Splunk_Docker/files/splunk-etc/apps/sample_app/logs/maillog

Apr  5 04:02:27 splunk3 sendmail[17873]: n35B2RjN017873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:03:27 splunk3 sendmail[18166]: n35B3R0o018166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:04:27 splunk3 sendmail[18415]: n35B4RYB018415: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:05:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:05:09 splunk3 sendmail[18584]: n35B59Ph018584: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051105.n35B59Td013331@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:05:09 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46154 
Apr  5 04:05:09 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:05:09 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 04:05:09 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 04:05:09 splunk3 sendmail[18585]: n35B59Ph018584: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:05:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:05:27 splunk3 sendmail[18688]: n35B5Rfd018688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:05:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:06:27 splunk3 sendmail[18925]: n35B6Rki018925: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:07:27 splunk3 sendmail[19162]: n35B7Rl6019162: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:08:27 splunk3 sendmail[19399]: n35B8RuJ019399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:09:27 splunk3 sendmail[19636]: n35B9R9l019636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:10:03 splunk3 sendmail[19873]: n35BA3M5019873: from=root, size=292, class=0, nrcpts=1, msgid=<200904051110.n35BA3M5019873@splunk3.splunkit.com>, relay=root@localhost
Apr  5 04:10:03 splunk3 sendmail[19878]: n35BA3tW019878: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051110.n35BA3M5019873@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 04:10:03 splunk3 sendmail[19873]: n35BA3M5019873: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35BA3tW019878 Message accepted for delivery)
Apr  5 04:10:04 splunk3 sendmail[19879]: n35BA3tW019878: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 04:10:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:10:10 splunk3 sendmail[19907]: n35BAA0W019907: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051110.n35BAAAE013941@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:10:10 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46211 
Apr  5 04:10:10 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:10:10 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:10:10 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:10:10 splunk3 spamd[6683]: spamd: processing message <200904051110.n35BAAAE013941@virt2.int.splunk.com> for spamme:501 
Apr  5 04:10:12 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 04:10:12 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46211,mid=<200904051110.n35BAAAE013941@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:10:12 splunk3 sendmail[19918]: n35BAA0W019907: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:10:27 splunk3 sendmail[20015]: n35BARse020015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:10:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:11:27 splunk3 sendmail[20257]: n35BBRwx020257: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 04:12:27 splunk3 sendmail[20495]: n35BCRWb020495: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:13:27 splunk3 sendmail[20735]: n35BDRYO020735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:14:27 splunk3 sendmail[20968]: n35BERnI020968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:15:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:15:11 splunk3 sendmail[21136]: n35BFABU021136: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051115.n35BFARK014734@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:15:11 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46267 
Apr  5 04:15:11 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:15:11 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:15:11 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:15:11 splunk3 spamd[6683]: spamd: processing message <200904051115.n35BFARK014734@virt2.int.splunk.com> for spamme:501 
Apr  5 04:15:13 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 04:15:13 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46267,mid=<200904051115.n35BFARK014734@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:15:13 splunk3 sendmail[21137]: n35BFABU021136: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:15:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:15:27 splunk3 sendmail[21228]: n35BFRk7021228: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:15:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:16:27 splunk3 sendmail[21465]: n35BGR04021465: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:17:27 splunk3 sendmail[21705]: n35BHRdA021705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:18:27 splunk3 sendmail[21939]: n35BIRFH021939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:19:27 splunk3 sendmail[22180]: n35BJRQS022180: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:20:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:20:11 splunk3 sendmail[22348]: n35BKBOv022348: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051120.n35BKBks015364@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:20:11 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46324 
Apr  5 04:20:11 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:20:11 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:20:11 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:20:11 splunk3 spamd[6683]: spamd: processing message <200904051120.n35BKBks015364@virt2.int.splunk.com> for spamme:501 
Apr  5 04:20:13 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 04:20:13 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46324,mid=<200904051120.n35BKBks015364@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:20:13 splunk3 sendmail[22349]: n35BKBOv022348: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:20:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:20:27 splunk3 sendmail[22440]: n35BKR76022440: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:20:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:21:27 splunk3 sendmail[22680]: n35BLRxP022680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:22:27 splunk3 sendmail[1122]: n35BMRdD001122: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:23:27 splunk3 sendmail[27074]: n35BNRH9027074: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:24:27 splunk3 sendmail[30892]: n35BORpI030892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:25:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:25:11 splunk3 sendmail[31074]: n35BPBZk031074: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051125.n35BPBvc019330@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:25:12 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46379 
Apr  5 04:25:12 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:25:12 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:25:12 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:25:12 splunk3 spamd[6683]: spamd: processing message <200904051125.n35BPBvc019330@virt2.int.splunk.com> for spamme:501 
Apr  5 04:25:14 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 04:25:14 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46379,mid=<200904051125.n35BPBvc019330@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:25:14 splunk3 sendmail[31075]: n35BPBZk031074: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:25:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:25:27 splunk3 sendmail[31149]: n35BPR0H031149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:25:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:26:27 splunk3 sendmail[31387]: n35BQRhB031387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 04:27:27 splunk3 sendmail[31628]: n35BRR72031628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:28:27 splunk3 sendmail[31863]: n35BSR17031863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:29:27 splunk3 sendmail[32101]: n35BTR3E032101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:30:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:30:12 splunk3 sendmail[32289]: n35BUCWj032289: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051130.n35BUCLm019953@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:30:12 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46436 
Apr  5 04:30:12 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:30:12 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:30:12 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:30:12 splunk3 spamd[6683]: spamd: processing message <200904051130.n35BUCLm019953@virt2.int.splunk.com> for spamme:501 
Apr  5 04:30:14 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 04:30:14 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46436,mid=<200904051130.n35BUCLm019953@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:30:14 splunk3 sendmail[32290]: n35BUCWj032289: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:30:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:30:27 splunk3 sendmail[32361]: n35BURSd032361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:30:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:31:27 splunk3 sendmail[32604]: n35BVRnw032604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:32:27 splunk3 sendmail[372]: n35BWR5i000372: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:33:27 splunk3 sendmail[612]: n35BXRAo000612: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:34:27 splunk3 sendmail[846]: n35BYRxj000846: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:35:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:35:12 splunk3 sendmail[1030]: n35BZC1G001030: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051135.n35BZCgH020703@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:35:12 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46491 
Apr  5 04:35:12 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:35:12 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:35:12 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:35:12 splunk3 spamd[6683]: spamd: processing message <200904051135.n35BZCgH020703@virt2.int.splunk.com> for spamme:501 
Apr  5 04:35:15 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 04:35:15 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46491,mid=<200904051135.n35BZCgH020703@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:35:15 splunk3 sendmail[1031]: n35BZC1G001030: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:35:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:35:27 splunk3 sendmail[1104]: n35BZRvF001104: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:35:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:36:27 splunk3 sendmail[1342]: n35BaReH001342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:37:27 splunk3 sendmail[1582]: n35BbRk7001582: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:38:27 splunk3 sendmail[1822]: n35BcRTq001822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:39:27 splunk3 sendmail[2062]: n35BdREf002062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:40:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:40:13 splunk3 sendmail[2248]: n35BeDZP002248: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051140.n35BeD0t021333@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:40:13 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46547 
Apr  5 04:40:13 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:40:13 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:40:13 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:40:13 splunk3 spamd[6683]: spamd: processing message <200904051140.n35BeD0t021333@virt2.int.splunk.com> for spamme:501 
Apr  5 04:40:17 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  5 04:40:17 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46547,mid=<200904051140.n35BeD0t021333@virt2.int.splunk.com>,bayes=0.111805162197268,autolearn=no 
Apr  5 04:40:17 splunk3 sendmail[2249]: n35BeDZP002248: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:40:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:40:27 splunk3 sendmail[2323]: n35BeRfM002323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:40:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:41:27 splunk3 sendmail[2566]: n35BfRkf002566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 04:42:27 splunk3 sendmail[2815]: n35BgRZU002815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:43:27 splunk3 sendmail[3065]: n35BhR6O003065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:44:27 splunk3 sendmail[3301]: n35BiRlo003301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:44:49 splunk3 sendmail[3365]: n35Bijlo003365: from=<vergifne_1999@Mag.Org>, size=5479, class=0, nrcpts=1, msgid=<200904051144.n35Bijlo003365@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=host64-3-dynamic.3-79-r.retail.telecomitalia.it [79.3.3.64]
Apr  5 04:44:49 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46599 
Apr  5 04:44:49 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:44:49 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:44:49 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:44:49 splunk3 spamd[6683]: spamd: processing message <200904051144.n35Bijlo003365@splunk3.splunkit.com> for spamme:501 
Apr  5 04:44:53 splunk3 spamd[6683]: spamd: identified spam (20.6/5.0) for spamme:501 in 3.4 seconds, 5924 bytes. 
Apr  5 04:44:53 splunk3 spamd[6683]: spamd: result: Y 20 - BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=3.4,size=5924,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46599,mid=<200904051144.n35Bijlo003365@splunk3.splunkit.com>,bayes=0.558388444856732,autolearn=spam 
Apr  5 04:44:53 splunk3 sendmail[3383]: n35Bijlo003365: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=35843, dsn=2.0.0, stat=Sent
Apr  5 04:44:53 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:45:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:45:14 splunk3 sendmail[3494]: n35BjEVM003494: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051145.n35BjDL6021950@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:45:14 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46604 
Apr  5 04:45:14 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:45:14 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:45:14 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:45:14 splunk3 spamd[6683]: spamd: processing message <200904051145.n35BjDL6021950@virt2.int.splunk.com> for spamme:501 
Apr  5 04:45:16 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 04:45:16 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46604,mid=<200904051145.n35BjDL6021950@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 04:45:16 splunk3 sendmail[3495]: n35BjEVM003494: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:45:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:45:27 splunk3 sendmail[3585]: n35BjRen003585: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:45:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:46:27 splunk3 sendmail[3832]: n35BkRlG003832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:47:27 splunk3 sendmail[4086]: n35BlRuR004086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:48:27 splunk3 sendmail[4340]: n35BmRvw004340: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:49:27 splunk3 sendmail[4579]: n35BnRcY004579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:50:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:50:14 splunk3 sendmail[4769]: n35BoEWD004769: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051150.n35BoE3c022564@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:50:14 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46660 
Apr  5 04:50:14 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:50:14 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:50:14 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:50:14 splunk3 spamd[6683]: spamd: processing message <200904051150.n35BoE3c022564@virt2.int.splunk.com> for spamme:501 
Apr  5 04:50:16 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 04:50:16 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46660,mid=<200904051150.n35BoE3c022564@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 04:50:16 splunk3 sendmail[4770]: n35BoEWD004769: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:50:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:50:27 splunk3 sendmail[4841]: n35BoRwF004841: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:50:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:51:27 splunk3 sendmail[5093]: n35BpR7b005093: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:52:27 splunk3 sendmail[5368]: n35BqRP7005368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:53:27 splunk3 sendmail[5607]: n35BrRjF005607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:54:27 splunk3 sendmail[5842]: n35BsRui005842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:55:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 04:55:14 splunk3 sendmail[6028]: n35BtEhj006028: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051155.n35BtE8Q023180@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 04:55:15 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46716 
Apr  5 04:55:15 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 04:55:15 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 04:55:15 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 04:55:15 splunk3 spamd[6683]: spamd: processing message <200904051155.n35BtE8Q023180@virt2.int.splunk.com> for spamme:501 
Apr  5 04:55:17 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 04:55:17 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46716,mid=<200904051155.n35BtE8Q023180@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 04:55:17 splunk3 sendmail[6029]: n35BtEhj006028: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 04:55:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 04:55:27 splunk3 sendmail[6101]: n35BtRxk006101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:55:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 04:56:27 splunk3 sendmail[6338]: n35BuRkg006338: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 04:57:27 splunk3 sendmail[6579]: n35BvRnT006579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:58:27 splunk3 sendmail[6814]: n35BwRAa006814: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 04:59:27 splunk3 sendmail[7051]: n35BxRWK007051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:00:03 splunk3 sendmail[7255]: n35C03fd007255: from=root, size=291, class=0, nrcpts=1, msgid=<200904051200.n35C03fd007255@splunk3.splunkit.com>, relay=root@localhost
Apr  5 05:00:03 splunk3 sendmail[7259]: n35C03ab007259: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051200.n35C03fd007255@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 05:00:03 splunk3 sendmail[7255]: n35C03fd007255: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35C03ab007259 Message accepted for delivery)
Apr  5 05:00:04 splunk3 sendmail[7260]: n35C03ab007259: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 05:00:09 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:00:15 splunk3 sendmail[7305]: n35C0F7p007305: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051200.n35C0Fim023842@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:00:15 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46773 
Apr  5 05:00:15 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:00:15 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 05:00:15 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 05:00:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:00:15 splunk3 sendmail[7307]: n35C0F7p007305: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:00:25 splunk3 sendmail[7360]: n35C0PwT007360: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904051200.n35C0PwT007360@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 05:00:25 splunk3 sendmail[7362]: n35C0PwT007360: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 05:00:25 splunk3 sendmail[7362]: n35C0PwT007360: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 05:00:25 splunk3 sendmail[7362]: n35C0PwT007360: n35C0PwT007362: postmaster notify: User unknown
Apr  5 05:00:26 splunk3 sendmail[7362]: n35C0PwT007362: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 05:00:27 splunk3 sendmail[7391]: n35C0RMi007391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:00:33 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:01:07 splunk3 sendmail[7551]: n35C11Bq007551: from=root, size=443, class=0, nrcpts=1, msgid=<200904051201.n35C11Bq007551@splunk3.splunkit.com>, relay=root@localhost
Apr  5 05:01:07 splunk3 sendmail[7574]: n35C17bi007574: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051201.n35C11Bq007551@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 05:01:07 splunk3 sendmail[7551]: n35C11Bq007551: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35C17bi007574 Message accepted for delivery)
Apr  5 05:01:09 splunk3 sendmail[7575]: n35C17bi007574: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 05:01:27 splunk3 sendmail[7657]: n35C1RDB007657: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:02:27 splunk3 sendmail[7894]: n35C2Rw9007894: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:03:27 splunk3 sendmail[8132]: n35C3R4w008132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:04:27 splunk3 sendmail[8368]: n35C4Rji008368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:05:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:05:15 splunk3 sendmail[8555]: n35C5FJV008555: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051205.n35C5Ft4024526@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:05:15 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46837 
Apr  5 05:05:15 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:05:15 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 05:05:15 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 05:05:15 splunk3 sendmail[8556]: n35C5FJV008555: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:05:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:05:27 splunk3 sendmail[8624]: n35C5RBN008624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:05:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:06:27 splunk3 sendmail[8863]: n35C6RXY008863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:07:27 splunk3 sendmail[9102]: n35C7RrE009102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:08:27 splunk3 sendmail[9341]: n35C8RSb009341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:09:27 splunk3 sendmail[9581]: n35C9REN009581: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:10:02 splunk3 sendmail[9817]: n35CA2tb009817: from=root, size=292, class=0, nrcpts=1, msgid=<200904051210.n35CA2tb009817@splunk3.splunkit.com>, relay=root@localhost
Apr  5 05:10:02 splunk3 sendmail[9822]: n35CA2eU009822: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051210.n35CA2tb009817@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 05:10:02 splunk3 sendmail[9817]: n35CA2tb009817: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35CA2eU009822 Message accepted for delivery)
Apr  5 05:10:03 splunk3 sendmail[9823]: n35CA2eU009822: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 05:10:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:10:16 splunk3 sendmail[9889]: n35CAGP4009889: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051210.n35CAG5D025141@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:10:16 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46893 
Apr  5 05:10:16 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:10:16 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:10:16 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:10:16 splunk3 spamd[6683]: spamd: processing message <200904051210.n35CAG5D025141@virt2.int.splunk.com> for spamme:501 
Apr  5 05:10:18 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 05:10:18 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46893,mid=<200904051210.n35CAG5D025141@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:10:18 splunk3 sendmail[9890]: n35CAGP4009889: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:10:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:10:27 splunk3 sendmail[9947]: n35CARCL009947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:10:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:11:27 splunk3 sendmail[10186]: n35CBR4u010186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 05:12:27 splunk3 sendmail[10421]: n35CCRh9010421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:13:27 splunk3 sendmail[10661]: n35CDRuT010661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:14:27 splunk3 sendmail[10894]: n35CERwQ010894: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:15:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:15:16 splunk3 sendmail[11099]: n35CFG8H011099: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051215.n35CFGOO025924@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:15:16 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46950 
Apr  5 05:15:16 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:15:16 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:15:16 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:15:16 splunk3 spamd[6683]: spamd: processing message <200904051215.n35CFGOO025924@virt2.int.splunk.com> for spamme:501 
Apr  5 05:15:18 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 05:15:18 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46950,mid=<200904051215.n35CFGOO025924@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:15:18 splunk3 sendmail[11100]: n35CFG8H011099: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:15:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:15:27 splunk3 sendmail[11155]: n35CFRRa011155: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:15:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:16:27 splunk3 sendmail[11395]: n35CGRtA011395: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:17:27 splunk3 sendmail[11633]: n35CHRq2011633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:18:27 splunk3 sendmail[11867]: n35CIRRM011867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:19:28 splunk3 sendmail[12106]: n35CJSRi012106: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:20:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:20:17 splunk3 sendmail[12313]: n35CKHRN012313: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051220.n35CKGg3026556@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:20:17 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47005 
Apr  5 05:20:17 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:20:17 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:20:17 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:20:17 splunk3 spamd[6683]: spamd: processing message <200904051220.n35CKGg3026556@virt2.int.splunk.com> for spamme:501 
Apr  5 05:20:19 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 05:20:19 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47005,mid=<200904051220.n35CKGg3026556@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:20:19 splunk3 sendmail[12314]: n35CKHRN012313: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:20:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:20:28 splunk3 sendmail[12368]: n35CKSbw012368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:20:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:21:28 splunk3 sendmail[12608]: n35CLS04012608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:22:28 splunk3 sendmail[12844]: n35CMS40012844: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:23:28 splunk3 sendmail[13089]: n35CNSjo013089: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:24:28 splunk3 sendmail[13358]: n35COSwY013358: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:25:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:25:18 splunk3 sendmail[13565]: n35CPICa013565: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051225.n35CPHTd027164@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:25:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47061 
Apr  5 05:25:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:25:18 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:25:18 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:25:18 splunk3 spamd[6683]: spamd: processing message <200904051225.n35CPHTd027164@virt2.int.splunk.com> for spamme:501 
Apr  5 05:25:20 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 05:25:20 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47061,mid=<200904051225.n35CPHTd027164@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:25:20 splunk3 sendmail[13566]: n35CPICa013565: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:25:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:25:28 splunk3 sendmail[13620]: n35CPSNY013620: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:25:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:26:28 splunk3 sendmail[13857]: n35CQSvb013857: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 05:27:28 splunk3 sendmail[14099]: n35CRSub014099: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:28:28 splunk3 sendmail[14331]: n35CSSSW014331: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:29:28 splunk3 sendmail[14569]: n35CTShL014569: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:30:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:30:18 splunk3 sendmail[14774]: n35CUIG9014774: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051230.n35CUIEq027786@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:30:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47116 
Apr  5 05:30:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:30:18 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:30:18 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:30:18 splunk3 spamd[6683]: spamd: processing message <200904051230.n35CUIEq027786@virt2.int.splunk.com> for spamme:501 
Apr  5 05:30:20 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 05:30:20 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47116,mid=<200904051230.n35CUIEq027786@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:30:20 splunk3 sendmail[14775]: n35CUIG9014774: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:30:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:30:28 splunk3 sendmail[14830]: n35CUSPl014830: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:30:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:31:28 splunk3 sendmail[15070]: n35CVS2l015070: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:32:28 splunk3 sendmail[15304]: n35CWS9N015304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:33:28 splunk3 sendmail[15551]: n35CXSeG015551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:34:28 splunk3 sendmail[15788]: n35CYS33015788: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:35:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:35:18 splunk3 sendmail[15994]: n35CZIZj015994: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051235.n35CZIvN028532@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:35:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47172 
Apr  5 05:35:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:35:18 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:35:18 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:35:18 splunk3 spamd[6683]: spamd: processing message <200904051235.n35CZIvN028532@virt2.int.splunk.com> for spamme:501 
Apr  5 05:35:20 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 05:35:20 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47172,mid=<200904051235.n35CZIvN028532@virt2.int.splunk.com>,bayes=0.111797749782387,autolearn=no 
Apr  5 05:35:20 splunk3 sendmail[15995]: n35CZIZj015994: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:35:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:35:28 splunk3 sendmail[16036]: n35CZS5K016036: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:35:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:36:28 splunk3 sendmail[16284]: n35CaSQX016284: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:36:36 splunk3 sendmail[16283]: n35CaSFO016283: from=<spammesilly@allanborup.dk>, size=3999, class=0, nrcpts=1, msgid=<20090405073633.3288.qmail@vaio>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=ppp94-29-72-31.pppoe.spdop.ru [94.29.72.31]
Apr  5 05:36:36 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47193 
Apr  5 05:36:36 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:36:36 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:36:36 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:36:36 splunk3 spamd[6683]: spamd: processing message <20090405073633.3288.qmail@vaio> for spamme:501 
Apr  5 05:36:39 splunk3 spamd[6683]: spamd: identified spam (32.7/5.0) for spamme:501 in 2.9 seconds, 4291 bytes. 
Apr  5 05:36:39 splunk3 spamd[6683]: spamd: result: Y 32 - ADDRESS_IN_SUBJECT,BAYES_99,DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,SUBJ_HAS_UNIQ_ID,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=2.9,size=4291,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47193,mid=<20090405073633.3288.qmail@vaio>,bayes=1,autolearn=spam 
Apr  5 05:36:39 splunk3 sendmail[16329]: n35CaSFO016283: to=<spamme@splunkit.com>, delay=00:00:07, xdelay=00:00:03, mailer=local, pri=34197, dsn=2.0.0, stat=Sent
Apr  5 05:36:39 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:37:28 splunk3 sendmail[16531]: n35CbSmU016531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:38:28 splunk3 sendmail[16769]: n35CcSvj016769: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:39:28 splunk3 sendmail[17007]: n35CdSOx017007: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:40:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:40:19 splunk3 sendmail[17217]: n35CeJgd017217: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051240.n35CeI7j029161@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:40:19 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47228 
Apr  5 05:40:19 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:40:19 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:40:19 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:40:19 splunk3 spamd[6683]: spamd: processing message <200904051240.n35CeI7j029161@virt2.int.splunk.com> for spamme:501 
Apr  5 05:40:21 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 05:40:21 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47228,mid=<200904051240.n35CeI7j029161@virt2.int.splunk.com>,bayes=0.111793311146946,autolearn=no 
Apr  5 05:40:21 splunk3 sendmail[17218]: n35CeJgd017217: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:40:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:40:28 splunk3 sendmail[17259]: n35CeSPL017259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:40:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:41:28 splunk3 sendmail[17511]: n35CfSK9017511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 05:42:28 splunk3 sendmail[17746]: n35CgSKX017746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:43:28 splunk3 sendmail[17985]: n35ChScZ017985: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:44:28 splunk3 sendmail[18220]: n35CiSls018220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:45:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:45:20 splunk3 sendmail[18426]: n35CjKlu018426: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051245.n35CjJ1c029773@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:45:20 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47285 
Apr  5 05:45:20 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:45:20 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:45:20 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:45:20 splunk3 spamd[6683]: spamd: processing message <200904051245.n35CjJ1c029773@virt2.int.splunk.com> for spamme:501 
Apr  5 05:45:22 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 05:45:22 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47285,mid=<200904051245.n35CjJ1c029773@virt2.int.splunk.com>,bayes=0.111793311146946,autolearn=no 
Apr  5 05:45:22 splunk3 sendmail[18427]: n35CjKlu018426: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:45:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:45:28 splunk3 sendmail[18468]: n35CjSGY018468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:45:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:46:28 splunk3 sendmail[18713]: n35CkSXo018713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:47:28 splunk3 sendmail[18951]: n35ClSbm018951: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:48:28 splunk3 sendmail[19188]: n35CmSmG019188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:49:28 splunk3 sendmail[19424]: n35CnSWO019424: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:50:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:50:20 splunk3 sendmail[19651]: n35CoKoO019651: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051250.n35CoKrW030394@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:50:20 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47341 
Apr  5 05:50:20 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:50:20 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:50:20 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:50:20 splunk3 spamd[6683]: spamd: processing message <200904051250.n35CoKrW030394@virt2.int.splunk.com> for spamme:501 
Apr  5 05:50:22 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 05:50:22 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47341,mid=<200904051250.n35CoKrW030394@virt2.int.splunk.com>,bayes=0.111793311146946,autolearn=no 
Apr  5 05:50:22 splunk3 sendmail[19652]: n35CoKoO019651: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:50:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:50:28 splunk3 sendmail[19676]: n35CoSvg019676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:50:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:51:28 splunk3 sendmail[19928]: n35CpSFr019928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:52:28 splunk3 sendmail[20163]: n35CqSl1020163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:53:28 splunk3 sendmail[20406]: n35CrSC6020406: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:54:28 splunk3 sendmail[20640]: n35CsSj6020640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:55:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 05:55:21 splunk3 sendmail[20866]: n35CtLn2020866: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051255.n35CtKjr030994@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 05:55:21 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47396 
Apr  5 05:55:21 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 05:55:21 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 05:55:21 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 05:55:21 splunk3 spamd[6683]: spamd: processing message <200904051255.n35CtKjr030994@virt2.int.splunk.com> for spamme:501 
Apr  5 05:55:23 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 05:55:23 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47396,mid=<200904051255.n35CtKjr030994@virt2.int.splunk.com>,bayes=0.111793311146946,autolearn=no 
Apr  5 05:55:23 splunk3 sendmail[20867]: n35CtLn2020866: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 05:55:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 05:55:28 splunk3 sendmail[20892]: n35CtSbs020892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:55:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 05:56:28 splunk3 sendmail[21141]: n35CuSls021141: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 05:57:28 splunk3 sendmail[21381]: n35CvSwP021381: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:58:28 splunk3 sendmail[21618]: n35CwSIA021618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 05:59:28 splunk3 sendmail[21855]: n35CxSov021855: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:00:00 splunk3 sendmail[22006]: n35D00K2022006: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904051300.n35D00K2022006@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 06:00:00 splunk3 sendmail[22008]: n35D00K2022006: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 06:00:00 splunk3 sendmail[22008]: n35D00K2022006: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 06:00:00 splunk3 sendmail[22008]: n35D00K2022006: n35D00K2022008: postmaster notify: User unknown
Apr  5 06:00:02 splunk3 sendmail[22008]: n35D00K2022008: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 06:00:04 splunk3 sendmail[22087]: n35D04aY022087: from=root, size=291, class=0, nrcpts=1, msgid=<200904051300.n35D04aY022087@splunk3.splunkit.com>, relay=root@localhost
Apr  5 06:00:04 splunk3 sendmail[22091]: n35D049N022091: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051300.n35D04aY022087@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 06:00:04 splunk3 sendmail[22087]: n35D04aY022087: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35D049N022091 Message accepted for delivery)
Apr  5 06:00:05 splunk3 sendmail[22092]: n35D049N022091: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 06:00:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:00:21 splunk3 sendmail[22176]: n35D0LqD022176: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051300.n35D0LvG031634@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:00:21 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47469 
Apr  5 06:00:21 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:00:21 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 06:00:21 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 06:00:21 splunk3 sendmail[22177]: n35D0LqD022176: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 06:00:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:00:28 splunk3 sendmail[22199]: n35D0Ska022199: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:00:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:01:07 splunk3 sendmail[22352]: n35D11l5022352: from=root, size=443, class=0, nrcpts=1, msgid=<200904051301.n35D11l5022352@splunk3.splunkit.com>, relay=root@localhost
Apr  5 06:01:07 splunk3 sendmail[22373]: n35D17hj022373: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051301.n35D11l5022352@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 06:01:07 splunk3 sendmail[22352]: n35D11l5022352: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35D17hj022373 Message accepted for delivery)
Apr  5 06:01:09 splunk3 sendmail[22374]: n35D17hj022373: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 06:01:28 splunk3 sendmail[22453]: n35D1SZp022453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:02:28 splunk3 sendmail[22690]: n35D2SvR022690: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:03:28 splunk3 sendmail[22927]: n35D3SQO022927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:04:28 splunk3 sendmail[23162]: n35D4Sl4023162: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:05:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:05:22 splunk3 sendmail[23396]: n35D5MHb023396: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051305.n35D5MTP032318@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:05:22 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47525 
Apr  5 06:05:22 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:05:22 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 06:05:22 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 06:05:22 splunk3 sendmail[23397]: n35D5MHb023396: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 06:05:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:05:28 splunk3 sendmail[23421]: n35D5SWn023421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:05:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:06:28 splunk3 sendmail[23657]: n35D6SPe023657: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:07:28 splunk3 sendmail[23897]: n35D7SpN023897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:08:28 splunk3 sendmail[24137]: n35D8SKj024137: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:09:28 splunk3 sendmail[24378]: n35D9SS6024378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:10:03 splunk3 sendmail[24628]: n35DA3OJ024628: from=root, size=292, class=0, nrcpts=1, msgid=<200904051310.n35DA3OJ024628@splunk3.splunkit.com>, relay=root@localhost
Apr  5 06:10:03 splunk3 sendmail[24633]: n35DA3PD024633: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051310.n35DA3OJ024628@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 06:10:03 splunk3 sendmail[24628]: n35DA3OJ024628: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35DA3PD024633 Message accepted for delivery)
Apr  5 06:10:04 splunk3 sendmail[24634]: n35DA3PD024633: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 06:10:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:10:22 splunk3 sendmail[24720]: n35DAMwX024720: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904051310.n35DAMPK000470@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:10:22 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47582 
Apr  5 06:10:22 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:10:22 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:10:22 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:10:22 splunk3 spamd[6683]: spamd: processing message <200904051310.n35DAMPK000470@virt2.int.splunk.com> for spamme:501 
Apr  5 06:10:24 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1302 bytes. 
Apr  5 06:10:24 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47582,mid=<200904051310.n35DAMPK000470@virt2.int.splunk.com>,bayes=0.0658718950102126,autolearn=no 
Apr  5 06:10:24 splunk3 sendmail[24721]: n35DAMwX024720: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 06:10:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:10:28 splunk3 sendmail[24743]: n35DASGM024743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:10:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:11:28 splunk3 sendmail[24985]: n35DBShU024985: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 06:12:28 splunk3 sendmail[25223]: n35DCSmv025223: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:13:28 splunk3 sendmail[25461]: n35DDSE4025461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:14:28 splunk3 sendmail[25696]: n35DESxN025696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:15:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:15:23 splunk3 sendmail[25929]: n35DFNLo025929: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051315.n35DFMkG001262@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:15:23 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47638 
Apr  5 06:15:23 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:15:23 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:15:23 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:15:23 splunk3 spamd[6683]: spamd: processing message <200904051315.n35DFMkG001262@virt2.int.splunk.com> for spamme:501 
Apr  5 06:15:25 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 06:15:25 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47638,mid=<200904051315.n35DFMkG001262@virt2.int.splunk.com>,bayes=0.16864958831754,autolearn=no 
Apr  5 06:15:25 splunk3 sendmail[25930]: n35DFNLo025929: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:15:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:15:28 splunk3 sendmail[25953]: n35DFSQA025953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:15:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:16:28 splunk3 sendmail[26193]: n35DGSiU026193: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:17:28 splunk3 sendmail[26429]: n35DHSAr026429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:18:28 splunk3 sendmail[26663]: n35DISnu026663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:19:28 splunk3 sendmail[26903]: n35DJSIG026903: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:20:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:20:23 splunk3 sendmail[27137]: n35DKNtA027137: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051320.n35DKNSH001927@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:20:23 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47694 
Apr  5 06:20:23 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:20:23 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:20:23 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:20:23 splunk3 spamd[6683]: spamd: processing message <200904051320.n35DKNSH001927@virt2.int.splunk.com> for spamme:501 
Apr  5 06:20:25 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  5 06:20:25 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47694,mid=<200904051320.n35DKNSH001927@virt2.int.splunk.com>,bayes=0.16864958831754,autolearn=no 
Apr  5 06:20:25 splunk3 sendmail[27138]: n35DKNtA027137: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:20:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:20:28 splunk3 sendmail[27162]: n35DKSrx027162: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:20:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:21:28 splunk3 sendmail[27403]: n35DLSt5027403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:22:28 splunk3 sendmail[27637]: n35DMSFD027637: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:23:28 splunk3 sendmail[27882]: n35DNS3M027882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:24:28 splunk3 sendmail[28115]: n35DOSlI028115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:25:07 splunk3 sendmail[28294]: n35DP6lf028294: from=<3MrHYSRQKBgYmuumrkgrkxzy-tuxkvr4muumrk.iusyvgsskyvr0tqoz.ius@alerts.bounces.google.com>, size=2534, class=0, nrcpts=1, msgid=<00163630f5c9c93c260466ceb538@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  5 06:25:07 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47747 
Apr  5 06:25:07 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:25:07 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:25:07 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:25:07 splunk3 spamd[6683]: spamd: processing message <00163630f5c9c93c260466ceb538@google.com> for spamme:501 
Apr  5 06:25:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:25:09 splunk3 spamd[6683]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.3 seconds, 2968 bytes. 
Apr  5 06:25:09 splunk3 spamd[6683]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.3,size=2968,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47747,mid=<00163630f5c9c93c260466ceb538@google.com>,bayes=0,autolearn=ham 
Apr  5 06:25:09 splunk3 sendmail[28295]: n35DP6lf028294: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=32749, dsn=2.0.0, stat=Sent
Apr  5 06:25:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:25:24 splunk3 sendmail[28359]: n35DPOWx028359: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051325.n35DPNbW002547@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:25:24 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47750 
Apr  5 06:25:24 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:25:24 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:25:24 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:25:24 splunk3 spamd[6683]: spamd: processing message <200904051325.n35DPNbW002547@virt2.int.splunk.com> for spamme:501 
Apr  5 06:25:26 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 06:25:26 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47750,mid=<200904051325.n35DPNbW002547@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:25:26 splunk3 sendmail[28360]: n35DPOWx028359: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:25:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:25:28 splunk3 sendmail[28381]: n35DPSN9028381: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:25:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:26:28 splunk3 sendmail[28621]: n35DQSj8028621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 06:27:28 splunk3 sendmail[28859]: n35DRSxN028859: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:28:28 splunk3 sendmail[29096]: n35DSSAE029096: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:29:28 splunk3 sendmail[29334]: n35DTSmb029334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:30:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:30:25 splunk3 sendmail[29571]: n35DUOWC029571: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051330.n35DUOfP003173@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:30:25 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47807 
Apr  5 06:30:25 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:30:25 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:30:25 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:30:25 splunk3 spamd[6683]: spamd: processing message <200904051330.n35DUOfP003173@virt2.int.splunk.com> for spamme:501 
Apr  5 06:30:27 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  5 06:30:27 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47807,mid=<200904051330.n35DUOfP003173@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:30:27 splunk3 sendmail[29572]: n35DUOWC029571: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:30:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:30:28 splunk3 sendmail[29596]: n35DUSLk029596: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:30:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:31:28 splunk3 sendmail[29837]: n35DVSPq029837: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:32:28 splunk3 sendmail[30071]: n35DWScn030071: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:33:28 splunk3 sendmail[30311]: n35DXSnq030311: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:34:28 splunk3 sendmail[30545]: n35DYSaw030545: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:35:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:35:25 splunk3 sendmail[30795]: n35DZPNE030795: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051335.n35DZPLI003918@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:35:25 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47863 
Apr  5 06:35:25 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:35:25 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:35:25 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:35:25 splunk3 spamd[6683]: spamd: processing message <200904051335.n35DZPLI003918@virt2.int.splunk.com> for spamme:501 
Apr  5 06:35:27 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 06:35:27 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47863,mid=<200904051335.n35DZPLI003918@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:35:27 splunk3 sendmail[30796]: n35DZPNE030795: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:35:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:35:28 splunk3 sendmail[30804]: n35DZS6E030804: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:35:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:36:28 splunk3 sendmail[31039]: n35DaSKS031039: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:37:28 splunk3 sendmail[31278]: n35DbSw3031278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:38:28 splunk3 sendmail[31516]: n35DcS6A031516: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:39:28 splunk3 sendmail[31755]: n35DdS5h031755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:40:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:40:26 splunk3 sendmail[32012]: n35DeQJr032012: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051340.n35DePr4004554@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:40:26 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47918 
Apr  5 06:40:26 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:40:26 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:40:26 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:40:26 splunk3 spamd[6683]: spamd: processing message <200904051340.n35DePr4004554@virt2.int.splunk.com> for spamme:501 
Apr  5 06:40:28 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 06:40:28 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47918,mid=<200904051340.n35DePr4004554@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:40:28 splunk3 sendmail[32013]: n35DeQJr032012: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:40:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:40:28 splunk3 sendmail[32018]: n35DeSIC032018: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:40:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:41:28 splunk3 sendmail[32258]: n35DfSa5032258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 06:42:28 splunk3 sendmail[32494]: n35DgSGc032494: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:43:28 splunk3 sendmail[32735]: n35DhS89032735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:44:28 splunk3 sendmail[504]: n35DiSeD000504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:45:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:45:26 splunk3 sendmail[754]: n35DjQBn000754: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051345.n35DjQbV005171@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:45:26 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47975 
Apr  5 06:45:26 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:45:26 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:45:26 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:45:26 splunk3 spamd[6683]: spamd: processing message <200904051345.n35DjQbV005171@virt2.int.splunk.com> for spamme:501 
Apr  5 06:45:28 splunk3 sendmail[761]: n35DjSm0000761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:45:28 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 06:45:28 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47975,mid=<200904051345.n35DjQbV005171@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:45:28 splunk3 sendmail[755]: n35DjQBn000754: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:45:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:45:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:46:28 splunk3 sendmail[1001]: n35DkSZI001001: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:47:28 splunk3 sendmail[1243]: n35DlSR2001243: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:48:28 splunk3 sendmail[1475]: n35DmSbE001475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:49:28 splunk3 sendmail[1716]: n35DnSMb001716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:50:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:50:27 splunk3 sendmail[1971]: n35DoR0Z001971: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051350.n35DoQYV005786@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:50:27 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48030 
Apr  5 06:50:27 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:50:27 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:50:27 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:50:27 splunk3 spamd[6683]: spamd: processing message <200904051350.n35DoQYV005786@virt2.int.splunk.com> for spamme:501 
Apr  5 06:50:28 splunk3 sendmail[1977]: n35DoSAD001977: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:50:29 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 06:50:29 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48030,mid=<200904051350.n35DoQYV005786@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:50:29 splunk3 sendmail[1972]: n35DoR0Z001971: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:50:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:50:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:51:28 splunk3 sendmail[2219]: n35DpSVc002219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:52:28 splunk3 sendmail[2453]: n35DqSVZ002453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:53:28 splunk3 sendmail[2704]: n35DrStS002704: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:54:28 splunk3 sendmail[2949]: n35DsSRi002949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:55:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 06:55:27 splunk3 sendmail[3211]: n35DtRKD003211: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051355.n35DtRPo006425@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 06:55:27 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48086 
Apr  5 06:55:27 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 06:55:27 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 06:55:27 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 06:55:27 splunk3 spamd[6683]: spamd: processing message <200904051355.n35DtRPo006425@virt2.int.splunk.com> for spamme:501 
Apr  5 06:55:28 splunk3 sendmail[3217]: n35DtSDW003217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:55:29 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1305 bytes. 
