Troubleshooting the Parallels Premium Outgoing Antispam (OA) component

Created:

2016-11-16 13:08:59 UTC

Modified:

2017-08-16 16:52:03 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Troubleshooting the Parallels Premium Outgoing Antispam (OA) component

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.x for Linux

Important note:

Parallels has stopped selling Premium Outgoing Antispam (OA). Please refer to article #213919765 for more information.

Overview

This is an additional Parallels Plesk (Plesk) component that analyzes all outgoing mail and blocks the sending of undesired messages.

OA uses the Internet connection to check emails and sends requests to an external server (Commtouch). There are no logs on OA's side, which is why the email is marked as spam.

OA activity in maillog

Log example for Qmail:

Jan 23 18:59:00 linuxpc qmail-ctasd[30381]: OUT|IN IP: 1.2.3.4, From: root@domain.tld, sClass: Unknown, vClass: Unknown, RefID: str=0001.0AGB020A.4F1D91E2.00C7,ss=1,re=0.000,fgs=0, SenderID: test@testdomain.tld, Flags: 0, TMsg: 1, TSpam: 0, TSus: 0, TVirus: 0

Log example for Postfix:

 Feb 12 20:04:03 commtouch ct-milter[6578]: [ASVOD] OUT|IN IP: 1.2.3.4, Sender(Auth): <void-bounce-toppatty=root@domain.tld>((null)), Spam: Unknown, VOD: Unknown, RefID: str=0001.0A020301.4F37AAB3.0044:SCFSTAT1403659,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, Action: tag, Reason: global-policy, QueueId: unknown, SenderID: test@testdomain.tld, Flags: 0, TMsg: 1, TSpam: 0, TSus: 0, TVirus: 0

Command to find all such records in maillog:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID

Commands to count number of emails detected as spam / suspected spam / not spam:

Spam:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: Confirmed|Spam: Bulk|sClass: Confirmed|sClass: Bulk" | wc -l

Suspected spam:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: Suspect|sClass: Suspect" | wc -l

Not spam:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: NonSpam|Spam: Unknown|sClass: NonSpam|sClass: Unknown" | wc -l

Notice that these commands do not filter by date, meaning that all records from maillog will be counted. To add a filter by date, use egrep as in:

grep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: NonSpam|Spam: Unknown|sClass: NonSpam|sClass: Unknown" | egrep "Mar 1|Feb 28" | wc -l

If maillog does not contain messages from OA, try adding the following lines into /etc/hosts, then disabling and re-enabling OA from the Plesk interface and sending several messages from one of the mail accounts hosted on the server:

103.5.198.210 resolver1.plesk.ctmail.com
84.39.152.31 resolver2.plesk.ctmail.com
84.39.153.31 resolver3.plesk.ctmail.com
38.113.116.210 resolver4.plesk.ctmail.com
64.191.223.35 resolver5.plesk.ctmail.com

OA statistics

Parallells Premium Outgoing Antispam provides spam activity statistics. You can find this function on the “Dashboard” tab.

Statistics are calculated every hour by the "crontab" task:

# cat /etc/cron.hourly/ctoblogs
#!/bin/bash
/opt/ctch/ctoblogs.php >> /dev/null 2>&1

All logs are located in the /var/log/ctchob directory.

“lastepoch” – time of the last calculation in Unix format (date +%s)

“lastday.stats” – stats for last 24 hours

“lastweek.stats” – stats for last week

“2012” – folder for calculated statistics:

Naming convention:

<BASEDIR>/<Year>/[h|d|w]YYmmdd(HH){.part}
^ ^ ^ ^ ^
| | | | ----- extension for partial hour (hour didn't lap)
| | | --------------- Date with hour resolution, statistics represent
the HH hour (HH:00 until HH:59).
| | | Daily statistics are generated for the last full
hour process to reflect last 24 hours.
| | ---------------------- h = Hourly statistics; d = Daily statistics.
| ----------------------------- Year subfolder
------------------------------------- Commtouch's statistics collection subfolder

<BASEDIR>=/var/log/ctchob

How to enable debug logging for statistics

  1. Modify the /opt/ctch/ctoblogs.php file, setting the debug level to "10" on this line:

    define("DEBUGLEVEL",10);
  2. Modify /etc/cron.hourly/ctoblogs to make it look like this:

    #!/bin/bash
    /opt/ctch/ctoblogs.php >> /var/log/ctchob/debug.log 2>&1

    NOTE: for 11.5 version it should be:

    #!/bin/bash
    /opt/ctch/ctoblogs-ll-ver.php >> /var/log/ctchob/debug.log 2>&1

How to recalculate stats

  1. Make sure that maillog contains records for the required period.

  2. Remove the file which the lastday.stats link refers to.

  3. Modify lastepoch , setting the beginning time for statistics calculation. For example, if you want to recalculate stats for the last 24 hours, you can do it in the following way:

    # date +%s  -d '-1 day' > lastepoch
  4. Run this script: /opt/ctch/ctoblogs.php

Have more questions? Submit a request
Please sign in to leave a comment.