We have had quite a number of complaint the last 24 hour on mails that does not arrive.

I have had a look through the log files but as I am not an expert, I am not sure what to look for. I have stopped using quarantene database in mysql due to some problems. since I did that , it has been running fine for about 1 month now

 

 

The only strange thing I can see from the log is this:

 

10-15-09 00:55:45:171 -- (2384) TBayesianThread - LoadFromFile for Corpus.db - copied db.dat -> IndACA.tmp
10-15-09 00:55:45:171 -- (2384) TBayesianThread - LoadFromFile for Corpus.db - copied db.dat.prb -> IndACB.tmp
10-15-09 00:55:45:281 -- (2384) TBayesianThread - corpus.db copy of files not exist - exiting
10-15-09 00:55:45:281 -- (2384) TBayesianThread - End LoadFromFile for corpus.db (db.dat) (0)
10-15-09 00:55:45:281 -- (2384) SpamFilterForm - corpus.db cannot be loaded, waiting 60 seconds
10-15-09 00:55:45:312 -- (2288) TSpamFilterForm - LoadFromFile for Corpus.db - copied db.dat -> IndACE.tmp
10-15-09 00:55:45:312 -- (2288) TSpamFilterForm - LoadFromFile for Corpus.db - copied db.dat.prb -> IndACF.tmp

---------------------------------------------------------------------------------------------------------

 

is this important?

Can I upload the log file over 3 days to your FTP Server and do you mind to have a look at it?

 

Hoping to hear from you soon

Kind Regards

Morten

Those errors from the Corpus.db are actually quite common and not a cause of concern. If you wish to upload the logfiles we'll gladly go over them. Please let us know when they're ready and also please indicate, if possible, a few to/from email addresses that were affected by this so we can try to locate the emails in the logs.

Thanks alot

I have uploadet 3 days to your ftp

20091013.zip

20091014.zip

20091015.zip

The reports on mails not arriving started the 14th am.

My co administrator tried to send and receive the same time and it seemd to work, so we thought it was a local thing for the end user.

But more and more people started to complain

one of them was mailto:jdw@humana-spain.org - jdw@humana-spain.org  and about 10 more that contacted us.

 

Without beeing able to replicate the fault, at about 1400 sometime (DK time), My co administrator restarted the server and then it seemed like a lot of mail that should have been delivered earlier in the day suddenly started to arrive.

We dont think any mails are lost and I think ISP spamfilter works as it should as they where delayed.

We just want to find out why it stopped and why after a restart at about 1400 it started to deliver again.

 

Hope you can see something from the log files

 

Kind Regards

Morten

SpamFilter logs the time using the local server's time, but we only saw one time that SpamFilter was restarted, it was at 20:38 on the 14th:

Going thru the logs, we did not see anything that stood out, and traffic seems normal both before and after the above restart. We're not able to locate the specific emails in question, as we needed both the to/from email addresses to locate those emails in the logs. Here's a sample of emails that we see on the 14th for that address. Most were being blocked as the sender's IP was blacklisted. One (the last sample) was delivered instead successfully, even though it looks like it was a piece of spam that slipped thru the various filters.

If you can provide us with more information, specifically both the sender's email and the recipient's email addresses, we can try to do more specific debugging.

I am happy to see that every thing looks right

 

The mails in question are obviously spam

received and sender with same address...

mailto:jdw@humana-spain.org - jdw@humana-spain.org

 

We have a lot of mails like this. As this are spam and we actually have this address and domain on our webserver, can this cause that the domain get blocked and therefore affect our real mail trafic, or will it only affect the IP that it was sent from that is the spammers?

 

Kind Regards

Morten