Apr  5 06:55:29 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48086,mid=<200904051355.n35DtRPo006425@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 06:55:29 splunk3 sendmail[3212]: n35DtRKD003211: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 06:55:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 06:55:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 06:56:28 splunk3 sendmail[3456]: n35DuSnU003456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 06:57:28 splunk3 sendmail[3724]: n35DvSVv003724: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:58:28 splunk3 sendmail[3964]: n35DwScD003964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 06:59:28 splunk3 sendmail[4218]: n35DxSdM004218: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:00:04 splunk3 sendmail[4454]: n35E04fT004454: from=root, size=291, class=0, nrcpts=1, msgid=<200904051400.n35E04fT004454@splunk3.splunkit.com>, relay=root@localhost
Apr  5 07:00:05 splunk3 sendmail[4458]: n35E048t004458: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051400.n35E04fT004454@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 07:00:05 splunk3 sendmail[4454]: n35E04fT004454: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35E048t004458 Message accepted for delivery)
Apr  5 07:00:06 splunk3 sendmail[4479]: n35E061R004479: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904051400.n35E061R004479@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 07:00:06 splunk3 sendmail[4481]: n35E061R004479: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 07:00:06 splunk3 sendmail[4481]: n35E061R004479: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 07:00:06 splunk3 sendmail[4481]: n35E061R004479: n35E061R004481: postmaster notify: User unknown
Apr  5 07:00:06 splunk3 sendmail[4459]: n35E048t004458: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 07:00:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:00:15 splunk3 sendmail[4481]: n35E061R004481: to=root, delay=00:00:09, xdelay=00:00:09, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 07:00:28 splunk3 sendmail[4570]: n35E0SVS004570: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051400.n35E0SL1007046@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:00:28 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48150 
Apr  5 07:00:28 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:00:28 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 07:00:28 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 07:00:28 splunk3 sendmail[4571]: n35E0SVS004570: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 07:00:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:00:28 splunk3 sendmail[4575]: n35E0SFF004575: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:00:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:01:04 splunk3 sendmail[4725]: n35E113p004725: from=root, size=443, class=0, nrcpts=1, msgid=<200904051401.n35E113p004725@splunk3.splunkit.com>, relay=root@localhost
Apr  5 07:01:04 splunk3 sendmail[4730]: n35E14xU004730: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051401.n35E113p004725@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 07:01:04 splunk3 sendmail[4725]: n35E113p004725: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35E14xU004730 Message accepted for delivery)
Apr  5 07:01:05 splunk3 sendmail[4731]: n35E14xU004730: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 07:01:28 splunk3 sendmail[4834]: n35E1Sbc004834: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:02:28 splunk3 sendmail[5078]: n35E2S6p005078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:03:28 splunk3 sendmail[5354]: n35E3S5F005354: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:04:28 splunk3 sendmail[5592]: n35E4Sfh005592: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:05:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:05:28 splunk3 sendmail[5846]: n35E5Sgu005846: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051405.n35E5SgB007754@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:05:28 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48207 
Apr  5 07:05:28 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:05:28 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 07:05:28 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 07:05:28 splunk3 sendmail[5847]: n35E5Sgu005846: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 07:05:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:05:28 splunk3 sendmail[5851]: n35E5SLs005851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:05:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:06:28 splunk3 sendmail[6087]: n35E6SZi006087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:07:28 splunk3 sendmail[6326]: n35E7S92006326: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:08:28 splunk3 sendmail[6567]: n35E8SJZ006567: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:09:28 splunk3 sendmail[6805]: n35E9SNi006805: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:10:02 splunk3 sendmail[7043]: n35EA2D8007043: from=root, size=292, class=0, nrcpts=1, msgid=<200904051410.n35EA2D8007043@splunk3.splunkit.com>, relay=root@localhost
Apr  5 07:10:02 splunk3 sendmail[7048]: n35EA2iK007048: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051410.n35EA2D8007043@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 07:10:02 splunk3 sendmail[7043]: n35EA2D8007043: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35EA2iK007048 Message accepted for delivery)
Apr  5 07:10:03 splunk3 sendmail[7049]: n35EA2iK007048: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 07:10:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:10:28 splunk3 sendmail[7166]: n35EASkb007166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:10:29 splunk3 sendmail[7168]: n35EATko007168: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051410.n35EAT87008342@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:10:29 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48263 
Apr  5 07:10:29 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:10:29 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:10:29 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:10:29 splunk3 spamd[6683]: spamd: processing message <200904051410.n35EAT87008342@virt2.int.splunk.com> for spamme:501 
Apr  5 07:10:31 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 07:10:31 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48263,mid=<200904051410.n35EAT87008342@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 07:10:31 splunk3 sendmail[7173]: n35EATko007168: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 07:10:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:10:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:11:28 splunk3 sendmail[7413]: n35EBSqn007413: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 07:12:28 splunk3 sendmail[7658]: n35ECSX4007658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:13:28 splunk3 sendmail[7897]: n35EDSv3007897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:14:28 splunk3 sendmail[8132]: n35EESAK008132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:15:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:15:28 splunk3 sendmail[8386]: n35EFS4d008386: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:15:30 splunk3 sendmail[8408]: n35EFUcN008408: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051415.n35EFTLu009155@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:15:30 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48320 
Apr  5 07:15:30 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:15:30 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:15:30 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:15:30 splunk3 spamd[6683]: spamd: processing message <200904051415.n35EFTLu009155@virt2.int.splunk.com> for spamme:501 
Apr  5 07:15:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:15:32 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 07:15:32 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48320,mid=<200904051415.n35EFTLu009155@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 07:15:32 splunk3 sendmail[8409]: n35EFUcN008408: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 07:15:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:16:28 splunk3 sendmail[8628]: n35EGSc4008628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:17:28 splunk3 sendmail[8868]: n35EHSAi008868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:18:28 splunk3 sendmail[9102]: n35EISpt009102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:19:28 splunk3 sendmail[9344]: n35EJSDR009344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:20:00 splunk3 sendmail[9482]: n35EK0gg009482: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051420.n35EK03H009671@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:20:00 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48363 
Apr  5 07:20:00 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:20:00 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:20:00 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:20:00 splunk3 spamd[6683]: spamd: processing message <200904051420.n35EK03H009671@virt2.int.splunk.com> for spamme:501 
Apr  5 07:20:02 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  5 07:20:02 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48363,mid=<200904051420.n35EK03H009671@virt2.int.splunk.com>,bayes=0.168687332852643,autolearn=no 
Apr  5 07:20:02 splunk3 sendmail[9483]: n35EK0gg009482: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 07:20:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:20:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:20:28 splunk3 sendmail[9602]: n35EKSU8009602: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:20:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:21:28 splunk3 sendmail[9842]: n35ELScf009842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:22:28 splunk3 sendmail[10078]: n35EMSpb010078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:23:28 splunk3 sendmail[10320]: n35ENSHR010320: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:24:28 splunk3 sendmail[10556]: n35EOSAA010556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:25:01 splunk3 sendmail[10697]: n35EP16r010697: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051425.n35EP0vc010298@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:25:01 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48418 
Apr  5 07:25:01 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:25:01 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:25:01 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:25:01 splunk3 spamd[6683]: spamd: processing message <200904051425.n35EP0vc010298@virt2.int.splunk.com> for spamme:501 
Apr  5 07:25:03 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 07:25:03 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48418,mid=<200904051425.n35EP0vc010298@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:25:03 splunk3 sendmail[10698]: n35EP16r010697: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:25:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:25:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:25:28 splunk3 sendmail[10815]: n35EPS2n010815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:25:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:26:28 splunk3 sendmail[11053]: n35EQSXe011053: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 07:27:28 splunk3 sendmail[11290]: n35ERSDi011290: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:28:28 splunk3 sendmail[11528]: n35ESS84011528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:29:28 splunk3 sendmail[11768]: n35ETSFN011768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:30:01 splunk3 sendmail[11904]: n35EU1gW011904: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051430.n35EU1UN010917@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:30:01 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48475 
Apr  5 07:30:01 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:30:01 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:30:01 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:30:01 splunk3 spamd[6683]: spamd: processing message <200904051430.n35EU1UN010917@virt2.int.splunk.com> for spamme:501 
Apr  5 07:30:03 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 07:30:03 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48475,mid=<200904051430.n35EU1UN010917@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:30:03 splunk3 sendmail[11905]: n35EU1gW011904: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:30:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:30:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:30:28 splunk3 sendmail[12027]: n35EUSFo012027: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:30:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:31:29 splunk3 sendmail[12271]: n35EVSp7012271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:32:29 splunk3 sendmail[12505]: n35EWTbQ012505: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:33:29 splunk3 sendmail[12746]: n35EXTZP012746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:34:29 splunk3 sendmail[12980]: n35EYT0h012980: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:35:02 splunk3 sendmail[13122]: n35EZ2Ll013122: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051435.n35EZ1m5011700@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:35:02 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48530 
Apr  5 07:35:02 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:35:02 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:35:02 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:35:02 splunk3 spamd[6683]: spamd: processing message <200904051435.n35EZ1m5011700@virt2.int.splunk.com> for spamme:501 
Apr  5 07:35:04 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 07:35:04 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48530,mid=<200904051435.n35EZ1m5011700@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:35:04 splunk3 sendmail[13123]: n35EZ2Ll013122: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:35:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:35:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:35:29 splunk3 sendmail[13239]: n35EZT7s013239: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:35:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:36:29 splunk3 sendmail[13516]: n35EaTlX013516: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:37:29 splunk3 sendmail[13755]: n35EbT0S013755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:38:29 splunk3 sendmail[13995]: n35EcTew013995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:39:29 splunk3 sendmail[14232]: n35EdTUS014232: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:40:02 splunk3 sendmail[14377]: n35Ee2Am014377: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051440.n35Ee2cY012296@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:40:02 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48586 
Apr  5 07:40:02 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:40:02 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:40:02 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:40:02 splunk3 spamd[6683]: spamd: processing message <200904051440.n35Ee2cY012296@virt2.int.splunk.com> for spamme:501 
Apr  5 07:40:04 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.3 seconds, 1308 bytes. 
Apr  5 07:40:04 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48586,mid=<200904051440.n35Ee2cY012296@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:40:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:40:04 splunk3 sendmail[14378]: n35Ee2Am014377: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:40:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:40:29 splunk3 sendmail[14495]: n35EeTVU014495: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:40:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:41:29 splunk3 sendmail[14734]: n35EfT8p014734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 07:42:29 splunk3 sendmail[14968]: n35EgTYj014968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:43:29 splunk3 sendmail[15209]: n35EhTgE015209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:44:29 splunk3 sendmail[15443]: n35EiTkc015443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:45:03 splunk3 sendmail[15595]: n35Ej3mC015595: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051445.n35Ej3LS012946@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:45:03 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48643 
Apr  5 07:45:03 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:45:03 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:45:03 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:45:03 splunk3 spamd[6683]: spamd: processing message <200904051445.n35Ej3LS012946@virt2.int.splunk.com> for spamme:501 
Apr  5 07:45:05 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 07:45:05 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48643,mid=<200904051445.n35Ej3LS012946@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:45:05 splunk3 sendmail[15596]: n35Ej3mC015595: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:45:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:45:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:45:29 splunk3 sendmail[15711]: n35EjTOu015711: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:45:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:46:29 splunk3 sendmail[15949]: n35EkT2c015949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:47:29 splunk3 sendmail[16209]: n35ElTQr016209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:48:29 splunk3 sendmail[16444]: n35EmT2Q016444: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:49:29 splunk3 sendmail[16683]: n35EnTK5016683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:50:04 splunk3 sendmail[16808]: n35Eo3Mt016808: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051450.n35Eo3CU013557@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:50:04 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48698 
Apr  5 07:50:04 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:50:04 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:50:04 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:50:04 splunk3 spamd[6683]: spamd: processing message <200904051450.n35Eo3CU013557@virt2.int.splunk.com> for spamme:501 
Apr  5 07:50:06 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 07:50:06 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48698,mid=<200904051450.n35Eo3CU013557@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:50:06 splunk3 sendmail[16815]: n35Eo3Mt016808: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:50:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:50:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:50:29 splunk3 sendmail[16944]: n35EoTtB016944: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:50:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:51:29 splunk3 sendmail[17184]: n35EpT8k017184: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:52:29 splunk3 sendmail[17421]: n35EqTua017421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:53:29 splunk3 sendmail[17664]: n35ErTsl017664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:54:29 splunk3 sendmail[17900]: n35EsTGp017900: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:55:04 splunk3 sendmail[18039]: n35Et4vp018039: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051455.n35Et4Kb014170@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 07:55:04 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48754 
Apr  5 07:55:04 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 07:55:04 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 07:55:04 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 07:55:04 splunk3 spamd[6683]: spamd: processing message <200904051455.n35Et4Kb014170@virt2.int.splunk.com> for spamme:501 
Apr  5 07:55:06 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 07:55:06 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48754,mid=<200904051455.n35Et4Kb014170@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 07:55:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 07:55:06 splunk3 sendmail[18040]: n35Et4vp018039: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 07:55:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 07:55:29 splunk3 sendmail[18160]: n35EtTNB018160: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:55:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 07:56:29 splunk3 sendmail[18396]: n35EuTIX018396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 07:57:29 splunk3 sendmail[18635]: n35EvTmx018635: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:58:29 splunk3 sendmail[18869]: n35EwT0c018869: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 07:59:29 splunk3 sendmail[19107]: n35ExTdp019107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:00:04 splunk3 sendmail[19310]: n35F04PC019310: from=root, size=291, class=0, nrcpts=1, msgid=<200904051500.n35F04PC019310@splunk3.splunkit.com>, relay=root@localhost
Apr  5 08:00:04 splunk3 sendmail[19314]: n35F04ZY019314: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051500.n35F04PC019310@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 08:00:04 splunk3 sendmail[19310]: n35F04PC019310: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35F04ZY019314 Message accepted for delivery)
Apr  5 08:00:05 splunk3 sendmail[19319]: n35F058H019319: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051500.n35F04p7014813@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:00:05 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48811 
Apr  5 08:00:05 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:00:05 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 08:00:05 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 08:00:05 splunk3 sendmail[19320]: n35F058H019319: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:00:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:00:05 splunk3 sendmail[19315]: n35F04ZY019314: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 08:00:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:00:15 splunk3 sendmail[19378]: n35F0Flj019378: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904051500.n35F0Flj019378@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 08:00:15 splunk3 sendmail[19380]: n35F0Flj019378: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 08:00:15 splunk3 sendmail[19380]: n35F0Flj019378: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 08:00:15 splunk3 sendmail[19380]: n35F0Flj019378: n35F0Flj019380: postmaster notify: User unknown
Apr  5 08:00:16 splunk3 sendmail[19380]: n35F0Flj019380: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 08:00:29 splunk3 sendmail[19451]: n35F0T90019451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:00:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:00:36 splunk3 sendmail[19477]: n35F0a8j019477: from=<3k8fYSRQKBn0hpphmfbmfsut-opsfqmzhpphmf.dpntqbnnftqmvolju.dpn@alerts.bounces.google.com>, size=9174, class=0, nrcpts=1, msgid=<0016e6509e8e5095a30466d00be1@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.186]
Apr  5 08:00:36 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48832 
Apr  5 08:00:36 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:00:36 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 08:00:36 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 08:00:36 splunk3 sendmail[19478]: n35F0a8j019477: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=39385, dsn=2.0.0, stat=Sent
Apr  5 08:00:36 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:01:10 splunk3 sendmail[19586]: n35F11c4019586: from=root, size=443, class=0, nrcpts=1, msgid=<200904051501.n35F11c4019586@splunk3.splunkit.com>, relay=root@localhost
Apr  5 08:01:10 splunk3 sendmail[19625]: n35F1AEa019625: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051501.n35F11c4019586@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 08:01:10 splunk3 sendmail[19586]: n35F11c4019586: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35F1AEa019625 Message accepted for delivery)
Apr  5 08:01:11 splunk3 sendmail[19626]: n35F1AEa019625: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 08:01:29 splunk3 sendmail[19713]: n35F1TdS019713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:02:29 splunk3 sendmail[19946]: n35F2TJY019946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:03:29 splunk3 sendmail[20186]: n35F3TVw020186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:04:29 splunk3 sendmail[20422]: n35F4TYC020422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:05:05 splunk3 sendmail[20561]: n35F55eB020561: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051505.n35F55DE015496@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:05:05 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48876 
Apr  5 08:05:05 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:05:05 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 08:05:05 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 08:05:05 splunk3 sendmail[20562]: n35F55eB020561: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:05:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:05:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:05:29 splunk3 sendmail[20678]: n35F5TEC020678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:05:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:06:29 splunk3 sendmail[20917]: n35F6TKo020917: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:07:29 splunk3 sendmail[21157]: n35F7TSN021157: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:08:29 splunk3 sendmail[21399]: n35F8TP1021399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:09:29 splunk3 sendmail[21636]: n35F9T9L021636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:10:02 splunk3 sendmail[21855]: n35FA2wl021855: from=root, size=292, class=0, nrcpts=1, msgid=<200904051510.n35FA2wl021855@splunk3.splunkit.com>, relay=root@localhost
Apr  5 08:10:02 splunk3 sendmail[21860]: n35FA2tG021860: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051510.n35FA2wl021855@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 08:10:02 splunk3 sendmail[21855]: n35FA2wl021855: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35FA2tG021860 Message accepted for delivery)
Apr  5 08:10:04 splunk3 sendmail[21861]: n35FA2tG021860: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 08:10:06 splunk3 sendmail[21886]: n35FA6DJ021886: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051510.n35FA5I0016111@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:10:06 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48933 
Apr  5 08:10:06 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:10:06 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:10:06 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:10:06 splunk3 spamd[6683]: spamd: processing message <200904051510.n35FA5I0016111@virt2.int.splunk.com> for spamme:501 
Apr  5 08:10:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:10:08 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  5 08:10:08 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48933,mid=<200904051510.n35FA5I0016111@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:10:08 splunk3 sendmail[21887]: n35FA6DJ021886: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:10:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:10:29 splunk3 sendmail[22004]: n35FATFI022004: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:10:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:11:29 splunk3 sendmail[22245]: n35FBTIC022245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 08:12:29 splunk3 sendmail[22478]: n35FCT8U022478: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:13:29 splunk3 sendmail[22719]: n35FDTO5022719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:14:29 splunk3 sendmail[22953]: n35FET0e022953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:15:07 splunk3 sendmail[23100]: n35FF63H023100: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051515.n35FF6ij016898@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:15:07 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48990 
Apr  5 08:15:07 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:15:07 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:15:07 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:15:07 splunk3 spamd[6683]: spamd: processing message <200904051515.n35FF6ij016898@virt2.int.splunk.com> for spamme:501 
Apr  5 08:15:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:15:09 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 08:15:09 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48990,mid=<200904051515.n35FF6ij016898@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:15:09 splunk3 sendmail[23101]: n35FF63H023100: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:15:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:15:29 splunk3 sendmail[23213]: n35FFTQm023213: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:15:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:16:29 splunk3 sendmail[23449]: n35FGTwV023449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:17:29 splunk3 sendmail[23688]: n35FHTQS023688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:18:29 splunk3 sendmail[23923]: n35FITjL023923: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:19:29 splunk3 sendmail[24162]: n35FJTXM024162: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:20:07 splunk3 sendmail[24309]: n35FK7Cw024309: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051520.n35FK7Eq017534@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:20:07 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49045 
Apr  5 08:20:07 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:20:07 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:20:07 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:20:07 splunk3 spamd[6683]: spamd: processing message <200904051520.n35FK7Eq017534@virt2.int.splunk.com> for spamme:501 
Apr  5 08:20:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:20:09 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 08:20:09 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49045,mid=<200904051520.n35FK7Eq017534@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:20:09 splunk3 sendmail[24310]: n35FK7Cw024309: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:20:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:20:29 splunk3 sendmail[24422]: n35FKTPC024422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:20:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:21:29 splunk3 sendmail[24664]: n35FLT8v024664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:22:29 splunk3 sendmail[24901]: n35FMTLF024901: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:23:29 splunk3 sendmail[25142]: n35FNTwo025142: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:24:29 splunk3 sendmail[25378]: n35FOT3n025378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:25:08 splunk3 sendmail[25524]: n35FP8U1025524: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051525.n35FP7vP018145@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:25:08 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49101 
Apr  5 08:25:08 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:25:08 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:25:08 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:25:08 splunk3 spamd[6683]: spamd: processing message <200904051525.n35FP7vP018145@virt2.int.splunk.com> for spamme:501 
Apr  5 08:25:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:25:10 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 08:25:10 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49101,mid=<200904051525.n35FP7vP018145@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:25:10 splunk3 sendmail[25525]: n35FP8U1025524: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:25:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:25:29 splunk3 sendmail[25637]: n35FPTxI025637: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:25:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:26:29 splunk3 sendmail[25874]: n35FQThH025874: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 08:27:29 splunk3 sendmail[26113]: n35FRTZR026113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:28:29 splunk3 sendmail[26350]: n35FSTVG026350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:29:29 splunk3 sendmail[26590]: n35FTTHT026590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:30:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:30:08 splunk3 sendmail[26736]: n35FU8Fc026736: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051530.n35FU8Uc018761@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:30:08 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49158 
Apr  5 08:30:08 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:30:08 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:30:08 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:30:08 splunk3 spamd[6683]: spamd: processing message <200904051530.n35FU8Uc018761@virt2.int.splunk.com> for spamme:501 
Apr  5 08:30:10 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  5 08:30:10 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49158,mid=<200904051530.n35FU8Uc018761@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:30:10 splunk3 sendmail[26753]: n35FU8Fc026736: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:30:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:30:29 splunk3 sendmail[26849]: n35FUTVK026849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:30:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:31:02 splunk3 sendmail[26951]: n35FUvOC026951: from=<ryyttivt1976@PUB1.QZ.FJ.CN>, size=1865, class=0, nrcpts=1, msgid=<200904051531.n35FUvOC026951@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=[94.176.53.133]
Apr  5 08:31:02 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49173 
Apr  5 08:31:02 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:31:02 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:31:02 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:31:02 splunk3 spamd[6683]: spamd: processing message <200904051531.n35FUvOC026951@splunk3.splunkit.com> for spamme:501 
Apr  5 08:31:05 splunk3 spamd[6683]: spamd: identified spam (16.0/5.0) for spamme:501 in 2.7 seconds, 2244 bytes. 
Apr  5 08:31:05 splunk3 spamd[6683]: spamd: result: Y 16 - BAYES_99,DNS_FROM_RFC_DSN,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_TITLE_SUBJ_DIFF,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=2.7,size=2244,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49173,mid=<200904051531.n35FUvOC026951@splunk3.splunkit.com>,bayes=0.996889788324907,autolearn=no 
Apr  5 08:31:05 splunk3 sendmail[26976]: n35FUvOC026951: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=32152, dsn=2.0.0, stat=Sent
Apr  5 08:31:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:31:29 splunk3 sendmail[27098]: n35FVTi1027098: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:32:29 splunk3 sendmail[27330]: n35FWTuL027330: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:33:29 splunk3 sendmail[27568]: n35FXTJP027568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:34:29 splunk3 sendmail[27804]: n35FYTP9027804: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:35:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:35:09 splunk3 sendmail[27966]: n35FZ8tW027966: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051535.n35FZ8w0019504@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:35:09 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49214 
Apr  5 08:35:09 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:35:09 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:35:09 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:35:09 splunk3 spamd[6683]: spamd: processing message <200904051535.n35FZ8w0019504@virt2.int.splunk.com> for spamme:501 
Apr  5 08:35:11 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.9 seconds, 1308 bytes. 
Apr  5 08:35:11 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.9,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49214,mid=<200904051535.n35FZ8w0019504@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:35:11 splunk3 sendmail[27967]: n35FZ8tW027966: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:35:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:35:29 splunk3 sendmail[28063]: n35FZTYh028063: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:35:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:36:29 splunk3 sendmail[28302]: n35FaTTD028302: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:37:29 splunk3 sendmail[28541]: n35FbT42028541: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:38:29 splunk3 sendmail[28782]: n35FcTwm028782: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:39:29 splunk3 sendmail[29020]: n35FdTTr029020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:40:08 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:40:09 splunk3 sendmail[29186]: n35Fe9rB029186: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051540.n35Fe9Qo020140@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:40:09 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49270 
Apr  5 08:40:09 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:40:09 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:40:09 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:40:09 splunk3 spamd[6683]: spamd: processing message <200904051540.n35Fe9Qo020140@virt2.int.splunk.com> for spamme:501 
Apr  5 08:40:11 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 08:40:11 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49270,mid=<200904051540.n35Fe9Qo020140@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:40:11 splunk3 sendmail[29187]: n35Fe9rB029186: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:40:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:40:29 splunk3 sendmail[29280]: n35FeTPa029280: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:40:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:41:29 splunk3 sendmail[29522]: n35FfTEH029522: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 08:42:29 splunk3 sendmail[29757]: n35FgT5W029757: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:43:29 splunk3 sendmail[30000]: n35FhTuo030000: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:44:29 splunk3 sendmail[30233]: n35FiTld030233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:45:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:45:10 splunk3 sendmail[30396]: n35FjAIU030396: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051545.n35Fj9fo020750@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:45:10 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49326 
Apr  5 08:45:10 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:45:10 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:45:10 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:45:10 splunk3 spamd[6683]: spamd: processing message <200904051545.n35Fj9fo020750@virt2.int.splunk.com> for spamme:501 
Apr  5 08:45:12 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 08:45:12 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49326,mid=<200904051545.n35Fj9fo020750@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:45:12 splunk3 sendmail[30397]: n35FjAIU030396: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:45:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:45:29 splunk3 sendmail[30493]: n35FjT7s030493: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:45:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:46:29 splunk3 sendmail[30730]: n35FkTgS030730: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:47:29 splunk3 sendmail[30966]: n35FlTPc030966: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:48:29 splunk3 sendmail[31201]: n35FmTqa031201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:49:29 splunk3 sendmail[31439]: n35FnTkH031439: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:50:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:50:10 splunk3 sendmail[31605]: n35FoAtd031605: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051550.n35FoAiH021362@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:50:10 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49382 
Apr  5 08:50:10 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:50:10 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:50:10 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:50:10 splunk3 spamd[6683]: spamd: processing message <200904051550.n35FoAiH021362@virt2.int.splunk.com> for spamme:501 
Apr  5 08:50:12 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 08:50:12 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49382,mid=<200904051550.n35FoAiH021362@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:50:12 splunk3 sendmail[31606]: n35FoAtd031605: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:50:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:50:29 splunk3 sendmail[31702]: n35FoTps031702: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:50:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:51:29 splunk3 sendmail[31942]: n35FpTFR031942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:52:29 splunk3 sendmail[32179]: n35FqTGw032179: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:53:29 splunk3 sendmail[32422]: n35FrTNA032422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:54:29 splunk3 sendmail[32656]: n35FsTIm032656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:55:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 08:55:11 splunk3 sendmail[352]: n35FtBIS000352: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051555.n35FtBex021967@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 08:55:11 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49437 
Apr  5 08:55:11 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 08:55:11 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 08:55:11 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 08:55:11 splunk3 spamd[6683]: spamd: processing message <200904051555.n35FtBex021967@virt2.int.splunk.com> for spamme:501 
Apr  5 08:55:15 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  5 08:55:15 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49437,mid=<200904051555.n35FtBex021967@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 08:55:15 splunk3 sendmail[354]: n35FtBIS000352: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 08:55:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 08:55:29 splunk3 sendmail[448]: n35FtTeN000448: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:55:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 08:56:29 splunk3 sendmail[685]: n35FuTSq000685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 08:57:29 splunk3 sendmail[927]: n35FvTmL000927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:58:29 splunk3 sendmail[1163]: n35FwTMa001163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 08:59:29 splunk3 sendmail[1403]: n35FxTmH001403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:00:04 splunk3 sendmail[1603]: n35G04hm001603: from=root, size=291, class=0, nrcpts=1, msgid=<200904051600.n35G04hm001603@splunk3.splunkit.com>, relay=root@localhost
Apr  5 09:00:04 splunk3 sendmail[1607]: n35G04DU001607: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051600.n35G04hm001603@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 09:00:04 splunk3 sendmail[1603]: n35G04hm001603: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35G04DU001607 Message accepted for delivery)
Apr  5 09:00:05 splunk3 sendmail[1608]: n35G04DU001607: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 09:00:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:00:12 splunk3 sendmail[1638]: n35G0CI9001638: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051600.n35G0BJN022606@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:00:12 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49495 
Apr  5 09:00:12 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:00:12 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 09:00:12 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 09:00:12 splunk3 sendmail[1639]: n35G0CI9001638: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:00:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:00:20 splunk3 sendmail[1691]: n35G0KN1001691: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904051600.n35G0KN1001691@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 09:00:20 splunk3 sendmail[1693]: n35G0KN1001691: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 09:00:20 splunk3 sendmail[1693]: n35G0KN1001691: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 09:00:20 splunk3 sendmail[1693]: n35G0KN1001691: n35G0KN1001693: postmaster notify: User unknown
Apr  5 09:00:22 splunk3 sendmail[1693]: n35G0KN1001693: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 09:00:29 splunk3 sendmail[1748]: n35G0TSa001748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:00:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:01:09 splunk3 sendmail[1877]: n35G11UK001877: from=root, size=443, class=0, nrcpts=1, msgid=<200904051601.n35G11UK001877@splunk3.splunkit.com>, relay=root@localhost
Apr  5 09:01:10 splunk3 sendmail[1917]: n35G1983001917: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051601.n35G11UK001877@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 09:01:10 splunk3 sendmail[1877]: n35G11UK001877: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35G1983001917 Message accepted for delivery)
Apr  5 09:01:11 splunk3 sendmail[1918]: n35G1983001917: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 09:01:29 splunk3 sendmail[2005]: n35G1TLn002005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:02:29 splunk3 sendmail[2237]: n35G2TiL002237: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:03:29 splunk3 sendmail[2476]: n35G3T1F002476: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:04:10 splunk3 sendmail[2634]: n35G49XI002634: from=<3edbYSRQKBnIWeeWbUQbUhji-dehUfboWeeWbU.SecifQccUifbkdaYj.Sec@alerts.bounces.google.com>, size=3367, class=0, nrcpts=1, msgid=<000e0cd3070a9f61a10466d0ee1c@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  5 09:04:10 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49548 
Apr  5 09:04:10 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:04:10 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 09:04:10 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 09:04:10 splunk3 sendmail[2636]: n35G49XI002634: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=33582, dsn=2.0.0, stat=Sent
Apr  5 09:04:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:04:29 splunk3 sendmail[2726]: n35G4Twc002726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:05:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:05:13 splunk3 sendmail[2901]: n35G5Dqd002901: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051605.n35G5CBY023293@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:05:13 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49560 
Apr  5 09:05:13 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:05:13 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 09:05:13 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 09:05:13 splunk3 sendmail[2914]: n35G5Dqd002901: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:05:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:05:29 splunk3 sendmail[2996]: n35G5TG0002996: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:05:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:06:29 splunk3 sendmail[3240]: n35G6TWA003240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:07:29 splunk3 sendmail[3477]: n35G7Tv1003477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:08:29 splunk3 sendmail[3745]: n35G8TNs003745: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:09:29 splunk3 sendmail[3986]: n35G9TEc003986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:10:02 splunk3 sendmail[4219]: n35GA2mP004219: from=root, size=292, class=0, nrcpts=1, msgid=<200904051610.n35GA2mP004219@splunk3.splunkit.com>, relay=root@localhost
Apr  5 09:10:02 splunk3 sendmail[4224]: n35GA2Md004224: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051610.n35GA2mP004219@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 09:10:02 splunk3 sendmail[4219]: n35GA2mP004219: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35GA2Md004224 Message accepted for delivery)
Apr  5 09:10:03 splunk3 sendmail[4225]: n35GA2Md004224: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 09:10:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:10:13 splunk3 sendmail[4291]: n35GADGV004291: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051610.n35GADm9023936@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:10:13 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49616 
Apr  5 09:10:13 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:10:13 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:10:13 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:10:13 splunk3 spamd[6683]: spamd: processing message <200904051610.n35GADm9023936@virt2.int.splunk.com> for spamme:501 
Apr  5 09:10:15 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 09:10:15 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49616,mid=<200904051610.n35GADm9023936@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:10:15 splunk3 sendmail[4292]: n35GADGV004291: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:10:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:10:29 splunk3 sendmail[4380]: n35GATkm004380: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:10:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:11:29 splunk3 sendmail[4625]: n35GBT4A004625: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 09:12:29 splunk3 sendmail[4864]: n35GCTsH004864: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:13:29 splunk3 sendmail[5117]: n35GDT2F005117: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:14:29 splunk3 sendmail[5390]: n35GETL8005390: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:15:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:15:14 splunk3 sendmail[5570]: n35GFE3K005570: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051615.n35GFDwJ024724@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:15:14 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49673 
Apr  5 09:15:14 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:15:14 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:15:14 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:15:14 splunk3 spamd[6683]: spamd: processing message <200904051615.n35GFDwJ024724@virt2.int.splunk.com> for spamme:501 
Apr  5 09:15:16 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 09:15:16 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49673,mid=<200904051615.n35GFDwJ024724@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:15:16 splunk3 sendmail[5571]: n35GFE3K005570: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:15:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:15:29 splunk3 sendmail[5649]: n35GFT6t005649: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:15:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:16:29 splunk3 sendmail[5886]: n35GGTPS005886: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:17:29 splunk3 sendmail[6124]: n35GHThh006124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:18:29 splunk3 sendmail[6363]: n35GITZm006363: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:19:29 splunk3 sendmail[6600]: n35GJTDn006600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:20:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:20:14 splunk3 sendmail[6784]: n35GKE6J006784: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051620.n35GKEn5025360@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:20:14 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49728 
Apr  5 09:20:14 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:20:14 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:20:14 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:20:14 splunk3 spamd[6683]: spamd: processing message <200904051620.n35GKEn5025360@virt2.int.splunk.com> for spamme:501 
Apr  5 09:20:16 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 09:20:16 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49728,mid=<200904051620.n35GKEn5025360@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:20:16 splunk3 sendmail[6785]: n35GKE6J006784: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:20:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:20:29 splunk3 sendmail[6862]: n35GKTO5006862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:20:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:21:29 splunk3 sendmail[7103]: n35GLTDC007103: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:22:29 splunk3 sendmail[7334]: n35GMTOS007334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:23:29 splunk3 sendmail[7587]: n35GNTl6007587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:24:29 splunk3 sendmail[7823]: n35GOTfm007823: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:25:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:25:15 splunk3 sendmail[8005]: n35GPFWW008005: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051625.n35GPEMe025981@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:25:15 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49784 
Apr  5 09:25:15 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:25:15 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:25:15 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:25:15 splunk3 spamd[6683]: spamd: processing message <200904051625.n35GPEMe025981@virt2.int.splunk.com> for spamme:501 
Apr  5 09:25:17 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 09:25:17 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49784,mid=<200904051625.n35GPEMe025981@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:25:17 splunk3 sendmail[8006]: n35GPFWW008005: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:25:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:25:29 splunk3 sendmail[8083]: n35GPTsm008083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:25:34 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:26:29 splunk3 sendmail[8321]: n35GQTQ9008321: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 09:27:29 splunk3 sendmail[8563]: n35GRTJd008563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:28:29 splunk3 sendmail[8798]: n35GSTDw008798: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:29:29 splunk3 sendmail[9035]: n35GTTAe009035: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:30:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:30:16 splunk3 sendmail[9220]: n35GUGwA009220: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051630.n35GUFO9026602@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:30:16 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49840 
Apr  5 09:30:16 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:30:16 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:30:16 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:30:16 splunk3 spamd[6683]: spamd: processing message <200904051630.n35GUFO9026602@virt2.int.splunk.com> for spamme:501 
Apr  5 09:30:18 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 09:30:18 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49840,mid=<200904051630.n35GUFO9026602@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:30:18 splunk3 sendmail[9221]: n35GUGwA009220: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:30:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:30:29 splunk3 sendmail[9297]: n35GUTTw009297: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:30:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:31:29 splunk3 sendmail[9538]: n35GVTgo009538: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:32:29 splunk3 sendmail[9774]: n35GWTtB009774: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:33:29 splunk3 sendmail[10015]: n35GXTdi010015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:34:29 splunk3 sendmail[10249]: n35GYThK010249: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:35:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:35:16 splunk3 sendmail[10431]: n35GZGHp010431: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051635.n35GZGA6027343@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:35:16 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49896 
Apr  5 09:35:16 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:35:16 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:35:16 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:35:16 splunk3 spamd[6683]: spamd: processing message <200904051635.n35GZGA6027343@virt2.int.splunk.com> for spamme:501 
Apr  5 09:35:18 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 09:35:18 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49896,mid=<200904051635.n35GZGA6027343@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:35:18 splunk3 sendmail[10432]: n35GZGHp010431: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:35:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:35:29 splunk3 sendmail[10507]: n35GZTg7010507: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:35:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:36:29 splunk3 sendmail[10743]: n35GaTG0010743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:37:29 splunk3 sendmail[10981]: n35GbT7r010981: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:38:29 splunk3 sendmail[11219]: n35GcTMH011219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:39:29 splunk3 sendmail[11458]: n35GdT47011458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:40:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:40:16 splunk3 sendmail[11639]: n35GeGEs011639: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051640.n35GeGoi027975@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:40:17 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49951 
Apr  5 09:40:17 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:40:17 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:40:17 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:40:17 splunk3 spamd[6683]: spamd: processing message <200904051640.n35GeGoi027975@virt2.int.splunk.com> for spamme:501 
Apr  5 09:40:19 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 09:40:19 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49951,mid=<200904051640.n35GeGoi027975@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:40:19 splunk3 sendmail[11640]: n35GeGEs011639: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:40:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:40:29 splunk3 sendmail[11716]: n35GeTPb011716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:40:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:41:29 splunk3 sendmail[11960]: n35GfTB3011960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 09:42:29 splunk3 sendmail[12196]: n35GgTeM012196: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:43:29 splunk3 sendmail[12433]: n35GhTtC012433: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:44:29 splunk3 sendmail[12669]: n35GiTkp012669: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:45:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:45:17 splunk3 sendmail[12853]: n35GjHsC012853: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051645.n35GjHI8028591@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:45:17 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50008 
Apr  5 09:45:17 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:45:17 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:45:17 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:45:17 splunk3 spamd[6683]: spamd: processing message <200904051645.n35GjHI8028591@virt2.int.splunk.com> for spamme:501 
Apr  5 09:45:19 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 09:45:19 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50008,mid=<200904051645.n35GjHI8028591@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:45:19 splunk3 sendmail[12854]: n35GjHsC012853: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:45:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:45:30 splunk3 sendmail[12928]: n35GjU1V012928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:45:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:46:30 splunk3 sendmail[13167]: n35GkUum013167: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:47:30 splunk3 sendmail[13445]: n35GlU7O013445: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:48:30 splunk3 sendmail[13681]: n35GmUBq013681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:49:30 splunk3 sendmail[13919]: n35GnUht013919: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:50:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:50:18 splunk3 sendmail[14120]: n35GoInC014120: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051650.n35GoHW2029203@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:50:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50063 
Apr  5 09:50:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:50:18 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:50:18 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:50:18 splunk3 spamd[6683]: spamd: processing message <200904051650.n35GoHW2029203@virt2.int.splunk.com> for spamme:501 
Apr  5 09:50:20 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 09:50:20 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50063,mid=<200904051650.n35GoHW2029203@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:50:20 splunk3 sendmail[14121]: n35GoInC014120: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:50:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:50:30 splunk3 sendmail[14178]: n35GoUUG014178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:50:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:51:30 splunk3 sendmail[14420]: n35GpUOZ014420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:52:30 splunk3 sendmail[14653]: n35GqU1D014653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:53:30 splunk3 sendmail[14897]: n35GrUZl014897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:54:30 splunk3 sendmail[15130]: n35GsUOP015130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:55:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 09:55:18 splunk3 sendmail[15327]: n35GtIBr015327: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051655.n35GtIs1029809@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 09:55:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50119 
Apr  5 09:55:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:55:18 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:55:18 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:55:18 splunk3 spamd[6683]: spamd: processing message <200904051655.n35GtIs1029809@virt2.int.splunk.com> for spamme:501 
Apr  5 09:55:20 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 09:55:20 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50119,mid=<200904051655.n35GtIs1029809@virt2.int.splunk.com>,bayes=0.111825280037307,autolearn=no 
Apr  5 09:55:20 splunk3 sendmail[15328]: n35GtIBr015327: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 09:55:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 09:55:30 splunk3 sendmail[15389]: n35GtUXv015389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:55:31 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 09:56:30 splunk3 sendmail[15637]: n35GuUeF015637: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 09:57:30 splunk3 sendmail[15875]: n35GvUeZ015875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:58:30 splunk3 sendmail[16112]: n35GwUT8016112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:59:30 splunk3 sendmail[16352]: n35GxUNu016352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 09:59:31 splunk3 sendmail[16233]: n35Gwx5p016233: from=<sourcej@armkb.com>, size=5771, class=0, nrcpts=1, msgid=<5bd8019dc2c3$2493f9fa$81a7af11@armkb.com>, proto=ESMTP, daemon=MTA, relay=germane.stairs.volia.net [93.73.136.144]
Apr  5 09:59:31 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50169 
Apr  5 09:59:31 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 09:59:31 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 09:59:31 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 09:59:31 splunk3 spamd[6683]: spamd: processing message <5bd8019dc2c3$2493f9fa$81a7af11@armkb.com> for spamme:501 
Apr  5 09:59:34 splunk3 spamd[6683]: spamd: identified spam (33.1/5.0) for spamme:501 in 2.8 seconds, 6075 bytes. 
Apr  5 09:59:34 splunk3 spamd[6683]: spamd: result: Y 33 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=2.8,size=6075,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50169,mid=<5bd8019dc2c3$2493f9fa$81a7af11@armkb.com>,bayes=1,autolearn=spam 
Apr  5 09:59:34 splunk3 sendmail[16353]: n35Gwx5p016233: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:03, mailer=local, pri=35988, dsn=2.0.0, stat=Sent
Apr  5 09:59:34 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:00:04 splunk3 sendmail[16560]: n35H04gN016560: from=root, size=291, class=0, nrcpts=1, msgid=<200904051700.n35H04gN016560@splunk3.splunkit.com>, relay=root@localhost
Apr  5 10:00:04 splunk3 sendmail[16564]: n35H04Wp016564: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051700.n35H04gN016560@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 10:00:04 splunk3 sendmail[16560]: n35H04gN016560: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35H04Wp016564 Message accepted for delivery)
Apr  5 10:00:05 splunk3 sendmail[16565]: n35H04Wp016564: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 10:00:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:00:18 splunk3 sendmail[16629]: n35H0IXp016629: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051700.n35H0IFk030444@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:00:18 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50178 
Apr  5 10:00:18 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:00:18 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 10:00:18 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 10:00:18 splunk3 sendmail[16630]: n35H0IXp016629: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 10:00:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:00:27 splunk3 sendmail[16665]: n35H0Rdu016665: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904051700.n35H0Rdu016665@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 10:00:27 splunk3 sendmail[16668]: n35H0Rdu016665: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 10:00:27 splunk3 sendmail[16668]: n35H0Rdu016665: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 10:00:27 splunk3 sendmail[16668]: n35H0Rdu016665: n35H0Rdu016668: postmaster notify: User unknown
Apr  5 10:00:28 splunk3 sendmail[16668]: n35H0Rdu016668: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 10:00:30 splunk3 sendmail[16704]: n35H0UQb016704: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:00:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:01:08 splunk3 sendmail[16833]: n35H11Cw016833: from=root, size=443, class=0, nrcpts=1, msgid=<200904051701.n35H11Cw016833@splunk3.splunkit.com>, relay=root@localhost
Apr  5 10:01:08 splunk3 sendmail[16870]: n35H18u8016870: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051701.n35H11Cw016833@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 10:01:08 splunk3 sendmail[16833]: n35H11Cw016833: to=root, ctladdr=root (0/0), delay=00:00:07, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35H18u8016870 Message accepted for delivery)
Apr  5 10:01:09 splunk3 sendmail[16871]: n35H18u8016870: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 10:01:30 splunk3 sendmail[16957]: n35H1Ui4016957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:02:30 splunk3 sendmail[17194]: n35H2UfV017194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:03:30 splunk3 sendmail[17434]: n35H3U7b017434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:04:30 splunk3 sendmail[17665]: n35H4Uex017665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:05:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:05:19 splunk3 sendmail[17866]: n35H5JLr017866: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051705.n35H5ImH031131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:05:19 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50241 
Apr  5 10:05:19 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:05:19 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 10:05:19 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 10:05:19 splunk3 sendmail[17867]: n35H5JLr017866: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 10:05:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:05:30 splunk3 sendmail[17924]: n35H5U2n017924: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:05:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:06:30 splunk3 sendmail[18162]: n35H6URo018162: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:07:30 splunk3 sendmail[18403]: n35H7U1v018403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:08:30 splunk3 sendmail[18640]: n35H8UoC018640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:09:30 splunk3 sendmail[18880]: n35H9UOc018880: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:10:03 splunk3 sendmail[19110]: n35HA3RU019110: from=root, size=292, class=0, nrcpts=1, msgid=<200904051710.n35HA3RU019110@splunk3.splunkit.com>, relay=root@localhost
Apr  5 10:10:03 splunk3 sendmail[19115]: n35HA39L019115: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051710.n35HA3RU019110@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 10:10:03 splunk3 sendmail[19110]: n35HA3RU019110: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35HA39L019115 Message accepted for delivery)
Apr  5 10:10:04 splunk3 sendmail[19116]: n35HA39L019115: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 10:10:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:10:20 splunk3 sendmail[19184]: n35HAK24019184: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051710.n35HAJRx031750@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:10:20 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50298 
Apr  5 10:10:20 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:10:20 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:10:20 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:10:20 splunk3 spamd[6683]: spamd: processing message <200904051710.n35HAJRx031750@virt2.int.splunk.com> for spamme:501 
Apr  5 10:10:22 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 10:10:22 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50298,mid=<200904051710.n35HAJRx031750@virt2.int.splunk.com>,bayes=0.11182084084236,autolearn=no 
Apr  5 10:10:22 splunk3 sendmail[19185]: n35HAK24019184: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 10:10:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:10:30 splunk3 sendmail[19244]: n35HAUsP019244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:10:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:11:30 splunk3 sendmail[19482]: n35HBUiP019482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 10:12:30 splunk3 sendmail[19719]: n35HCUIC019719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:13:30 splunk3 sendmail[19958]: n35HDU4q019958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:14:30 splunk3 sendmail[20194]: n35HEUVV020194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:15:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:15:20 splunk3 sendmail[20392]: n35HFKrx020392: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051715.n35HFKsL032534@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:15:20 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50353 
Apr  5 10:15:20 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:15:20 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:15:20 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:15:20 splunk3 spamd[6683]: spamd: processing message <200904051715.n35HFKsL032534@virt2.int.splunk.com> for spamme:501 
Apr  5 10:15:22 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 10:15:22 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50353,mid=<200904051715.n35HFKsL032534@virt2.int.splunk.com>,bayes=0.11182084084236,autolearn=no 
Apr  5 10:15:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:15:22 splunk3 sendmail[20393]: n35HFKrx020392: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 10:15:30 splunk3 sendmail[20452]: n35HFUF9020452: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:15:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:16:30 splunk3 sendmail[20692]: n35HGUTG020692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:17:30 splunk3 sendmail[20930]: n35HHUDm020930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:18:30 splunk3 sendmail[21167]: n35HIUtO021167: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:19:30 splunk3 sendmail[21405]: n35HJU9q021405: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:20:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:20:21 splunk3 sendmail[21608]: n35HKKSn021608: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904051720.n35HKK9j000706@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:20:21 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50409 
Apr  5 10:20:21 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:20:21 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:20:21 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:20:21 splunk3 spamd[6683]: spamd: processing message <200904051720.n35HKK9j000706@virt2.int.splunk.com> for spamme:501 
Apr  5 10:20:23 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1302 bytes. 
