Firestorm

Member
Nov 24, 2004
15
0
151
A few days ago cPanel ran an automated update that blew a few things up. I had to have several services re-installed including SpamAssassin and Exim. The problem is, I am still receiving an hourly email that contains the following:



Security Violations
=-=-=-=-=-=-=-=-=-=
Jan 19 15:04:34 srv01 spamd[15426]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=1.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:12:54 srv01 spamd[15422]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:21:15 srv01 spamd[15423]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:29:35 srv01 spamd[15424]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:37:55 srv01 spamd[15425]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:46:16 srv01 spamd[15426]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed
Jan 19 15:54:36 srv01 spamd[15422]: result: Y 997 - ALL_TRUSTED,DNS_FROM_AHBL_RHSBL,GTUBE scantime=0.1,size=834,mid=<[email protected]>,autolearn=failed



Does anyone know what this means? I get an email with this every hour and it is driving me crazy! :eek: Anyone know how to fix this?
 

mctDarren

Well-Known Member
Jan 6, 2004
662
6
168
New Jersey
cPanel Access Level
Root Administrator
Don't get the email but I do see this in my logs. Searching the web yields no answer, but it might be fairly new. Hopefully someone "in the know" will see this and respond.
 

Firestorm

Member
Nov 24, 2004
15
0
151
webtiva said:
Don't get the email but I do see this in my logs. Searching the web yields no answer, but it might be fairly new. Hopefully someone "in the know" will see this and respond.
I agree, it would certainly be nice if someone in the know would respond. I receive an email every hour with the error and it is really aggravating me. The odd thing is that all of my searches for an answer have rendered nothing nor any comments from the more tech savvy admins. I would have thought that others would have run into this as well since the problem came from an automated cPanel update.
 

mctDarren

Well-Known Member
Jan 6, 2004
662
6
168
New Jersey
cPanel Access Level
Root Administrator
Well, my guess is that this is a monitor running and testing that SpamAssasin is working. The 'GTUBE' phrase, according to the Exim website, is used with SA as a test for marking spam -- much like the Eicar virus test if you are familiar with that. Any mail with that marker phrase is flagged. So it could be that spamd is simply checking to be sure scan is functioning.

The "Security Violations" message in your hourly email is the only thing that would make me think otherwise, though. Have to do some more digging this evening to see if I can find more info...
 

Firestorm

Member
Nov 24, 2004
15
0
151
webtiva said:
Well, my guess is that this is a monitor running and testing that SpamAssasin is working. The 'GTUBE' phrase, according to the Exim website, is used with SA as a test for marking spam -- much like the Eicar virus test if you are familiar with that. Any mail with that marker phrase is flagged. So it could be that spamd is simply checking to be sure scan is functioning.

The "Security Violations" message in your hourly email is the only thing that would make me think otherwise, though. Have to do some more digging this evening to see if I can find more info...

Whatever it is, it is running every hour which triggers the Security Violation email. Before the automated cPanel update blew stuff up, I never received a Security Violation email every hour with the "GTUBE" errors. My server is installed with all of the "standard" apps so how is it possible that a routine automated cPanel update blew me up and no one else? I have noticed however, more posts about "spamd" failing. This was one of the problems that I had from the update last week so it must be hitting other people throughout the week.

If you find anything about a solution, please post.