd.conf
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Labsy
Outstanding Member
Outstanding Member
Posts: 367
Joined: Sat Sep 13, 2014 12:52 am

Re: Amavis removing mail items?

Postby Labsy » Tue Mar 13, 2018 1:51 pm

Hi bill,

Yes, all networks are there, same in Zimbra and in Amavis conf. And there are IP addresses (ever since...same IPs almost 10 years):
127.0.0.0/8 10.10.11.50/32 11.22.33.0/24
(last one is Public /24 IP range, where all my servers, Zimbra nad mail proxies operate)

BTW1...Mail is vanishing from mailboxes, which receive mail via proxy and directly, so proxy should not matter.

BTW2...beside vanishing mail inside Amavis, one of corporate users also complained, that past few days Zimbra Webmail simply LOGS THEM OUT UNEXPECTEDLY, for example during writing mail, and mails vanish. There are some 25 users on the same location, all using Zimbra Webmail.
Pop up they see is:
Network error has occurred ...or something like this
Labsy
Outstanding Member
Outstanding Member
Posts: 367
Joined: Sat Sep 13, 2014 12:52 am

Re: Amavis removing mail items?

Postby Labsy » Tue Mar 13, 2018 10:18 pm

Here I found Amavis masivelly removing FALSE POZITIVES in past few days (after upgrade to 8.8.7).
The above logs continue like this:

Code: Select all

Mar 13 13:05:42 seven amavis[19045]: (19045-20) Checking: GLgy8_20IrBV [11.22.33.44] <sender@domain.com> -> <recipient@zimbraserver.com>
Mar 13 13:05:43 seven amavis[19045]: (19045-20) Blocked SPAM {DiscardedInbound}, [11.22.33.44]:50836 [90.157.194.8] <sender@domain.com> -> <recipient@zimbraserver.com>, Queue-ID: B20C4168F50E, Message-ID: <01bc01d3bac3$9872b640$c95822c0$@sendername@domain.com>, mail_id: GLgy8_20IrBV, Hits: 29.101, size: 49535, 761 ms
Mar 13 13:05:43 seven postfix/smtp[30009]: B20C4168F50E: to=<recipient@zimbraserver.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.2, delays=0.47/0/0/0.76, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=19045-20 - spam)
Mar 13 13:05:43 seven postfix/qmgr[17668]: B20C4168F50E: removed


Now, any idea, how to see and RESTORE BACK all majoritiy of FALSE POZITVES?
There are thousands of those messages, users are getting crazy.
Labsy
Outstanding Member
Outstanding Member
Posts: 367
Joined: Sat Sep 13, 2014 12:52 am

Re: Amavis removing mail items?

Postby Labsy » Wed Mar 14, 2018 10:33 am

Definitelly Amavis after update to 8.8.7 now blocks A LOT OF false pozitives, regular mail, which never got any spam score.
Where did that come from?

And what does HIT RATE in logs mean?

Code: Select all

Hits: 29.101

Is this some percentage?
Or is it 29101 or 29-point-101?

Under GLOBAL SETTINGS AV/AS settings are all the same for past few years:
75% spam, discard
35% spam, tag

I see most BAD-HEADER amavis errors lately...only appeared after upgrade to 8.8.7:

Code: Select all

X-Amavis-Alert: BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)
        (char FC hex): Subject: Paketstatus f\x{FC}r Lieferung: 18[...]


Bug?

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 12 guests