Apr  5 10:20:23 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50409,mid=<200904051720.n35HKK9j000706@virt2.int.splunk.com>,bayes=0.0658904107887932,autolearn=no 
Apr  5 10:20:23 splunk3 sendmail[21609]: n35HKKSn021608: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 10:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:20:30 splunk3 sendmail[21665]: n35HKUl8021665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:20:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:21:30 splunk3 sendmail[21909]: n35HLUJe021909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:22:30 splunk3 sendmail[22143]: n35HMU1e022143: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:23:30 splunk3 sendmail[22388]: n35HNUKx022388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:24:30 splunk3 sendmail[22622]: n35HOUxa022622: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:25:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:25:21 splunk3 sendmail[22822]: n35HPLSH022822: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051725.n35HPLQL001331@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:25:21 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50464 
Apr  5 10:25:21 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:25:21 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:25:21 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:25:21 splunk3 spamd[6683]: spamd: processing message <200904051725.n35HPLQL001331@virt2.int.splunk.com> for spamme:501 
Apr  5 10:25:23 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 10:25:23 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50464,mid=<200904051725.n35HPLQL001331@virt2.int.splunk.com>,bayes=0.168682002432883,autolearn=no 
Apr  5 10:25:23 splunk3 sendmail[22823]: n35HPLSH022822: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:25:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:25:30 splunk3 sendmail[22880]: n35HPUH7022880: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:25:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:26:30 splunk3 sendmail[23116]: n35HQUTW023116: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 10:27:30 splunk3 sendmail[23355]: n35HRUte023355: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:28:30 splunk3 sendmail[23590]: n35HSUOi023590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:29:30 splunk3 sendmail[23826]: n35HTUAV023826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:29:44 splunk3 sendmail[23883]: n35HTiHY023883: from=<3iOrYSRQKBpU5DD5A3zA3GIH-CDG3EAN5DD5A3.1DBHEzBB3HEAJC97I.1DB@alerts.bounces.google.com>, size=4404, class=0, nrcpts=1, msgid=<001485349340aafaad0466d22057@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.161]
Apr  5 10:29:44 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50514 
Apr  5 10:29:44 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:29:44 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:29:44 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:29:44 splunk3 spamd[6683]: spamd: processing message <001485349340aafaad0466d22057@google.com> for spamme:501 
Apr  5 10:29:46 splunk3 spamd[6683]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.0 seconds, 4833 bytes. 
Apr  5 10:29:46 splunk3 spamd[6683]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.0,size=4833,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50514,mid=<001485349340aafaad0466d22057@google.com>,bayes=5.55111512312578e-17,autolearn=ham 
Apr  5 10:29:46 splunk3 sendmail[23884]: n35HTiHY023883: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=34614, dsn=2.0.0, stat=Sent
Apr  5 10:29:46 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:30:01 splunk3 sendmail[23949]: n35HTxDP023949: from=<spamme@sharpie.org>, size=6406, class=0, nrcpts=1, msgid=<20090405083000.22215.qmail@dob-9e0f179d7a8>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=53d82ee0.adsl.enternet.hu [83.216.46.224]
Apr  5 10:30:01 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50517 
Apr  5 10:30:01 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:30:01 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:30:01 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:30:01 splunk3 spamd[6683]: spamd: processing message <20090405083000.22215.qmail@dob-9e0f179d7a8> for spamme:501 
Apr  5 10:30:03 splunk3 spamd[6683]: spamd: identified spam (29.9/5.0) for spamme:501 in 2.3 seconds, 6673 bytes. 
Apr  5 10:30:03 splunk3 spamd[6683]: spamd: result: Y 29 - BAYES_99,DRUGS_ERECTILE,DRUG_ED_CAPS,HELO_DYNAMIC_IPADDR,HTML_90_100,HTML_FONT_FACE_BAD,HTML_MESSAGE,MIME_HTML_ONLY,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=2.3,size=6673,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50517,mid=<20090405083000.22215.qmail@dob-9e0f179d7a8>,bayes=1,autolearn=spam 
Apr  5 10:30:03 splunk3 sendmail[23951]: n35HTxDP023949: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=36651, dsn=2.0.0, stat=Sent
Apr  5 10:30:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:30:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:30:22 splunk3 sendmail[24041]: n35HUMOD024041: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051730.n35HULEw001976@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:30:22 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50522 
Apr  5 10:30:22 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:30:22 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:30:22 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:30:22 splunk3 spamd[6683]: spamd: processing message <200904051730.n35HULEw001976@virt2.int.splunk.com> for spamme:501 
Apr  5 10:30:24 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 10:30:24 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50522,mid=<200904051730.n35HULEw001976@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:30:24 splunk3 sendmail[24042]: n35HUMOD024041: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:30:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:30:30 splunk3 sendmail[24101]: n35HUU5N024101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:30:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:31:30 splunk3 sendmail[24342]: n35HVU3b024342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:32:30 splunk3 sendmail[24576]: n35HWUYi024576: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:33:30 splunk3 sendmail[24818]: n35HXU0b024818: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:34:30 splunk3 sendmail[25052]: n35HYUpY025052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:35:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:35:22 splunk3 sendmail[25283]: n35HZMF1025283: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051735.n35HZMkj002729@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:35:22 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50585 
Apr  5 10:35:22 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:35:22 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:35:22 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:35:22 splunk3 spamd[6683]: spamd: processing message <200904051735.n35HZMkj002729@virt2.int.splunk.com> for spamme:501 
Apr  5 10:35:24 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  5 10:35:24 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50585,mid=<200904051735.n35HZMkj002729@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:35:24 splunk3 sendmail[25284]: n35HZMF1025283: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:35:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:35:30 splunk3 sendmail[25312]: n35HZUUs025312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:35:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:36:30 splunk3 sendmail[25551]: n35HaU9k025551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:37:30 splunk3 sendmail[25790]: n35HbU5k025790: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:38:30 splunk3 sendmail[26029]: n35HcU2P026029: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:39:30 splunk3 sendmail[26267]: n35HdUnc026267: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:40:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:40:23 splunk3 sendmail[26500]: n35HeNKt026500: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051740.n35HeMdZ003365@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:40:23 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50641 
Apr  5 10:40:23 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:40:23 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:40:23 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:40:23 splunk3 spamd[6683]: spamd: processing message <200904051740.n35HeMdZ003365@virt2.int.splunk.com> for spamme:501 
Apr  5 10:40:25 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 10:40:25 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50641,mid=<200904051740.n35HeMdZ003365@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:40:25 splunk3 sendmail[26501]: n35HeNKt026500: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:40:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:40:30 splunk3 sendmail[26529]: n35HeUVg026529: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:40:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:41:30 splunk3 sendmail[26769]: n35HfU3Q026769: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 10:42:30 splunk3 sendmail[27005]: n35HgU2C027005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:43:30 splunk3 sendmail[27242]: n35HhURQ027242: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:44:30 splunk3 sendmail[27475]: n35HiUWF027475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:45:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:45:23 splunk3 sendmail[27703]: n35HjNnK027703: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051745.n35HjNIp003977@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:45:23 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50698 
Apr  5 10:45:23 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:45:23 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:45:23 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:45:23 splunk3 spamd[6683]: spamd: processing message <200904051745.n35HjNIp003977@virt2.int.splunk.com> for spamme:501 
Apr  5 10:45:25 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 10:45:25 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50698,mid=<200904051745.n35HjNIp003977@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:45:25 splunk3 sendmail[27704]: n35HjNnK027703: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:45:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:45:30 splunk3 sendmail[27734]: n35HjUl6027734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:45:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:46:30 splunk3 sendmail[27969]: n35HkUJm027969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:47:30 splunk3 sendmail[28210]: n35HlUuB028210: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:48:30 splunk3 sendmail[28446]: n35HmUWY028446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:49:30 splunk3 sendmail[28686]: n35HnUXv028686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:50:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:50:24 splunk3 sendmail[28917]: n35HoODI028917: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051750.n35HoOVU004592@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:50:24 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50753 
Apr  5 10:50:24 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:50:24 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:50:24 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:50:24 splunk3 spamd[6683]: spamd: processing message <200904051750.n35HoOVU004592@virt2.int.splunk.com> for spamme:501 
Apr  5 10:50:26 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  5 10:50:26 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50753,mid=<200904051750.n35HoOVU004592@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:50:26 splunk3 sendmail[28918]: n35HoODI028917: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:50:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:50:30 splunk3 sendmail[28946]: n35HoU27028946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:50:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:51:30 splunk3 sendmail[29189]: n35HpUTc029189: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:52:30 splunk3 sendmail[29425]: n35HqUNs029425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:53:30 splunk3 sendmail[29665]: n35HrUwU029665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:54:30 splunk3 sendmail[29903]: n35HsUX4029903: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:55:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 10:55:24 splunk3 sendmail[30133]: n35HtObJ030133: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051755.n35HtOsR005195@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 10:55:24 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50809 
Apr  5 10:55:24 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 10:55:24 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 10:55:24 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 10:55:24 splunk3 spamd[6683]: spamd: processing message <200904051755.n35HtOsR005195@virt2.int.splunk.com> for spamme:501 
Apr  5 10:55:26 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 10:55:26 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50809,mid=<200904051755.n35HtOsR005195@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 10:55:26 splunk3 sendmail[30134]: n35HtObJ030133: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 10:55:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 10:55:30 splunk3 sendmail[30161]: n35HtU8a030161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:55:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 10:56:30 splunk3 sendmail[30400]: n35HuUcR030400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 10:57:30 splunk3 sendmail[30637]: n35HvUeu030637: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:58:30 splunk3 sendmail[30874]: n35HwUTC030874: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 10:59:30 splunk3 sendmail[31112]: n35HxUd4031112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:00:02 splunk3 sendmail[31310]: n35I02IM031310: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904051800.n35I02IM031310@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 11:00:02 splunk3 sendmail[31312]: n35I02IM031310: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 11:00:02 splunk3 sendmail[31312]: n35I02IM031310: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 11:00:02 splunk3 sendmail[31312]: n35I02IM031310: n35I02IM031312: postmaster notify: User unknown
Apr  5 11:00:04 splunk3 sendmail[31312]: n35I02IM031312: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 11:00:05 splunk3 sendmail[31342]: n35I05in031342: from=root, size=291, class=0, nrcpts=1, msgid=<200904051800.n35I05in031342@splunk3.splunkit.com>, relay=root@localhost
Apr  5 11:00:05 splunk3 sendmail[31346]: n35I05iD031346: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051800.n35I05in031342@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 11:00:05 splunk3 sendmail[31342]: n35I05in031342: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35I05iD031346 Message accepted for delivery)
Apr  5 11:00:06 splunk3 sendmail[31347]: n35I05iD031346: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 11:00:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:00:25 splunk3 sendmail[31427]: n35I0P9x031427: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051800.n35I0O28005842@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:00:25 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50872 
Apr  5 11:00:25 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:00:25 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 11:00:25 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 11:00:25 splunk3 sendmail[31428]: n35I0P9x031427: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:00:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:00:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:00:30 splunk3 sendmail[31457]: n35I0US9031457: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:01:01 splunk3 sendmail[31584]: n35I11sh031584: from=root, size=443, class=0, nrcpts=1, msgid=<200904051801.n35I11sh031584@splunk3.splunkit.com>, relay=root@localhost
Apr  5 11:01:01 splunk3 sendmail[31586]: n35I11Zp031586: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051801.n35I11sh031584@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 11:01:01 splunk3 sendmail[31584]: n35I11sh031584: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35I11Zp031586 Message accepted for delivery)
Apr  5 11:01:02 splunk3 sendmail[31588]: n35I11Zp031586: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 11:01:30 splunk3 sendmail[31710]: n35I1UwG031710: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:02:30 splunk3 sendmail[31943]: n35I2UHl031943: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:03:30 splunk3 sendmail[32183]: n35I3Ugd032183: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:04:30 splunk3 sendmail[32417]: n35I4UFo032417: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:05:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:05:25 splunk3 sendmail[32649]: n35I5P75032649: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051805.n35I5P28006534@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:05:25 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50929 
Apr  5 11:05:25 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:05:25 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 11:05:25 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 11:05:25 splunk3 sendmail[32650]: n35I5P75032649: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:05:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:05:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:05:30 splunk3 sendmail[32678]: n35I5Uip032678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:06:30 splunk3 sendmail[448]: n35I6UhG000448: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:07:30 splunk3 sendmail[685]: n35I7UPD000685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:08:30 splunk3 sendmail[925]: n35I8UK3000925: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:09:30 splunk3 sendmail[1166]: n35I9UUM001166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:10:02 splunk3 sendmail[1400]: n35IA2ap001400: from=root, size=292, class=0, nrcpts=1, msgid=<200904051810.n35IA2ap001400@splunk3.splunkit.com>, relay=root@localhost
Apr  5 11:10:02 splunk3 sendmail[1405]: n35IA2Ur001405: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051810.n35IA2ap001400@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 11:10:02 splunk3 sendmail[1400]: n35IA2ap001400: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35IA2Ur001405 Message accepted for delivery)
Apr  5 11:10:04 splunk3 sendmail[1406]: n35IA2Ur001405: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 11:10:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:10:26 splunk3 sendmail[1506]: n35IAQGE001506: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051810.n35IAQqS007147@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:10:26 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50985 
Apr  5 11:10:26 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:10:26 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:10:26 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:10:26 splunk3 spamd[6683]: spamd: processing message <200904051810.n35IAQqS007147@virt2.int.splunk.com> for spamme:501 
Apr  5 11:10:28 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  5 11:10:28 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50985,mid=<200904051810.n35IAQqS007147@virt2.int.splunk.com>,bayes=0.16871094239326,autolearn=no 
Apr  5 11:10:28 splunk3 sendmail[1507]: n35IAQGE001506: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:10:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:10:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:10:30 splunk3 sendmail[1536]: n35IAU2v001536: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:11:30 splunk3 sendmail[1775]: n35IBU4o001775: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 11:12:30 splunk3 sendmail[2013]: n35ICUFO002013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:13:30 splunk3 sendmail[2251]: n35IDUou002251: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:14:30 splunk3 sendmail[2484]: n35IEUdI002484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:14:31 splunk3 sendmail[2426]: n35IEGYS002426: from=<spamme@splunkit.com>, size=2717, class=0, nrcpts=1, msgid=<200904051814.n35IEGYS002426@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=sm1-84-90-41-108.netvisao.pt [84.90.41.108]
Apr  5 11:14:31 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51025 
Apr  5 11:14:31 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:14:31 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:14:31 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:14:31 splunk3 spamd[6683]: spamd: processing message <200904051814.n35IEGYS002426@splunk3.splunkit.com> for spamme:501 
Apr  5 11:14:33 splunk3 spamd[6683]: spamd: identified spam (38.3/5.0) for spamme:501 in 2.8 seconds, 3124 bytes. 
Apr  5 11:14:33 splunk3 spamd[6683]: spamd: result: Y 38 - BAYES_99,HELO_DYNAMIC_IPADDR,HTML_90_100,HTML_IMAGE_ONLY_28,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=2.8,size=3124,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51025,mid=<200904051814.n35IEGYS002426@splunk3.splunkit.com>,bayes=1,autolearn=spam 
Apr  5 11:14:33 splunk3 sendmail[2485]: n35IEGYS002426: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:12, xdelay=00:00:02, mailer=local, pri=33046, dsn=2.0.0, stat=Sent
Apr  5 11:14:33 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:15:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:15:27 splunk3 sendmail[2747]: n35IFRZI002747: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051815.n35IFQEo007926@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:15:27 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51042 
Apr  5 11:15:27 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:15:27 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:15:27 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:15:27 splunk3 spamd[6683]: spamd: processing message <200904051815.n35IFQEo007926@virt2.int.splunk.com> for spamme:501 
Apr  5 11:15:29 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 11:15:29 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51042,mid=<200904051815.n35IFQEo007926@virt2.int.splunk.com>,bayes=0.168702142422885,autolearn=no 
Apr  5 11:15:29 splunk3 sendmail[2750]: n35IFRZI002747: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:15:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:15:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:15:30 splunk3 sendmail[2764]: n35IFUrO002764: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:16:30 splunk3 sendmail[3004]: n35IGU2T003004: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:17:30 splunk3 sendmail[3247]: n35IHUTk003247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:18:30 splunk3 sendmail[3484]: n35IIUVq003484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:19:30 splunk3 sendmail[3752]: n35IJUTH003752: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:20:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:20:27 splunk3 sendmail[4011]: n35IKRww004011: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051820.n35IKRhx008559@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:20:27 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51097 
Apr  5 11:20:27 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:20:27 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:20:27 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:20:27 splunk3 spamd[6683]: spamd: processing message <200904051820.n35IKRhx008559@virt2.int.splunk.com> for spamme:501 
Apr  5 11:20:29 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.3 seconds, 1305 bytes. 
Apr  5 11:20:29 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51097,mid=<200904051820.n35IKRhx008559@virt2.int.splunk.com>,bayes=0.168702142422885,autolearn=no 
Apr  5 11:20:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:20:29 splunk3 sendmail[4012]: n35IKRww004011: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:20:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:20:30 splunk3 sendmail[4024]: n35IKUum004024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:21:30 splunk3 sendmail[4273]: n35ILUle004273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:22:30 splunk3 sendmail[4520]: n35IMUT4004520: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:23:30 splunk3 sendmail[4763]: n35INUqd004763: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:24:30 splunk3 sendmail[5011]: n35IOU1f005011: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:25:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:25:28 splunk3 sendmail[5299]: n35IPS4t005299: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051825.n35IPSMb009192@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:25:28 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51153 
Apr  5 11:25:28 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:25:28 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:25:28 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:25:28 splunk3 spamd[6683]: spamd: processing message <200904051825.n35IPSMb009192@virt2.int.splunk.com> for spamme:501 
Apr  5 11:25:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:25:30 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 11:25:30 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51153,mid=<200904051825.n35IPSMb009192@virt2.int.splunk.com>,bayes=0.168702142422885,autolearn=no 
Apr  5 11:25:30 splunk3 sendmail[5300]: n35IPS4t005299: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:25:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:25:30 splunk3 sendmail[5308]: n35IPUou005308: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:26:30 splunk3 sendmail[5549]: n35IQU5K005549: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 11:27:30 splunk3 sendmail[5789]: n35IRUlY005789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:28:30 splunk3 sendmail[6023]: n35ISU6k006023: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:29:30 splunk3 sendmail[6263]: n35ITUCP006263: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:30:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:30:28 splunk3 sendmail[6515]: n35IUSIH006515: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904051830.n35IUStn009792@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:30:28 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51210 
Apr  5 11:30:28 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:30:28 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:30:28 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:30:28 splunk3 spamd[6683]: spamd: processing message <200904051830.n35IUStn009792@virt2.int.splunk.com> for spamme:501 
Apr  5 11:30:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:30:30 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  5 11:30:30 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51210,mid=<200904051830.n35IUStn009792@virt2.int.splunk.com>,bayes=0.168702142422885,autolearn=no 
Apr  5 11:30:30 splunk3 sendmail[6516]: n35IUSIH006515: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 11:30:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:30:30 splunk3 sendmail[6524]: n35IUUZt006524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:31:30 splunk3 sendmail[6763]: n35IVUNU006763: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:32:30 splunk3 sendmail[6997]: n35IWUcK006997: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:33:30 splunk3 sendmail[7238]: n35IXUq9007238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:34:30 splunk3 sendmail[7471]: n35IYUsN007471: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:35:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:35:29 splunk3 sendmail[7730]: n35IZTeQ007730: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051835.n35IZSnE010560@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:35:29 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51265 
Apr  5 11:35:29 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:35:29 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:35:29 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:35:29 splunk3 spamd[6683]: spamd: processing message <200904051835.n35IZSnE010560@virt2.int.splunk.com> for spamme:501 
Apr  5 11:35:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:35:30 splunk3 sendmail[7738]: n35IZUew007738: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:35:31 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 11:35:31 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51265,mid=<200904051835.n35IZSnE010560@virt2.int.splunk.com>,bayes=0.111837983606221,autolearn=no 
Apr  5 11:35:31 splunk3 sendmail[7731]: n35IZTeQ007730: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 11:35:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:36:30 splunk3 sendmail[7973]: n35IaUxE007973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:37:30 splunk3 sendmail[8212]: n35IbUto008212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:38:30 splunk3 sendmail[8451]: n35IcUVs008451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:39:30 splunk3 sendmail[8692]: n35IdUJY008692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:40:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:40:29 splunk3 sendmail[8946]: n35IeTL0008946: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051840.n35IeTYB011174@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:40:29 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51321 
Apr  5 11:40:29 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:40:29 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:40:29 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:40:29 splunk3 spamd[6683]: spamd: processing message <200904051840.n35IeTYB011174@virt2.int.splunk.com> for spamme:501 
Apr  5 11:40:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:40:30 splunk3 sendmail[8956]: n35IeUr5008956: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:40:31 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 11:40:31 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51321,mid=<200904051840.n35IeTYB011174@virt2.int.splunk.com>,bayes=0.111837983606221,autolearn=no 
Apr  5 11:40:31 splunk3 sendmail[8948]: n35IeTL0008946: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 11:40:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:41:30 splunk3 sendmail[9195]: n35IfUwp009195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 11:42:30 splunk3 sendmail[9429]: n35IgUNT009429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:43:30 splunk3 sendmail[9669]: n35IhUMp009669: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:43:57 splunk3 sendmail[9743]: n35IhnUh009743: from=<scythoar@1tradelogistics.com>, size=1907, class=0, nrcpts=1, msgid=<200904051843.n35IhnUh009743@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=adrt142.neoplus.adsl.tpnet.pl [79.185.179.142]
Apr  5 11:43:57 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51355 
Apr  5 11:43:57 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:43:57 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:43:57 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:43:57 splunk3 spamd[6683]: spamd: processing message <200904051843.n35IhnUh009743@splunk3.splunkit.com> for spamme:501 
Apr  5 11:43:59 splunk3 spamd[6683]: spamd: identified spam (10.1/5.0) for spamme:501 in 2.2 seconds, 2335 bytes. 
Apr  5 11:43:59 splunk3 spamd[6683]: spamd: result: Y 10 - BAYES_95,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_SORBS_DUL,URIBL_SBL scantime=2.2,size=2335,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51355,mid=<200904051843.n35IhnUh009743@splunk3.splunkit.com>,bayes=0.967249868825226,autolearn=no 
Apr  5 11:43:59 splunk3 sendmail[9785]: n35IhnUh009743: to=<spamme@splunkit.com>, delay=00:00:06, xdelay=00:00:02, mailer=local, pri=32239, dsn=2.0.0, stat=Sent
Apr  5 11:43:59 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:44:30 splunk3 sendmail[9910]: n35IiUcd009910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:45:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:45:30 splunk3 sendmail[10164]: n35IjULo010164: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051845.n35IjTTo011808@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:45:30 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51378 
Apr  5 11:45:30 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:45:30 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:45:30 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:45:30 splunk3 spamd[6683]: spamd: processing message <200904051845.n35IjTTo011808@virt2.int.splunk.com> for spamme:501 
Apr  5 11:45:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:45:30 splunk3 sendmail[10173]: n35IjUDN010173: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:45:32 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 11:45:32 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51378,mid=<200904051845.n35IjTTo011808@virt2.int.splunk.com>,bayes=0.111837983606221,autolearn=no 
Apr  5 11:45:32 splunk3 sendmail[10165]: n35IjULo010164: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 11:45:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:46:30 splunk3 sendmail[10410]: n35IkUQJ010410: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:47:30 splunk3 sendmail[10647]: n35IlUos010647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:48:30 splunk3 sendmail[10882]: n35ImU63010882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:49:30 splunk3 sendmail[11117]: n35InUS0011117: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:50:00 splunk3 sendmail[11235]: n35Io0ff011235: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051850.n35Io0XP012329@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:50:00 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51421 
Apr  5 11:50:00 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:50:00 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:50:00 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:50:00 splunk3 spamd[6683]: spamd: processing message <200904051850.n35Io0XP012329@virt2.int.splunk.com> for spamme:501 
Apr  5 11:50:02 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  5 11:50:02 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51421,mid=<200904051850.n35Io0XP012329@virt2.int.splunk.com>,bayes=0.111837983606221,autolearn=no 
Apr  5 11:50:02 splunk3 sendmail[11236]: n35Io0ff011235: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 11:50:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:50:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:50:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:50:30 splunk3 sendmail[11382]: n35IoUgp011382: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:51:30 splunk3 sendmail[11621]: n35IpUXK011621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:51:56 splunk3 sendmail[11713]: n35IpsTG011713: from=<spamme@splunkit.com>, size=2766, class=0, nrcpts=1, msgid=<200904051851.n35IpsTG011713@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=dsl4-010.express.oricom.ca [64.18.169.10]
Apr  5 11:51:56 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51447 
Apr  5 11:51:56 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:51:56 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:51:56 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:51:56 splunk3 spamd[6683]: spamd: processing message <200904051851.n35IpsTG011713@splunk3.splunkit.com> for spamme:501 
Apr  5 11:51:58 splunk3 spamd[6683]: spamd: identified spam (33.0/5.0) for spamme:501 in 1.9 seconds, 3169 bytes. 
Apr  5 11:51:58 splunk3 spamd[6683]: spamd: result: Y 33 - AWL,BAYES_99,HELO_DYNAMIC_DHCP,HTML_90_100,HTML_IMAGE_ONLY_28,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.9,size=3169,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51447,mid=<200904051851.n35IpsTG011713@splunk3.splunkit.com>,bayes=1,autolearn=spam 
Apr  5 11:51:58 splunk3 sendmail[11735]: n35IpsTG011713: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33091, dsn=2.0.0, stat=Sent
Apr  5 11:51:58 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:52:30 splunk3 sendmail[11862]: n35IqUZT011862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:53:30 splunk3 sendmail[12105]: n35IrUVb012105: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:54:30 splunk3 sendmail[12342]: n35IsUXP012342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:55:01 splunk3 sendmail[12477]: n35It1BO012477: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051855.n35It1NG012948@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 11:55:01 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51477 
Apr  5 11:55:01 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 11:55:01 splunk3 spamd[6683]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 11:55:01 splunk3 spamd[6683]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 11:55:01 splunk3 spamd[6683]: spamd: processing message <200904051855.n35It1NG012948@virt2.int.splunk.com> for spamme:501 
Apr  5 11:55:03 splunk3 spamd[6683]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 11:55:03 splunk3 spamd[6683]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51477,mid=<200904051855.n35It1NG012948@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 11:55:03 splunk3 sendmail[12478]: n35It1BO012477: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 11:55:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 11:55:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 11:55:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 11:55:31 splunk3 sendmail[12604]: n35ItUt8012604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:56:31 splunk3 sendmail[12835]: n35IuVvc012835: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 11:57:31 splunk3 sendmail[13077]: n35IvV3Y013077: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:58:31 splunk3 sendmail[13343]: n35IwVnV013343: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 11:59:31 splunk3 sendmail[13590]: n35IxVc4013590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:00:02 splunk3 sendmail[13778]: n35J02iW013778: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051900.n35J01cN013605@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:00:02 splunk3 spamd[6683]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51534 
Apr  5 12:00:02 splunk3 spamd[6683]: spamd: setuid to spamme succeeded 
Apr  5 12:00:02 splunk3 spamd[6683]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 12:00:02 splunk3 spamd[6683]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 12:00:02 splunk3 sendmail[13779]: n35J02iW013778: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:00:02 splunk3 spamd[3033]: prefork: child states: BI 
Apr  5 12:00:02 splunk3 spamd[3033]: spamd: handled cleanup of child pid 6683 due to SIGCHLD 
Apr  5 12:00:02 splunk3 spamd[3033]: spamd: server successfully spawned child process, pid 13783 
Apr  5 12:00:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:00:04 splunk3 sendmail[13798]: n35J04E1013798: from=root, size=291, class=0, nrcpts=1, msgid=<200904051900.n35J04E1013798@splunk3.splunkit.com>, relay=root@localhost
Apr  5 12:00:04 splunk3 sendmail[13802]: n35J04Yb013802: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904051900.n35J04E1013798@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 12:00:04 splunk3 sendmail[13798]: n35J04E1013798: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35J04Yb013802 Message accepted for delivery)
Apr  5 12:00:05 splunk3 sendmail[13806]: n35J04Yb013802: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 12:00:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:00:08 splunk3 sendmail[13841]: n35J08Xt013841: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904051900.n35J08Xt013841@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 12:00:08 splunk3 sendmail[13843]: n35J08Xt013841: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 12:00:08 splunk3 sendmail[13843]: n35J08Xt013841: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 12:00:08 splunk3 sendmail[13843]: n35J08Xt013841: n35J08Xt013843: postmaster notify: User unknown
Apr  5 12:00:09 splunk3 sendmail[13843]: n35J08Xt013843: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 12:00:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:00:31 splunk3 sendmail[13939]: n35J0V2J013939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:01:13 splunk3 sendmail[14079]: n35J11m2014079: from=root, size=443, class=0, nrcpts=1, msgid=<200904051901.n35J11m2014079@splunk3.splunkit.com>, relay=root@localhost
Apr  5 12:01:13 splunk3 sendmail[14122]: n35J1De4014122: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904051901.n35J11m2014079@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 12:01:13 splunk3 sendmail[14079]: n35J11m2014079: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35J1De4014122 Message accepted for delivery)
Apr  5 12:01:14 splunk3 sendmail[14123]: n35J1De4014122: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 12:01:31 splunk3 sendmail[14190]: n35J1Vst014190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:02:31 splunk3 sendmail[14424]: n35J2VfG014424: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:03:31 splunk3 sendmail[14660]: n35J3Vct014660: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:04:31 splunk3 sendmail[14896]: n35J4V4H014896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:05:03 splunk3 sendmail[15032]: n35J5347015032: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051905.n35J52vY014306@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:05:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51599 
Apr  5 12:05:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:05:03 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 12:05:03 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 12:05:03 splunk3 sendmail[15033]: n35J5347015032: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:05:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:05:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:05:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:05:31 splunk3 sendmail[15170]: n35J5VtU015170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:06:31 splunk3 sendmail[15406]: n35J6Vgu015406: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:07:31 splunk3 sendmail[15653]: n35J7VBn015653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:08:31 splunk3 sendmail[15892]: n35J8V8r015892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:09:31 splunk3 sendmail[16133]: n35J9Vt7016133: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:10:02 splunk3 sendmail[16346]: n35JA2Mc016346: from=root, size=292, class=0, nrcpts=1, msgid=<200904051910.n35JA2Mc016346@splunk3.splunkit.com>, relay=root@localhost
Apr  5 12:10:02 splunk3 sendmail[16351]: n35JA2mZ016351: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904051910.n35JA2Mc016346@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 12:10:02 splunk3 sendmail[16346]: n35JA2Mc016346: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35JA2mZ016351 Message accepted for delivery)
Apr  5 12:10:03 splunk3 sendmail[16357]: n35JA30m016357: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051910.n35JA3JE014922@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:10:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51655 
Apr  5 12:10:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:10:03 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:10:03 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:10:03 splunk3 sendmail[16352]: n35JA2mZ016351: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 12:10:03 splunk3 spamd[13783]: spamd: processing message <200904051910.n35JA3JE014922@virt2.int.splunk.com> for spamme:501 
Apr  5 12:10:05 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 12:10:05 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51655,mid=<200904051910.n35JA3JE014922@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:10:05 splunk3 sendmail[16358]: n35JA30m016357: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:10:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:10:07 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:10:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:10:31 splunk3 sendmail[16499]: n35JAVN7016499: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:11:31 splunk3 sendmail[16739]: n35JBVUH016739: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 12:12:31 splunk3 sendmail[16975]: n35JCVhd016975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:13:31 splunk3 sendmail[17214]: n35JDVgJ017214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:14:31 splunk3 sendmail[17449]: n35JEVjP017449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:15:04 splunk3 sendmail[17569]: n35JF451017569: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051915.n35JF3T7015712@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:15:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51712 
Apr  5 12:15:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:15:04 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:15:04 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:15:04 splunk3 spamd[13783]: spamd: processing message <200904051915.n35JF3T7015712@virt2.int.splunk.com> for spamme:501 
Apr  5 12:15:06 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  5 12:15:06 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51712,mid=<200904051915.n35JF3T7015712@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:15:06 splunk3 sendmail[17570]: n35JF451017569: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:15:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:15:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:15:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:15:31 splunk3 sendmail[17712]: n35JFVDu017712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:16:31 splunk3 sendmail[17946]: n35JGVIo017946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:17:31 splunk3 sendmail[18181]: n35JHVGP018181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:18:31 splunk3 sendmail[18416]: n35JIV94018416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:19:31 splunk3 sendmail[18656]: n35JJVGS018656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:20:06 splunk3 sendmail[18801]: n35JK65p018801: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051920.n35JK4Fg016341@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:20:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51769 
Apr  5 12:20:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:20:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:20:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:20:06 splunk3 spamd[13783]: spamd: processing message <200904051920.n35JK4Fg016341@virt2.int.splunk.com> for spamme:501 
Apr  5 12:20:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:20:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 12:20:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51769,mid=<200904051920.n35JK4Fg016341@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:20:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:20:08 splunk3 sendmail[18802]: n35JK65p018801: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:20:30 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:20:31 splunk3 sendmail[18918]: n35JKViS018918: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:21:31 splunk3 sendmail[19157]: n35JLVeP019157: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:22:31 splunk3 sendmail[19392]: n35JMVaG019392: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:23:31 splunk3 sendmail[19633]: n35JNVJ5019633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:24:31 splunk3 sendmail[19868]: n35JOVEK019868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:25:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:25:07 splunk3 sendmail[20012]: n35JP7OR020012: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051925.n35JP6pG016952@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:25:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51824 
Apr  5 12:25:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:25:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:25:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:25:07 splunk3 spamd[13783]: spamd: processing message <200904051925.n35JP6pG016952@virt2.int.splunk.com> for spamme:501 
Apr  5 12:25:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 12:25:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51824,mid=<200904051925.n35JP6pG016952@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:25:09 splunk3 sendmail[20013]: n35JP7OR020012: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:25:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:25:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:25:31 splunk3 sendmail[20131]: n35JPVx9020131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 12:26:31 splunk3 sendmail[20366]: n35JQVt7020366: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:27:31 splunk3 sendmail[20606]: n35JRV5h020606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:28:31 splunk3 sendmail[20840]: n35JSVc4020840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:29:31 splunk3 sendmail[21081]: n35JTVjG021081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:30:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:30:07 splunk3 sendmail[21225]: n35JU7tg021225: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051930.n35JU790017573@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:30:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51881 
Apr  5 12:30:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:30:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:30:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:30:07 splunk3 spamd[13783]: spamd: processing message <200904051930.n35JU790017573@virt2.int.splunk.com> for spamme:501 
Apr  5 12:30:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 12:30:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51881,mid=<200904051930.n35JU790017573@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:30:09 splunk3 sendmail[21227]: n35JU7tg021225: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:30:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:30:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:30:31 splunk3 sendmail[21345]: n35JUVXY021345: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:31:31 splunk3 sendmail[21582]: n35JVVSC021582: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:32:31 splunk3 sendmail[21818]: n35JWV7W021818: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:33:31 splunk3 sendmail[22058]: n35JXVSK022058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:34:31 splunk3 sendmail[22294]: n35JYV9B022294: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:35:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:35:08 splunk3 sendmail[22439]: n35JZ8fx022439: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051935.n35JZ7HL018320@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:35:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51936 
Apr  5 12:35:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:35:08 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:35:08 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:35:08 splunk3 spamd[13783]: spamd: processing message <200904051935.n35JZ7HL018320@virt2.int.splunk.com> for spamme:501 
Apr  5 12:35:10 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 12:35:10 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51936,mid=<200904051935.n35JZ7HL018320@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:35:10 splunk3 sendmail[22440]: n35JZ8fx022439: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:35:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:35:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:35:31 splunk3 sendmail[22555]: n35JZVT8022555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:36:31 splunk3 sendmail[22792]: n35JaVWI022792: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:37:31 splunk3 sendmail[23030]: n35JbVCG023030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:38:31 splunk3 sendmail[23265]: n35JcVwe023265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:39:31 splunk3 sendmail[23508]: n35JdVEb023508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:40:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:40:08 splunk3 sendmail[23653]: n35Je8hX023653: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051940.n35Je8PQ018950@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:40:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51992 
Apr  5 12:40:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:40:09 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:40:09 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:40:09 splunk3 spamd[13783]: spamd: processing message <200904051940.n35Je8PQ018950@virt2.int.splunk.com> for spamme:501 
Apr  5 12:40:11 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 12:40:11 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51992,mid=<200904051940.n35Je8PQ018950@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:40:11 splunk3 sendmail[23654]: n35Je8hX023653: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:40:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:40:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:40:31 splunk3 sendmail[23771]: n35JeV3f023771: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 12:41:31 splunk3 sendmail[24010]: n35JfVSY024010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:42:31 splunk3 sendmail[24246]: n35JgV2O024246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:43:31 splunk3 sendmail[24486]: n35JhV5w024486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:44:31 splunk3 sendmail[24721]: n35JiVNU024721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:45:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:45:09 splunk3 sendmail[24865]: n35Jj94i024865: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051945.n35Jj9ax019559@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:45:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52048 
Apr  5 12:45:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:45:09 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:45:09 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:45:09 splunk3 spamd[13783]: spamd: processing message <200904051945.n35Jj9ax019559@virt2.int.splunk.com> for spamme:501 
Apr  5 12:45:11 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 12:45:11 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52048,mid=<200904051945.n35Jj9ax019559@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:45:11 splunk3 sendmail[24866]: n35Jj94i024865: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:45:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:45:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:45:31 splunk3 sendmail[24982]: n35JjVBo024982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:46:31 splunk3 sendmail[25219]: n35JkV7w025219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:47:31 splunk3 sendmail[25457]: n35JlVj9025457: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:48:31 splunk3 sendmail[25693]: n35JmVXw025693: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:49:31 splunk3 sendmail[25932]: n35JnVCu025932: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:50:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:50:10 splunk3 sendmail[26081]: n35JoAjL026081: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051950.n35Jo9Bg020168@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:50:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52104 
Apr  5 12:50:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:50:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:50:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:50:10 splunk3 spamd[13783]: spamd: processing message <200904051950.n35Jo9Bg020168@virt2.int.splunk.com> for spamme:501 
Apr  5 12:50:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  5 12:50:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52104,mid=<200904051950.n35Jo9Bg020168@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:50:12 splunk3 sendmail[26082]: n35JoAjL026081: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:50:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:50:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:50:31 splunk3 sendmail[26197]: n35JoVwP026197: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:51:31 splunk3 sendmail[26437]: n35JpVvv026437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:52:31 splunk3 sendmail[26667]: n35JqVQL026667: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:53:31 splunk3 sendmail[26910]: n35JrVo0026910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:54:31 splunk3 sendmail[27145]: n35JsVa2027145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:55:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 12:55:10 splunk3 sendmail[27306]: n35JtABb027306: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904051955.n35JtAL3020775@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 12:55:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52159 
Apr  5 12:55:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 12:55:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 12:55:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 12:55:10 splunk3 spamd[13783]: spamd: processing message <200904051955.n35JtAL3020775@virt2.int.splunk.com> for spamme:501 
Apr  5 12:55:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 12:55:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52159,mid=<200904051955.n35JtAL3020775@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 12:55:12 splunk3 sendmail[27307]: n35JtABb027306: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 12:55:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 12:55:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 12:55:31 splunk3 sendmail[27407]: n35JtVjg027407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 12:56:31 splunk3 sendmail[27642]: n35JuVtS027642: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:57:31 splunk3 sendmail[27883]: n35JvVPg027883: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:58:31 splunk3 sendmail[28114]: n35JwVd6028114: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 12:59:31 splunk3 sendmail[28353]: n35JxVNm028353: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:00:04 splunk3 sendmail[28539]: n35K04EX028539: from=root, size=291, class=0, nrcpts=1, msgid=<200904052000.n35K04EX028539@splunk3.splunkit.com>, relay=root@localhost
Apr  5 13:00:04 splunk3 sendmail[28546]: n35K04Yr028546: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904052000.n35K04EX028539@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 13:00:04 splunk3 sendmail[28539]: n35K04EX028539: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35K04Yr028546 Message accepted for delivery)
Apr  5 13:00:05 splunk3 sendmail[28548]: n35K04Yr028546: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 13:00:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:00:11 splunk3 sendmail[28588]: n35K0BL6028588: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052000.n35K0A3K021415@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:00:11 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52216 
Apr  5 13:00:11 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:00:11 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 13:00:11 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 13:00:11 splunk3 sendmail[28589]: n35K0BL6028588: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:00:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:00:13 splunk3 sendmail[28605]: n35K0Dcn028605: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904052000.n35K0Dcn028605@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 13:00:13 splunk3 sendmail[28607]: n35K0Dcn028605: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 13:00:13 splunk3 sendmail[28607]: n35K0Dcn028605: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 13:00:13 splunk3 sendmail[28607]: n35K0Dcn028605: n35K0Dcn028607: postmaster notify: User unknown
Apr  5 13:00:15 splunk3 sendmail[28607]: n35K0Dcn028607: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 13:00:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:00:31 splunk3 sendmail[28703]: n35K0V7C028703: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:01:14 splunk3 sendmail[28828]: n35K11g0028828: from=root, size=443, class=0, nrcpts=1, msgid=<200904052001.n35K11g0028828@splunk3.splunkit.com>, relay=root@localhost
Apr  5 13:01:14 splunk3 sendmail[28871]: n35K1EJE028871: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904052001.n35K11g0028828@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 13:01:14 splunk3 sendmail[28828]: n35K11g0028828: to=root, ctladdr=root (0/0), delay=00:00:13, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35K1EJE028871 Message accepted for delivery)
Apr  5 13:01:16 splunk3 sendmail[28873]: n35K1EJE028871: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 13:01:31 splunk3 sendmail[28954]: n35K1VbT028954: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:02:31 splunk3 sendmail[29188]: n35K2V7f029188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:03:31 splunk3 sendmail[29428]: n35K3V2m029428: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:04:31 splunk3 sendmail[29664]: n35K4VR2029664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:05:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:05:12 splunk3 sendmail[29826]: n35K5CM7029826: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052005.n35K5BCW022096@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:05:12 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52280 
Apr  5 13:05:12 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:05:12 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 13:05:12 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 13:05:12 splunk3 sendmail[29827]: n35K5CM7029826: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:05:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:05:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:05:31 splunk3 sendmail[29924]: n35K5Vp4029924: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:06:31 splunk3 sendmail[30156]: n35K6VX0030156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:07:31 splunk3 sendmail[30396]: n35K7Vjc030396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:08:31 splunk3 sendmail[30634]: n35K8Vtm030634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:09:31 splunk3 sendmail[30874]: n35K9VUg030874: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:10:02 splunk3 sendmail[31086]: n35KA2PT031086: from=root, size=292, class=0, nrcpts=1, msgid=<200904052010.n35KA2PT031086@splunk3.splunkit.com>, relay=root@localhost
Apr  5 13:10:02 splunk3 sendmail[31091]: n35KA2dS031091: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904052010.n35KA2PT031086@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 13:10:02 splunk3 sendmail[31086]: n35KA2PT031086: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35KA2dS031091 Message accepted for delivery)
Apr  5 13:10:03 splunk3 sendmail[31092]: n35KA2dS031091: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 13:10:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:10:12 splunk3 sendmail[31140]: n35KACQo031140: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052010.n35KAC7m022712@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:10:12 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52336 
Apr  5 13:10:12 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:10:12 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:10:12 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:10:12 splunk3 spamd[13783]: spamd: processing message <200904052010.n35KAC7m022712@virt2.int.splunk.com> for spamme:501 
Apr  5 13:10:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.2 seconds, 1308 bytes. 
Apr  5 13:10:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52336,mid=<200904052010.n35KAC7m022712@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:10:16 splunk3 sendmail[31141]: n35KACQo031140: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:10:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:10:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:10:31 splunk3 sendmail[31243]: n35KAV4e031243: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 13:11:31 splunk3 sendmail[31479]: n35KBVqO031479: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:12:31 splunk3 sendmail[31712]: n35KCVCB031712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:13:31 splunk3 sendmail[31949]: n35KDV35031949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:14:31 splunk3 sendmail[32187]: n35KEVoM032187: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:15:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:15:13 splunk3 sendmail[32351]: n35KFDcW032351: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052015.n35KFDgt023533@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:15:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52392 
Apr  5 13:15:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:15:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:15:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:15:13 splunk3 spamd[13783]: spamd: processing message <200904052015.n35KFDgt023533@virt2.int.splunk.com> for spamme:501 
Apr  5 13:15:15 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 13:15:15 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52392,mid=<200904052015.n35KFDgt023533@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:15:15 splunk3 sendmail[32352]: n35KFDcW032351: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:15:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:15:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:15:31 splunk3 sendmail[32451]: n35KFVcv032451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:16:31 splunk3 sendmail[32685]: n35KGVCG032685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:17:31 splunk3 sendmail[458]: n35KHVoA000458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:18:31 splunk3 sendmail[693]: n35KIVAW000693: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:19:31 splunk3 sendmail[930]: n35KJVra000930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:20:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:20:14 splunk3 sendmail[1096]: n35KKE1i001096: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052020.n35KKDHF024175@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:20:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52447 
Apr  5 13:20:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:20:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:20:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:20:14 splunk3 spamd[13783]: spamd: processing message <200904052020.n35KKDHF024175@virt2.int.splunk.com> for spamme:501 
Apr  5 13:20:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 13:20:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52447,mid=<200904052020.n35KKDHF024175@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:20:16 splunk3 sendmail[1098]: n35KKE1i001096: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:20:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:20:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:20:31 splunk3 sendmail[1192]: n35KKVnc001192: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:21:31 splunk3 sendmail[1435]: n35KLV3H001435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:22:31 splunk3 sendmail[1671]: n35KMVab001671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:23:31 splunk3 sendmail[1913]: n35KNVua001913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:24:31 splunk3 sendmail[2150]: n35KOVg6002150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:25:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:25:14 splunk3 sendmail[2314]: n35KPETf002314: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052025.n35KPEdI024778@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:25:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52503 
Apr  5 13:25:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:25:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:25:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:25:14 splunk3 spamd[13783]: spamd: processing message <200904052025.n35KPEdI024778@virt2.int.splunk.com> for spamme:501 
Apr  5 13:25:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 13:25:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52503,mid=<200904052025.n35KPEdI024778@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:25:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:25:16 splunk3 sendmail[2315]: n35KPETf002314: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:25:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:25:31 splunk3 sendmail[2414]: n35KPVFp002414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 13:26:31 splunk3 sendmail[2653]: n35KQV5R002653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:27:31 splunk3 sendmail[2900]: n35KRVbN002900: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:28:31 splunk3 sendmail[3145]: n35KSV4V003145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:29:31 splunk3 sendmail[3387]: n35KTVWT003387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:30:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:30:15 splunk3 sendmail[3587]: n35KUFxU003587: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052030.n35KUENF025394@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:30:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52559 
Apr  5 13:30:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:30:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:30:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:30:15 splunk3 spamd[13783]: spamd: processing message <200904052030.n35KUENF025394@virt2.int.splunk.com> for spamme:501 
Apr  5 13:30:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  5 13:30:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52559,mid=<200904052030.n35KUENF025394@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:30:17 splunk3 sendmail[3588]: n35KUFxU003587: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:30:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:30:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:30:31 splunk3 sendmail[3673]: n35KUVtZ003673: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:31:31 splunk3 sendmail[3919]: n35KVVpL003919: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:32:31 splunk3 sendmail[4169]: n35KWVV0004169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:33:31 splunk3 sendmail[4421]: n35KXVbF004421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:34:31 splunk3 sendmail[4657]: n35KYVM4004657: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:35:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:35:15 splunk3 sendmail[4839]: n35KZFuL004839: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052035.n35KZF5F026142@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:35:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52615 
Apr  5 13:35:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:35:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:35:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:35:15 splunk3 spamd[13783]: spamd: processing message <200904052035.n35KZF5F026142@virt2.int.splunk.com> for spamme:501 
Apr  5 13:35:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 13:35:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52615,mid=<200904052035.n35KZF5F026142@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:35:17 splunk3 sendmail[4840]: n35KZFuL004839: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:35:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:35:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:35:31 splunk3 sendmail[4929]: n35KZV45004929: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:36:31 splunk3 sendmail[5204]: n35KaVQi005204: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:37:31 splunk3 sendmail[5446]: n35KbVYb005446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:38:31 splunk3 sendmail[5686]: n35KcV29005686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:39:31 splunk3 sendmail[5925]: n35KdVFg005925: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:40:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:40:16 splunk3 sendmail[6106]: n35KeFAp006106: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052040.n35KeFRJ026777@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:40:16 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52670 
Apr  5 13:40:16 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:40:16 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:40:16 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:40:16 splunk3 spamd[13783]: spamd: processing message <200904052040.n35KeFRJ026777@virt2.int.splunk.com> for spamme:501 
Apr  5 13:40:18 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 13:40:18 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52670,mid=<200904052040.n35KeFRJ026777@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:40:18 splunk3 sendmail[6107]: n35KeFAp006106: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:40:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:40:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:40:31 splunk3 sendmail[6186]: n35KeVef006186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 13:41:31 splunk3 sendmail[6425]: n35KfVsd006425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:42:31 splunk3 sendmail[6661]: n35KgVN7006661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:43:31 splunk3 sendmail[6898]: n35KhVGh006898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:44:31 splunk3 sendmail[7135]: n35KiVp3007135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:45:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:45:17 splunk3 sendmail[7316]: n35KjG2a007316: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052045.n35KjG1Z027392@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:45:17 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52727 
Apr  5 13:45:17 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:45:17 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:45:17 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:45:17 splunk3 spamd[13783]: spamd: processing message <200904052045.n35KjG1Z027392@virt2.int.splunk.com> for spamme:501 
Apr  5 13:45:19 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 13:45:19 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52727,mid=<200904052045.n35KjG1Z027392@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:45:19 splunk3 sendmail[7317]: n35KjG2a007316: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:45:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:45:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:45:31 splunk3 sendmail[7398]: n35KjVIR007398: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:46:31 splunk3 sendmail[7641]: n35KkVeg007641: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:47:31 splunk3 sendmail[7877]: n35KlV5r007877: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:48:31 splunk3 sendmail[8112]: n35KmVev008112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:49:31 splunk3 sendmail[8353]: n35KnVNA008353: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:50:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:50:18 splunk3 sendmail[8538]: n35KoIXp008538: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052050.n35KoHK5028002@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:50:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52783 
Apr  5 13:50:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:50:18 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:50:18 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:50:18 splunk3 spamd[13783]: spamd: processing message <200904052050.n35KoHK5028002@virt2.int.splunk.com> for spamme:501 
Apr  5 13:50:20 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 13:50:20 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52783,mid=<200904052050.n35KoHK5028002@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:50:20 splunk3 sendmail[8539]: n35KoIXp008538: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:50:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:50:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:50:31 splunk3 sendmail[8619]: n35KoVAc008619: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:51:31 splunk3 sendmail[8858]: n35KpVd1008858: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:52:31 splunk3 sendmail[9093]: n35KqVPA009093: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:53:31 splunk3 sendmail[9336]: n35KrVXr009336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:54:31 splunk3 sendmail[9570]: n35KsVTO009570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:55:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 13:55:18 splunk3 sendmail[9753]: n35KtIhV009753: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052055.n35KtIvA028617@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 13:55:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52838 
Apr  5 13:55:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:55:18 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:55:18 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:55:18 splunk3 spamd[13783]: spamd: processing message <200904052055.n35KtIvA028617@virt2.int.splunk.com> for spamme:501 
Apr  5 13:55:20 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  5 13:55:20 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52838,mid=<200904052055.n35KtIvA028617@virt2.int.splunk.com>,bayes=0.111830572328038,autolearn=no 
Apr  5 13:55:20 splunk3 sendmail[9754]: n35KtIhV009753: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 13:55:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:55:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 13:55:31 splunk3 sendmail[9831]: n35KtVJG009831: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 13:56:31 splunk3 sendmail[10068]: n35KuVOx010068: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:57:05 splunk3 sendmail[10207]: n35Kv5Yq010207: from=<3IBvZSRQKBl4CKKCHA6HANPO-JKNALHUCKKCHA.8KIOL6IIAOLHQJGEP.8KI@alerts.bounces.google.com>, size=2933, class=0, nrcpts=1, msgid=<0016e646426232cc610466d5067e@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.189]
Apr  5 13:57:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52864 
Apr  5 13:57:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 13:57:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 13:57:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 13:57:05 splunk3 spamd[13783]: spamd: processing message <0016e646426232cc610466d5067e@google.com> for spamme:501 
Apr  5 13:57:07 splunk3 spamd[13783]: spamd: clean message (-2.4/5.0) for spamme:501 in 1.6 seconds, 3363 bytes. 
Apr  5 13:57:07 splunk3 spamd[13783]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.6,size=3363,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52864,mid=<0016e646426232cc610466d5067e@google.com>,bayes=0,autolearn=ham 
Apr  5 13:57:07 splunk3 sendmail[10208]: n35Kv5Yq010207: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=33144, dsn=2.0.0, stat=Sent
Apr  5 13:57:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 13:57:31 splunk3 sendmail[10315]: n35KvVa8010315: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:58:31 splunk3 sendmail[10550]: n35KwVm7010550: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 13:59:31 splunk3 sendmail[10789]: n35KxVgm010789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:00:04 splunk3 sendmail[10974]: n35L04ks010974: from=root, size=291, class=0, nrcpts=1, msgid=<200904052100.n35L04ks010974@splunk3.splunkit.com>, relay=root@localhost
Apr  5 14:00:04 splunk3 sendmail[10978]: n35L04WT010978: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904052100.n35L04ks010974@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 14:00:04 splunk3 sendmail[10974]: n35L04ks010974: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35L04WT010978 Message accepted for delivery)
Apr  5 14:00:05 splunk3 sendmail[10979]: n35L04WT010978: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 14:00:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:00:19 splunk3 sendmail[11039]: n35L0JqC011039: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052100.n35L0IA4029253@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:00:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52903 
Apr  5 14:00:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:00:19 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 14:00:19 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 14:00:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:00:19 splunk3 sendmail[11045]: n35L0JqC011039: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:00:19 splunk3 sendmail[11056]: n35L0J9X011056: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904052100.n35L0J9X011056@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 14:00:19 splunk3 sendmail[11058]: n35L0J9X011056: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 14:00:19 splunk3 sendmail[11058]: n35L0J9X011056: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 14:00:19 splunk3 sendmail[11058]: n35L0J9X011056: n35L0J9X011058: postmaster notify: User unknown
Apr  5 14:00:20 splunk3 sendmail[11058]: n35L0J9X011058: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 14:00:31 splunk3 sendmail[11133]: n35L0V77011133: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:00:32 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:01:14 splunk3 sendmail[11258]: n35L11mM011258: from=root, size=443, class=0, nrcpts=1, msgid=<200904052101.n35L11mM011258@splunk3.splunkit.com>, relay=root@localhost
Apr  5 14:01:14 splunk3 sendmail[11301]: n35L1EsL011301: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904052101.n35L11mM011258@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 14:01:14 splunk3 sendmail[11258]: n35L11mM011258: to=root, ctladdr=root (0/0), delay=00:00:13, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35L1EsL011301 Message accepted for delivery)
Apr  5 14:01:15 splunk3 sendmail[11302]: n35L1EsL011301: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 14:01:31 splunk3 sendmail[11385]: n35L1VB7011385: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:02:26 splunk3 sendmail[11559]: n35L2HHw011559: from=<spamme@splunkit.com>, size=2774, class=0, nrcpts=1, msgid=<200904052102.n35L2HHw011559@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=r190-134-190-226.dialup.adsl.anteldata.net.uy [190.134.190.226]
Apr  5 14:02:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52934 
Apr  5 14:02:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:02:26 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 14:02:26 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 14:02:26 splunk3 sendmail[11603]: n35L2HHw011559: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:06, xdelay=00:00:00, mailer=local, pri=33139, dsn=2.0.0, stat=Sent
Apr  5 14:02:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:02:31 splunk3 sendmail[11624]: n35L2VKt011624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:03:31 splunk3 sendmail[11865]: n35L3Vpc011865: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:04:31 splunk3 sendmail[12102]: n35L4VQw012102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:04:50 splunk3 sendmail[12175]: n35L4nNU012175: from=<concludedi92@interfree.it>, size=2758, class=0, nrcpts=1, msgid=<000d01c9b632$2184ef70$6400a8c0@concludedi92>, proto=ESMTP, daemon=MTA, relay=[207.144.22.129]
Apr  5 14:04:50 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52957 
Apr  5 14:04:50 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:04:50 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 14:04:50 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 14:04:50 splunk3 sendmail[12176]: n35L4nNU012175: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32934, dsn=2.0.0, stat=Sent
Apr  5 14:04:50 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:05:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:05:19 splunk3 sendmail[12304]: n35L5Jgg012304: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052105.n35L5J1k029934@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:05:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52962 
Apr  5 14:05:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:05:19 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 14:05:19 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 14:05:19 splunk3 sendmail[12305]: n35L5Jgg012304: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:05:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:05:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:05:31 splunk3 sendmail[12368]: n35L5VTY012368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:06:31 splunk3 sendmail[12604]: n35L6VRo012604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:07:32 splunk3 sendmail[12843]: n35L7V9G012843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:08:32 splunk3 sendmail[13080]: n35L8WLJ013080: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:09:32 splunk3 sendmail[13355]: n35L9W8l013355: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:10:02 splunk3 sendmail[13577]: n35LA2Oc013577: from=root, size=292, class=0, nrcpts=1, msgid=<200904052110.n35LA2Oc013577@splunk3.splunkit.com>, relay=root@localhost
Apr  5 14:10:02 splunk3 sendmail[13582]: n35LA2WQ013582: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904052110.n35LA2Oc013577@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 14:10:02 splunk3 sendmail[13577]: n35LA2Oc013577: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35LA2WQ013582 Message accepted for delivery)
Apr  5 14:10:03 splunk3 sendmail[13583]: n35LA2WQ013582: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 14:10:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:10:20 splunk3 sendmail[13668]: n35LAKf2013668: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052110.n35LAJWG030544@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:10:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53019 
Apr  5 14:10:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:10:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:10:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:10:20 splunk3 spamd[13783]: spamd: processing message <200904052110.n35LAJWG030544@virt2.int.splunk.com> for spamme:501 
Apr  5 14:10:22 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  5 14:10:22 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53019,mid=<200904052110.n35LAJWG030544@virt2.int.splunk.com>,bayes=0.111862535803482,autolearn=no 
Apr  5 14:10:22 splunk3 sendmail[13669]: n35LAKf2013668: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:10:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:10:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:10:32 splunk3 sendmail[13730]: n35LAW5H013730: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 14:11:32 splunk3 sendmail[13971]: n35LBWvK013971: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:12:32 splunk3 sendmail[14207]: n35LCW6C014207: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:13:32 splunk3 sendmail[14446]: n35LDWdB014446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:14:32 splunk3 sendmail[14680]: n35LEWQi014680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:15:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:15:20 splunk3 sendmail[14876]: n35LFKnh014876: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052115.n35LFKiF031326@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:15:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53075 
Apr  5 14:15:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:15:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:15:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:15:20 splunk3 spamd[13783]: spamd: processing message <200904052115.n35LFKiF031326@virt2.int.splunk.com> for spamme:501 
Apr  5 14:15:22 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 14:15:22 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53075,mid=<200904052115.n35LFKiF031326@virt2.int.splunk.com>,bayes=0.111862535803482,autolearn=no 
Apr  5 14:15:22 splunk3 sendmail[14877]: n35LFKnh014876: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:15:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:15:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:15:32 splunk3 sendmail[14939]: n35LFWwR014939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:16:32 splunk3 sendmail[15171]: n35LGWba015171: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:17:32 splunk3 sendmail[15412]: n35LHWAR015412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:18:32 splunk3 sendmail[15658]: n35LIWKR015658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:19:32 splunk3 sendmail[15897]: n35LJWPh015897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:20:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:20:21 splunk3 sendmail[16097]: n35LKLrG016097: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052120.n35LKKVb031975@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:20:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53131 
Apr  5 14:20:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:20:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:20:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:20:21 splunk3 spamd[13783]: spamd: processing message <200904052120.n35LKKVb031975@virt2.int.splunk.com> for spamme:501 
Apr  5 14:20:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 14:20:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53131,mid=<200904052120.n35LKKVb031975@virt2.int.splunk.com>,bayes=0.111862535803482,autolearn=no 
Apr  5 14:20:23 splunk3 sendmail[16098]: n35LKLrG016097: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:20:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:20:32 splunk3 sendmail[16161]: n35LKWqv016161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:21:32 splunk3 sendmail[16401]: n35LLWHt016401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:22:32 splunk3 sendmail[16633]: n35LMWmf016633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:23:32 splunk3 sendmail[16875]: n35LNWju016875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:24:32 splunk3 sendmail[17113]: n35LOWw9017113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:25:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:25:21 splunk3 sendmail[17313]: n35LPLje017313: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052125.n35LPL5f032576@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:25:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53187 
Apr  5 14:25:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:25:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:25:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:25:21 splunk3 spamd[13783]: spamd: processing message <200904052125.n35LPL5f032576@virt2.int.splunk.com> for spamme:501 
Apr  5 14:25:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 14:25:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53187,mid=<200904052125.n35LPL5f032576@virt2.int.splunk.com>,bayes=0.111862535803482,autolearn=no 
Apr  5 14:25:24 splunk3 sendmail[17314]: n35LPLje017313: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 14:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:25:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:25:32 splunk3 sendmail[17375]: n35LPW3s017375: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 14:26:32 splunk3 sendmail[17612]: n35LQW4u017612: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:27:32 splunk3 sendmail[17852]: n35LRWbI017852: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:28:32 splunk3 sendmail[18087]: n35LSWGi018087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:29:32 splunk3 sendmail[18324]: n35LTWEI018324: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:30:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:30:21 splunk3 sendmail[18526]: n35LUL5q018526: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904052130.n35LULrN000731@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:30:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53243 
Apr  5 14:30:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:30:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:30:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:30:21 splunk3 spamd[13783]: spamd: processing message <200904052130.n35LULrN000731@virt2.int.splunk.com> for spamme:501 
Apr  5 14:30:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1302 bytes. 
Apr  5 14:30:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53243,mid=<200904052130.n35LULrN000731@virt2.int.splunk.com>,bayes=0.0659185772501237,autolearn=no 
Apr  5 14:30:23 splunk3 sendmail[18527]: n35LUL5q018526: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 14:30:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:30:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:30:32 splunk3 sendmail[18588]: n35LUWWA018588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:31:32 splunk3 sendmail[18826]: n35LVWg8018826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:32:32 splunk3 sendmail[19061]: n35LWWF8019061: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:33:32 splunk3 sendmail[19299]: n35LXWrT019299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:34:32 splunk3 sendmail[19535]: n35LYWal019535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:35:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:35:22 splunk3 sendmail[19734]: n35LZMlZ019734: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052135.n35LZLA0001496@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:35:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53299 
Apr  5 14:35:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:35:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:35:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:35:22 splunk3 spamd[13783]: spamd: processing message <200904052135.n35LZLA0001496@virt2.int.splunk.com> for spamme:501 
Apr  5 14:35:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 14:35:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53299,mid=<200904052135.n35LZLA0001496@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 14:35:24 splunk3 sendmail[19735]: n35LZMlZ019734: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 14:35:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:35:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:35:32 splunk3 sendmail[19797]: n35LZWKN019797: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:36:32 splunk3 sendmail[20032]: n35LaWg5020032: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:37:32 splunk3 sendmail[20266]: n35LbWUl020266: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:38:32 splunk3 sendmail[20506]: n35LcWQZ020506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:39:32 splunk3 sendmail[20747]: n35LdW78020747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:40:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:40:22 splunk3 sendmail[20948]: n35LeMvV020948: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052140.n35LeMn7002160@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:40:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53354 
Apr  5 14:40:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:40:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:40:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:40:22 splunk3 spamd[13783]: spamd: processing message <200904052140.n35LeMn7002160@virt2.int.splunk.com> for spamme:501 
Apr  5 14:40:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 14:40:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53354,mid=<200904052140.n35LeMn7002160@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 14:40:24 splunk3 sendmail[20949]: n35LeMvV020948: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 14:40:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:40:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:40:32 splunk3 sendmail[21011]: n35LeW2A021011: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 14:41:32 splunk3 sendmail[21252]: n35LfWpR021252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:42:32 splunk3 sendmail[21488]: n35LgWZ7021488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:43:32 splunk3 sendmail[21727]: n35LhWwU021727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:44:32 splunk3 sendmail[21961]: n35LiWBs021961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:45:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:45:23 splunk3 sendmail[22164]: n35LjN0o022164: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052145.n35LjMCb002766@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:45:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53411 
Apr  5 14:45:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:45:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:45:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:45:23 splunk3 spamd[13783]: spamd: processing message <200904052145.n35LjMCb002766@virt2.int.splunk.com> for spamme:501 
Apr  5 14:45:25 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 14:45:25 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53411,mid=<200904052145.n35LjMCb002766@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 14:45:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:45:25 splunk3 sendmail[22165]: n35LjN0o022164: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 14:45:29 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:45:32 splunk3 sendmail[22226]: n35LjWbc022226: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:46:32 splunk3 sendmail[22459]: n35LkW4p022459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:47:32 splunk3 sendmail[22697]: n35LlW4c022697: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:48:32 splunk3 sendmail[22933]: n35LmWQJ022933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:49:32 splunk3 sendmail[23173]: n35LnWol023173: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:50:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:50:23 splunk3 sendmail[23374]: n35LoNmd023374: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052150.n35LoNd7003380@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:50:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53466 
Apr  5 14:50:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:50:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:50:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:50:23 splunk3 spamd[13783]: spamd: processing message <200904052150.n35LoNd7003380@virt2.int.splunk.com> for spamme:501 
Apr  5 14:50:25 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1305 bytes. 
Apr  5 14:50:25 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53466,mid=<200904052150.n35LoNd7003380@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 14:50:25 splunk3 sendmail[23375]: n35LoNmd023374: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 14:50:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:50:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:50:32 splunk3 sendmail[23434]: n35LoWvp023434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:51:32 splunk3 sendmail[23671]: n35LpWeY023671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:52:32 splunk3 sendmail[23905]: n35LqWdR023905: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:53:21 splunk3 sendmail[24046]: n35Lr7Z9024046: from=<tonectid_1965@Fellov.dk>, size=5468, class=0, nrcpts=1, msgid=<200904052153.n35Lr7Z9024046@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=bb170081.virtua.com.br [187.23.0.129] (may be forged)
Apr  5 14:53:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53502 
Apr  5 14:53:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:53:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:53:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:53:21 splunk3 spamd[13783]: spamd: processing message <200904052153.n35Lr7Z9024046@splunk3.splunkit.com> for spamme:501 
Apr  5 14:53:24 splunk3 spamd[13783]: spamd: identified spam (10.5/5.0) for spamme:501 in 2.2 seconds, 5886 bytes. 
Apr  5 14:53:24 splunk3 spamd[13783]: spamd: result: Y 10 - BAYES_80,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_SBL scantime=2.2,size=5886,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53502,mid=<200904052153.n35Lr7Z9024046@splunk3.splunkit.com>,bayes=0.94157060369604,autolearn=no 
Apr  5 14:53:24 splunk3 sendmail[24103]: n35Lr7Z9024046: to=<spamme@splunkit.com>, delay=00:00:11, xdelay=00:00:03, mailer=local, pri=35801, dsn=2.0.0, stat=Sent
Apr  5 14:53:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:53:32 splunk3 sendmail[24152]: n35LrWvI024152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:54:32 splunk3 sendmail[24389]: n35LsWrj024389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:55:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 14:55:24 splunk3 sendmail[24609]: n35LtOQs024609: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052155.n35LtNof003985@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 14:55:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53523 
Apr  5 14:55:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 14:55:24 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 14:55:24 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 14:55:24 splunk3 spamd[13783]: spamd: processing message <200904052155.n35LtNof003985@virt2.int.splunk.com> for spamme:501 
Apr  5 14:55:26 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  5 14:55:26 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53523,mid=<200904052155.n35LtNof003985@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 14:55:26 splunk3 sendmail[24610]: n35LtOQs024609: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 14:55:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 14:55:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 14:55:32 splunk3 sendmail[24651]: n35LtWFL024651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 14:56:32 splunk3 sendmail[24889]: n35LuWLk024889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:57:32 splunk3 sendmail[25125]: n35LvWg2025125: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:58:32 splunk3 sendmail[25360]: n35LwWsg025360: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 14:59:32 splunk3 sendmail[25601]: n35LxWwX025601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:00:04 splunk3 sendmail[25807]: n35M04fu025807: from=root, size=291, class=0, nrcpts=1, msgid=<200904052200.n35M04fu025807@splunk3.splunkit.com>, relay=root@localhost
Apr  5 15:00:04 splunk3 sendmail[25811]: n35M04FT025811: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904052200.n35M04fu025807@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 15:00:04 splunk3 sendmail[25807]: n35M04fu025807: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35M04FT025811 Message accepted for delivery)
Apr  5 15:00:05 splunk3 sendmail[25812]: n35M04FT025811: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 15:00:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:00:24 splunk3 sendmail[25894]: n35M0OF6025894: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052200.n35M0Onj004623@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:00:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53580 
Apr  5 15:00:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:00:24 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 15:00:24 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 15:00:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:00:24 splunk3 sendmail[25895]: n35M0OF6025894: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:00:25 splunk3 sendmail[25911]: n35M0PQU025911: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904052200.n35M0PQU025911@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 15:00:25 splunk3 sendmail[25913]: n35M0PQU025911: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 15:00:25 splunk3 sendmail[25913]: n35M0PQU025911: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 15:00:25 splunk3 sendmail[25913]: n35M0PQU025911: n35M0PQU025913: postmaster notify: User unknown
Apr  5 15:00:26 splunk3 sendmail[25913]: n35M0PQU025913: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 15:00:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:00:32 splunk3 sendmail[25949]: n35M0WkG025949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:01:03 splunk3 sendmail[26074]: n35M11Gd026074: from=root, size=443, class=0, nrcpts=1, msgid=<200904052201.n35M11Gd026074@splunk3.splunkit.com>, relay=root@localhost
Apr  5 15:01:03 splunk3 sendmail[26079]: n35M13RX026079: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904052201.n35M11Gd026074@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 15:01:03 splunk3 sendmail[26074]: n35M11Gd026074: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35M13RX026079 Message accepted for delivery)
Apr  5 15:01:05 splunk3 sendmail[26080]: n35M13RX026079: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 15:01:32 splunk3 sendmail[26202]: n35M1WXc026202: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:02:32 splunk3 sendmail[26437]: n35M2WTe026437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:03:32 splunk3 sendmail[26678]: n35M3WFa026678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:04:32 splunk3 sendmail[26911]: n35M4WP5026911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:05:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:05:25 splunk3 sendmail[27132]: n35M5Pod027132: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052205.n35M5Om7005306@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:05:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53644 
Apr  5 15:05:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:05:25 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 15:05:25 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 15:05:25 splunk3 sendmail[27133]: n35M5Pod027132: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:05:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:05:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:05:32 splunk3 sendmail[27171]: n35M5WE6027171: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:06:32 splunk3 sendmail[27407]: n35M6WMq027407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:07:32 splunk3 sendmail[27646]: n35M7WpU027646: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:08:32 splunk3 sendmail[27884]: n35M8Wba027884: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:09:32 splunk3 sendmail[28124]: n35M9WDZ028124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:10:02 splunk3 sendmail[28338]: n35MA2DG028338: from=root, size=292, class=0, nrcpts=1, msgid=<200904052210.n35MA2DG028338@splunk3.splunkit.com>, relay=root@localhost
Apr  5 15:10:02 splunk3 sendmail[28343]: n35MA2g0028343: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904052210.n35MA2DG028338@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 15:10:02 splunk3 sendmail[28338]: n35MA2DG028338: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35MA2g0028343 Message accepted for delivery)
Apr  5 15:10:04 splunk3 sendmail[28344]: n35MA2g0028343: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 15:10:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:10:25 splunk3 sendmail[28450]: n35MAPnl028450: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052210.n35MAP82005925@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:10:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53700 
Apr  5 15:10:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:10:25 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:10:25 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:10:25 splunk3 spamd[13783]: spamd: processing message <200904052210.n35MAP82005925@virt2.int.splunk.com> for spamme:501 
Apr  5 15:10:27 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1305 bytes. 
Apr  5 15:10:27 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53700,mid=<200904052210.n35MAP82005925@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 15:10:27 splunk3 sendmail[28451]: n35MAPnl028450: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:10:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:10:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:10:32 splunk3 sendmail[28493]: n35MAWoF028493: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 15:11:32 splunk3 sendmail[28730]: n35MBWGV028730: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:12:32 splunk3 sendmail[28965]: n35MCWlc028965: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:13:32 splunk3 sendmail[29210]: n35MDWUn029210: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:14:32 splunk3 sendmail[29446]: n35MEWfo029446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:15:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:15:26 splunk3 sendmail[29668]: n35MFQMl029668: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052215.n35MFP13006709@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:15:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53757 
Apr  5 15:15:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:15:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:15:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:15:26 splunk3 spamd[13783]: spamd: processing message <200904052215.n35MFP13006709@virt2.int.splunk.com> for spamme:501 
Apr  5 15:15:28 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 15:15:28 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53757,mid=<200904052215.n35MFP13006709@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 15:15:28 splunk3 sendmail[29669]: n35MFQMl029668: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:15:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:15:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:15:32 splunk3 sendmail[29708]: n35MFWDx029708: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:16:32 splunk3 sendmail[29942]: n35MGWLR029942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:17:32 splunk3 sendmail[30183]: n35MHWZX030183: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:18:32 splunk3 sendmail[30416]: n35MIWTK030416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:19:32 splunk3 sendmail[30655]: n35MJWhD030655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:20:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:20:26 splunk3 sendmail[30881]: n35MKQO3030881: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052220.n35MKQAx007344@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:20:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53812 
Apr  5 15:20:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:20:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:20:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:20:26 splunk3 spamd[13783]: spamd: processing message <200904052220.n35MKQAx007344@virt2.int.splunk.com> for spamme:501 
Apr  5 15:20:28 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 15:20:28 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53812,mid=<200904052220.n35MKQAx007344@virt2.int.splunk.com>,bayes=0.168731078073867,autolearn=no 
Apr  5 15:20:28 splunk3 sendmail[30882]: n35MKQO3030881: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:20:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:20:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:20:32 splunk3 sendmail[30921]: n35MKWRd030921: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:21:08 splunk3 sendmail[30880]: n35MKPHa030880: from=<stuartv@dnforum.com>, size=5735, class=0, nrcpts=1, msgid=<227e019db359$34359d82$0d616a4f@dnforum.com>, proto=ESMTP, daemon=MTA, relay=[94.120.250.42]
Apr  5 15:21:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53827 
Apr  5 15:21:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:21:08 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:21:08 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:21:08 splunk3 spamd[13783]: spamd: processing message <227e019db359$34359d82$0d616a4f@dnforum.com> for spamme:501 
Apr  5 15:21:10 splunk3 spamd[13783]: spamd: identified spam (40.0/5.0) for spamme:501 in 1.9 seconds, 6003 bytes. 
Apr  5 15:21:10 splunk3 spamd[13783]: spamd: result: Y 39 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,DNS_FROM_RFC_POST,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.9,size=6003,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53827,mid=<227e019db359$34359d82$0d616a4f@dnforum.com>,bayes=1,autolearn=spam 
Apr  5 15:21:10 splunk3 sendmail[31077]: n35MKPHa030880: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:02, mailer=local, pri=35912, dsn=2.0.0, stat=Sent
Apr  5 15:21:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:21:32 splunk3 sendmail[31166]: n35MLWIv031166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:22:32 splunk3 sendmail[31399]: n35MMWP1031399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:23:32 splunk3 sendmail[31640]: n35MNWs9031640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:24:32 splunk3 sendmail[31878]: n35MOWp6031878: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:25:06 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:25:26 splunk3 sendmail[32097]: n35MPQqY032097: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052225.n35MPQ5a007946@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:25:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53869 
Apr  5 15:25:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:25:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:25:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:25:26 splunk3 spamd[13783]: spamd: processing message <200904052225.n35MPQ5a007946@virt2.int.splunk.com> for spamme:501 
Apr  5 15:25:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:25:29 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 15:25:29 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53869,mid=<200904052225.n35MPQ5a007946@virt2.int.splunk.com>,bayes=0.168725748894765,autolearn=no 
Apr  5 15:25:29 splunk3 sendmail[32098]: n35MPQqY032097: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:25:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:25:32 splunk3 sendmail[32135]: n35MPWRm032135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 15:26:32 splunk3 sendmail[32371]: n35MQWKk032371: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:27:32 splunk3 sendmail[32612]: n35MRW8A032612: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:28:32 splunk3 sendmail[380]: n35MSWcj000380: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:29:32 splunk3 sendmail[619]: n35MTWBP000619: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:30:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:30:27 splunk3 sendmail[841]: n35MUR88000841: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052230.n35MURM7008568@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:30:27 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53926 
Apr  5 15:30:27 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:30:27 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:30:27 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:30:27 splunk3 spamd[13783]: spamd: processing message <200904052230.n35MURM7008568@virt2.int.splunk.com> for spamme:501 
Apr  5 15:30:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:30:29 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 15:30:29 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53926,mid=<200904052230.n35MURM7008568@virt2.int.splunk.com>,bayes=0.168725748894765,autolearn=no 
Apr  5 15:30:29 splunk3 sendmail[842]: n35MUR88000841: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:30:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:30:32 splunk3 sendmail[884]: n35MUWlT000884: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:31:32 splunk3 sendmail[1125]: n35MVWml001125: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:32:32 splunk3 sendmail[1357]: n35MWWji001357: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:33:32 splunk3 sendmail[1597]: n35MXW15001597: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:34:32 splunk3 sendmail[1835]: n35MYWGd001835: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:35:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:35:28 splunk3 sendmail[2059]: n35MZRZV002059: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052235.n35MZREJ009340@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:35:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53981 
Apr  5 15:35:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:35:28 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:35:28 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:35:28 splunk3 spamd[13783]: spamd: processing message <200904052235.n35MZREJ009340@virt2.int.splunk.com> for spamme:501 
Apr  5 15:35:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:35:30 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 15:35:30 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53981,mid=<200904052235.n35MZREJ009340@virt2.int.splunk.com>,bayes=0.168725748894765,autolearn=no 
Apr  5 15:35:30 splunk3 sendmail[2060]: n35MZRZV002059: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:35:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:35:32 splunk3 sendmail[2098]: n35MZWpK002098: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:36:32 splunk3 sendmail[2333]: n35MaWJ2002333: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:37:32 splunk3 sendmail[2573]: n35MbWN9002573: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:38:32 splunk3 sendmail[2825]: n35McWM9002825: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:39:32 splunk3 sendmail[3072]: n35MdW0q003072: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:40:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:40:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:40:28 splunk3 sendmail[3319]: n35MeSVn003319: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904052240.n35MeS41009964@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:40:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54044 
Apr  5 15:40:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:40:28 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:40:28 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:40:28 splunk3 spamd[13783]: spamd: processing message <200904052240.n35MeS41009964@virt2.int.splunk.com> for spamme:501 
Apr  5 15:40:30 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  5 15:40:30 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54044,mid=<200904052240.n35MeS41009964@virt2.int.splunk.com>,bayes=0.168725748894765,autolearn=no 
Apr  5 15:40:30 splunk3 sendmail[3326]: n35MeSVn003319: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 15:40:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:40:32 splunk3 sendmail[3336]: n35MeWM0003336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 15:41:32 splunk3 sendmail[3595]: n35MfWMK003595: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:42:32 splunk3 sendmail[3840]: n35MgW7M003840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:43:32 splunk3 sendmail[4089]: n35MhWpL004089: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:44:32 splunk3 sendmail[4344]: n35MiWpP004344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:45:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:45:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:45:29 splunk3 sendmail[4585]: n35MjTAo004585: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052245.n35MjSTt010601@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:45:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54093 
Apr  5 15:45:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:45:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:45:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:45:29 splunk3 spamd[13783]: spamd: processing message <200904052245.n35MjSTt010601@virt2.int.splunk.com> for spamme:501 
Apr  5 15:45:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 15:45:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54093,mid=<200904052245.n35MjSTt010601@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 15:45:31 splunk3 sendmail[4586]: n35MjTAo004585: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 15:45:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:45:32 splunk3 sendmail[4610]: n35MjW1G004610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:46:32 splunk3 sendmail[4841]: n35MkWJ4004841: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:47:32 splunk3 sendmail[5091]: n35MlWFe005091: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:48:32 splunk3 sendmail[5368]: n35MmWQH005368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:49:32 splunk3 sendmail[5607]: n35MnWDE005607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:50:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:50:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:50:29 splunk3 sendmail[5851]: n35MoT6k005851: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052250.n35MoTh7011192@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:50:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54149 
Apr  5 15:50:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:50:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:50:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:50:29 splunk3 spamd[13783]: spamd: processing message <200904052250.n35MoTh7011192@virt2.int.splunk.com> for spamme:501 
Apr  5 15:50:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 15:50:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54149,mid=<200904052250.n35MoTh7011192@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 15:50:31 splunk3 sendmail[5852]: n35MoT6k005851: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 15:50:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:50:32 splunk3 sendmail[5871]: n35MoWIp005871: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:51:32 splunk3 sendmail[6110]: n35MpWQs006110: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:52:32 splunk3 sendmail[6347]: n35MqWRW006347: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:53:32 splunk3 sendmail[6587]: n35MrWCs006587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:54:32 splunk3 sendmail[6824]: n35MsWpV006824: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:55:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 15:55:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 15:55:30 splunk3 sendmail[7079]: n35MtTOn007079: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052255.n35MtTLG011821@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 15:55:30 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54212 
Apr  5 15:55:30 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 15:55:30 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 15:55:30 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 15:55:30 splunk3 spamd[13783]: spamd: processing message <200904052255.n35MtTLG011821@virt2.int.splunk.com> for spamme:501 
Apr  5 15:55:32 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 15:55:32 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54212,mid=<200904052255.n35MtTLG011821@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 15:55:32 splunk3 sendmail[7080]: n35MtTOn007079: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 15:55:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 15:55:32 splunk3 sendmail[7086]: n35MtW6s007086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 15:56:32 splunk3 sendmail[7322]: n35MuWd1007322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:57:32 splunk3 sendmail[7568]: n35MvWDb007568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:58:32 splunk3 sendmail[7800]: n35MwWcV007800: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 15:59:32 splunk3 sendmail[8040]: n35MxWe6008040: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:00:00 splunk3 sendmail[8154]: n35N00G8008154: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052300.n35N009E012342@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:00:00 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54256 
Apr  5 16:00:00 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:00:00 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:00:00 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:00:00 splunk3 spamd[13783]: spamd: processing message <200904052300.n35N009E012342@virt2.int.splunk.com> for spamme:501 
Apr  5 16:00:00 splunk3 sendmail[8172]: n35N00xs008172: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904052300.n35N00xs008172@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 16:00:00 splunk3 sendmail[8174]: n35N00xs008172: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 16:00:00 splunk3 sendmail[8174]: n35N00xs008172: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 16:00:00 splunk3 sendmail[8174]: n35N00xs008172: n35N00xs008174: postmaster notify: User unknown
Apr  5 16:00:02 splunk3 sendmail[8174]: n35N00xs008174: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 16:00:02 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 16:00:02 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54256,mid=<200904052300.n35N009E012342@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:00:02 splunk3 sendmail[8155]: n35N00G8008154: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:00:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:00:04 splunk3 sendmail[8278]: n35N04KM008278: from=root, size=291, class=0, nrcpts=1, msgid=<200904052300.n35N04KM008278@splunk3.splunkit.com>, relay=root@localhost
Apr  5 16:00:04 splunk3 sendmail[8282]: n35N04VQ008282: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904052300.n35N04KM008278@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 16:00:04 splunk3 sendmail[8278]: n35N04KM008278: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35N04VQ008282 Message accepted for delivery)
Apr  5 16:00:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:00:06 splunk3 sendmail[8283]: n35N04VQ008282: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 16:00:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:00:32 splunk3 sendmail[8387]: n35N0WZB008387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:01:07 splunk3 sendmail[8516]: n35N11kf008516: from=root, size=443, class=0, nrcpts=1, msgid=<200904052301.n35N11kf008516@splunk3.splunkit.com>, relay=root@localhost
Apr  5 16:01:07 splunk3 sendmail[8538]: n35N178u008538: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904052301.n35N11kf008516@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 16:01:07 splunk3 sendmail[8516]: n35N11kf008516: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35N178u008538 Message accepted for delivery)
Apr  5 16:01:09 splunk3 sendmail[8539]: n35N178u008538: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 16:01:32 splunk3 sendmail[8639]: n35N1WdR008639: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:02:32 splunk3 sendmail[8875]: n35N2WLt008875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:03:32 splunk3 sendmail[9115]: n35N3WQb009115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:04:32 splunk3 sendmail[9351]: n35N4W1R009351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:05:00 splunk3 sendmail[9470]: n35N50iF009470: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052305.n35N50qE013049@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:05:00 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54321 
Apr  5 16:05:00 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:05:00 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 16:05:00 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 16:05:00 splunk3 sendmail[9471]: n35N50iF009470: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:05:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:05:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:05:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:05:32 splunk3 sendmail[9611]: n35N5WXx009611: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:06:32 splunk3 sendmail[9848]: n35N6Wce009848: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:07:32 splunk3 sendmail[10100]: n35N7WLX010100: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:08:32 splunk3 sendmail[10339]: n35N8WUg010339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:09:32 splunk3 sendmail[10582]: n35N9Wdu010582: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:10:01 splunk3 sendmail[10777]: n35NA1eb010777: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052310.n35NA1QW013665@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:10:01 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54376 
Apr  5 16:10:01 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:10:01 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:10:01 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:10:01 splunk3 spamd[13783]: spamd: processing message <200904052310.n35NA1QW013665@virt2.int.splunk.com> for spamme:501 
Apr  5 16:10:02 splunk3 sendmail[10798]: n35NA2to010798: from=root, size=292, class=0, nrcpts=1, msgid=<200904052310.n35NA2to010798@splunk3.splunkit.com>, relay=root@localhost
Apr  5 16:10:02 splunk3 sendmail[10803]: n35NA2kM010803: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904052310.n35NA2to010798@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 16:10:02 splunk3 sendmail[10798]: n35NA2to010798: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n35NA2kM010803 Message accepted for delivery)
Apr  5 16:10:03 splunk3 sendmail[10804]: n35NA2kM010803: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 16:10:03 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 16:10:03 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54376,mid=<200904052310.n35NA1QW013665@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:10:03 splunk3 sendmail[10778]: n35NA1eb010777: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:10:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:10:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:10:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:10:32 splunk3 sendmail[10950]: n35NAWq5010950: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 16:11:32 splunk3 sendmail[11187]: n35NBWdh011187: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:12:32 splunk3 sendmail[11422]: n35NCWr8011422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:13:32 splunk3 sendmail[11661]: n35NDWun011661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:14:32 splunk3 sendmail[11892]: n35NEWqT011892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:15:02 splunk3 sendmail[11998]: n35NF26W011998: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052315.n35NF1aX014490@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:15:02 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54439 
Apr  5 16:15:02 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:15:02 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:15:02 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:15:02 splunk3 spamd[13783]: spamd: processing message <200904052315.n35NF1aX014490@virt2.int.splunk.com> for spamme:501 
Apr  5 16:15:04 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 16:15:04 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54439,mid=<200904052315.n35NF1aX014490@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:15:05 splunk3 sendmail[12005]: n35NF26W011998: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:15:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:15:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:15:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:15:32 splunk3 sendmail[12156]: n35NFW9h012156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:16:32 splunk3 sendmail[12392]: n35NGWi1012392: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:17:32 splunk3 sendmail[12631]: n35NHWVL012631: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:18:32 splunk3 sendmail[12866]: n35NIW2T012866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:19:32 splunk3 sendmail[13105]: n35NJW8s013105: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:20:03 splunk3 sendmail[13244]: n35NK3Uo013244: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052320.n35NK3rn015128@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:20:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54498 
Apr  5 16:20:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:20:03 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:20:03 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:20:03 splunk3 spamd[13783]: spamd: processing message <200904052320.n35NK3rn015128@virt2.int.splunk.com> for spamme:501 
Apr  5 16:20:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:20:05 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 16:20:05 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54498,mid=<200904052320.n35NK3rn015128@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:20:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:20:05 splunk3 sendmail[13246]: n35NK3Uo013244: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:20:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:20:33 splunk3 sendmail[13409]: n35NKXf0013409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:21:33 splunk3 sendmail[13646]: n35NLXn0013646: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:22:33 splunk3 sendmail[13882]: n35NMXkx013882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:23:33 splunk3 sendmail[14126]: n35NNXQl014126: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:24:33 splunk3 sendmail[14363]: n35NOX6I014363: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:25:03 splunk3 sendmail[14498]: n35NP3MA014498: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052325.n35NP3WT015739@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:25:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54554 
Apr  5 16:25:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:25:03 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:25:03 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:25:03 splunk3 spamd[13783]: spamd: processing message <200904052325.n35NP3WT015739@virt2.int.splunk.com> for spamme:501 
Apr  5 16:25:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:25:05 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 16:25:05 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54554,mid=<200904052325.n35NP3WT015739@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:25:05 splunk3 sendmail[14499]: n35NP3MA014498: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:25:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:25:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:25:33 splunk3 sendmail[14624]: n35NPXZh014624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 16:26:33 splunk3 sendmail[14858]: n35NQXVb014858: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:27:33 splunk3 sendmail[15095]: n35NRXi5015095: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:28:33 splunk3 sendmail[15328]: n35NSX2K015328: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:29:33 splunk3 sendmail[15577]: n35NTXX4015577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:30:04 splunk3 sendmail[15718]: n35NU4ED015718: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052330.n35NU3JZ016356@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:30:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54609 
Apr  5 16:30:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:30:04 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:30:04 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:30:04 splunk3 spamd[13783]: spamd: processing message <200904052330.n35NU3JZ016356@virt2.int.splunk.com> for spamme:501 
Apr  5 16:30:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:30:06 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 16:30:06 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54609,mid=<200904052330.n35NU3JZ016356@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:30:06 splunk3 sendmail[15719]: n35NU4ED015718: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:30:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:30:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:30:33 splunk3 sendmail[15843]: n35NUXMB015843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:30:42 splunk3 sendmail[15861]: n35NUgvb015861: from=<aw-confirm@ebay.com>, size=2403, class=0, nrcpts=1, msgid=<SERVER-001G0rm3rxUn000004ef@server-001.Edgewater.local>, proto=ESMTP, daemon=MTA, relay=rrcs-24-173-175-66.se.biz.rr.com [24.173.175.66]
Apr  5 16:30:43 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54615 
Apr  5 16:30:43 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:30:43 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:30:43 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:30:43 splunk3 spamd[13783]: spamd: processing message <SERVER-001G0rm3rxUn000004ef@server-001.Edgewater.local> for spamme:501 
Apr  5 16:30:44 splunk3 spamd[13783]: spamd: identified spam (24.8/5.0) for spamme:501 in 1.3 seconds, 2679 bytes. 
Apr  5 16:30:44 splunk3 spamd[13783]: spamd: result: Y 24 - BAYES_99,DNS_FROM_RFC_ABUSE,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORGED_RCVD_HELO,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,NO_REAL_NAME,TO_CC_NONE,URIBL_PH_SURBL,URIBL_SC_SURBL scantime=1.3,size=2679,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54615,mid=<SERVER-001G0rm3rxUn000004ef@server-001.Edgewater.local>,bayes=1,autolearn=no 
Apr  5 16:30:44 splunk3 sendmail[15882]: n35NUgvb015861: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32627, dsn=2.0.0, stat=Sent
Apr  5 16:30:44 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:31:33 splunk3 sendmail[16088]: n35NVXLc016088: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:32:33 splunk3 sendmail[16322]: n35NWXcj016322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:33:33 splunk3 sendmail[16561]: n35NXXNP016561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:34:33 splunk3 sendmail[16796]: n35NYXm7016796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:35:05 splunk3 sendmail[16936]: n35NZ4P7016936: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052335.n35NZ4nj017100@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:35:05 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:35:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54666 
Apr  5 16:35:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:35:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:35:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:35:05 splunk3 spamd[13783]: spamd: processing message <200904052335.n35NZ4nj017100@virt2.int.splunk.com> for spamme:501 
Apr  5 16:35:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 16:35:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54666,mid=<200904052335.n35NZ4nj017100@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:35:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:35:07 splunk3 sendmail[16937]: n35NZ4P7016936: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:35:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:35:33 splunk3 sendmail[17057]: n35NZXFV017057: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:36:33 splunk3 sendmail[17293]: n35NaXRp017293: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:37:33 splunk3 sendmail[17533]: n35NbX47017533: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:38:33 splunk3 sendmail[17773]: n35NcXCK017773: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:39:33 splunk3 sendmail[18012]: n35NdXKK018012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:40:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:40:05 splunk3 sendmail[18150]: n35Ne5uV018150: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052340.n35Ne5YG017734@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:40:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54722 
Apr  5 16:40:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:40:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:40:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:40:05 splunk3 spamd[13783]: spamd: processing message <200904052340.n35Ne5YG017734@virt2.int.splunk.com> for spamme:501 
Apr  5 16:40:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 16:40:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54722,mid=<200904052340.n35Ne5YG017734@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:40:07 splunk3 sendmail[18151]: n35Ne5uV018150: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:40:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:40:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:40:33 splunk3 sendmail[18275]: n35NeX7t018275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 16:41:33 splunk3 sendmail[18514]: n35NfXoD018514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:42:33 splunk3 sendmail[18749]: n35NgXDj018749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:43:33 splunk3 sendmail[18989]: n35NhXuG018989: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:44:33 splunk3 sendmail[19225]: n35NiXx7019225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:45:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:45:06 splunk3 sendmail[19364]: n35Nj6iZ019364: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052345.n35Nj6pp018346@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:45:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54778 
Apr  5 16:45:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:45:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:45:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:45:06 splunk3 spamd[13783]: spamd: processing message <200904052345.n35Nj6pp018346@virt2.int.splunk.com> for spamme:501 
Apr  5 16:45:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 16:45:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54778,mid=<200904052345.n35Nj6pp018346@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:45:08 splunk3 sendmail[19365]: n35Nj6iZ019364: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:45:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:45:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:45:33 splunk3 sendmail[19488]: n35NjXbH019488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:46:33 splunk3 sendmail[19719]: n35NkXXx019719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:47:33 splunk3 sendmail[19955]: n35NlXVY019955: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:48:33 splunk3 sendmail[20191]: n35NmX44020191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:49:33 splunk3 sendmail[20429]: n35NnXeH020429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:50:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:50:06 splunk3 sendmail[20573]: n35No6da020573: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052350.n35No6Y0018962@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:50:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54834 
Apr  5 16:50:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:50:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:50:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:50:06 splunk3 spamd[13783]: spamd: processing message <200904052350.n35No6Y0018962@virt2.int.splunk.com> for spamme:501 
Apr  5 16:50:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 16:50:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54834,mid=<200904052350.n35No6Y0018962@virt2.int.splunk.com>,bayes=0.11185809725151,autolearn=no 
Apr  5 16:50:08 splunk3 sendmail[20574]: n35No6da020573: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:50:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:50:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:50:33 splunk3 sendmail[20695]: n35NoXPd020695: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:51:33 splunk3 sendmail[20935]: n35NpXBs020935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:52:33 splunk3 sendmail[21170]: n35NqX9Y021170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:52:49 splunk3 sendmail[21206]: n35NqjRx021206: from=<spamme@splunkit.com>, size=2744, class=0, nrcpts=1, msgid=<200904052352.n35NqjRx021206@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=189-18-151-87.dsl.telesp.net.br [189.18.151.87]
Apr  5 16:52:49 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54859 
Apr  5 16:52:49 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:52:49 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:52:49 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:52:49 splunk3 spamd[13783]: spamd: processing message <200904052352.n35NqjRx021206@splunk3.splunkit.com> for spamme:501 
Apr  5 16:52:51 splunk3 spamd[13783]: spamd: identified spam (35.6/5.0) for spamme:501 in 1.4 seconds, 3158 bytes. 
Apr  5 16:52:51 splunk3 spamd[13783]: spamd: result: Y 35 - AWL,BAYES_99,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,HTML_90_100,HTML_IMAGE_ONLY_28,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.4,size=3158,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54859,mid=<200904052352.n35NqjRx021206@splunk3.splunkit.com>,bayes=1,autolearn=spam 
Apr  5 16:52:51 splunk3 sendmail[21227]: n35NqjRx021206: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:05, xdelay=00:00:02, mailer=local, pri=33080, dsn=2.0.0, stat=Sent
Apr  5 16:52:51 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:53:33 splunk3 sendmail[21418]: n35NrXUp021418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:54:33 splunk3 sendmail[21655]: n35NsX9d021655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:55:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 16:55:07 splunk3 sendmail[21793]: n35Nt7a2021793: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904052355.n35Nt65r019572@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 16:55:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54890 
Apr  5 16:55:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 16:55:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 16:55:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 16:55:07 splunk3 spamd[13783]: spamd: processing message <200904052355.n35Nt65r019572@virt2.int.splunk.com> for spamme:501 
Apr  5 16:55:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 16:55:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54890,mid=<200904052355.n35Nt65r019572@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 16:55:09 splunk3 sendmail[21794]: n35Nt7a2021793: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 16:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 16:55:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 16:55:33 splunk3 sendmail[21916]: n35NtXEK021916: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 16:56:33 splunk3 sendmail[22152]: n35NuXVH022152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:57:33 splunk3 sendmail[22392]: n35NvXEm022392: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:58:33 splunk3 sendmail[22627]: n35NwXbj022627: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 16:59:33 splunk3 sendmail[22867]: n35NxXJO022867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:00:04 splunk3 sendmail[23051]: n36004HC023051: from=root, size=291, class=0, nrcpts=1, msgid=<200904060000.n36004HC023051@splunk3.splunkit.com>, relay=root@localhost
Apr  5 17:00:04 splunk3 sendmail[23055]: n36004dt023055: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060000.n36004HC023051@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 17:00:04 splunk3 sendmail[23051]: n36004HC023051: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36004dt023055 Message accepted for delivery)
Apr  5 17:00:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:00:05 splunk3 sendmail[23056]: n36004dt023055: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 17:00:07 splunk3 sendmail[23092]: n36007d8023092: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060000.n36007d8023092@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 17:00:07 splunk3 sendmail[23094]: n36007d8023092: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 17:00:07 splunk3 sendmail[23094]: n36007d8023092: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 17:00:07 splunk3 sendmail[23094]: n36007d8023092: n36007d8023094: postmaster notify: User unknown
Apr  5 17:00:08 splunk3 sendmail[23107]: n36008lF023107: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060000.n36007vW020221@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:00:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54955 
Apr  5 17:00:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:00:08 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 17:00:08 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 17:00:08 splunk3 sendmail[23108]: n36008lF023107: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:00:09 splunk3 sendmail[23094]: n36007d8023094: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 17:00:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:00:33 splunk3 sendmail[23213]: n3600XTt023213: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:01:08 splunk3 sendmail[23321]: n36011qh023321: from=root, size=443, class=0, nrcpts=1, msgid=<200904060001.n36011qh023321@splunk3.splunkit.com>, relay=root@localhost
Apr  5 17:01:08 splunk3 sendmail[23357]: n36018pS023357: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060001.n36011qh023321@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 17:01:08 splunk3 sendmail[23321]: n36011qh023321: to=root, ctladdr=root (0/0), delay=00:00:07, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36018pS023357 Message accepted for delivery)
Apr  5 17:01:10 splunk3 sendmail[23360]: n36018pS023357: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 17:01:33 splunk3 sendmail[23463]: n3601XrS023463: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:02:33 splunk3 sendmail[23695]: n3602XQQ023695: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:03:33 splunk3 sendmail[23933]: n3603XjF023933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:04:33 splunk3 sendmail[24169]: n3604XTX024169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:05:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:05:08 splunk3 sendmail[24327]: n36058eB024327: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060005.n36058DF020907@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:05:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55011 
Apr  5 17:05:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:05:08 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 17:05:08 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 17:05:08 splunk3 sendmail[24328]: n36058eB024327: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:05:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:05:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:05:33 splunk3 sendmail[24431]: n3605XfW024431: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:06:33 splunk3 sendmail[24668]: n3606XEX024668: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:07:33 splunk3 sendmail[24905]: n3607XAd024905: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:08:33 splunk3 sendmail[25144]: n3608X4f025144: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:09:33 splunk3 sendmail[25386]: n3609XmW025386: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:10:02 splunk3 sendmail[25605]: n360A27O025605: from=root, size=292, class=0, nrcpts=1, msgid=<200904060010.n360A27O025605@splunk3.splunkit.com>, relay=root@localhost
Apr  5 17:10:02 splunk3 sendmail[25610]: n360A2S5025610: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060010.n360A27O025605@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 17:10:02 splunk3 sendmail[25605]: n360A27O025605: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n360A2S5025610 Message accepted for delivery)
Apr  5 17:10:03 splunk3 sendmail[25611]: n360A2S5025610: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 17:10:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:10:09 splunk3 sendmail[25645]: n360A9sb025645: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060010.n360A81j021522@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:10:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55068 
Apr  5 17:10:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:10:09 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:10:09 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:10:09 splunk3 spamd[13783]: spamd: processing message <200904060010.n360A81j021522@virt2.int.splunk.com> for spamme:501 
Apr  5 17:10:11 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 17:10:11 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55068,mid=<200904060010.n360A81j021522@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:10:11 splunk3 sendmail[25647]: n360A9sb025645: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:10:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:10:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:10:33 splunk3 sendmail[25753]: n360AXEg025753: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 17:11:33 splunk3 sendmail[25993]: n360BX7g025993: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:12:33 splunk3 sendmail[26230]: n360CXKG026230: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:13:33 splunk3 sendmail[26469]: n360DXCS026469: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:14:33 splunk3 sendmail[26703]: n360EXHG026703: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:15:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:15:09 splunk3 sendmail[26861]: n360F9Y7026861: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060015.n360F9WV022303@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:15:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55125 
Apr  5 17:15:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:15:09 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:15:09 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:15:09 splunk3 spamd[13783]: spamd: processing message <200904060015.n360F9WV022303@virt2.int.splunk.com> for spamme:501 
Apr  5 17:15:11 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 17:15:11 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55125,mid=<200904060015.n360F9WV022303@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:15:11 splunk3 sendmail[26862]: n360F9Y7026861: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:15:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:15:28 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:15:33 splunk3 sendmail[26966]: n360FXTB026966: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:16:33 splunk3 sendmail[27202]: n360GXCl027202: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:17:33 splunk3 sendmail[27437]: n360HXA9027437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:18:33 splunk3 sendmail[27673]: n360IXhV027673: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:19:33 splunk3 sendmail[27912]: n360JXi4027912: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:20:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:20:10 splunk3 sendmail[28071]: n360KAOv028071: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060020.n360K9Bi022934@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:20:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55180 
Apr  5 17:20:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:20:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:20:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:20:10 splunk3 spamd[13783]: spamd: processing message <200904060020.n360K9Bi022934@virt2.int.splunk.com> for spamme:501 
Apr  5 17:20:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 17:20:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55180,mid=<200904060020.n360K9Bi022934@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:20:12 splunk3 sendmail[28072]: n360KAOv028071: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:20:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:20:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:20:33 splunk3 sendmail[28177]: n360KXLH028177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:21:33 splunk3 sendmail[28415]: n360LX3S028415: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:22:33 splunk3 sendmail[28649]: n360MXoj028649: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:23:33 splunk3 sendmail[28895]: n360NXkH028895: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:24:33 splunk3 sendmail[29128]: n360OXaa029128: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:25:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:25:10 splunk3 sendmail[29286]: n360PA6W029286: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060025.n360PAQi023571@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:25:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55236 
Apr  5 17:25:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:25:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:25:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:25:10 splunk3 spamd[13783]: spamd: processing message <200904060025.n360PAQi023571@virt2.int.splunk.com> for spamme:501 
Apr  5 17:25:14 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 3.5 seconds, 1308 bytes. 
Apr  5 17:25:14 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=3.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55236,mid=<200904060025.n360PAQi023571@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:25:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:25:14 splunk3 sendmail[29287]: n360PA6W029286: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:25:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:25:33 splunk3 sendmail[29391]: n360PXbk029391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 17:26:33 splunk3 sendmail[29628]: n360QXFu029628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:27:33 splunk3 sendmail[29868]: n360RXWw029868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:28:33 splunk3 sendmail[30101]: n360SX8r030101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:29:33 splunk3 sendmail[30340]: n360TXjT030340: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:30:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:30:13 splunk3 sendmail[30505]: n360UDx2030505: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060030.n360UBNC024193@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:30:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55284 
Apr  5 17:30:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:30:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:30:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:30:13 splunk3 spamd[13783]: spamd: processing message <200904060030.n360UBNC024193@virt2.int.splunk.com> for spamme:501 
Apr  5 17:30:15 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 17:30:15 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55284,mid=<200904060030.n360UBNC024193@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:30:15 splunk3 sendmail[30506]: n360UDx2030505: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:30:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:30:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:30:33 splunk3 sendmail[30606]: n360UXoP030606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:31:33 splunk3 sendmail[30841]: n360VX02030841: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:32:33 splunk3 sendmail[31076]: n360WX9f031076: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:33:33 splunk3 sendmail[31316]: n360XXt6031316: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:34:33 splunk3 sendmail[31551]: n360YXYR031551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:35:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:35:14 splunk3 sendmail[31714]: n360ZEbk031714: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060035.n360ZD1T024937@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:35:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55340 
Apr  5 17:35:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:35:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:35:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:35:14 splunk3 spamd[13783]: spamd: processing message <200904060035.n360ZD1T024937@virt2.int.splunk.com> for spamme:501 
Apr  5 17:35:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  5 17:35:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55340,mid=<200904060035.n360ZD1T024937@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:35:16 splunk3 sendmail[31715]: n360ZEbk031714: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:35:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:35:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:35:33 splunk3 sendmail[31811]: n360ZXZZ031811: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:36:33 splunk3 sendmail[32045]: n360aXn9032045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:37:33 splunk3 sendmail[32281]: n360bXVK032281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:38:33 splunk3 sendmail[32518]: n360cXtp032518: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:39:33 splunk3 sendmail[32758]: n360dX1b032758: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:40:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:40:15 splunk3 sendmail[458]: n360eFYS000458: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060040.n360eFEp025574@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:40:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55396 
Apr  5 17:40:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:40:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:40:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:40:15 splunk3 spamd[13783]: spamd: processing message <200904060040.n360eFEp025574@virt2.int.splunk.com> for spamme:501 
Apr  5 17:40:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 17:40:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55396,mid=<200904060040.n360eFEp025574@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:40:17 splunk3 sendmail[459]: n360eFYS000458: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:40:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:40:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:40:33 splunk3 sendmail[557]: n360eXTw000557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 17:41:33 splunk3 sendmail[798]: n360fXUn000798: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:42:33 splunk3 sendmail[1032]: n360gXlF001032: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:43:33 splunk3 sendmail[1272]: n360hXQ0001272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:44:33 splunk3 sendmail[1506]: n360iX0C001506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:45:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:45:15 splunk3 sendmail[1671]: n360jFVJ001671: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060045.n360jFH7026189@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:45:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55452 
Apr  5 17:45:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:45:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:45:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:45:15 splunk3 spamd[13783]: spamd: processing message <200904060045.n360jFH7026189@virt2.int.splunk.com> for spamme:501 
Apr  5 17:45:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  5 17:45:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55452,mid=<200904060045.n360jFH7026189@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:45:17 splunk3 sendmail[1673]: n360jFVJ001671: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:45:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:45:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:45:33 splunk3 sendmail[1770]: n360jXov001770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:46:33 splunk3 sendmail[2007]: n360kX7L002007: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:47:33 splunk3 sendmail[2247]: n360lXKe002247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:48:33 splunk3 sendmail[2483]: n360mXRY002483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:49:33 splunk3 sendmail[2726]: n360nXrd002726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:50:04 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:50:16 splunk3 sendmail[2900]: n360oGvG002900: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060050.n360oGmP026806@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:50:16 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55508 
Apr  5 17:50:16 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:50:16 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:50:16 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:50:16 splunk3 spamd[13783]: spamd: processing message <200904060050.n360oGmP026806@virt2.int.splunk.com> for spamme:501 
Apr  5 17:50:18 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 17:50:18 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55508,mid=<200904060050.n360oGmP026806@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:50:18 splunk3 sendmail[2901]: n360oGvG002900: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:50:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:50:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:50:33 splunk3 sendmail[3004]: n360oXY6003004: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:51:33 splunk3 sendmail[3247]: n360pXHH003247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:52:33 splunk3 sendmail[3481]: n360qXx4003481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:53:33 splunk3 sendmail[3751]: n360rXqv003751: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:54:33 splunk3 sendmail[3990]: n360sXQA003990: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:55:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 17:55:17 splunk3 sendmail[4184]: n360tHUP004184: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060055.n360tGBg027412@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 17:55:17 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55563 
Apr  5 17:55:17 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 17:55:17 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 17:55:17 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 17:55:17 splunk3 spamd[13783]: spamd: processing message <200904060055.n360tGBg027412@virt2.int.splunk.com> for spamme:501 
Apr  5 17:55:19 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 17:55:19 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55563,mid=<200904060055.n360tGBg027412@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 17:55:19 splunk3 sendmail[4185]: n360tHUP004184: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 17:55:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 17:55:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 17:55:33 splunk3 sendmail[4271]: n360tXpx004271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 17:56:33 splunk3 sendmail[4515]: n360uXGa004515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:57:33 splunk3 sendmail[4756]: n360vXGK004756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:58:33 splunk3 sendmail[5001]: n360wXlW005001: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 17:59:33 splunk3 sendmail[5276]: n360xXvY005276: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:00:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:00:04 splunk3 sendmail[5471]: n36104fN005471: from=root, size=291, class=0, nrcpts=1, msgid=<200904060100.n36104fN005471@splunk3.splunkit.com>, relay=root@localhost
Apr  5 18:00:04 splunk3 sendmail[5475]: n36104ol005475: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060100.n36104fN005471@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 18:00:04 splunk3 sendmail[5471]: n36104fN005471: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36104ol005475 Message accepted for delivery)
Apr  5 18:00:05 splunk3 sendmail[5476]: n36104ol005475: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 18:00:17 splunk3 sendmail[5533]: n3610HBA005533: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060100.n3610HMh028052@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:00:17 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55622 
Apr  5 18:00:17 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:00:17 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 18:00:17 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 18:00:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:00:17 splunk3 sendmail[5534]: n3610HBA005533: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:00:18 splunk3 sendmail[5551]: n3610IXA005551: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904060100.n3610IXA005551@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 18:00:18 splunk3 sendmail[5553]: n3610IXA005551: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 18:00:18 splunk3 sendmail[5553]: n3610IXA005551: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 18:00:18 splunk3 sendmail[5553]: n3610IXA005551: n3610IXA005553: postmaster notify: User unknown
Apr  5 18:00:19 splunk3 sendmail[5553]: n3610IXA005553: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 18:00:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:00:33 splunk3 sendmail[5630]: n3610Xdu005630: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:01:03 splunk3 sendmail[5740]: n3611120005740: from=root, size=443, class=0, nrcpts=1, msgid=<200904060101.n3611120005740@splunk3.splunkit.com>, relay=root@localhost
Apr  5 18:01:03 splunk3 sendmail[5758]: n36113SN005758: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060101.n3611120005740@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 18:01:03 splunk3 sendmail[5740]: n3611120005740: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36113SN005758 Message accepted for delivery)
Apr  5 18:01:04 splunk3 sendmail[5759]: n36113SN005758: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 18:01:33 splunk3 sendmail[5883]: n3611XEr005883: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:02:33 splunk3 sendmail[6118]: n3612XRP006118: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:03:33 splunk3 sendmail[6357]: n3613X2p006357: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:04:33 splunk3 sendmail[6592]: n3614XUi006592: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:05:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:05:18 splunk3 sendmail[6773]: n3615Ii6006773: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060105.n3615IAW028735@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:05:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55690 
Apr  5 18:05:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:05:18 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 18:05:18 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 18:05:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:05:18 splunk3 sendmail[6776]: n3615Ii6006773: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:05:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:05:33 splunk3 sendmail[6852]: n3615XZx006852: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:06:33 splunk3 sendmail[7085]: n3616Xui007085: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:07:33 splunk3 sendmail[7323]: n3617XiJ007323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:08:33 splunk3 sendmail[7570]: n3618XrA007570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:09:33 splunk3 sendmail[7809]: n3619XXX007809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:10:02 splunk3 sendmail[8027]: n361A2EK008027: from=root, size=292, class=0, nrcpts=1, msgid=<200904060110.n361A2EK008027@splunk3.splunkit.com>, relay=root@localhost
Apr  5 18:10:02 splunk3 sendmail[8032]: n361A2pe008032: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060110.n361A2EK008027@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 18:10:02 splunk3 sendmail[8027]: n361A2EK008027: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n361A2pe008032 Message accepted for delivery)
Apr  5 18:10:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:10:03 splunk3 sendmail[8033]: n361A2pe008032: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 18:10:19 splunk3 sendmail[8097]: n361AIDo008097: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060110.n361AIQ2029352@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:10:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55741 
Apr  5 18:10:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:10:19 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:10:19 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:10:19 splunk3 spamd[13783]: spamd: processing message <200904060110.n361AIQ2029352@virt2.int.splunk.com> for spamme:501 
Apr  5 18:10:21 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 18:10:21 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55741,mid=<200904060110.n361AIQ2029352@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 18:10:21 splunk3 sendmail[8098]: n361AIDo008097: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:10:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:10:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:10:33 splunk3 sendmail[8177]: n361AX18008177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 18:11:33 splunk3 sendmail[8417]: n361BXjJ008417: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:12:33 splunk3 sendmail[8651]: n361CXuw008651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:13:33 splunk3 sendmail[8887]: n361DXL6008887: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:14:33 splunk3 sendmail[9123]: n361EXmS009123: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:15:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:15:19 splunk3 sendmail[9304]: n361FJu2009304: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060115.n361FJCa030140@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:15:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55798 
Apr  5 18:15:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:15:19 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:15:19 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:15:19 splunk3 spamd[13783]: spamd: processing message <200904060115.n361FJCa030140@virt2.int.splunk.com> for spamme:501 
Apr  5 18:15:21 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 18:15:21 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55798,mid=<200904060115.n361FJCa030140@virt2.int.splunk.com>,bayes=0.11185068613435,autolearn=no 
Apr  5 18:15:21 splunk3 sendmail[9305]: n361FJu2009304: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:15:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:15:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:15:33 splunk3 sendmail[9387]: n361FXE3009387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:16:33 splunk3 sendmail[9623]: n361GXEd009623: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:17:33 splunk3 sendmail[9860]: n361HXCK009860: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:18:16 splunk3 sendmail[10029]: n361IGps010029: from=<3WFjZSRQKBtM5DD5A3zA3GIH-CDG3EAN5DD5A3.1DBHEzBB3HEAJC97I.1DB@alerts.bounces.google.com>, size=2531, class=0, nrcpts=1, msgid=<001636163cc74557350466d8ac5b@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.166]
Apr  5 18:18:16 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55833 
Apr  5 18:18:16 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:18:16 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:18:16 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:18:16 splunk3 spamd[13783]: spamd: processing message <001636163cc74557350466d8ac5b@google.com> for spamme:501 
Apr  5 18:18:18 splunk3 spamd[13783]: spamd: clean message (-2.2/5.0) for spamme:501 in 1.4 seconds, 2960 bytes. 
Apr  5 18:18:18 splunk3 spamd[13783]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.4,size=2960,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55833,mid=<001636163cc74557350466d8ac5b@google.com>,bayes=0,autolearn=ham 
Apr  5 18:18:18 splunk3 sendmail[10033]: n361IGps010029: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32741, dsn=2.0.0, stat=Sent
Apr  5 18:18:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:18:33 splunk3 sendmail[10102]: n361IXH7010102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:19:33 splunk3 sendmail[10339]: n361JXSe010339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:20:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:20:19 splunk3 sendmail[10526]: n361KJPI010526: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060120.n361KJeR030769@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:20:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55854 
Apr  5 18:20:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:20:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:20:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:20:20 splunk3 spamd[13783]: spamd: processing message <200904060120.n361KJeR030769@virt2.int.splunk.com> for spamme:501 
Apr  5 18:20:22 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 18:20:22 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55854,mid=<200904060120.n361KJeR030769@virt2.int.splunk.com>,bayes=0.111882647122884,autolearn=no 
Apr  5 18:20:22 splunk3 sendmail[10527]: n361KJPI010526: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:20:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:20:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:20:33 splunk3 sendmail[10604]: n361KXEf010604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:21:33 splunk3 sendmail[10845]: n361LXJR010845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:22:33 splunk3 sendmail[11078]: n361MXML011078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:23:33 splunk3 sendmail[11322]: n361NXXh011322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:24:33 splunk3 sendmail[11556]: n361OXjF011556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:25:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:25:20 splunk3 sendmail[11740]: n361PKoi011740: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060125.n361PKt1031379@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:25:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55910 
Apr  5 18:25:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:25:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:25:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:25:20 splunk3 spamd[13783]: spamd: processing message <200904060125.n361PKt1031379@virt2.int.splunk.com> for spamme:501 
Apr  5 18:25:22 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 18:25:22 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55910,mid=<200904060125.n361PKt1031379@virt2.int.splunk.com>,bayes=0.111882647122884,autolearn=no 
Apr  5 18:25:22 splunk3 sendmail[11741]: n361PKoi011740: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:25:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:25:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:25:33 splunk3 sendmail[11819]: n361PXmb011819: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 18:26:33 splunk3 sendmail[12052]: n361QXCe012052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:27:34 splunk3 sendmail[12289]: n361RXdR012289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:28:34 splunk3 sendmail[12523]: n361SYJL012523: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:29:34 splunk3 sendmail[12761]: n361TYgd012761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:30:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:30:20 splunk3 sendmail[12945]: n361UKFQ012945: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060130.n361UKXr032003@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:30:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55966 
Apr  5 18:30:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:30:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:30:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:30:21 splunk3 spamd[13783]: spamd: processing message <200904060130.n361UKXr032003@virt2.int.splunk.com> for spamme:501 
Apr  5 18:30:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 18:30:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55966,mid=<200904060130.n361UKXr032003@virt2.int.splunk.com>,bayes=0.111882647122884,autolearn=no 
Apr  5 18:30:23 splunk3 sendmail[12946]: n361UKFQ012945: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:30:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:30:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:30:34 splunk3 sendmail[13028]: n361UY1v013028: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:31:34 splunk3 sendmail[13272]: n361VYQw013272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:32:34 splunk3 sendmail[13539]: n361WYsT013539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:33:34 splunk3 sendmail[13777]: n361XYZU013777: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:34:34 splunk3 sendmail[14012]: n361YY4U014012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:35:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:35:21 splunk3 sendmail[14207]: n361ZL8J014207: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060135.n361ZLZX032746@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:35:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56021 
Apr  5 18:35:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:35:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:35:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:35:21 splunk3 spamd[13783]: spamd: processing message <200904060135.n361ZLZX032746@virt2.int.splunk.com> for spamme:501 
Apr  5 18:35:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 18:35:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56021,mid=<200904060135.n361ZLZX032746@virt2.int.splunk.com>,bayes=0.111882647122884,autolearn=no 
Apr  5 18:35:23 splunk3 sendmail[14219]: n361ZL8J014207: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 18:35:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:35:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:35:34 splunk3 sendmail[14277]: n361ZYac014277: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:36:06 splunk3 sendmail[14394]: n361a3Zg014394: from=<Alicia-extorquo@365ask.com>, size=1907, class=0, nrcpts=1, msgid=<200904060136.n361a3Zg014394@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=c-76-17-18-182.hsd1.ga.comcast.net [76.17.18.182]
Apr  5 18:36:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56035 
Apr  5 18:36:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:36:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:36:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:36:07 splunk3 spamd[13783]: spamd: processing message <200904060136.n361a3Zg014394@splunk3.splunkit.com> for spamme:501 
Apr  5 18:36:11 splunk3 spamd[13783]: spamd: identified spam (20.3/5.0) for spamme:501 in 4.9 seconds, 2339 bytes. 
Apr  5 18:36:11 splunk3 spamd[13783]: spamd: result: Y 20 - BAYES_99,HELO_DYNAMIC_IPADDR,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_SBL scantime=4.9,size=2339,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56035,mid=<200904060136.n361a3Zg014394@splunk3.splunkit.com>,bayes=0.990356343961986,autolearn=spam 
Apr  5 18:36:11 splunk3 sendmail[14412]: n361a3Zg014394: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:05, mailer=local, pri=32247, dsn=2.0.0, stat=Sent
Apr  5 18:36:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:36:34 splunk3 sendmail[14519]: n361aYpA014519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:37:34 splunk3 sendmail[14759]: n361bYvj014759: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:38:34 splunk3 sendmail[14995]: n361cYOA014995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:39:34 splunk3 sendmail[15234]: n361dYX4015234: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:40:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:40:21 splunk3 sendmail[15443]: n361eLve015443: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904060140.n361eLlF000931@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:40:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56077 
Apr  5 18:40:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:40:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:40:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:40:21 splunk3 spamd[13783]: spamd: processing message <200904060140.n361eLlF000931@virt2.int.splunk.com> for spamme:501 
Apr  5 18:40:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1302 bytes. 
Apr  5 18:40:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56077,mid=<200904060140.n361eLlF000931@virt2.int.splunk.com>,bayes=0.0659284961041864,autolearn=no 
Apr  5 18:40:23 splunk3 sendmail[15444]: n361eLve015443: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 18:40:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:40:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:40:34 splunk3 sendmail[15508]: n361eYcn015508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 18:41:34 splunk3 sendmail[15746]: n361fYjO015746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:42:34 splunk3 sendmail[15983]: n361gYnZ015983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:43:34 splunk3 sendmail[16222]: n361hYtu016222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:44:34 splunk3 sendmail[16458]: n361iYE4016458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:45:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:45:22 splunk3 sendmail[16660]: n361jMEr016660: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060145.n361jMkH001562@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:45:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56136 
Apr  5 18:45:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:45:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:45:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:45:22 splunk3 spamd[13783]: spamd: processing message <200904060145.n361jMkH001562@virt2.int.splunk.com> for spamme:501 
Apr  5 18:45:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 18:45:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56136,mid=<200904060145.n361jMkH001562@virt2.int.splunk.com>,bayes=0.16874588175114,autolearn=no 
Apr  5 18:45:24 splunk3 sendmail[16661]: n361jMEr016660: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 18:45:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:45:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:45:34 splunk3 sendmail[16720]: n361jYuU016720: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:46:34 splunk3 sendmail[16955]: n361kYXV016955: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:47:34 splunk3 sendmail[17192]: n361lYbE017192: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:48:34 splunk3 sendmail[17427]: n361mYUD017427: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:49:34 splunk3 sendmail[17667]: n361nY4c017667: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:50:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:50:22 splunk3 sendmail[17871]: n361oMDo017871: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060150.n361oMvw002197@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:50:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56189 
Apr  5 18:50:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:50:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:50:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:50:22 splunk3 spamd[13783]: spamd: processing message <200904060150.n361oMvw002197@virt2.int.splunk.com> for spamme:501 
Apr  5 18:50:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  5 18:50:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56189,mid=<200904060150.n361oMvw002197@virt2.int.splunk.com>,bayes=0.16874588175114,autolearn=no 
Apr  5 18:50:24 splunk3 sendmail[17873]: n361oMDo017871: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 18:50:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:50:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:50:31 splunk3 sendmail[17914]: n361oU4g017914: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=61-231-68-166.dynamic.hinet.net [61.231.68.166], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  5 18:50:34 splunk3 sendmail[17933]: n361oY3B017933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:51:34 splunk3 sendmail[18173]: n361pYrI018173: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:52:34 splunk3 sendmail[18408]: n361qY9t018408: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:53:34 splunk3 sendmail[18651]: n361rYsa018651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:53:43 splunk3 sendmail[18445]: n361qfjo018445: from=<stacyq@tdnam.com>, size=5738, class=0, nrcpts=1, msgid=<7352019db6c7$ec016dd9$05a13a2b@tdnam.com>, proto=ESMTP, daemon=MTA, relay=[78.180.205.236]
Apr  5 18:53:43 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56229 
Apr  5 18:53:43 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:53:43 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:53:43 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:53:43 splunk3 spamd[13783]: spamd: processing message <7352019db6c7$ec016dd9$05a13a2b@tdnam.com> for spamme:501 
Apr  5 18:53:45 splunk3 spamd[13783]: spamd: identified spam (40.2/5.0) for spamme:501 in 1.9 seconds, 6001 bytes. 
Apr  5 18:53:45 splunk3 spamd[13783]: spamd: result: Y 40 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_BOGUSMX,DNS_FROM_RFC_POST,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.9,size=6001,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56229,mid=<7352019db6c7$ec016dd9$05a13a2b@tdnam.com>,bayes=1,autolearn=spam 
Apr  5 18:53:45 splunk3 sendmail[18690]: n361qfjo018445: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:02, mailer=local, pri=35916, dsn=2.0.0, stat=Sent
Apr  5 18:53:45 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:54:34 splunk3 sendmail[18891]: n361sYBq018891: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:55:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 18:55:23 splunk3 sendmail[19096]: n361tNwe019096: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060155.n361tNQu002802@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 18:55:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56246 
Apr  5 18:55:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 18:55:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 18:55:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 18:55:23 splunk3 spamd[13783]: spamd: processing message <200904060155.n361tNQu002802@virt2.int.splunk.com> for spamme:501 
Apr  5 18:55:25 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 18:55:25 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56246,mid=<200904060155.n361tNQu002802@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 18:55:25 splunk3 sendmail[19097]: n361tNwe019096: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 18:55:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 18:55:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 18:55:34 splunk3 sendmail[19153]: n361tYn5019153: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 18:56:34 splunk3 sendmail[19388]: n361uYlN019388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:57:34 splunk3 sendmail[19627]: n361vY3A019627: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:58:34 splunk3 sendmail[19861]: n361wYhH019861: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 18:59:34 splunk3 sendmail[20098]: n361xY9r020098: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:00:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:00:04 splunk3 sendmail[20287]: n36204mB020287: from=root, size=291, class=0, nrcpts=1, msgid=<200904060200.n36204mB020287@splunk3.splunkit.com>, relay=root@localhost
Apr  5 19:00:04 splunk3 sendmail[20291]: n36204Oi020291: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060200.n36204mB020287@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 19:00:04 splunk3 sendmail[20287]: n36204mB020287: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36204Oi020291 Message accepted for delivery)
Apr  5 19:00:05 splunk3 sendmail[20292]: n36204Oi020291: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 19:00:23 splunk3 sendmail[20373]: n3620NYR020373: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060200.n3620NIk003443@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:00:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56302 
Apr  5 19:00:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:00:23 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 19:00:23 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 19:00:23 splunk3 sendmail[20374]: n3620NYR020373: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:00:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:00:24 splunk3 sendmail[20390]: n3620OrU020390: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060200.n3620OrU020390@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 19:00:24 splunk3 sendmail[20392]: n3620OrU020390: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 19:00:24 splunk3 sendmail[20392]: n3620OrU020390: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 19:00:24 splunk3 sendmail[20392]: n3620OrU020390: n3620OrU020392: postmaster notify: User unknown
Apr  5 19:00:25 splunk3 sendmail[20392]: n3620OrU020392: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 19:00:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:00:34 splunk3 sendmail[20446]: n3620YYl020446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:00:36 splunk3 sendmail[20465]: n3620arN020465: from=<3Q2LZSRQKBsgu22uzsozs576-125s3zCu22uzs.q2063o00s63z81yw7.q20@alerts.bounces.google.com>, size=5584, class=0, nrcpts=1, msgid=<000e0cd5d022a739f90466d94310@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  5 19:00:36 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56320 
Apr  5 19:00:36 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:00:36 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 19:00:36 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 19:00:36 splunk3 sendmail[20466]: n3620arN020465: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=35799, dsn=2.0.0, stat=Sent
Apr  5 19:00:36 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:01:14 splunk3 sendmail[20576]: n36211Js020576: from=root, size=443, class=0, nrcpts=1, msgid=<200904060201.n36211Js020576@splunk3.splunkit.com>, relay=root@localhost
Apr  5 19:01:15 splunk3 sendmail[20616]: n3621Eb3020616: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060201.n36211Js020576@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 19:01:15 splunk3 sendmail[20576]: n36211Js020576: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3621Eb3020616 Message accepted for delivery)
Apr  5 19:01:16 splunk3 sendmail[20617]: n3621Eb3020616: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 19:01:34 splunk3 sendmail[20702]: n3621YDa020702: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:02:34 splunk3 sendmail[20936]: n3622Ycm020936: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:03:34 splunk3 sendmail[21176]: n3623YQc021176: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:04:34 splunk3 sendmail[21411]: n3624YtP021411: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:05:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:05:24 splunk3 sendmail[21614]: n3625Oqq021614: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060205.n3625OHX004120@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:05:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56367 
Apr  5 19:05:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:05:24 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 19:05:24 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 19:05:24 splunk3 sendmail[21615]: n3625Oqq021614: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:05:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:05:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:05:34 splunk3 sendmail[21673]: n3625YRN021673: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:06:34 splunk3 sendmail[21907]: n3626Ybl021907: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:07:34 splunk3 sendmail[22146]: n3627YCG022146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:08:34 splunk3 sendmail[22384]: n3628YoU022384: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:09:34 splunk3 sendmail[22623]: n3629Yrq022623: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:10:02 splunk3 sendmail[22844]: n362A27U022844: from=root, size=292, class=0, nrcpts=1, msgid=<200904060210.n362A27U022844@splunk3.splunkit.com>, relay=root@localhost
Apr  5 19:10:02 splunk3 sendmail[22849]: n362A2Gs022849: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060210.n362A27U022844@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 19:10:02 splunk3 sendmail[22844]: n362A27U022844: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n362A2Gs022849 Message accepted for delivery)
Apr  5 19:10:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:10:03 splunk3 sendmail[22850]: n362A2Gs022849: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 19:10:25 splunk3 sendmail[22948]: n362AP4K022948: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060210.n362APGf004740@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:10:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56432 
Apr  5 19:10:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:10:25 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:10:25 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:10:25 splunk3 spamd[13783]: spamd: processing message <200904060210.n362APGf004740@virt2.int.splunk.com> for spamme:501 
Apr  5 19:10:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:10:27 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 19:10:27 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56432,mid=<200904060210.n362APGf004740@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:10:27 splunk3 sendmail[22949]: n362AP4K022948: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:10:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:10:34 splunk3 sendmail[22994]: n362AYwZ022994: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 19:11:34 splunk3 sendmail[23234]: n362BYK5023234: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:12:34 splunk3 sendmail[23470]: n362CYhU023470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:13:34 splunk3 sendmail[23707]: n362DY8U023707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:14:34 splunk3 sendmail[23942]: n362EYpl023942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:15:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:15:26 splunk3 sendmail[24176]: n362FQc7024176: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060215.n362FQcs005519@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:15:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56488 
Apr  5 19:15:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:15:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:15:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:15:26 splunk3 spamd[13783]: spamd: processing message <200904060215.n362FQcs005519@virt2.int.splunk.com> for spamme:501 
Apr  5 19:15:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:15:28 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 19:15:28 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56488,mid=<200904060215.n362FQcs005519@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:15:28 splunk3 sendmail[24177]: n362FQc7024176: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:15:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:15:34 splunk3 sendmail[24205]: n362FY6F024205: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:16:34 splunk3 sendmail[24438]: n362GYoR024438: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:17:34 splunk3 sendmail[24676]: n362HYD4024676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:18:34 splunk3 sendmail[24912]: n362IYdU024912: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:19:34 splunk3 sendmail[25151]: n362JYdU025151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:20:03 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:20:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:20:27 splunk3 sendmail[25387]: n362KRuL025387: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060220.n362KR9O006154@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:20:27 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56544 
Apr  5 19:20:27 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:20:27 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:20:27 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:20:27 splunk3 spamd[13783]: spamd: processing message <200904060220.n362KR9O006154@virt2.int.splunk.com> for spamme:501 
Apr  5 19:20:29 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 19:20:29 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56544,mid=<200904060220.n362KR9O006154@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:20:29 splunk3 sendmail[25388]: n362KRuL025387: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:20:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:20:34 splunk3 sendmail[25414]: n362KYnN025414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:21:34 splunk3 sendmail[25655]: n362LY4E025655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:22:34 splunk3 sendmail[25889]: n362MYGe025889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:23:34 splunk3 sendmail[26132]: n362NYSk026132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:24:34 splunk3 sendmail[26368]: n362OYd1026368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:25:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:25:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:25:28 splunk3 sendmail[26606]: n362PSA4026606: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060225.n362PRaX006780@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:25:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56599 
Apr  5 19:25:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:25:28 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:25:28 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:25:28 splunk3 spamd[13783]: spamd: processing message <200904060225.n362PRaX006780@virt2.int.splunk.com> for spamme:501 
Apr  5 19:25:30 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  5 19:25:30 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56599,mid=<200904060225.n362PRaX006780@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:25:30 splunk3 sendmail[26608]: n362PSA4026606: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:25:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:25:34 splunk3 sendmail[26632]: n362PY5n026632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 19:26:34 splunk3 sendmail[26868]: n362QYcU026868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:27:34 splunk3 sendmail[27107]: n362RYmq027107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:28:34 splunk3 sendmail[27341]: n362SYIJ027341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:29:34 splunk3 sendmail[27577]: n362TYJl027577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:30:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:30:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:30:29 splunk3 sendmail[27818]: n362UTRa027818: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060230.n362USUd007375@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:30:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56655 
Apr  5 19:30:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:30:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:30:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:30:29 splunk3 spamd[13783]: spamd: processing message <200904060230.n362USUd007375@virt2.int.splunk.com> for spamme:501 
Apr  5 19:30:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 19:30:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56655,mid=<200904060230.n362USUd007375@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:30:31 splunk3 sendmail[27819]: n362UTRa027818: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:30:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:30:34 splunk3 sendmail[27842]: n362UYjg027842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:31:34 splunk3 sendmail[28081]: n362VYvY028081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:32:34 splunk3 sendmail[28315]: n362WYdq028315: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:33:34 splunk3 sendmail[28555]: n362XYaC028555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:34:34 splunk3 sendmail[28789]: n362YYpQ028789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:35:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:35:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:35:29 splunk3 sendmail[29027]: n362ZTgd029027: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060235.n362ZTqm008151@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:35:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56711 
Apr  5 19:35:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:35:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:35:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:35:29 splunk3 spamd[13783]: spamd: processing message <200904060235.n362ZTqm008151@virt2.int.splunk.com> for spamme:501 
Apr  5 19:35:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 19:35:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56711,mid=<200904060235.n362ZTqm008151@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:35:31 splunk3 sendmail[29028]: n362ZTgd029027: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:35:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:35:34 splunk3 sendmail[29052]: n362ZYQP029052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:36:34 splunk3 sendmail[29286]: n362aYZr029286: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:37:34 splunk3 sendmail[29524]: n362bYma029524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:38:34 splunk3 sendmail[29764]: n362cY9t029764: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:39:34 splunk3 sendmail[30004]: n362dYUG030004: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:40:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:40:27 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:40:30 splunk3 sendmail[30259]: n362eUeO030259: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060240.n362eUZe008758@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:40:30 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56766 
Apr  5 19:40:30 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:40:30 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:40:30 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:40:30 splunk3 spamd[13783]: spamd: processing message <200904060240.n362eUZe008758@virt2.int.splunk.com> for spamme:501 
Apr  5 19:40:32 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 19:40:32 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56766,mid=<200904060240.n362eUZe008758@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:40:32 splunk3 sendmail[30261]: n362eUeO030259: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:40:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:40:34 splunk3 sendmail[30269]: n362eYXs030269: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 19:41:34 splunk3 sendmail[30507]: n362fYaV030507: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:42:34 splunk3 sendmail[30743]: n362gYGh030743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:43:34 splunk3 sendmail[30981]: n362hYkx030981: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:44:34 splunk3 sendmail[31215]: n362iYG1031215: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:45:00 splunk3 sendmail[31340]: n362j0uD031340: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060245.n362j0WO009300@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:45:00 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56811 
Apr  5 19:45:00 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:45:01 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:45:01 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:45:01 splunk3 spamd[13783]: spamd: processing message <200904060245.n362j0WO009300@virt2.int.splunk.com> for spamme:501 
Apr  5 19:45:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:45:03 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1305 bytes. 
Apr  5 19:45:03 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56811,mid=<200904060245.n362j0WO009300@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:45:03 splunk3 sendmail[31341]: n362j0uD031340: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:45:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:45:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:45:34 splunk3 sendmail[31480]: n362jYhK031480: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:46:34 splunk3 sendmail[31713]: n362kYpG031713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:47:34 splunk3 sendmail[31951]: n362lYkK031951: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:48:34 splunk3 sendmail[32183]: n362mY01032183: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:49:34 splunk3 sendmail[32421]: n362nYK2032421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:50:01 splunk3 sendmail[32544]: n362o1BD032544: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060250.n362o1BB009914@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:50:01 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56866 
Apr  5 19:50:01 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:50:01 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:50:01 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:50:01 splunk3 spamd[13783]: spamd: processing message <200904060250.n362o1BB009914@virt2.int.splunk.com> for spamme:501 
Apr  5 19:50:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:50:03 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 19:50:03 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56866,mid=<200904060250.n362o1BB009914@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 19:50:03 splunk3 sendmail[32545]: n362o1BD032544: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 19:50:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:50:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:50:31 splunk3 sendmail[17914]: n361oU4g017914: timeout waiting for input from 61-231-68-166.dynamic.hinet.net during server cmd read
Apr  5 19:50:31 splunk3 sendmail[17914]: n361oU4g017914: lost input channel from 61-231-68-166.dynamic.hinet.net [61.231.68.166] to MTA after rcpt
Apr  5 19:50:31 splunk3 sendmail[17914]: n361oU4g017914: from=<0403pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=61-231-68-166.dynamic.hinet.net [61.231.68.166]
Apr  5 19:50:34 splunk3 sendmail[32686]: n362oYtv032686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:51:34 splunk3 sendmail[459]: n362pYBh000459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:52:34 splunk3 sendmail[694]: n362qYnh000694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:53:34 splunk3 sendmail[937]: n362rYin000937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:54:34 splunk3 sendmail[1173]: n362sYU2001173: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:55:02 splunk3 sendmail[1297]: n362t2tM001297: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060255.n362t1lO010552@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 19:55:02 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56922 
Apr  5 19:55:02 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:55:02 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:55:02 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:55:02 splunk3 spamd[13783]: spamd: processing message <200904060255.n362t1lO010552@virt2.int.splunk.com> for spamme:501 
Apr  5 19:55:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 19:55:04 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  5 19:55:04 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56922,mid=<200904060255.n362t1lO010552@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 19:55:04 splunk3 sendmail[1298]: n362t2tM001297: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 19:55:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:55:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 19:55:34 splunk3 sendmail[1435]: n362tYwH001435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 19:56:34 splunk3 sendmail[1671]: n362uY1b001671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:57:34 splunk3 sendmail[1911]: n362vYqu001911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:58:34 splunk3 sendmail[2148]: n362wYO2002148: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 19:58:58 splunk3 sendmail[2227]: n362wtNf002227: from=<gilmore@act3theatrics.com>, size=1048, class=0, nrcpts=1, msgid=<01c9b695$bd5ada00$234bc87a@gilmore>, proto=ESMTP, daemon=MTA, relay=[122.200.75.35]
Apr  5 19:58:58 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56968 
Apr  5 19:58:58 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 19:58:58 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 19:58:58 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 19:58:58 splunk3 spamd[13783]: spamd: processing message <01c9b695$bd5ada00$234bc87a@gilmore> for spamme:501 
Apr  5 19:59:00 splunk3 spamd[13783]: spamd: identified spam (6.9/5.0) for spamme:501 in 2.3 seconds, 1324 bytes. 
Apr  5 19:59:00 splunk3 spamd[13783]: spamd: result: Y 6 - BAYES_95,RCVD_IN_XBL scantime=2.3,size=1324,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56968,mid=<01c9b695$bd5ada00$234bc87a@gilmore>,bayes=0.978120750504417,autolearn=no 
Apr  5 19:59:00 splunk3 sendmail[2250]: n362wtNf002227: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31230, dsn=2.0.0, stat=Sent
Apr  5 19:59:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 19:59:34 splunk3 sendmail[2393]: n362xYUF002393: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:00:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:00:03 splunk3 sendmail[2570]: n363036f002570: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060300.n36302x8011197@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:00:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56980 
Apr  5 20:00:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:00:03 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 20:00:03 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 20:00:03 splunk3 sendmail[2574]: n363036f002570: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:00:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:00:04 splunk3 sendmail[2588]: n36304Qd002588: from=root, size=291, class=0, nrcpts=1, msgid=<200904060300.n36304Qd002588@splunk3.splunkit.com>, relay=root@localhost
Apr  5 20:00:04 splunk3 sendmail[2592]: n36304o6002592: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060300.n36304Qd002588@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 20:00:04 splunk3 sendmail[2588]: n36304Qd002588: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36304o6002592 Message accepted for delivery)
Apr  5 20:00:05 splunk3 sendmail[2594]: n36304o6002592: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 20:00:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:00:29 splunk3 sendmail[2714]: n3630T68002714: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904060300.n3630T68002714@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 20:00:29 splunk3 sendmail[2716]: n3630T68002714: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 20:00:29 splunk3 sendmail[2716]: n3630T68002714: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  5 20:00:29 splunk3 sendmail[2716]: n3630T68002714: n3630T68002716: postmaster notify: User unknown
Apr  5 20:00:31 splunk3 sendmail[2716]: n3630T68002716: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  5 20:00:34 splunk3 sendmail[2751]: n3630YtH002751: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:01:03 splunk3 sendmail[2880]: n36311xb002880: from=root, size=443, class=0, nrcpts=1, msgid=<200904060301.n36311xb002880@splunk3.splunkit.com>, relay=root@localhost
Apr  5 20:01:03 splunk3 sendmail[2884]: n36313js002884: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060301.n36311xb002880@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 20:01:03 splunk3 sendmail[2880]: n36311xb002880: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36313js002884 Message accepted for delivery)
Apr  5 20:01:05 splunk3 sendmail[2885]: n36313js002884: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 20:01:34 splunk3 sendmail[3015]: n3631YaO003015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:02:34 splunk3 sendmail[3253]: n3632YLX003253: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:03:34 splunk3 sendmail[3493]: n3633YJm003493: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:04:34 splunk3 sendmail[3756]: n3634Ywl003756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:05:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:05:03 splunk3 sendmail[3897]: n36353cH003897: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060305.n36353YO011884@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:05:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57052 
Apr  5 20:05:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:05:03 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 20:05:03 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 20:05:03 splunk3 sendmail[3898]: n36353cH003897: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:05:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:05:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:05:34 splunk3 sendmail[4026]: n3635Y6l004026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:06:34 splunk3 sendmail[4272]: n3636YEm004272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:07:34 splunk3 sendmail[4522]: n3637YYU004522: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:08:34 splunk3 sendmail[4762]: n3638Ya0004762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:09:34 splunk3 sendmail[5011]: n3639Ypv005011: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:10:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:10:02 splunk3 sendmail[5278]: n363A23C005278: from=root, size=292, class=0, nrcpts=1, msgid=<200904060310.n363A23C005278@splunk3.splunkit.com>, relay=root@localhost
Apr  5 20:10:02 splunk3 sendmail[5283]: n363A26g005283: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060310.n363A23C005278@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 20:10:02 splunk3 sendmail[5278]: n363A23C005278: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n363A26g005283 Message accepted for delivery)
Apr  5 20:10:04 splunk3 sendmail[5284]: n363A26g005283: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 20:10:04 splunk3 sendmail[5289]: n363A4a1005289: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060310.n363A3mr012495@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:10:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57109 
Apr  5 20:10:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:10:04 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:10:04 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:10:04 splunk3 spamd[13783]: spamd: processing message <200904060310.n363A3mr012495@virt2.int.splunk.com> for spamme:501 
Apr  5 20:10:06 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 20:10:06 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57109,mid=<200904060310.n363A3mr012495@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:10:06 splunk3 sendmail[5290]: n363A4a1005289: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:10:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:10:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:10:34 splunk3 sendmail[5424]: n363AYBx005424: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 20:11:34 splunk3 sendmail[5669]: n363BYHu005669: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:12:34 splunk3 sendmail[5909]: n363CYHo005909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:13:34 splunk3 sendmail[6152]: n363DY9Z006152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:14:34 splunk3 sendmail[6385]: n363EYrV006385: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:15:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:15:04 splunk3 sendmail[6507]: n363F42d006507: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060315.n363F4xq013276@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:15:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57165 
Apr  5 20:15:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:15:04 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:15:04 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:15:04 splunk3 spamd[13783]: spamd: processing message <200904060315.n363F4xq013276@virt2.int.splunk.com> for spamme:501 
Apr  5 20:15:06 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 20:15:06 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57165,mid=<200904060315.n363F4xq013276@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:15:06 splunk3 sendmail[6508]: n363F42d006507: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:15:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:15:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:15:34 splunk3 sendmail[6650]: n363FYdb006650: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:16:34 splunk3 sendmail[6882]: n363GYms006882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:17:34 splunk3 sendmail[7121]: n363HYkm007121: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:18:34 splunk3 sendmail[7356]: n363IYR6007356: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:19:34 splunk3 sendmail[7602]: n363JYRg007602: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:20:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:20:04 splunk3 sendmail[7742]: n363K4Ao007742: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060320.n363K4bN013909@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:20:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57221 
Apr  5 20:20:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:20:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:20:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:20:05 splunk3 spamd[13783]: spamd: processing message <200904060320.n363K4bN013909@virt2.int.splunk.com> for spamme:501 
Apr  5 20:20:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  5 20:20:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57221,mid=<200904060320.n363K4bN013909@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:20:07 splunk3 sendmail[7743]: n363K4Ao007742: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:20:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:20:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:20:34 splunk3 sendmail[7868]: n363KYom007868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:21:34 splunk3 sendmail[8107]: n363LYvv008107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:22:34 splunk3 sendmail[8340]: n363MYHV008340: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:23:34 splunk3 sendmail[8580]: n363NYes008580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:24:34 splunk3 sendmail[8816]: n363OYnw008816: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:25:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:25:05 splunk3 sendmail[8954]: n363P5wf008954: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060325.n363P5bI014520@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:25:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57276 
Apr  5 20:25:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:25:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:25:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:25:05 splunk3 spamd[13783]: spamd: processing message <200904060325.n363P5bI014520@virt2.int.splunk.com> for spamme:501 
Apr  5 20:25:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 20:25:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57276,mid=<200904060325.n363P5bI014520@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:25:07 splunk3 sendmail[8955]: n363P5wf008954: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:25:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:25:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:25:34 splunk3 sendmail[9079]: n363PYQm009079: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 20:26:34 splunk3 sendmail[9314]: n363QYCE009314: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:27:34 splunk3 sendmail[9555]: n363RY66009555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:28:34 splunk3 sendmail[9790]: n363SYWT009790: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:29:34 splunk3 sendmail[10029]: n363TYus010029: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:30:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:30:06 splunk3 sendmail[10168]: n363U5iN010168: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060330.n363U5BY015144@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:30:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57332 
Apr  5 20:30:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:30:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:30:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:30:06 splunk3 spamd[13783]: spamd: processing message <200904060330.n363U5BY015144@virt2.int.splunk.com> for spamme:501 
Apr  5 20:30:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 20:30:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57332,mid=<200904060330.n363U5BY015144@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:30:08 splunk3 sendmail[10170]: n363U5iN010168: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:30:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:30:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:30:34 splunk3 sendmail[10293]: n363UYdG010293: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:31:34 splunk3 sendmail[10532]: n363VYvY010532: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:32:34 splunk3 sendmail[10766]: n363WY4k010766: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:33:34 splunk3 sendmail[11005]: n363XYFG011005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:34:34 splunk3 sendmail[11241]: n363YYnV011241: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:35:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:35:06 splunk3 sendmail[11377]: n363Z6BS011377: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060335.n363Z6jw015889@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:35:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57387 
Apr  5 20:35:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:35:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:35:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:35:06 splunk3 spamd[13783]: spamd: processing message <200904060335.n363Z6jw015889@virt2.int.splunk.com> for spamme:501 
Apr  5 20:35:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 20:35:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57387,mid=<200904060335.n363Z6jw015889@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:35:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:35:08 splunk3 sendmail[11378]: n363Z6BS011377: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:35:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:35:34 splunk3 sendmail[11504]: n363ZYb9011504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:36:34 splunk3 sendmail[11740]: n363aYlN011740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:37:34 splunk3 sendmail[11975]: n363bYFG011975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:38:34 splunk3 sendmail[12214]: n363cYsx012214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:39:34 splunk3 sendmail[12452]: n363dYuw012452: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:40:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:40:06 splunk3 sendmail[12593]: n363e68m012593: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060340.n363e6Xg016529@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:40:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57443 
Apr  5 20:40:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:40:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:40:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:40:06 splunk3 spamd[13783]: spamd: processing message <200904060340.n363e6Xg016529@virt2.int.splunk.com> for spamme:501 
Apr  5 20:40:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  5 20:40:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57443,mid=<200904060340.n363e6Xg016529@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:40:08 splunk3 sendmail[12594]: n363e68m012593: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:40:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:40:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:40:34 splunk3 sendmail[12718]: n363eYhU012718: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 20:41:34 splunk3 sendmail[12959]: n363fYMR012959: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:42:35 splunk3 sendmail[13195]: n363gZhY013195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:43:35 splunk3 sendmail[13473]: n363hZUJ013473: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:44:35 splunk3 sendmail[13705]: n363iZnY013705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:45:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:45:07 splunk3 sendmail[13845]: n363j7BG013845: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060345.n363j6NS017141@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:45:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57500 
Apr  5 20:45:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:45:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:45:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:45:07 splunk3 spamd[13783]: spamd: processing message <200904060345.n363j6NS017141@virt2.int.splunk.com> for spamme:501 
Apr  5 20:45:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  5 20:45:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57500,mid=<200904060345.n363j6NS017141@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:45:09 splunk3 sendmail[13846]: n363j7BG013845: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:45:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:45:35 splunk3 sendmail[13969]: n363jZR1013969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:46:35 splunk3 sendmail[14203]: n363kZeM014203: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:47:35 splunk3 sendmail[14442]: n363lZt6014442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:48:35 splunk3 sendmail[14679]: n363mZiX014679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:49:35 splunk3 sendmail[14918]: n363nZ78014918: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:50:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:50:07 splunk3 sendmail[15057]: n363o7Uu015057: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060350.n363o7wZ017753@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:50:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57555 
Apr  5 20:50:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:50:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:50:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:50:07 splunk3 spamd[13783]: spamd: processing message <200904060350.n363o7wZ017753@virt2.int.splunk.com> for spamme:501 
Apr  5 20:50:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 20:50:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57555,mid=<200904060350.n363o7wZ017753@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:50:09 splunk3 sendmail[15058]: n363o7Uu015057: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:50:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:50:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:50:35 splunk3 sendmail[15183]: n363oZT6015183: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:51:35 splunk3 sendmail[15422]: n363pZXv015422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:52:35 splunk3 sendmail[15666]: n363qZhA015666: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:53:35 splunk3 sendmail[15906]: n363rZZC015906: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:54:35 splunk3 sendmail[16141]: n363sZqI016141: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:55:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 20:55:08 splunk3 sendmail[16281]: n363t7Pu016281: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060355.n363t7EA018364@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 20:55:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57611 
Apr  5 20:55:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 20:55:08 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 20:55:08 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 20:55:08 splunk3 spamd[13783]: spamd: processing message <200904060355.n363t7EA018364@virt2.int.splunk.com> for spamme:501 
Apr  5 20:55:10 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  5 20:55:10 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57611,mid=<200904060355.n363t7EA018364@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 20:55:10 splunk3 sendmail[16282]: n363t7Pu016281: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 20:55:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 20:55:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 20:55:35 splunk3 sendmail[16405]: n363tZ5S016405: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 20:56:35 splunk3 sendmail[16640]: n363uZVY016640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:57:35 splunk3 sendmail[16880]: n363vZNV016880: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:58:35 splunk3 sendmail[17112]: n363wZu6017112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 20:59:35 splunk3 sendmail[17351]: n363xZkp017351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:00:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:00:04 splunk3 sendmail[17540]: n36404WK017540: from=root, size=291, class=0, nrcpts=1, msgid=<200904060400.n36404WK017540@splunk3.splunkit.com>, relay=root@localhost
Apr  5 21:00:04 splunk3 sendmail[17544]: n36404D2017544: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060400.n36404WK017540@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 21:00:04 splunk3 sendmail[17540]: n36404WK017540: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36404D2017544 Message accepted for delivery)
Apr  5 21:00:05 splunk3 sendmail[17562]: n36405rQ017562: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060400.n36405rQ017562@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 21:00:05 splunk3 sendmail[17564]: n36405rQ017562: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 21:00:05 splunk3 sendmail[17564]: n36405rQ017562: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 21:00:05 splunk3 sendmail[17564]: n36405rQ017562: n36405rQ017564: postmaster notify: User unknown
Apr  5 21:00:06 splunk3 sendmail[17545]: n36404D2017544: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 21:00:08 splunk3 sendmail[17576]: n364089q017576: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060400.n36408IT018999@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:00:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57674 
Apr  5 21:00:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:00:08 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 21:00:08 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 21:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:00:08 splunk3 sendmail[17577]: n364089q017576: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:00:14 splunk3 sendmail[17564]: n36405rQ017564: to=root, delay=00:00:09, xdelay=00:00:09, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 21:00:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:00:35 splunk3 sendmail[17700]: n3640Z0P017700: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:01:11 splunk3 sendmail[17807]: n36411Ei017807: from=root, size=443, class=0, nrcpts=1, msgid=<200904060401.n36411Ei017807@splunk3.splunkit.com>, relay=root@localhost
Apr  5 21:01:11 splunk3 sendmail[17851]: n3641B8h017851: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060401.n36411Ei017807@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 21:01:11 splunk3 sendmail[17807]: n36411Ei017807: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3641B8h017851 Message accepted for delivery)
Apr  5 21:01:12 splunk3 sendmail[17852]: n3641B8h017851: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 21:01:35 splunk3 sendmail[17952]: n3641Z4q017952: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:02:35 splunk3 sendmail[18188]: n3642ZhF018188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:03:35 splunk3 sendmail[18428]: n3643ZHV018428: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:04:35 splunk3 sendmail[18663]: n3644ZYE018663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:05:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:05:09 splunk3 sendmail[18805]: n364595h018805: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060405.n36458IK019691@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:05:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57731 
Apr  5 21:05:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:05:09 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 21:05:09 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 21:05:09 splunk3 sendmail[18818]: n364595h018805: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:05:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:05:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:05:35 splunk3 sendmail[18922]: n3645Z15018922: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:06:35 splunk3 sendmail[19158]: n3646ZoP019158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:07:35 splunk3 sendmail[19396]: n3647ZtH019396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:08:35 splunk3 sendmail[19635]: n3648ZwD019635: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:09:35 splunk3 sendmail[19875]: n3649ZHR019875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:10:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:10:02 splunk3 sendmail[20075]: n364A2vE020075: from=root, size=292, class=0, nrcpts=1, msgid=<200904060410.n364A2vE020075@splunk3.splunkit.com>, relay=root@localhost
Apr  5 21:10:02 splunk3 sendmail[20080]: n364A2LV020080: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060410.n364A2vE020075@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 21:10:02 splunk3 sendmail[20075]: n364A2vE020075: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n364A2LV020080 Message accepted for delivery)
Apr  5 21:10:03 splunk3 sendmail[20081]: n364A2LV020080: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 21:10:10 splunk3 sendmail[20134]: n364AArJ020134: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060410.n364A9ZZ020301@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:10:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57787 
Apr  5 21:10:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:10:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:10:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:10:10 splunk3 spamd[13783]: spamd: processing message <200904060410.n364A9ZZ020301@virt2.int.splunk.com> for spamme:501 
Apr  5 21:10:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  5 21:10:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57787,mid=<200904060410.n364A9ZZ020301@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:10:12 splunk3 sendmail[20135]: n364AArJ020134: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:10:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:10:35 splunk3 sendmail[20244]: n364AZlq020244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 21:11:35 splunk3 sendmail[20482]: n364BZSd020482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:12:35 splunk3 sendmail[20713]: n364CZOF020713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:13:35 splunk3 sendmail[20957]: n364DZ2o020957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:14:35 splunk3 sendmail[21192]: n364EZmS021192: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:15:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:15:10 splunk3 sendmail[21350]: n364FArI021350: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060415.n364FApa021084@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:15:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57844 
Apr  5 21:15:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:15:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:15:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:15:10 splunk3 spamd[13783]: spamd: processing message <200904060415.n364FApa021084@virt2.int.splunk.com> for spamme:501 
Apr  5 21:15:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 21:15:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57844,mid=<200904060415.n364FApa021084@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:15:12 splunk3 sendmail[21351]: n364FArI021350: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:15:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:15:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:15:35 splunk3 sendmail[21457]: n364FZNs021457: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:16:35 splunk3 sendmail[21692]: n364GZek021692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:17:35 splunk3 sendmail[21931]: n364HZ56021931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:18:35 splunk3 sendmail[22168]: n364IZTM022168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:19:35 splunk3 sendmail[22404]: n364JZCL022404: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:20:02 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:20:11 splunk3 sendmail[22563]: n364KBSb022563: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060420.n364KA4b021714@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:20:11 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57899 
Apr  5 21:20:11 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:20:11 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:20:11 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:20:11 splunk3 spamd[13783]: spamd: processing message <200904060420.n364KA4b021714@virt2.int.splunk.com> for spamme:501 
Apr  5 21:20:13 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 21:20:13 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57899,mid=<200904060420.n364KA4b021714@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:20:13 splunk3 sendmail[22564]: n364KBSb022563: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:20:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:20:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:20:35 splunk3 sendmail[22670]: n364KZBK022670: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:21:35 splunk3 sendmail[22909]: n364LZj4022909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:22:35 splunk3 sendmail[23144]: n364MZfe023144: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:23:35 splunk3 sendmail[23388]: n364NZ4l023388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:24:35 splunk3 sendmail[23624]: n364OZem023624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:25:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:25:11 splunk3 sendmail[23778]: n364PBRv023778: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060425.n364PBXY022325@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:25:11 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57955 
Apr  5 21:25:11 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:25:11 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:25:11 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:25:11 splunk3 spamd[13783]: spamd: processing message <200904060425.n364PBXY022325@virt2.int.splunk.com> for spamme:501 
Apr  5 21:25:13 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 21:25:13 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57955,mid=<200904060425.n364PBXY022325@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:25:13 splunk3 sendmail[23779]: n364PBRv023778: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:25:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:25:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:25:35 splunk3 sendmail[23887]: n364PZDU023887: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 21:26:35 splunk3 sendmail[24120]: n364QZVW024120: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:27:35 splunk3 sendmail[24360]: n364RZBD024360: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:28:35 splunk3 sendmail[24592]: n364SZGr024592: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:29:35 splunk3 sendmail[24830]: n364TZ5l024830: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:30:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:30:12 splunk3 sendmail[24990]: n364UCGu024990: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060430.n364UC4O022939@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:30:12 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58012 
Apr  5 21:30:12 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:30:12 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:30:12 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:30:12 splunk3 spamd[13783]: spamd: processing message <200904060430.n364UC4O022939@virt2.int.splunk.com> for spamme:501 
Apr  5 21:30:14 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 21:30:14 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58012,mid=<200904060430.n364UC4O022939@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:30:14 splunk3 sendmail[24991]: n364UCGu024990: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:30:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:30:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:30:35 splunk3 sendmail[25096]: n364UZ3o025096: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:31:35 splunk3 sendmail[25334]: n364VZuC025334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:32:35 splunk3 sendmail[25569]: n364WZw5025569: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:33:35 splunk3 sendmail[25806]: n364XZ23025806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:34:35 splunk3 sendmail[26041]: n364YZxV026041: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:35:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:35:13 splunk3 sendmail[26200]: n364ZDJa026200: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060435.n364ZD9F023719@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:35:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58067 
Apr  5 21:35:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:35:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:35:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:35:13 splunk3 spamd[13783]: spamd: processing message <200904060435.n364ZD9F023719@virt2.int.splunk.com> for spamme:501 
Apr  5 21:35:15 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 21:35:15 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58067,mid=<200904060435.n364ZD9F023719@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:35:15 splunk3 sendmail[26201]: n364ZDJa026200: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:35:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:35:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:35:35 splunk3 sendmail[26303]: n364ZZfF026303: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:36:35 splunk3 sendmail[26539]: n364aZlN026539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:37:35 splunk3 sendmail[26780]: n364bZmF026780: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:38:35 splunk3 sendmail[27019]: n364cZ5U027019: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:39:35 splunk3 sendmail[27260]: n364dZoD027260: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:40:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:40:14 splunk3 sendmail[27432]: n364eEai027432: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060440.n364eEax024353@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:40:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58123 
Apr  5 21:40:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:40:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:40:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:40:14 splunk3 spamd[13783]: spamd: processing message <200904060440.n364eEax024353@virt2.int.splunk.com> for spamme:501 
Apr  5 21:40:18 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  5 21:40:18 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58123,mid=<200904060440.n364eEax024353@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:40:18 splunk3 sendmail[27433]: n364eEai027432: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:40:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:40:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:40:35 splunk3 sendmail[27522]: n364eZie027522: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 21:41:35 splunk3 sendmail[27762]: n364fZE8027762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:42:35 splunk3 sendmail[27997]: n364gZnl027997: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:43:35 splunk3 sendmail[28235]: n364hZTM028235: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:44:35 splunk3 sendmail[28470]: n364iZFh028470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:45:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:45:15 splunk3 sendmail[28644]: n364jE4G028644: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060445.n364jE6v024962@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:45:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58179 
Apr  5 21:45:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:45:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:45:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:45:15 splunk3 spamd[13783]: spamd: processing message <200904060445.n364jE6v024962@virt2.int.splunk.com> for spamme:501 
Apr  5 21:45:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  5 21:45:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58179,mid=<200904060445.n364jE6v024962@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:45:17 splunk3 sendmail[28645]: n364jE4G028644: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:45:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:45:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:45:35 splunk3 sendmail[28734]: n364jZeh028734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:46:35 splunk3 sendmail[28968]: n364kZkd028968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:47:35 splunk3 sendmail[29204]: n364lZVm029204: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:48:35 splunk3 sendmail[29440]: n364mZjU029440: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:49:35 splunk3 sendmail[29680]: n364nZRS029680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:50:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:50:15 splunk3 sendmail[29858]: n364oFxk029858: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060450.n364oFmA025575@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:50:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58235 
Apr  5 21:50:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:50:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:50:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:50:15 splunk3 spamd[13783]: spamd: processing message <200904060450.n364oFmA025575@virt2.int.splunk.com> for spamme:501 
Apr  5 21:50:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  5 21:50:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58235,mid=<200904060450.n364oFmA025575@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:50:17 splunk3 sendmail[29859]: n364oFxk029858: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:50:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:50:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:50:35 splunk3 sendmail[29944]: n364oZx0029944: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:51:35 splunk3 sendmail[30185]: n364pZx0030185: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:52:35 splunk3 sendmail[30420]: n364qZup030420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:53:35 splunk3 sendmail[30663]: n364rZ1j030663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:54:35 splunk3 sendmail[30896]: n364sZod030896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:55:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 21:55:15 splunk3 sendmail[31069]: n364tFxd031069: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060455.n364tFWG026184@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 21:55:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58290 
Apr  5 21:55:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:55:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:55:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:55:15 splunk3 spamd[13783]: spamd: processing message <200904060455.n364tFWG026184@virt2.int.splunk.com> for spamme:501 
Apr  5 21:55:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 21:55:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58290,mid=<200904060455.n364tFWG026184@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 21:55:17 splunk3 sendmail[31070]: n364tFxd031069: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 21:55:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:55:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 21:55:35 splunk3 sendmail[31158]: n364tZ5Z031158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:56:12 splunk3 sendmail[31296]: n364uCWi031296: from=<3bIvZSRQKBhs7FF7C51C5IKJ-EFI5GCP7FF7C5.3FDJG1DD5JGCLEB9K.3FD@alerts.bounces.google.com>, size=5232, class=0, nrcpts=1, msgid=<000e0cd6ac9cae09260466dbb77a@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.165]
Apr  5 21:56:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58301 
Apr  5 21:56:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 21:56:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 21:56:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 21:56:13 splunk3 spamd[13783]: spamd: processing message <000e0cd6ac9cae09260466dbb77a@google.com> for spamme:501 
Apr  5 21:56:15 splunk3 spamd[13783]: spamd: clean message (-1.1/5.0) for spamme:501 in 2.7 seconds, 5661 bytes. 
Apr  5 21:56:15 splunk3 spamd[13783]: spamd: result: . -1 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_BASE64_NO_NAME,MIME_BASE64_TEXT,MIME_HTML_ONLY scantime=2.7,size=5661,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58301,mid=<000e0cd6ac9cae09260466dbb77a@google.com>,bayes=0,autolearn=no 
Apr  5 21:56:15 splunk3 sendmail[31297]: n364uCWi031296: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=35442, dsn=2.0.0, stat=Sent
Apr  5 21:56:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 21:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 21:56:35 splunk3 sendmail[31399]: n364uZvi031399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:57:35 splunk3 sendmail[31638]: n364vZ7c031638: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:58:35 splunk3 sendmail[31874]: n364wZWF031874: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 21:59:35 splunk3 sendmail[32112]: n364xZ3C032112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:00:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:00:04 splunk3 sendmail[32299]: n36504Zx032299: from=root, size=291, class=0, nrcpts=1, msgid=<200904060500.n36504Zx032299@splunk3.splunkit.com>, relay=root@localhost
Apr  5 22:00:04 splunk3 sendmail[32303]: n36504mr032303: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060500.n36504Zx032299@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 22:00:04 splunk3 sendmail[32299]: n36504Zx032299: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36504mr032303 Message accepted for delivery)
Apr  5 22:00:05 splunk3 sendmail[32304]: n36504mr032303: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 22:00:11 splunk3 sendmail[32339]: n3650B5V032339: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060500.n3650B5V032339@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 22:00:11 splunk3 sendmail[32341]: n3650B5V032339: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 22:00:11 splunk3 sendmail[32341]: n3650B5V032339: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 22:00:11 splunk3 sendmail[32341]: n3650B5V032339: n3650B5V032341: postmaster notify: User unknown
Apr  5 22:00:12 splunk3 sendmail[32341]: n3650B5V032341: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 22:00:18 splunk3 sendmail[32375]: n3650IpR032375: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060500.n3650GTM026824@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:00:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58356 
Apr  5 22:00:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:00:18 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 22:00:18 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 22:00:18 splunk3 sendmail[32376]: n3650IpR032375: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:00:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:00:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:00:35 splunk3 sendmail[32462]: n3650ZeG032462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:01:13 splunk3 sendmail[32570]: n36511nc032570: from=root, size=443, class=0, nrcpts=1, msgid=<200904060501.n36511nc032570@splunk3.splunkit.com>, relay=root@localhost
Apr  5 22:01:13 splunk3 sendmail[32610]: n3651Dti032610: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060501.n36511nc032570@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 22:01:13 splunk3 sendmail[32570]: n36511nc032570: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3651Dti032610 Message accepted for delivery)
Apr  5 22:01:14 splunk3 sendmail[32611]: n3651Dti032610: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 22:01:35 splunk3 sendmail[32711]: n3651ZE3032711: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:02:35 splunk3 sendmail[479]: n3652ZAm000479: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:03:35 splunk3 sendmail[719]: n3653Zti000719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:04:35 splunk3 sendmail[953]: n3654Z3I000953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:05:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:05:19 splunk3 sendmail[1151]: n3655JkR001151: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060505.n3655I4f027506@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:05:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58413 
Apr  5 22:05:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:05:19 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 22:05:19 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 22:05:19 splunk3 sendmail[1152]: n3655JkR001151: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:05:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:05:23 splunk3 sendmail[27901]: n364gE3M027901: 118-165-65-158.dynamic.hinet.net [118.165.65.158] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:05:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:05:35 splunk3 sendmail[1216]: n3655ZP7001216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:06:35 splunk3 sendmail[1453]: n3656Z4r001453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:07:35 splunk3 sendmail[1693]: n3657Zoi001693: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:08:35 splunk3 sendmail[1931]: n3658Zpg001931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:09:35 splunk3 sendmail[2172]: n3659ZpX002172: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:10:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:10:02 splunk3 sendmail[2376]: n365A2GQ002376: from=root, size=292, class=0, nrcpts=1, msgid=<200904060510.n365A2GQ002376@splunk3.splunkit.com>, relay=root@localhost
Apr  5 22:10:02 splunk3 sendmail[2381]: n365A2MW002381: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060510.n365A2GQ002376@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 22:10:02 splunk3 sendmail[2376]: n365A2GQ002376: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n365A2MW002381 Message accepted for delivery)
Apr  5 22:10:03 splunk3 sendmail[2382]: n365A2MW002381: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 22:10:19 splunk3 sendmail[2473]: n365AJbC002473: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060510.n365AJAu028122@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:10:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58469 
Apr  5 22:10:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:10:19 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:10:19 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:10:19 splunk3 spamd[13783]: spamd: processing message <200904060510.n365AJAu028122@virt2.int.splunk.com> for spamme:501 
Apr  5 22:10:21 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  5 22:10:21 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58469,mid=<200904060510.n365AJAu028122@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:10:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:10:21 splunk3 sendmail[2474]: n365AJbC002473: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:10:26 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:10:35 splunk3 sendmail[2543]: n365AZ4r002543: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 22:11:35 splunk3 sendmail[2795]: n365BZ8A002795: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:12:35 splunk3 sendmail[3042]: n365CZM4003042: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:13:35 splunk3 sendmail[3284]: n365DZnj003284: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:14:35 splunk3 sendmail[3516]: n365EZ51003516: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:15:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:15:20 splunk3 sendmail[3742]: n365FKNn003742: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060515.n365FK52028905@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:15:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58526 
Apr  5 22:15:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:15:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:15:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:15:20 splunk3 spamd[13783]: spamd: processing message <200904060515.n365FK52028905@virt2.int.splunk.com> for spamme:501 
Apr  5 22:15:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 22:15:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58526,mid=<200904060515.n365FK52028905@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:15:23 splunk3 sendmail[3743]: n365FKNn003742: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:15:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:15:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:15:35 splunk3 sendmail[3807]: n365FZeP003807: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:16:35 splunk3 sendmail[4050]: n365GZ4e004050: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:17:35 splunk3 sendmail[4301]: n365HZTO004301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:18:35 splunk3 sendmail[4545]: n365IZx1004545: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:19:35 splunk3 sendmail[4786]: n365JZmG004786: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:20:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:20:21 splunk3 sendmail[4996]: n365KLMs004996: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060520.n365KLb6029544@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:20:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58582 
Apr  5 22:20:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:20:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:20:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:20:21 splunk3 spamd[13783]: spamd: processing message <200904060520.n365KLb6029544@virt2.int.splunk.com> for spamme:501 
Apr  5 22:20:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  5 22:20:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58582,mid=<200904060520.n365KLb6029544@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:20:23 splunk3 sendmail[4997]: n365KLMs004996: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:20:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:20:35 splunk3 sendmail[5062]: n365KZVG005062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:21:35 splunk3 sendmail[5336]: n365LZpS005336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:22:35 splunk3 sendmail[5572]: n365MZve005572: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:23:35 splunk3 sendmail[5815]: n365NZal005815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:24:35 splunk3 sendmail[6051]: n365OZgu006051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:25:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:25:24 splunk3 sendmail[6267]: n365PObu006267: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060525.n365PLM8030152@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:25:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58637 
Apr  5 22:25:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:25:24 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:25:24 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:25:24 splunk3 spamd[13783]: spamd: processing message <200904060525.n365PLM8030152@virt2.int.splunk.com> for spamme:501 
Apr  5 22:25:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:25:26 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 22:25:26 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58637,mid=<200904060525.n365PLM8030152@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:25:26 splunk3 sendmail[6269]: n365PObu006267: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:25:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:25:35 splunk3 sendmail[6314]: n365PZIO006314: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 22:26:35 splunk3 sendmail[6551]: n365QZgp006551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:27:35 splunk3 sendmail[6791]: n365RZYa006791: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:28:35 splunk3 sendmail[7024]: n365SZE8007024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:29:35 splunk3 sendmail[7262]: n365TZk9007262: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:30:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:30:24 splunk3 sendmail[7479]: n365UOL4007479: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060530.n365UOqQ030781@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:30:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58694 
Apr  5 22:30:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:30:24 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:30:24 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:30:24 splunk3 spamd[13783]: spamd: processing message <200904060530.n365UOqQ030781@virt2.int.splunk.com> for spamme:501 
Apr  5 22:30:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:30:26 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 22:30:26 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58694,mid=<200904060530.n365UOqQ030781@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:30:26 splunk3 sendmail[7480]: n365UOL4007479: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:30:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:30:35 splunk3 sendmail[7530]: n365UZP7007530: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:31:35 splunk3 sendmail[7774]: n365VZat007774: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:32:35 splunk3 sendmail[8008]: n365WZve008008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:33:35 splunk3 sendmail[8248]: n365XZGn008248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:34:35 splunk3 sendmail[8482]: n365YZSS008482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:35:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:35:25 splunk3 sendmail[8696]: n365ZO64008696: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060535.n365ZOM6031528@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:35:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58749 
Apr  5 22:35:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:35:25 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:35:25 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:35:25 splunk3 spamd[13783]: spamd: processing message <200904060535.n365ZOM6031528@virt2.int.splunk.com> for spamme:501 
Apr  5 22:35:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:35:27 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  5 22:35:27 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58749,mid=<200904060535.n365ZOM6031528@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:35:27 splunk3 sendmail[8697]: n365ZO64008696: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:35:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:35:35 splunk3 sendmail[8743]: n365ZZs1008743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:36:35 splunk3 sendmail[8978]: n365aZJD008978: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:37:35 splunk3 sendmail[9216]: n365bZEF009216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:38:35 splunk3 sendmail[9455]: n365cZ1v009455: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:39:35 splunk3 sendmail[9695]: n365dZso009695: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:40:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:40:25 splunk3 sendmail[9912]: n365ePJG009912: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060540.n365ePgO032161@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:40:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58805 
Apr  5 22:40:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:40:25 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:40:25 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:40:25 splunk3 spamd[13783]: spamd: processing message <200904060540.n365ePgO032161@virt2.int.splunk.com> for spamme:501 
Apr  5 22:40:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:40:27 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  5 22:40:27 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58805,mid=<200904060540.n365ePgO032161@virt2.int.splunk.com>,bayes=0.111870797763352,autolearn=no 
Apr  5 22:40:27 splunk3 sendmail[9913]: n365ePJG009912: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  5 22:40:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:40:35 splunk3 sendmail[9959]: n365eZBc009959: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 22:41:35 splunk3 sendmail[10201]: n365fZZF010201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:42:35 splunk3 sendmail[10438]: n365gZ9n010438: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:43:35 splunk3 sendmail[10676]: n365hZQs010676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:44:35 splunk3 sendmail[10910]: n365iZK8010910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:45:01 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:45:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:45:26 splunk3 sendmail[11129]: n365jPw5011129: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904060545.n365jPRC000306@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:45:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58861 
Apr  5 22:45:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:45:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:45:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:45:26 splunk3 spamd[13783]: spamd: processing message <200904060545.n365jPRC000306@virt2.int.splunk.com> for spamme:501 
Apr  5 22:45:28 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1302 bytes. 
Apr  5 22:45:28 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58861,mid=<200904060545.n365jPRC000306@virt2.int.splunk.com>,bayes=0.0659264823215424,autolearn=no 
Apr  5 22:45:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:45:28 splunk3 sendmail[11130]: n365jPw5011129: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 22:45:35 splunk3 sendmail[11174]: n365jZnn011174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:46:35 splunk3 sendmail[11408]: n365kZpP011408: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:47:35 splunk3 sendmail[11646]: n365lZnY011646: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:48:35 splunk3 sendmail[11882]: n365mZlT011882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:49:35 splunk3 sendmail[12132]: n365nZE4012132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:50:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:50:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:50:26 splunk3 sendmail[12349]: n365oQIM012349: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904060550.n365oQLw000927@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:50:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58917 
Apr  5 22:50:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:50:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:50:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:50:26 splunk3 spamd[13783]: spamd: processing message <200904060550.n365oQLw000927@virt2.int.splunk.com> for spamme:501 
Apr  5 22:50:28 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1302 bytes. 
Apr  5 22:50:28 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58917,mid=<200904060550.n365oQLw000927@virt2.int.splunk.com>,bayes=0.0659264823215424,autolearn=no 
Apr  5 22:50:28 splunk3 sendmail[12351]: n365oQIM012349: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  5 22:50:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:50:35 splunk3 sendmail[12394]: n365oZBH012394: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:51:35 splunk3 sendmail[12634]: n365pZWS012634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:52:35 splunk3 sendmail[12867]: n365qZl5012867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:53:35 splunk3 sendmail[13110]: n365rZjr013110: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:54:35 splunk3 sendmail[13385]: n365sZWT013385: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:55:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 22:55:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 22:55:27 splunk3 sendmail[13604]: n365tRJ7013604: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060555.n365tQJl001552@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 22:55:27 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58973 
Apr  5 22:55:27 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 22:55:27 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 22:55:27 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 22:55:27 splunk3 spamd[13783]: spamd: processing message <200904060555.n365tQJl001552@virt2.int.splunk.com> for spamme:501 
Apr  5 22:55:29 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 22:55:29 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58973,mid=<200904060555.n365tQJl001552@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 22:55:29 splunk3 sendmail[13605]: n365tRJ7013604: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 22:55:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 22:55:35 splunk3 sendmail[13648]: n365tZqn013648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 22:56:36 splunk3 sendmail[13885]: n365uava013885: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:57:36 splunk3 sendmail[14124]: n365vau2014124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:58:36 splunk3 sendmail[14358]: n365waoT014358: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 22:59:36 splunk3 sendmail[14596]: n365xaEQ014596: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:00:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:00:04 splunk3 sendmail[14785]: n36604GY014785: from=root, size=291, class=0, nrcpts=1, msgid=<200904060600.n36604GY014785@splunk3.splunkit.com>, relay=root@localhost
Apr  5 23:00:04 splunk3 sendmail[14789]: n36604AM014789: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060600.n36604GY014785@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 23:00:04 splunk3 sendmail[14785]: n36604GY014785: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36604AM014789 Message accepted for delivery)
Apr  5 23:00:05 splunk3 sendmail[14790]: n36604AM014789: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  5 23:00:16 splunk3 sendmail[14844]: n3660GuY014844: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060600.n3660GuY014844@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 23:00:16 splunk3 sendmail[14846]: n3660GuY014844: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  5 23:00:16 splunk3 sendmail[14846]: n3660GuY014844: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  5 23:00:16 splunk3 sendmail[14846]: n3660GuY014844: n3660GuY014846: postmaster notify: User unknown
Apr  5 23:00:17 splunk3 sendmail[14846]: n3660GuY014846: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  5 23:00:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:00:27 splunk3 sendmail[14904]: n3660RsJ014904: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060600.n3660RoM002211@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:00:27 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59037 
Apr  5 23:00:27 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:00:27 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 23:00:27 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 23:00:27 splunk3 sendmail[14905]: n3660RsJ014904: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:00:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:00:36 splunk3 sendmail[14947]: n3660aTZ014947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:01:15 splunk3 sendmail[15055]: n36611kK015055: from=root, size=443, class=0, nrcpts=1, msgid=<200904060601.n36611kK015055@splunk3.splunkit.com>, relay=root@localhost
Apr  5 23:01:15 splunk3 sendmail[15112]: n3661Fuf015112: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060601.n36611kK015055@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 23:01:15 splunk3 sendmail[15055]: n36611kK015055: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3661Fuf015112 Message accepted for delivery)
Apr  5 23:01:16 splunk3 sendmail[15113]: n3661Fuf015112: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  5 23:01:36 splunk3 sendmail[15199]: n3661auH015199: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:02:36 splunk3 sendmail[15438]: n3662aOP015438: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:03:36 splunk3 sendmail[15685]: n3663aFv015685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:04:36 splunk3 sendmail[15917]: n3664arl015917: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:05:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:05:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:05:28 splunk3 sendmail[16152]: n3665SjX016152: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060605.n3665RXX002933@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:05:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59094 
Apr  5 23:05:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:05:28 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  5 23:05:28 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  5 23:05:28 splunk3 sendmail[16153]: n3665SjX016152: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:05:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:05:36 splunk3 sendmail[16178]: n3665aBc016178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:06:36 splunk3 sendmail[16411]: n3666aKg016411: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:07:36 splunk3 sendmail[16650]: n3667a5f016650: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:08:36 splunk3 sendmail[16889]: n3668a9i016889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:09:36 splunk3 sendmail[17130]: n3669auN017130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:10:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:10:02 splunk3 sendmail[17330]: n366A2EV017330: from=root, size=292, class=0, nrcpts=1, msgid=<200904060610.n366A2EV017330@splunk3.splunkit.com>, relay=root@localhost
Apr  5 23:10:02 splunk3 sendmail[17335]: n366A2gw017335: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060610.n366A2EV017330@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  5 23:10:02 splunk3 sendmail[17330]: n366A2EV017330: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n366A2gw017335 Message accepted for delivery)
Apr  5 23:10:04 splunk3 sendmail[17336]: n366A2gw017335: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  5 23:10:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:10:28 splunk3 sendmail[17473]: n366ASTi017473: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060610.n366AS5j003526@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:10:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59150 
Apr  5 23:10:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:10:28 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:10:28 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:10:28 splunk3 spamd[13783]: spamd: processing message <200904060610.n366AS5j003526@virt2.int.splunk.com> for spamme:501 
Apr  5 23:10:30 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 23:10:30 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59150,mid=<200904060610.n366AS5j003526@virt2.int.splunk.com>,bayes=0.168740553747454,autolearn=no 
Apr  5 23:10:30 splunk3 sendmail[17474]: n366ASTi017473: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:10:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:10:35 splunk3 sendmail[17357]: n366A7xI017357: from=<sourceu@wolf-howl.com>, size=5687, class=0, nrcpts=1, msgid=<f56f019db880$9955daa6$88895a45@wolf-howl.com>, proto=ESMTP, daemon=MTA, relay=122-131.3-85.cust.bluewin.ch [85.3.131.122]
Apr  5 23:10:35 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59152 
Apr  5 23:10:35 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:10:35 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:10:35 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:10:35 splunk3 spamd[13783]: spamd: processing message <f56f019db880$9955daa6$88895a45@wolf-howl.com> for spamme:501 
Apr  5 23:10:36 splunk3 sendmail[17504]: n366Aav3017504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:10:37 splunk3 spamd[13783]: spamd: identified spam (35.5/5.0) for spamme:501 in 1.6 seconds, 6006 bytes. 
Apr  5 23:10:37 splunk3 spamd[13783]: spamd: result: Y 35 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL scantime=1.6,size=6006,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59152,mid=<f56f019db880$9955daa6$88895a45@wolf-howl.com>,bayes=1,autolearn=spam 
Apr  5 23:10:37 splunk3 sendmail[17499]: n366A7xI017357: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35911, dsn=2.0.0, stat=Sent
Apr  5 23:10:37 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 23:11:36 splunk3 sendmail[17744]: n366Ba3W017744: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:12:36 splunk3 sendmail[17979]: n366CaQr017979: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:13:36 splunk3 sendmail[18219]: n366DaFN018219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:14:36 splunk3 sendmail[18453]: n366Eaob018453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:15:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:15:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:15:28 splunk3 sendmail[18690]: n366FSCk018690: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060615.n366FSO5004328@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:15:28 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59208 
Apr  5 23:15:28 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:15:28 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:15:28 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:15:28 splunk3 spamd[13783]: spamd: processing message <200904060615.n366FSO5004328@virt2.int.splunk.com> for spamme:501 
Apr  5 23:15:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 23:15:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59208,mid=<200904060615.n366FSO5004328@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:15:31 splunk3 sendmail[18691]: n366FSCk018690: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:15:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:15:36 splunk3 sendmail[18715]: n366Falq018715: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:16:36 splunk3 sendmail[18953]: n366Ga9i018953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:17:36 splunk3 sendmail[19191]: n366HapS019191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:18:36 splunk3 sendmail[19427]: n366IajT019427: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:19:36 splunk3 sendmail[19664]: n366Japc019664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:20:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:20:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:20:29 splunk3 sendmail[19902]: n366KTfv019902: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060620.n366KTgr004942@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:20:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59263 
Apr  5 23:20:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:20:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:20:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:20:29 splunk3 spamd[13783]: spamd: processing message <200904060620.n366KTgr004942@virt2.int.splunk.com> for spamme:501 
Apr  5 23:20:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 23:20:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59263,mid=<200904060620.n366KTgr004942@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:20:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:20:31 splunk3 sendmail[19903]: n366KTfv019902: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:20:36 splunk3 sendmail[19928]: n366Kaxt019928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:21:36 splunk3 sendmail[20168]: n366La20020168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:22:36 splunk3 sendmail[20402]: n366MaON020402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:23:36 splunk3 sendmail[20647]: n366Nae6020647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:24:36 splunk3 sendmail[20882]: n366OaHR020882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:25:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:25:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:25:29 splunk3 sendmail[21117]: n366PTL4021117: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060625.n366PToC005573@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:25:29 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59319 
Apr  5 23:25:29 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:25:29 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:25:29 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:25:29 splunk3 spamd[13783]: spamd: processing message <200904060625.n366PToC005573@virt2.int.splunk.com> for spamme:501 
Apr  5 23:25:31 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  5 23:25:31 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59319,mid=<200904060625.n366PToC005573@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:25:31 splunk3 sendmail[21118]: n366PTL4021117: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:25:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:25:36 splunk3 sendmail[21143]: n366PaMF021143: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 23:26:36 splunk3 sendmail[21379]: n366QaRj021379: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:27:36 splunk3 sendmail[21618]: n366RaMs021618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:28:36 splunk3 sendmail[21853]: n366SaG3021853: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:29:36 splunk3 sendmail[22092]: n366TaxA022092: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:30:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:30:00 splunk3 sendmail[22196]: n366U0YW022196: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060630.n366U0O7006097@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:30:00 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59364 
Apr  5 23:30:00 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:30:00 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:30:00 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:30:00 splunk3 spamd[13783]: spamd: processing message <200904060630.n366U0O7006097@virt2.int.splunk.com> for spamme:501 
Apr  5 23:30:02 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  5 23:30:02 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59364,mid=<200904060630.n366U0O7006097@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:30:02 splunk3 sendmail[22197]: n366U0YW022196: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:30:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:30:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:30:36 splunk3 sendmail[22359]: n366UaMb022359: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:31:36 splunk3 sendmail[22599]: n366Va4p022599: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:32:36 splunk3 sendmail[22832]: n366WaU8022832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:33:36 splunk3 sendmail[23071]: n366XaJ0023071: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:34:36 splunk3 sendmail[23305]: n366YaXg023305: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:35:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:35:01 splunk3 sendmail[23412]: n366Z1FI023412: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060635.n366Z0lF006850@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:35:01 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59419 
Apr  5 23:35:01 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:35:01 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:35:01 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:35:01 splunk3 spamd[13783]: spamd: processing message <200904060635.n366Z0lF006850@virt2.int.splunk.com> for spamme:501 
Apr  5 23:35:03 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  5 23:35:03 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59419,mid=<200904060635.n366Z0lF006850@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:35:03 splunk3 sendmail[23413]: n366Z1FI023412: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:35:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:35:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:35:36 splunk3 sendmail[23569]: n366Zami023569: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:36:36 splunk3 sendmail[23803]: n366aaUj023803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:37:36 splunk3 sendmail[24043]: n366baIo024043: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:38:36 splunk3 sendmail[24282]: n366caFb024282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:39:36 splunk3 sendmail[24519]: n366daW0024519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:40:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:40:01 splunk3 sendmail[24629]: n366e1tK024629: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060640.n366e18W007460@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:40:01 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59475 
Apr  5 23:40:01 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:40:01 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:40:01 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:40:01 splunk3 spamd[13783]: spamd: processing message <200904060640.n366e18W007460@virt2.int.splunk.com> for spamme:501 
Apr  5 23:40:04 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  5 23:40:04 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59475,mid=<200904060640.n366e18W007460@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:40:04 splunk3 sendmail[24630]: n366e1tK024629: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:40:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:40:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:40:36 splunk3 sendmail[24782]: n366eaEF024782: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 23:41:36 splunk3 sendmail[25022]: n366faJr025022: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:42:36 splunk3 sendmail[25259]: n366gaou025259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:43:36 splunk3 sendmail[25496]: n366hapZ025496: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:44:36 splunk3 sendmail[25732]: n366ia5M025732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:45:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:45:01 splunk3 sendmail[25839]: n366j1gZ025839: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060645.n366j1xg008132@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:45:02 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59531 
Apr  5 23:45:02 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:45:02 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:45:02 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:45:02 splunk3 spamd[13783]: spamd: processing message <200904060645.n366j1xg008132@virt2.int.splunk.com> for spamme:501 
Apr  5 23:45:04 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  5 23:45:04 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59531,mid=<200904060645.n366j1xg008132@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:45:04 splunk3 sendmail[25840]: n366j1gZ025839: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:45:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:45:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:45:36 splunk3 sendmail[25995]: n366jaJP025995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:46:36 splunk3 sendmail[26230]: n366kap9026230: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:47:36 splunk3 sendmail[26468]: n366laUR026468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:48:36 splunk3 sendmail[26703]: n366mahm026703: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:49:36 splunk3 sendmail[26942]: n366naVF026942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:50:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:50:02 splunk3 sendmail[27068]: n366o2lt027068: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060650.n366o2Oh008743@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:50:02 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59587 
Apr  5 23:50:02 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:50:02 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:50:02 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:50:02 splunk3 spamd[13783]: spamd: processing message <200904060650.n366o2Oh008743@virt2.int.splunk.com> for spamme:501 
Apr  5 23:50:04 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  5 23:50:04 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59587,mid=<200904060650.n366o2Oh008743@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:50:04 splunk3 sendmail[27069]: n366o2lt027068: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:50:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:50:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:50:36 splunk3 sendmail[27205]: n366oaoj027205: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:51:36 splunk3 sendmail[27447]: n366padN027447: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:52:36 splunk3 sendmail[27681]: n366qaFe027681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:53:36 splunk3 sendmail[27928]: n366raxV027928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:54:36 splunk3 sendmail[28163]: n366satQ028163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:55:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  5 23:55:03 splunk3 sendmail[28286]: n366t30g028286: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060655.n366t2x1009352@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  5 23:55:03 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59642 
Apr  5 23:55:03 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  5 23:55:03 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  5 23:55:03 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  5 23:55:03 splunk3 spamd[13783]: spamd: processing message <200904060655.n366t2x1009352@virt2.int.splunk.com> for spamme:501 
Apr  5 23:55:05 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  5 23:55:05 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59642,mid=<200904060655.n366t2x1009352@virt2.int.splunk.com>,bayes=0.16873522611432,autolearn=no 
Apr  5 23:55:05 splunk3 sendmail[28287]: n366t30g028286: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  5 23:55:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  5 23:55:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  5 23:55:36 splunk3 sendmail[28425]: n366taY3028425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  5 23:56:36 splunk3 sendmail[28659]: n366ua3t028659: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:57:36 splunk3 sendmail[28899]: n366va5X028899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:58:36 splunk3 sendmail[29134]: n366wao4029134: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  5 23:59:36 splunk3 sendmail[29373]: n366xaMt029373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:00:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:00:04 splunk3 sendmail[29551]: n36704P7029551: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904060700.n36703J8009996@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:00:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59699 
Apr  6 00:00:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:00:04 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 00:00:04 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 00:00:04 splunk3 sendmail[29552]: n36704P7029551: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 00:00:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:00:04 splunk3 sendmail[29564]: n36704cV029564: from=root, size=291, class=0, nrcpts=1, msgid=<200904060700.n36704cV029564@splunk3.splunkit.com>, relay=root@localhost
Apr  6 00:00:04 splunk3 sendmail[29568]: n367045M029568: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060700.n36704cV029564@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 00:00:04 splunk3 sendmail[29564]: n36704cV029564: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n367045M029568 Message accepted for delivery)
Apr  6 00:00:06 splunk3 sendmail[29570]: n367045M029568: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 00:00:21 splunk3 sendmail[29647]: n3670LvV029647: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060700.n3670LvV029647@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 00:00:21 splunk3 sendmail[29649]: n3670LvV029647: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 00:00:21 splunk3 sendmail[29649]: n3670LvV029647: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 00:00:21 splunk3 sendmail[29649]: n3670LvV029647: n3670LvV029649: postmaster notify: User unknown
Apr  6 00:00:23 splunk3 sendmail[29649]: n3670LvV029649: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 00:00:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:00:36 splunk3 sendmail[29720]: n3670afi029720: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:01:06 splunk3 sendmail[29829]: n36711Jc029829: from=root, size=443, class=0, nrcpts=1, msgid=<200904060701.n36711Jc029829@splunk3.splunkit.com>, relay=root@localhost
Apr  6 00:01:06 splunk3 sendmail[29849]: n36716A5029849: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060701.n36711Jc029829@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 00:01:06 splunk3 sendmail[29829]: n36711Jc029829: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36716A5029849 Message accepted for delivery)
Apr  6 00:01:07 splunk3 sendmail[29850]: n36716A5029849: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 00:01:36 splunk3 sendmail[29973]: n3671ax0029973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:02:36 splunk3 sendmail[30209]: n3672aDj030209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:03:36 splunk3 sendmail[30446]: n3673a5P030446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:04:36 splunk3 sendmail[30681]: n3674ax7030681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:05:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:05:04 splunk3 sendmail[30807]: n36754Xc030807: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060705.n36754T8010678@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:05:04 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59764 
Apr  6 00:05:04 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:05:04 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 00:05:04 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 00:05:04 splunk3 sendmail[30808]: n36754Xc030807: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:05:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:05:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:05:36 splunk3 sendmail[30943]: n3675auL030943: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:06:36 splunk3 sendmail[31180]: n3676aoh031180: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:07:27 splunk3 sendmail[31379]: n3677ROq031379: from=<3LqrZSRQKBvsjrrjohdohuwv-qruhso1jrrjoh.frpvsdpphvsoxqnlw.frp@alerts.bounces.google.com>, size=2767, class=0, nrcpts=1, msgid=<00163628395e0a3ae80466dd8db1@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 00:07:27 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59794 
Apr  6 00:07:27 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:07:27 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 00:07:27 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 00:07:27 splunk3 sendmail[31396]: n3677ROq031379: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32982, dsn=2.0.0, stat=Sent
Apr  6 00:07:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:07:36 splunk3 sendmail[31421]: n3677aOm031421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:08:36 splunk3 sendmail[31660]: n3678aA8031660: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:09:00 splunk3 sendmail[31761]: n3678xG1031761: from=<3i6rZSRQKBlk7FF7C51C5IKJ-EFI5GCP7FF7C5.3FDJG1DD5JGCLEB9K.3FD@alerts.bounces.google.com>, size=6479, class=0, nrcpts=1, msgid=<001485f91dd292bba90466dd92d9@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.164]
Apr  6 00:09:00 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59809 
Apr  6 00:09:00 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:09:00 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 00:09:00 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 00:09:00 splunk3 sendmail[31762]: n3678xG1031761: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=36689, dsn=2.0.0, stat=Sent
Apr  6 00:09:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:09:36 splunk3 sendmail[31906]: n3679atG031906: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:10:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:10:02 splunk3 sendmail[32122]: n367A2sg032122: from=root, size=292, class=0, nrcpts=1, msgid=<200904060710.n367A2sg032122@splunk3.splunkit.com>, relay=root@localhost
Apr  6 00:10:02 splunk3 sendmail[32127]: n367A2dm032127: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060710.n367A2sg032122@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 00:10:02 splunk3 sendmail[32122]: n367A2sg032122: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n367A2dm032127 Message accepted for delivery)
Apr  6 00:10:03 splunk3 sendmail[32128]: n367A2dm032127: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 00:10:05 splunk3 sendmail[32133]: n367A5X8032133: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060710.n367A4s9011290@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:10:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59822 
Apr  6 00:10:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:10:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:10:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:10:05 splunk3 spamd[13783]: spamd: processing message <200904060710.n367A4s9011290@virt2.int.splunk.com> for spamme:501 
Apr  6 00:10:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 00:10:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59822,mid=<200904060710.n367A4s9011290@virt2.int.splunk.com>,bayes=0.111866360427549,autolearn=no 
Apr  6 00:10:07 splunk3 sendmail[32134]: n367A5X8032133: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:10:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:10:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:10:36 splunk3 sendmail[32272]: n367AahB032272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 00:11:36 splunk3 sendmail[32512]: n367BaGP032512: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:12:36 splunk3 sendmail[32749]: n367CaCV032749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:13:36 splunk3 sendmail[520]: n367Daih000520: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:14:36 splunk3 sendmail[754]: n367EaFu000754: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:15:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:15:05 splunk3 sendmail[879]: n367F5rn000879: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060715.n367F5u8012076@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:15:05 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59879 
Apr  6 00:15:05 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:15:05 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:15:05 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:15:05 splunk3 spamd[13783]: spamd: processing message <200904060715.n367F5u8012076@virt2.int.splunk.com> for spamme:501 
Apr  6 00:15:07 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 00:15:07 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59879,mid=<200904060715.n367F5u8012076@virt2.int.splunk.com>,bayes=0.111866360427549,autolearn=no 
Apr  6 00:15:07 splunk3 sendmail[880]: n367F5rn000879: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:15:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:15:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:15:36 splunk3 sendmail[1016]: n367FajP001016: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:16:36 splunk3 sendmail[1254]: n367GaZq001254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:17:36 splunk3 sendmail[1492]: n367Havi001492: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:18:36 splunk3 sendmail[1727]: n367Iaao001727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:19:36 splunk3 sendmail[1968]: n367JaPu001968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:19:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:20:06 splunk3 sendmail[2095]: n367K66V002095: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060720.n367K5Lv012709@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:20:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59934 
Apr  6 00:20:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:20:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:20:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:20:06 splunk3 spamd[13783]: spamd: processing message <200904060720.n367K5Lv012709@virt2.int.splunk.com> for spamme:501 
Apr  6 00:20:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 00:20:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59934,mid=<200904060720.n367K5Lv012709@virt2.int.splunk.com>,bayes=0.111866360427549,autolearn=no 
Apr  6 00:20:08 splunk3 sendmail[2096]: n367K66V002095: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:20:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:20:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:20:36 splunk3 sendmail[2233]: n367Ka1w002233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:21:36 splunk3 sendmail[2473]: n367LaHA002473: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:22:36 splunk3 sendmail[2715]: n367Mans002715: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:23:36 splunk3 sendmail[2969]: n367Nahg002969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:24:36 splunk3 sendmail[3210]: n367OaRF003210: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:25:00 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:25:06 splunk3 sendmail[3333]: n367P6ms003333: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060725.n367P6SB013317@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:25:06 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59990 
Apr  6 00:25:06 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:25:06 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:25:06 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:25:06 splunk3 spamd[13783]: spamd: processing message <200904060725.n367P6SB013317@virt2.int.splunk.com> for spamme:501 
Apr  6 00:25:08 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 00:25:08 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59990,mid=<200904060725.n367P6SB013317@virt2.int.splunk.com>,bayes=0.111866360427549,autolearn=no 
Apr  6 00:25:08 splunk3 sendmail[3335]: n367P6ms003333: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:25:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:25:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:25:36 splunk3 sendmail[3469]: n367PahJ003469: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 00:26:36 splunk3 sendmail[3736]: n367QaWe003736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:27:36 splunk3 sendmail[3978]: n367RaXs003978: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:28:36 splunk3 sendmail[4229]: n367SaEs004229: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:29:36 splunk3 sendmail[4479]: n367TaOb004479: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:29:53 splunk3 sendmail[4143]: n367SHGv004143: from=<sinclairm@deleteddomains.com>, size=5730, class=0, nrcpts=1, msgid=<9dba019dbd43$1004521d$7a2b53d9@deleteddomains.com>, proto=ESMTP, daemon=MTA, relay=beamcablesystem.in [124.123.159.149] (may be forged)
Apr  6 00:29:53 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60044 
Apr  6 00:29:53 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:29:53 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:29:53 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:29:53 splunk3 spamd[13783]: spamd: processing message <9dba019dbd43$1004521d$7a2b53d9@deleteddomains.com> for spamme:501 
Apr  6 00:29:56 splunk3 spamd[13783]: spamd: identified spam (27.9/5.0) for spamme:501 in 2.9 seconds, 6062 bytes. 
Apr  6 00:29:56 splunk3 spamd[13783]: spamd: result: Y 27 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.9,size=6062,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60044,mid=<9dba019dbd43$1004521d$7a2b53d9@deleteddomains.com>,bayes=1,autolearn=spam 
Apr  6 00:29:56 splunk3 sendmail[4557]: n367SHGv004143: to=<spamme@splunkit.com>, delay=00:00:24, xdelay=00:00:03, mailer=local, pri=35953, dsn=2.0.0, stat=Sent
Apr  6 00:29:56 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:29:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:30:07 splunk3 sendmail[4629]: n367U7fn004629: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060730.n367U6SO013936@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:30:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60047 
Apr  6 00:30:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:30:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:30:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:30:07 splunk3 spamd[13783]: spamd: processing message <200904060730.n367U6SO013936@virt2.int.splunk.com> for spamme:501 
Apr  6 00:30:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 00:30:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60047,mid=<200904060730.n367U6SO013936@virt2.int.splunk.com>,bayes=0.111861923452384,autolearn=no 
Apr  6 00:30:09 splunk3 sendmail[4630]: n367U7fn004629: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:30:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:30:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:30:36 splunk3 sendmail[4748]: n367Uadg004748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:31:36 splunk3 sendmail[5000]: n367VaKb005000: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:32:36 splunk3 sendmail[5269]: n367Wahg005269: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:33:36 splunk3 sendmail[5514]: n367XaKo005514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:34:36 splunk3 sendmail[5749]: n367YakH005749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:34:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:35:07 splunk3 sendmail[5890]: n367Z7Gp005890: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060735.n367Z7bC014679@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:35:07 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60103 
Apr  6 00:35:07 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:35:07 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:35:07 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:35:07 splunk3 spamd[13783]: spamd: processing message <200904060735.n367Z7bC014679@virt2.int.splunk.com> for spamme:501 
Apr  6 00:35:09 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 00:35:09 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60103,mid=<200904060735.n367Z7bC014679@virt2.int.splunk.com>,bayes=0.111861923452384,autolearn=no 
Apr  6 00:35:09 splunk3 sendmail[5891]: n367Z7Gp005890: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:35:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:35:25 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:35:36 splunk3 sendmail[6010]: n367Za41006010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:36:36 splunk3 sendmail[6246]: n367aa2h006246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:37:36 splunk3 sendmail[6484]: n367baFE006484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:38:36 splunk3 sendmail[6724]: n367caYa006724: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:39:36 splunk3 sendmail[6960]: n367da4V006960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:39:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:40:08 splunk3 sendmail[7103]: n367e8su007103: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060740.n367e7Wq015325@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:40:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60158 
Apr  6 00:40:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:40:08 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:40:08 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:40:08 splunk3 spamd[13783]: spamd: processing message <200904060740.n367e7Wq015325@virt2.int.splunk.com> for spamme:501 
Apr  6 00:40:10 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 00:40:10 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60158,mid=<200904060740.n367e7Wq015325@virt2.int.splunk.com>,bayes=0.111861923452384,autolearn=no 
Apr  6 00:40:10 splunk3 sendmail[7104]: n367e8su007103: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:40:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:40:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:40:36 splunk3 sendmail[7225]: n367ea5r007225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 00:41:36 splunk3 sendmail[7466]: n367faeN007466: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:42:36 splunk3 sendmail[7725]: n367gacW007725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:43:36 splunk3 sendmail[7962]: n367haSa007962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:44:34 splunk3 sendmail[8160]: n367iWqB008160: from=<spamgone@zedpeejay.com>, size=6426, class=0, nrcpts=1, msgid=<20090406144436.3435.qmail@ppp78-37-196-111.pppoe.avangarddsl.ru>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=ppp78-37-196-111.pppoe.avangarddsl.ru [78.37.196.111]
Apr  6 00:44:34 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60210 
Apr  6 00:44:34 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:44:34 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:44:34 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:44:34 splunk3 spamd[13783]: spamd: processing message <20090406144436.3435.qmail@ppp78-37-196-111.pppoe.avangarddsl.ru> for spamme:501 
Apr  6 00:44:36 splunk3 sendmail[8202]: n367iaUu008202: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:44:39 splunk3 spamd[13783]: spamd: identified spam (28.6/5.0) for spamme:501 in 5.1 seconds, 6735 bytes. 
Apr  6 00:44:39 splunk3 spamd[13783]: spamd: result: Y 28 - AWL,BAYES_99,DRUGS_ERECTILE,DRUG_ED_CAPS,HELO_DYNAMIC_IPADDR,HTML_90_100,HTML_FONT_FACE_BAD,HTML_MESSAGE,MIME_HTML_ONLY,NO_REAL_NAME,RCVD_IN_SORBS_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=5.1,size=6735,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60210,mid=<20090406144436.3435.qmail@ppp78-37-196-111.pppoe.avangarddsl.ru>,bayes=1,autolearn=spam 
Apr  6 00:44:39 splunk3 sendmail[8180]: n367iWqB008160: to=<spamme@splunkit.com>, delay=00:00:06, xdelay=00:00:05, mailer=local, pri=36705, dsn=2.0.0, stat=Sent
Apr  6 00:44:39 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:44:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:45:08 splunk3 sendmail[8329]: n367j8GQ008329: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060745.n367j8dK015939@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:45:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60216 
Apr  6 00:45:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:45:08 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:45:08 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:45:08 splunk3 spamd[13783]: spamd: processing message <200904060745.n367j8dK015939@virt2.int.splunk.com> for spamme:501 
Apr  6 00:45:10 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 00:45:10 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60216,mid=<200904060745.n367j8dK015939@virt2.int.splunk.com>,bayes=0.111854514724501,autolearn=no 
Apr  6 00:45:10 splunk3 sendmail[8330]: n367j8GQ008329: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:45:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:45:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:45:36 splunk3 sendmail[8464]: n367ja9M008464: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:46:36 splunk3 sendmail[8698]: n367kaKo008698: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:47:36 splunk3 sendmail[8940]: n367lak0008940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:48:36 splunk3 sendmail[9175]: n367maab009175: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:49:36 splunk3 sendmail[9413]: n367natb009413: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:49:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:50:09 splunk3 sendmail[9543]: n367o9TK009543: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060750.n367o9gE016548@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:50:09 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60272 
Apr  6 00:50:09 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:50:09 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:50:09 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:50:09 splunk3 spamd[13783]: spamd: processing message <200904060750.n367o9gE016548@virt2.int.splunk.com> for spamme:501 
Apr  6 00:50:11 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 00:50:11 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60272,mid=<200904060750.n367o9gE016548@virt2.int.splunk.com>,bayes=0.111854514724501,autolearn=no 
Apr  6 00:50:11 splunk3 sendmail[9544]: n367o9TK009543: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:50:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:50:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:50:36 splunk3 sendmail[9677]: n367oatA009677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:51:36 splunk3 sendmail[9918]: n367paTV009918: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:52:26 splunk3 sendmail[9939]: n367pjkH009939: from=<swanev@wolf-howl.com>, size=5717, class=0, nrcpts=1, msgid=<d1b3019dbcd3$a296c6cb$61aedcd9@wolf-howl.com>, proto=ESMTP, daemon=MTA, relay=ABTS-KK-dynamic-176.245.167.122.airtelbroadband.in [122.167.245.176] (may be forged)
Apr  6 00:52:26 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60300 
Apr  6 00:52:26 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:52:26 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:52:26 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:52:26 splunk3 spamd[13783]: spamd: processing message <d1b3019dbcd3$a296c6cb$61aedcd9@wolf-howl.com> for spamme:501 
Apr  6 00:52:28 splunk3 spamd[13783]: spamd: identified spam (33.4/5.0) for spamme:501 in 1.9 seconds, 6097 bytes. 
Apr  6 00:52:28 splunk3 spamd[13783]: spamd: result: Y 33 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=1.9,size=6097,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60300,mid=<d1b3019dbcd3$a296c6cb$61aedcd9@wolf-howl.com>,bayes=1,autolearn=spam 
Apr  6 00:52:28 splunk3 sendmail[10113]: n367pjkH009939: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:02, mailer=local, pri=36004, dsn=2.0.0, stat=Sent
Apr  6 00:52:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:52:36 splunk3 sendmail[10159]: n367qatu010159: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:53:36 splunk3 sendmail[10401]: n367ras8010401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:54:36 splunk3 sendmail[10638]: n367saDx010638: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:54:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 00:55:10 splunk3 sendmail[10763]: n367tAZc010763: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060755.n367t99w017159@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 00:55:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60328 
Apr  6 00:55:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:55:10 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:55:10 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:55:10 splunk3 spamd[13783]: spamd: processing message <200904060755.n367t99w017159@virt2.int.splunk.com> for spamme:501 
Apr  6 00:55:12 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 00:55:12 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60328,mid=<200904060755.n367t99w017159@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 00:55:12 splunk3 sendmail[10764]: n367tAZc010763: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 00:55:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:55:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 00:55:36 splunk3 sendmail[10899]: n367ta0b010899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 00:56:36 splunk3 sendmail[11135]: n367uavf011135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:57:36 splunk3 sendmail[11375]: n367vauT011375: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:58:18 splunk3 sendmail[11511]: n367wGks011511: from=<spamme@splunkit.com>, size=4102, class=0, nrcpts=1, msgid=<05ac01c9b69e$34815930$7b82fe4d@olszak-1ca5a925>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=77-254-130-123.adsl.inetia.pl [77.254.130.123]
Apr  6 00:58:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60366 
Apr  6 00:58:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 00:58:18 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 00:58:18 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 00:58:18 splunk3 spamd[13783]: spamd: processing message <05ac01c9b69e$34815930$7b82fe4d@olszak-1ca5a925> for spamme:501 
Apr  6 00:58:20 splunk3 spamd[13783]: spamd: identified spam (22.5/5.0) for spamme:501 in 2.4 seconds, 4396 bytes. 
Apr  6 00:58:20 splunk3 spamd[13783]: spamd: result: Y 22 - ADDRESS_IN_SUBJECT,BAYES_99,FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_32,HTML_MESSAGE,INVALID_DATE,SUBJ_HAS_UNIQ_ID,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL scantime=2.4,size=4396,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60366,mid=<05ac01c9b69e$34815930$7b82fe4d@olszak-1ca5a925>,bayes=1,autolearn=no 
Apr  6 00:58:20 splunk3 sendmail[11533]: n367wGks011511: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=34314, dsn=2.0.0, stat=Sent
Apr  6 00:58:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 00:58:36 splunk3 sendmail[11615]: n367wa0O011615: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:59:36 splunk3 sendmail[11853]: n367xakM011853: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 00:59:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:00:04 splunk3 sendmail[12023]: n36804WR012023: from=root, size=291, class=0, nrcpts=1, msgid=<200904060800.n36804WR012023@splunk3.splunkit.com>, relay=root@localhost
Apr  6 01:00:04 splunk3 sendmail[12027]: n36804ZT012027: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060800.n36804WR012023@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 01:00:04 splunk3 sendmail[12023]: n36804WR012023: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36804ZT012027 Message accepted for delivery)
Apr  6 01:00:05 splunk3 sendmail[12028]: n36804ZT012027: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 01:00:10 splunk3 sendmail[12052]: n3680A1V012052: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060800.n3680AlK017799@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:00:10 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60387 
Apr  6 01:00:10 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:00:10 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 01:00:10 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 01:00:10 splunk3 sendmail[12054]: n3680A1V012052: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:00:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:00:15 splunk3 sendmail[12075]: n3680F6p012075: ruleset=check_rcpt, arg1=<bibiorm@gmail.com>, relay=118-160-238-153.dynamic.hinet.net [118.160.238.153], reject=550 5.7.1 <bibiorm@gmail.com>... Relaying denied
Apr  6 01:00:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:00:28 splunk3 sendmail[12149]: n3680Se1012149: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060800.n3680Se1012149@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 01:00:28 splunk3 sendmail[12151]: n3680Se1012149: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 01:00:28 splunk3 sendmail[12151]: n3680Se1012149: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 01:00:28 splunk3 sendmail[12151]: n3680Se1012149: n3680Se1012151: postmaster notify: User unknown
Apr  6 01:00:30 splunk3 sendmail[12151]: n3680Se1012151: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 01:00:36 splunk3 sendmail[12201]: n3680agJ012201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:01:04 splunk3 sendmail[12294]: n36811Zo012294: from=root, size=443, class=0, nrcpts=1, msgid=<200904060801.n36811Zo012294@splunk3.splunkit.com>, relay=root@localhost
Apr  6 01:01:04 splunk3 sendmail[12313]: n36814wa012313: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060801.n36811Zo012294@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 01:01:04 splunk3 sendmail[12294]: n36811Zo012294: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36814wa012313 Message accepted for delivery)
Apr  6 01:01:07 splunk3 sendmail[12314]: n36814wa012313: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 01:01:36 splunk3 sendmail[12454]: n3681aKO012454: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:02:36 splunk3 sendmail[12687]: n3682a6h012687: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:03:36 splunk3 sendmail[12925]: n3683aRC012925: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:04:36 splunk3 sendmail[13159]: n3684awS013159: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:04:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:05:11 splunk3 sendmail[13318]: n3685Bbd013318: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060805.n3685AKX018482@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:05:11 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60450 
Apr  6 01:05:11 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:05:11 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 01:05:11 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 01:05:11 splunk3 sendmail[13319]: n3685Bbd013318: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:05:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:05:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:05:36 splunk3 sendmail[13460]: n3685ahc013460: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:06:36 splunk3 sendmail[13696]: n3686a7o013696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:07:36 splunk3 sendmail[13934]: n3687awU013934: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:08:36 splunk3 sendmail[14174]: n3688aTd014174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:09:37 splunk3 sendmail[14412]: n3689bUJ014412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:09:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:10:02 splunk3 sendmail[14615]: n368A25a014615: from=root, size=292, class=0, nrcpts=1, msgid=<200904060810.n368A25a014615@splunk3.splunkit.com>, relay=root@localhost
Apr  6 01:10:02 splunk3 sendmail[14620]: n368A2s7014620: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060810.n368A25a014615@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 01:10:02 splunk3 sendmail[14615]: n368A25a014615: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n368A2s7014620 Message accepted for delivery)
Apr  6 01:10:03 splunk3 sendmail[14621]: n368A2s7014620: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 01:10:11 splunk3 sendmail[14661]: n368ABip014661: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060810.n368ABW5019102@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:10:11 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60507 
Apr  6 01:10:11 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:10:11 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:10:11 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:10:11 splunk3 spamd[13783]: spamd: processing message <200904060810.n368ABW5019102@virt2.int.splunk.com> for spamme:501 
Apr  6 01:10:13 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 01:10:13 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60507,mid=<200904060810.n368ABW5019102@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:10:13 splunk3 sendmail[14662]: n368ABip014661: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:10:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:10:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:10:37 splunk3 sendmail[14781]: n368AbBL014781: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 01:11:37 splunk3 sendmail[15022]: n368Bb9U015022: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:12:37 splunk3 sendmail[15258]: n368CbV8015258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:13:37 splunk3 sendmail[15506]: n368Db7H015506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:14:37 splunk3 sendmail[15739]: n368EbnU015739: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:14:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:15:12 splunk3 sendmail[15882]: n368FCUx015882: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060815.n368FBTi019884@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:15:12 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60563 
Apr  6 01:15:12 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:15:12 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:15:12 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:15:12 splunk3 spamd[13783]: spamd: processing message <200904060815.n368FBTi019884@virt2.int.splunk.com> for spamme:501 
Apr  6 01:15:14 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 01:15:14 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60563,mid=<200904060815.n368FBTi019884@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:15:14 splunk3 sendmail[15883]: n368FCUx015882: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:15:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:15:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:15:37 splunk3 sendmail[16002]: n368FbSm016002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:16:37 splunk3 sendmail[16236]: n368Gbo7016236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:17:37 splunk3 sendmail[16473]: n368HbEX016473: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:18:37 splunk3 sendmail[16710]: n368IbB9016710: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:19:37 splunk3 sendmail[16948]: n368JbMr016948: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:19:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:20:12 splunk3 sendmail[17107]: n368KC0n017107: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060820.n368KClj020519@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:20:12 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60627 
Apr  6 01:20:12 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:20:12 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:20:12 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:20:12 splunk3 spamd[13783]: spamd: processing message <200904060820.n368KClj020519@virt2.int.splunk.com> for spamme:501 
Apr  6 01:20:14 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 01:20:14 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60627,mid=<200904060820.n368KClj020519@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:20:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:20:14 splunk3 sendmail[17108]: n368KC0n017107: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:20:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:20:37 splunk3 sendmail[17212]: n368KbvV017212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:21:37 splunk3 sendmail[17453]: n368LbwN017453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:22:37 splunk3 sendmail[17690]: n368Mb2K017690: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:23:37 splunk3 sendmail[17931]: n368NboE017931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:24:37 splunk3 sendmail[18166]: n368ObcO018166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:24:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:25:12 splunk3 sendmail[18322]: n368PCUV018322: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060825.n368PCdt021131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:25:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60682 
Apr  6 01:25:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:25:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:25:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:25:13 splunk3 spamd[13783]: spamd: processing message <200904060825.n368PCdt021131@virt2.int.splunk.com> for spamme:501 
Apr  6 01:25:15 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 01:25:15 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60682,mid=<200904060825.n368PCdt021131@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:25:15 splunk3 sendmail[18323]: n368PCUV018322: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:25:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:25:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:25:37 splunk3 sendmail[18428]: n368Pbmp018428: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 01:26:37 splunk3 sendmail[18664]: n368Qbie018664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:27:37 splunk3 sendmail[18903]: n368RbbF018903: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:28:37 splunk3 sendmail[19138]: n368Sb1t019138: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:29:37 splunk3 sendmail[19377]: n368TbT0019377: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:29:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:30:13 splunk3 sendmail[19534]: n368UDEs019534: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060830.n368UDnV021748@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:30:13 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60739 
Apr  6 01:30:13 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:30:13 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:30:13 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:30:13 splunk3 spamd[13783]: spamd: processing message <200904060830.n368UDnV021748@virt2.int.splunk.com> for spamme:501 
Apr  6 01:30:15 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 01:30:15 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60739,mid=<200904060830.n368UDnV021748@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:30:15 splunk3 sendmail[19535]: n368UDEs019534: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:30:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:30:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:30:37 splunk3 sendmail[19640]: n368UbjY019640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:31:37 splunk3 sendmail[19879]: n368Vbao019879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:32:37 splunk3 sendmail[20112]: n368WbxG020112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:33:37 splunk3 sendmail[20349]: n368Xb15020349: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:34:37 splunk3 sendmail[20584]: n368Ybr2020584: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:34:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:35:14 splunk3 sendmail[20742]: n368ZEdF020742: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060835.n368ZDc7022499@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:35:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60794 
Apr  6 01:35:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:35:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:35:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:35:14 splunk3 spamd[13783]: spamd: processing message <200904060835.n368ZDc7022499@virt2.int.splunk.com> for spamme:501 
Apr  6 01:35:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 01:35:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60794,mid=<200904060835.n368ZDc7022499@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:35:16 splunk3 sendmail[20743]: n368ZEdF020742: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:35:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:35:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:35:37 splunk3 sendmail[20846]: n368Zbju020846: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:36:37 splunk3 sendmail[21083]: n368ab4N021083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:37:37 splunk3 sendmail[21320]: n368bbmj021320: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:38:37 splunk3 sendmail[21559]: n368cb2u021559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:39:37 splunk3 sendmail[21800]: n368dbBf021800: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:39:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:40:14 splunk3 sendmail[21957]: n368eEcF021957: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060840.n368eExK023131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:40:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60850 
Apr  6 01:40:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:40:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:40:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:40:14 splunk3 spamd[13783]: spamd: processing message <200904060840.n368eExK023131@virt2.int.splunk.com> for spamme:501 
Apr  6 01:40:16 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 01:40:16 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60850,mid=<200904060840.n368eExK023131@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:40:16 splunk3 sendmail[21958]: n368eEcF021957: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:40:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:40:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:40:37 splunk3 sendmail[22064]: n368ebJm022064: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 01:41:37 splunk3 sendmail[22305]: n368fbeT022305: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:42:37 splunk3 sendmail[22541]: n368gbSM022541: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:43:37 splunk3 sendmail[22779]: n368hbYL022779: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:44:37 splunk3 sendmail[23012]: n368ibpc023012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:44:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:45:14 splunk3 sendmail[23171]: n368jEpG023171: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060845.n368jEf9023772@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:45:14 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60907 
Apr  6 01:45:14 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:45:14 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:45:14 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:45:15 splunk3 spamd[13783]: spamd: processing message <200904060845.n368jEf9023772@virt2.int.splunk.com> for spamme:501 
Apr  6 01:45:19 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  6 01:45:19 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60907,mid=<200904060845.n368jEf9023772@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:45:19 splunk3 sendmail[23172]: n368jEpG023171: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:05, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:45:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:45:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:45:37 splunk3 sendmail[23275]: n368jbZA023275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:46:37 splunk3 sendmail[23511]: n368kbZ1023511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:47:37 splunk3 sendmail[23748]: n368lbZV023748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:48:34 splunk3 sendmail[23965]: n368mYNN023965: ruleset=check_rcpt, arg1=<bibiorm@gmail.com>, relay=118-169-209-119.dynamic.hinet.net [118.169.209.119], reject=550 5.7.1 <bibiorm@gmail.com>... Relaying denied
Apr  6 01:48:37 splunk3 sendmail[23983]: n368mbB8023983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:49:37 splunk3 sendmail[24220]: n368nbxl024220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:49:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:50:15 splunk3 sendmail[24379]: n368oFrs024379: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060850.n368oFm4024385@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:50:15 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60962 
Apr  6 01:50:15 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:50:15 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:50:15 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:50:15 splunk3 spamd[13783]: spamd: processing message <200904060850.n368oFm4024385@virt2.int.splunk.com> for spamme:501 
Apr  6 01:50:17 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  6 01:50:17 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60962,mid=<200904060850.n368oFm4024385@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:50:17 splunk3 sendmail[24380]: n368oFrs024379: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:50:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:50:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:50:37 splunk3 sendmail[24484]: n368obxx024484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:51:37 splunk3 sendmail[24723]: n368pbUJ024723: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:52:37 splunk3 sendmail[24958]: n368qbV9024958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:53:37 splunk3 sendmail[25201]: n368rblk025201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:54:37 splunk3 sendmail[25435]: n368sbxK025435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:54:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 01:55:16 splunk3 sendmail[25597]: n368tGk4025597: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060855.n368tGgE024991@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 01:55:16 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32786 
Apr  6 01:55:16 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 01:55:16 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 01:55:16 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 01:55:16 splunk3 spamd[13783]: spamd: processing message <200904060855.n368tGgE024991@virt2.int.splunk.com> for spamme:501 
Apr  6 01:55:18 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 01:55:18 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32786,mid=<200904060855.n368tGgE024991@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 01:55:18 splunk3 sendmail[25598]: n368tGk4025597: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 01:55:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 01:55:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 01:55:37 splunk3 sendmail[25697]: n368tbXK025697: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 01:56:37 splunk3 sendmail[25935]: n368ubM2025935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:57:37 splunk3 sendmail[26176]: n368vbVC026176: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:58:18 splunk3 sendmail[11511]: n367wGkt011511: timeout waiting for input from 77-254-130-123.adsl.inetia.pl during server cmd read
Apr  6 01:58:37 splunk3 sendmail[26409]: n368wbKH026409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:59:37 splunk3 sendmail[26648]: n368xbF4026648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 01:59:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:00:04 splunk3 sendmail[26820]: n36904q0026820: from=root, size=291, class=0, nrcpts=1, msgid=<200904060900.n36904q0026820@splunk3.splunkit.com>, relay=root@localhost
Apr  6 02:00:04 splunk3 sendmail[26824]: n36904AS026824: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904060900.n36904q0026820@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 02:00:04 splunk3 sendmail[26820]: n36904q0026820: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36904AS026824 Message accepted for delivery)
Apr  6 02:00:05 splunk3 sendmail[26825]: n36904AS026824: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 02:00:09 splunk3 sendmail[26859]: n369096D026859: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904060900.n369096D026859@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 02:00:09 splunk3 sendmail[26861]: n369096D026859: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 02:00:09 splunk3 sendmail[26861]: n369096D026859: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 02:00:09 splunk3 sendmail[26861]: n369096D026859: n369096D026861: postmaster notify: User unknown
Apr  6 02:00:11 splunk3 sendmail[26861]: n369096D026861: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 02:00:15 splunk3 sendmail[12075]: n3680F6p012075: timeout waiting for input from 118-160-238-153.dynamic.hinet.net during server cmd read
Apr  6 02:00:15 splunk3 sendmail[12075]: n3680F6p012075: lost input channel from 118-160-238-153.dynamic.hinet.net [118.160.238.153] to MTA after rcpt
Apr  6 02:00:15 splunk3 sendmail[12075]: n3680F6p012075: from=<neal_chen99@gmail.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-160-238-153.dynamic.hinet.net [118.160.238.153]
Apr  6 02:00:17 splunk3 sendmail[26914]: n3690HJS026914: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060900.n3690GVL025634@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:00:17 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32851 
Apr  6 02:00:17 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:00:17 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 02:00:17 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 02:00:17 splunk3 sendmail[26915]: n3690HJS026914: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:00:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:00:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:00:37 splunk3 sendmail[26997]: n3690bxD026997: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:01:05 splunk3 sendmail[27102]: n36911ku027102: from=root, size=443, class=0, nrcpts=1, msgid=<200904060901.n36911ku027102@splunk3.splunkit.com>, relay=root@localhost
Apr  6 02:01:05 splunk3 sendmail[27108]: n36915t2027108: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904060901.n36911ku027102@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 02:01:05 splunk3 sendmail[27102]: n36911ku027102: to=root, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36915t2027108 Message accepted for delivery)
Apr  6 02:01:07 splunk3 sendmail[27109]: n36915t2027108: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 02:01:37 splunk3 sendmail[27249]: n3691bH1027249: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:02:08 splunk3 sendmail[27348]: n36926bT027348: from=<spamme@splunkit.com>, size=2764, class=0, nrcpts=1, msgid=<200904060902.n36926bT027348@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=84.121.62.82.dyn.user.ono.com [84.121.62.82]
Apr  6 02:02:08 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32869 
Apr  6 02:02:08 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:02:08 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 02:02:08 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 02:02:08 splunk3 sendmail[27368]: n36926bT027348: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=33095, dsn=2.0.0, stat=Sent
Apr  6 02:02:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:02:37 splunk3 sendmail[27489]: n3692bEo027489: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:03:37 splunk3 sendmail[27727]: n3693bvU027727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:04:37 splunk3 sendmail[27962]: n3694bph027962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:04:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:05:18 splunk3 sendmail[28139]: n3695InB028139: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060905.n3695HCB026315@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:05:18 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32909 
Apr  6 02:05:18 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:05:18 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 02:05:18 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 02:05:18 splunk3 sendmail[28140]: n3695InB028139: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:05:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:05:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:05:37 splunk3 sendmail[28220]: n3695bZ0028220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:06:25 splunk3 sendmail[28402]: n3696OSp028402: from=<kaye-esignful@Avueffe.Com>, size=1899, class=0, nrcpts=1, msgid=<200904060906.n3696OSp028402@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=c-71-204-189-112.hsd1.ca.comcast.net [71.204.189.112]
Apr  6 02:06:25 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32920 
Apr  6 02:06:25 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:06:25 splunk3 spamd[13783]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 02:06:25 splunk3 spamd[13783]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 02:06:25 splunk3 sendmail[28403]: n3696OSp028402: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32245, dsn=2.0.0, stat=Sent
Apr  6 02:06:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:06:37 splunk3 sendmail[28462]: n3696bAD028462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:07:37 splunk3 sendmail[28700]: n3697btr028700: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:08:37 splunk3 sendmail[28936]: n3698b4M028936: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:09:37 splunk3 sendmail[29175]: n3699bXa029175: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:09:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:10:03 splunk3 sendmail[29377]: n369A2EF029377: from=root, size=292, class=0, nrcpts=1, msgid=<200904060910.n369A2EF029377@splunk3.splunkit.com>, relay=root@localhost
Apr  6 02:10:03 splunk3 sendmail[29382]: n369A371029382: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904060910.n369A2EF029377@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 02:10:03 splunk3 sendmail[29377]: n369A2EF029377: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n369A371029382 Message accepted for delivery)
Apr  6 02:10:06 splunk3 sendmail[29383]: n369A371029382: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 02:10:19 splunk3 sendmail[29459]: n369AJo1029459: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060910.n369AJTT026925@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:10:19 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32967 
Apr  6 02:10:19 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:10:19 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:10:19 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:10:19 splunk3 spamd[13783]: spamd: processing message <200904060910.n369AJTT026925@virt2.int.splunk.com> for spamme:501 
Apr  6 02:10:21 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 02:10:21 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32967,mid=<200904060910.n369AJTT026925@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:10:21 splunk3 sendmail[29460]: n369AJo1029459: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:10:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:10:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:10:37 splunk3 sendmail[29544]: n369AbRV029544: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 02:11:37 splunk3 sendmail[29784]: n369Bbqq029784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:12:37 splunk3 sendmail[30019]: n369CbKL030019: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:13:37 splunk3 sendmail[30258]: n369DbiW030258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:14:37 splunk3 sendmail[30494]: n369Ebed030494: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:14:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:15:20 splunk3 sendmail[30675]: n369FKJf030675: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060915.n369FKPk027709@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:15:20 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33023 
Apr  6 02:15:20 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:15:20 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:15:20 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:15:20 splunk3 spamd[13783]: spamd: processing message <200904060915.n369FKPk027709@virt2.int.splunk.com> for spamme:501 
Apr  6 02:15:22 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 02:15:22 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33023,mid=<200904060915.n369FKPk027709@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:15:22 splunk3 sendmail[30676]: n369FKJf030675: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:15:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:15:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:15:37 splunk3 sendmail[30758]: n369FbGS030758: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:16:37 splunk3 sendmail[30993]: n369Gbxp030993: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:17:37 splunk3 sendmail[31232]: n369Hbfh031232: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:18:37 splunk3 sendmail[31468]: n369Iblf031468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:19:37 splunk3 sendmail[31704]: n369Jb61031704: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:19:59 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:20:21 splunk3 sendmail[31887]: n369KLum031887: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060920.n369KLvk028349@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:20:21 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33079 
Apr  6 02:20:21 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:20:21 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:20:21 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:20:21 splunk3 spamd[13783]: spamd: processing message <200904060920.n369KLvk028349@virt2.int.splunk.com> for spamme:501 
Apr  6 02:20:23 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 02:20:23 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33079,mid=<200904060920.n369KLvk028349@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:20:23 splunk3 sendmail[31888]: n369KLum031887: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:20:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:20:37 splunk3 sendmail[31968]: n369Kbw9031968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:21:37 splunk3 sendmail[32209]: n369LbCE032209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:22:37 splunk3 sendmail[32444]: n369Mb28032444: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:23:37 splunk3 sendmail[32685]: n369NbhE032685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:24:37 splunk3 sendmail[453]: n369Obr8000453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:24:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:25:22 splunk3 sendmail[649]: n369PMJ9000649: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060925.n369PLe4028950@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:25:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33134 
Apr  6 02:25:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:25:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:25:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:25:22 splunk3 spamd[13783]: spamd: processing message <200904060925.n369PLe4028950@virt2.int.splunk.com> for spamme:501 
Apr  6 02:25:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:25:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 02:25:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33134,mid=<200904060925.n369PLe4028950@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:25:24 splunk3 sendmail[650]: n369PMJ9000649: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:25:37 splunk3 sendmail[716]: n369PbKh000716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 02:26:37 splunk3 sendmail[950]: n369Qb7w000950: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:27:37 splunk3 sendmail[1190]: n369Rb2V001190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:28:37 splunk3 sendmail[1426]: n369SbwJ001426: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:29:37 splunk3 sendmail[1665]: n369Tbh1001665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:29:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:30:22 splunk3 sendmail[1865]: n369UMNN001865: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060930.n369UMAd029570@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:30:22 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33190 
Apr  6 02:30:22 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:30:22 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:30:22 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:30:22 splunk3 spamd[13783]: spamd: processing message <200904060930.n369UMAd029570@virt2.int.splunk.com> for spamme:501 
Apr  6 02:30:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:30:24 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 02:30:24 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33190,mid=<200904060930.n369UMAd029570@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:30:24 splunk3 sendmail[1866]: n369UMNN001865: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:30:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:30:37 splunk3 sendmail[1931]: n369UbRA001931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:31:37 splunk3 sendmail[2172]: n369VbrF002172: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:32:37 splunk3 sendmail[2408]: n369WbJG002408: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:33:37 splunk3 sendmail[2651]: n369XbHP002651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:34:37 splunk3 sendmail[2897]: n369YbCh002897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:34:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:35:23 splunk3 sendmail[3101]: n369ZNCA003101: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060935.n369ZMGs030320@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:35:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33245 
Apr  6 02:35:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:35:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:35:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:35:23 splunk3 spamd[13783]: spamd: processing message <200904060935.n369ZMGs030320@virt2.int.splunk.com> for spamme:501 
Apr  6 02:35:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:35:25 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  6 02:35:25 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33245,mid=<200904060935.n369ZMGs030320@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:35:25 splunk3 sendmail[3102]: n369ZNCA003101: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:35:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:35:37 splunk3 sendmail[3169]: n369Zb7Q003169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:36:37 splunk3 sendmail[3407]: n369abeE003407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:37:37 splunk3 sendmail[3667]: n369bbos003667: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:38:37 splunk3 sendmail[3915]: n369cbRl003915: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:39:37 splunk3 sendmail[4167]: n369dbAd004167: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:39:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:40:23 splunk3 sendmail[4380]: n369eNHP004380: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060940.n369eN9C030953@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:40:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33301 
Apr  6 02:40:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:40:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:40:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:40:23 splunk3 spamd[13783]: spamd: processing message <200904060940.n369eN9C030953@virt2.int.splunk.com> for spamme:501 
Apr  6 02:40:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:40:25 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 02:40:25 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33301,mid=<200904060940.n369eN9C030953@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:40:25 splunk3 sendmail[4381]: n369eNHP004380: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:40:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:40:37 splunk3 sendmail[4443]: n369ebXK004443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 02:41:37 splunk3 sendmail[4686]: n369fbR7004686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:42:37 splunk3 sendmail[4930]: n369gbHH004930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:43:37 splunk3 sendmail[5208]: n369hbF4005208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:44:37 splunk3 sendmail[5446]: n369ibEm005446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:44:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:45:23 splunk3 sendmail[5645]: n369jNNI005645: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060945.n369jN4m031563@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:45:23 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33357 
Apr  6 02:45:23 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:45:23 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:45:23 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:45:24 splunk3 spamd[13783]: spamd: processing message <200904060945.n369jN4m031563@virt2.int.splunk.com> for spamme:501 
Apr  6 02:45:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:45:26 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 02:45:26 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33357,mid=<200904060945.n369jN4m031563@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:45:26 splunk3 sendmail[5646]: n369jNNI005645: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:45:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:45:37 splunk3 sendmail[5709]: n369jbvi005709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:46:37 splunk3 sendmail[5945]: n369kbwn005945: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:47:37 splunk3 sendmail[6181]: n369lbLO006181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:48:34 splunk3 sendmail[23965]: n368mYNN023965: timeout waiting for input from 118-169-209-119.dynamic.hinet.net during server cmd read
Apr  6 02:48:34 splunk3 sendmail[23965]: n368mYNN023965: lost input channel from 118-169-209-119.dynamic.hinet.net [118.169.209.119] to MTA after rcpt
Apr  6 02:48:34 splunk3 sendmail[23965]: n368mYNN023965: from=<hitomi1218@gmail.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-169-209-119.dynamic.hinet.net [118.169.209.119]
Apr  6 02:48:37 splunk3 sendmail[6418]: n369mbxq006418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:49:37 splunk3 sendmail[6658]: n369nbg4006658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:49:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:50:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:50:24 splunk3 sendmail[6858]: n369oO0P006858: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904060950.n369oOws032181@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:50:24 splunk3 spamd[13783]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33413 
Apr  6 02:50:24 splunk3 spamd[13783]: spamd: setuid to spamme succeeded 
Apr  6 02:50:24 splunk3 spamd[13783]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:50:24 splunk3 spamd[13783]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:50:24 splunk3 spamd[13783]: spamd: processing message <200904060950.n369oOws032181@virt2.int.splunk.com> for spamme:501 
Apr  6 02:50:26 splunk3 spamd[13783]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 02:50:26 splunk3 spamd[13783]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33413,mid=<200904060950.n369oOws032181@virt2.int.splunk.com>,bayes=0.111850078816606,autolearn=no 
Apr  6 02:50:26 splunk3 sendmail[6859]: n369oO0P006858: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 02:50:26 splunk3 spamd[3033]: prefork: child states: BI 
Apr  6 02:50:26 splunk3 spamd[3033]: spamd: handled cleanup of child pid 13783 due to SIGCHLD 
Apr  6 02:50:26 splunk3 spamd[3033]: spamd: server successfully spawned child process, pid 6865 
Apr  6 02:50:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:50:37 splunk3 sendmail[6923]: n369ob4r006923: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:51:37 splunk3 sendmail[7163]: n369pbmd007163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:52:37 splunk3 sendmail[7398]: n369qb8N007398: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:53:37 splunk3 sendmail[7650]: n369rb7O007650: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:54:37 splunk3 sendmail[7883]: n369sbkw007883: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:54:39 splunk3 sendmail[7884]: n369scbH007884: ruleset=check_rcpt, arg1=<sseenndd1201@yahoo.com.hk>, relay=118-165-88-162.dynamic.hinet.net [118.165.88.162], reject=550 5.7.1 <sseenndd1201@yahoo.com.hk>... Relaying denied
Apr  6 02:54:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 02:55:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 02:55:24 splunk3 sendmail[8085]: n369tOGd008085: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904060955.n369tOH2000321@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 02:55:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33469 
Apr  6 02:55:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 02:55:24 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 02:55:24 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 02:55:24 splunk3 spamd[6865]: spamd: processing message <200904060955.n369tOH2000321@virt2.int.splunk.com> for spamme:501 
Apr  6 02:55:26 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1302 bytes. 
Apr  6 02:55:26 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33469,mid=<200904060955.n369tOH2000321@virt2.int.splunk.com>,bayes=0.0659161464481308,autolearn=no 
Apr  6 02:55:26 splunk3 sendmail[8086]: n369tOGd008085: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 02:55:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 02:55:37 splunk3 sendmail[8146]: n369tb01008146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 02:56:37 splunk3 sendmail[8383]: n369ubGO008383: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:57:37 splunk3 sendmail[8622]: n369vbLl008622: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:58:37 splunk3 sendmail[8856]: n369wb3I008856: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:59:37 splunk3 sendmail[9094]: n369xbT7009094: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 02:59:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:00:04 splunk3 sendmail[9265]: n36A04kg009265: from=root, size=291, class=0, nrcpts=1, msgid=<200904061000.n36A04kg009265@splunk3.splunkit.com>, relay=root@localhost
Apr  6 03:00:04 splunk3 sendmail[9269]: n36A04Xv009269: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061000.n36A04kg009265@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 03:00:04 splunk3 sendmail[9265]: n36A04kg009265: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36A04Xv009269 Message accepted for delivery)
Apr  6 03:00:06 splunk3 sendmail[9270]: n36A04Xv009269: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 03:00:15 splunk3 sendmail[9327]: n36A0Fua009327: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904061000.n36A0Fua009327@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 03:00:15 splunk3 sendmail[9329]: n36A0Fua009327: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 03:00:15 splunk3 sendmail[9329]: n36A0Fua009327: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 03:00:15 splunk3 sendmail[9329]: n36A0Fua009327: n36A0Fua009329: postmaster notify: User unknown
Apr  6 03:00:17 splunk3 sendmail[9329]: n36A0Fua009329: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 03:00:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:00:25 splunk3 sendmail[9382]: n36A0PtE009382: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904061000.n36A0PWx000965@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:00:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33533 
Apr  6 03:00:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:00:25 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 03:00:25 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 03:00:25 splunk3 sendmail[9384]: n36A0PtE009382: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 03:00:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:00:37 splunk3 sendmail[9443]: n36A0bOq009443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:01:15 splunk3 sendmail[9549]: n36A11Du009549: from=root, size=443, class=0, nrcpts=1, msgid=<200904061001.n36A11Du009549@splunk3.splunkit.com>, relay=root@localhost
Apr  6 03:01:15 splunk3 sendmail[9592]: n36A1FAG009592: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061001.n36A11Du009549@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 03:01:15 splunk3 sendmail[9549]: n36A11Du009549: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36A1FAG009592 Message accepted for delivery)
Apr  6 03:01:17 splunk3 sendmail[9593]: n36A1FAG009592: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 03:01:37 splunk3 sendmail[9693]: n36A1b5r009693: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:02:37 splunk3 sendmail[9929]: n36A2bS9009929: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:03:37 splunk3 sendmail[10169]: n36A3bha010169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:04:37 splunk3 sendmail[10405]: n36A4bX0010405: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:04:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:05:24 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:05:26 splunk3 sendmail[10606]: n36A5QjQ010606: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061005.n36A5PDA001672@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:05:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33590 
Apr  6 03:05:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:05:26 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 03:05:26 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 03:05:26 splunk3 sendmail[10607]: n36A5QjQ010606: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:05:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:05:37 splunk3 sendmail[10665]: n36A5biW010665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:06:37 splunk3 sendmail[10903]: n36A6bsa010903: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:07:37 splunk3 sendmail[11143]: n36A7bS8011143: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:08:37 splunk3 sendmail[11379]: n36A8bWU011379: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:09:37 splunk3 sendmail[11620]: n36A9b1r011620: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:09:42 splunk3 sendmail[10864]: n36A6Sln010864: ruleset=check_rcpt, arg1=<ks605@imperial.ac.uk>, relay=77.30.13.114.dynamic.saudi.net.sa [77.30.13.114] (may be forged), reject=550 5.7.1 <ks605@imperial.ac.uk>... Relaying denied. IP name possibly forged [77.30.13.114]
Apr  6 03:09:42 splunk3 sendmail[10864]: n36A6Sln010864: from=<staceyy@droppatrol.de>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=77.30.13.114.dynamic.saudi.net.sa [77.30.13.114] (may be forged)
Apr  6 03:09:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:10:02 splunk3 sendmail[11820]: n36AA29i011820: from=root, size=292, class=0, nrcpts=1, msgid=<200904061010.n36AA29i011820@splunk3.splunkit.com>, relay=root@localhost
Apr  6 03:10:02 splunk3 sendmail[11825]: n36AA2Dq011825: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061010.n36AA29i011820@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 03:10:02 splunk3 sendmail[11820]: n36AA29i011820: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36AA2Dq011825 Message accepted for delivery)
Apr  6 03:10:04 splunk3 sendmail[11826]: n36AA2Dq011825: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 03:10:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:10:26 splunk3 sendmail[11945]: n36AAQEY011945: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061010.n36AAQsE002300@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:10:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33646 
Apr  6 03:10:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:10:26 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:10:26 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:10:26 splunk3 spamd[6865]: spamd: processing message <200904061010.n36AAQsE002300@virt2.int.splunk.com> for spamme:501 
Apr  6 03:10:28 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 03:10:28 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33646,mid=<200904061010.n36AAQsE002300@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:10:28 splunk3 sendmail[11946]: n36AAQEY011945: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:10:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:10:37 splunk3 sendmail[11989]: n36AAb2I011989: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 03:11:37 splunk3 sendmail[12229]: n36ABbIj012229: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:12:37 splunk3 sendmail[12463]: n36ACb3E012463: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:13:37 splunk3 sendmail[12706]: n36ADbuX012706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:14:37 splunk3 sendmail[12940]: n36AEbC1012940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:14:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:15:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:15:27 splunk3 sendmail[13158]: n36AFRa4013158: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061015.n36AFRpi003101@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:15:27 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33703 
Apr  6 03:15:27 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:15:27 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:15:27 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:15:27 splunk3 spamd[6865]: spamd: processing message <200904061015.n36AFRpi003101@virt2.int.splunk.com> for spamme:501 
Apr  6 03:15:29 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  6 03:15:29 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33703,mid=<200904061015.n36AFRpi003101@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:15:29 splunk3 sendmail[13160]: n36AFRa4013158: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:15:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:15:37 splunk3 sendmail[13201]: n36AFbXo013201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:16:37 splunk3 sendmail[13477]: n36AGbSe013477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:17:37 splunk3 sendmail[13715]: n36AHbLv013715: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:18:37 splunk3 sendmail[13951]: n36AIboE013951: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:19:38 splunk3 sendmail[14188]: n36AJcoS014188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:19:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:20:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:20:28 splunk3 sendmail[14410]: n36AKRPF014410: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061020.n36AKRcN003716@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:20:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33758 
Apr  6 03:20:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:20:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:20:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:20:28 splunk3 spamd[6865]: spamd: processing message <200904061020.n36AKRcN003716@virt2.int.splunk.com> for spamme:501 
Apr  6 03:20:30 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  6 03:20:30 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33758,mid=<200904061020.n36AKRcN003716@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:20:30 splunk3 sendmail[14411]: n36AKRPF014410: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:20:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:20:38 splunk3 sendmail[14453]: n36AKc5E014453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:21:38 splunk3 sendmail[14694]: n36ALcAH014694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:22:38 splunk3 sendmail[14926]: n36AMcLq014926: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:23:38 splunk3 sendmail[15170]: n36ANc0S015170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:24:38 splunk3 sendmail[15407]: n36AOcL1015407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:24:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:25:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:25:28 splunk3 sendmail[15637]: n36APSI0015637: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061025.n36APSMK004347@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:25:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33814 
Apr  6 03:25:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:25:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:25:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:25:28 splunk3 spamd[6865]: spamd: processing message <200904061025.n36APSMK004347@virt2.int.splunk.com> for spamme:501 
Apr  6 03:25:30 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 03:25:30 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33814,mid=<200904061025.n36APSMK004347@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:25:30 splunk3 sendmail[15638]: n36APSI0015637: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:25:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:25:38 splunk3 sendmail[15680]: n36APc6L015680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 03:26:38 splunk3 sendmail[15913]: n36AQcnB015913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:27:38 splunk3 sendmail[16154]: n36ARc1a016154: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:28:38 splunk3 sendmail[16388]: n36AScPD016388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:29:38 splunk3 sendmail[16622]: n36ATcKT016622: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:29:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:30:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:30:30 splunk3 sendmail[16847]: n36AUUW1016847: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061030.n36AUTlY004947@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:30:30 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33870 
Apr  6 03:30:30 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:30:30 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:30:30 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:30:30 splunk3 spamd[6865]: spamd: processing message <200904061030.n36AUTlY004947@virt2.int.splunk.com> for spamme:501 
Apr  6 03:30:32 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 03:30:32 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33870,mid=<200904061030.n36AUTlY004947@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:30:32 splunk3 sendmail[16848]: n36AUUW1016847: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:30:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:30:38 splunk3 sendmail[16888]: n36AUcws016888: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:31:38 splunk3 sendmail[17128]: n36AVc0w017128: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:32:38 splunk3 sendmail[17361]: n36AWc09017361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:33:38 splunk3 sendmail[17599]: n36AXcVP017599: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:34:38 splunk3 sendmail[17835]: n36AYc2p017835: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:34:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:35:01 splunk3 sendmail[17941]: n36AZ1E2017941: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061035.n36AZ1Ph005662@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:35:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33913 
Apr  6 03:35:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:35:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:35:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:35:01 splunk3 spamd[6865]: spamd: processing message <200904061035.n36AZ1Ph005662@virt2.int.splunk.com> for spamme:501 
Apr  6 03:35:03 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 03:35:03 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33913,mid=<200904061035.n36AZ1Ph005662@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:35:03 splunk3 sendmail[17942]: n36AZ1E2017941: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:35:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:35:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:35:38 splunk3 sendmail[18097]: n36AZcjx018097: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:36:38 splunk3 sendmail[18332]: n36Aacp1018332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:37:38 splunk3 sendmail[18572]: n36AbcId018572: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:38:38 splunk3 sendmail[18811]: n36AccZ5018811: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:39:38 splunk3 sendmail[19051]: n36AdclY019051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:39:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:40:02 splunk3 sendmail[19158]: n36Ae2Uf019158: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061040.n36Ae1gr006261@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:40:02 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33969 
Apr  6 03:40:02 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:40:02 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:40:02 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:40:02 splunk3 spamd[6865]: spamd: processing message <200904061040.n36Ae1gr006261@virt2.int.splunk.com> for spamme:501 
Apr  6 03:40:04 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  6 03:40:04 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33969,mid=<200904061040.n36Ae1gr006261@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:40:04 splunk3 sendmail[19159]: n36Ae2Uf019158: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:40:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:40:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:40:38 splunk3 sendmail[19314]: n36AecBA019314: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 03:41:38 splunk3 sendmail[19555]: n36Afc7H019555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:42:38 splunk3 sendmail[19792]: n36AgcjD019792: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:43:38 splunk3 sendmail[20026]: n36AhcX7020026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:44:38 splunk3 sendmail[20260]: n36AichN020260: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:44:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:45:02 splunk3 sendmail[20366]: n36Aj2LX020366: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061045.n36Aj25V006905@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:45:02 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34026 
Apr  6 03:45:02 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:45:02 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:45:02 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:45:02 splunk3 spamd[6865]: spamd: processing message <200904061045.n36Aj25V006905@virt2.int.splunk.com> for spamme:501 
Apr  6 03:45:04 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 03:45:04 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34026,mid=<200904061045.n36Aj25V006905@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:45:04 splunk3 sendmail[20367]: n36Aj2LX020366: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:45:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:45:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:45:38 splunk3 sendmail[20523]: n36AjciF020523: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:46:38 splunk3 sendmail[20759]: n36Akcmb020759: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:47:38 splunk3 sendmail[20996]: n36AlcHh020996: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:48:38 splunk3 sendmail[21233]: n36Amc67021233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:49:38 splunk3 sendmail[21472]: n36AncYv021472: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:49:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:50:03 splunk3 sendmail[21581]: n36Ao3ci021581: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061050.n36Ao2tS007519@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:50:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34081 
Apr  6 03:50:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:50:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:50:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:50:03 splunk3 spamd[6865]: spamd: processing message <200904061050.n36Ao2tS007519@virt2.int.splunk.com> for spamme:501 
Apr  6 03:50:05 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  6 03:50:05 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34081,mid=<200904061050.n36Ao2tS007519@virt2.int.splunk.com>,bayes=0.168715777045147,autolearn=no 
Apr  6 03:50:05 splunk3 sendmail[21582]: n36Ao3ci021581: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:50:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:50:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:50:38 splunk3 sendmail[21734]: n36AocO7021734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:51:38 splunk3 sendmail[21975]: n36ApcRA021975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:52:24 splunk3 sendmail[22154]: n36AqODl022154: from=<36N7ZSRQKBuoSaaSXQMXQdfe-ZadQbXkSaaSXQ.OaYebMYYQebXgZWUf.OaY@alerts.bounces.google.com>, size=5418, class=0, nrcpts=1, msgid=<00151750ec4c88e9ea0466e0b197@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.161]
Apr  6 03:52:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34112 
Apr  6 03:52:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:52:24 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:52:24 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:52:24 splunk3 spamd[6865]: spamd: processing message <00151750ec4c88e9ea0466e0b197@google.com> for spamme:501 
Apr  6 03:52:27 splunk3 spamd[6865]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.6 seconds, 5847 bytes. 
Apr  6 03:52:27 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.6,size=5847,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34112,mid=<00151750ec4c88e9ea0466e0b197@google.com>,bayes=0,autolearn=ham 
Apr  6 03:52:27 splunk3 sendmail[22156]: n36AqODl022154: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=35628, dsn=2.0.0, stat=Sent
Apr  6 03:52:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:52:38 splunk3 sendmail[22217]: n36AqcBZ022217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:53:38 splunk3 sendmail[22460]: n36ArcqO022460: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:54:38 splunk3 sendmail[22696]: n36AscYH022696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:54:39 splunk3 sendmail[7884]: n369scbH007884: timeout waiting for input from 118-165-88-162.dynamic.hinet.net during server cmd read
Apr  6 03:54:39 splunk3 sendmail[7884]: n369scbH007884: lost input channel from 118-165-88-162.dynamic.hinet.net [118.165.88.162] to MTA after rcpt
Apr  6 03:54:39 splunk3 sendmail[7884]: n369scbH007884: from=<oh5k6f8d87@yahoo.com.tw>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-165-88-162.dynamic.hinet.net [118.165.88.162]
Apr  6 03:54:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 03:55:03 splunk3 sendmail[22801]: n36At3ha022801: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061055.n36At3Uc008129@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 03:55:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34138 
Apr  6 03:55:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 03:55:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 03:55:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 03:55:03 splunk3 spamd[6865]: spamd: processing message <200904061055.n36At3Uc008129@virt2.int.splunk.com> for spamme:501 
Apr  6 03:55:05 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 03:55:05 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34138,mid=<200904061055.n36At3Uc008129@virt2.int.splunk.com>,bayes=0.168753499446298,autolearn=no 
Apr  6 03:55:05 splunk3 sendmail[22802]: n36At3ha022801: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 03:55:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 03:55:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 03:55:38 splunk3 sendmail[22957]: n36AtcpI022957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 03:56:38 splunk3 sendmail[23194]: n36AucL7023194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:57:38 splunk3 sendmail[23431]: n36AvcTc023431: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:58:38 splunk3 sendmail[23666]: n36AwcMh023666: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:59:38 splunk3 sendmail[23905]: n36Axc9o023905: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 03:59:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:00:04 splunk3 sendmail[24066]: n36B04he024066: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061100.n36B03jR008767@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:00:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34194 
Apr  6 04:00:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:00:04 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 04:00:04 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 04:00:04 splunk3 sendmail[24067]: n36B04he024066: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 04:00:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:00:04 splunk3 sendmail[24079]: n36B04Ek024079: from=root, size=291, class=0, nrcpts=1, msgid=<200904061100.n36B04Ek024079@splunk3.splunkit.com>, relay=root@localhost
Apr  6 04:00:04 splunk3 sendmail[24083]: n36B04sZ024083: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061100.n36B04Ek024079@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 04:00:04 splunk3 sendmail[24079]: n36B04Ek024079: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36B04sZ024083 Message accepted for delivery)
Apr  6 04:00:06 splunk3 sendmail[24084]: n36B04sZ024083: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 04:00:21 splunk3 sendmail[24162]: n36B0K0p024162: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061100.n36B0K0p024162@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 04:00:21 splunk3 sendmail[24164]: n36B0K0p024162: to=<mark@splunk.com>, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 04:00:21 splunk3 sendmail[24164]: n36B0K0p024162: to=<splunk@localhost>, delay=00:00:01, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 04:00:21 splunk3 sendmail[24164]: n36B0K0p024162: n36B0L0p024164: postmaster notify: User unknown
Apr  6 04:00:22 splunk3 sendmail[24164]: n36B0L0p024164: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 04:00:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:00:38 splunk3 sendmail[24254]: n36B0cmB024254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:01:03 splunk3 sendmail[24360]: n36B11Sp024360: from=root, size=443, class=0, nrcpts=1, msgid=<200904061101.n36B11Sp024360@splunk3.splunkit.com>, relay=root@localhost
Apr  6 04:01:03 splunk3 sendmail[24362]: n36B13Te024362: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061101.n36B11Sp024360@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 04:01:03 splunk3 sendmail[24360]: n36B11Sp024360: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36B13Te024362 Message accepted for delivery)
Apr  6 04:01:04 splunk3 sendmail[24363]: n36B13Te024362: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 04:01:38 splunk3 sendmail[24504]: n36B1cYH024504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:02:04 splunk3 sendmail[24918]: n36B245A024918: from=root, size=1507, class=0, nrcpts=1, msgid=<200904061102.n36B245A024918@splunk3.splunkit.com>, relay=root@localhost
Apr  6 04:02:04 splunk3 sendmail[24920]: n36B24Iq024920: from=<root@splunk3.splunkit.com>, size=1807, class=0, nrcpts=1, msgid=<200904061102.n36B245A024918@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 04:02:04 splunk3 sendmail[24918]: n36B245A024918: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31507, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36B24Iq024920 Message accepted for delivery)
Apr  6 04:02:05 splunk3 sendmail[24921]: n36B24Iq024920: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32040, dsn=2.0.0, stat=Sent
Apr  6 04:02:38 splunk3 sendmail[25203]: n36B2ceo025203: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:03:38 splunk3 sendmail[25442]: n36B3cRQ025442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:04:38 splunk3 sendmail[25675]: n36B4cnw025675: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:04:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:05:04 splunk3 sendmail[25784]: n36B54xo025784: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061105.n36B54il009952@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:05:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34261 
Apr  6 04:05:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:05:04 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 04:05:04 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 04:05:04 splunk3 sendmail[25785]: n36B54xo025784: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 04:05:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:05:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:05:38 splunk3 sendmail[25937]: n36B5cug025937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:06:38 splunk3 sendmail[26174]: n36B6cBV026174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:07:38 splunk3 sendmail[26412]: n36B7ci5026412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:08:38 splunk3 sendmail[26650]: n36B8cVB026650: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:09:38 splunk3 sendmail[26889]: n36B9cTE026889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:09:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:10:02 splunk3 sendmail[27091]: n36BA2r7027091: from=root, size=292, class=0, nrcpts=1, msgid=<200904061110.n36BA2r7027091@splunk3.splunkit.com>, relay=root@localhost
Apr  6 04:10:02 splunk3 sendmail[27096]: n36BA2a4027096: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061110.n36BA2r7027091@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 04:10:02 splunk3 sendmail[27091]: n36BA2r7027091: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36BA2a4027096 Message accepted for delivery)
Apr  6 04:10:03 splunk3 sendmail[27097]: n36BA2a4027096: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 04:10:05 splunk3 sendmail[27115]: n36BA569027115: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061110.n36BA4C0010565@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:10:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34317 
Apr  6 04:10:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:10:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:10:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:10:05 splunk3 spamd[6865]: spamd: processing message <200904061110.n36BA4C0010565@virt2.int.splunk.com> for spamme:501 
Apr  6 04:10:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 04:10:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34317,mid=<200904061110.n36BA4C0010565@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:10:07 splunk3 sendmail[27116]: n36BA569027115: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:10:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:10:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:10:38 splunk3 sendmail[27272]: n36BAcrp027272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 04:11:38 splunk3 sendmail[27510]: n36BBck3027510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:12:38 splunk3 sendmail[27748]: n36BCcXJ027748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:13:38 splunk3 sendmail[27986]: n36BDc7c027986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:14:38 splunk3 sendmail[28220]: n36BEchU028220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:14:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:15:05 splunk3 sendmail[28328]: n36BF5Ph028328: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061115.n36BF5gg011345@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:15:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34374 
Apr  6 04:15:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:15:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:15:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:15:05 splunk3 spamd[6865]: spamd: processing message <200904061115.n36BF5gg011345@virt2.int.splunk.com> for spamme:501 
Apr  6 04:15:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 04:15:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34374,mid=<200904061115.n36BF5gg011345@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:15:07 splunk3 sendmail[28329]: n36BF5Ph028328: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:15:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:15:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:15:38 splunk3 sendmail[28482]: n36BFcRl028482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:16:38 splunk3 sendmail[28717]: n36BGcCx028717: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:17:38 splunk3 sendmail[28956]: n36BHc2s028956: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:18:38 splunk3 sendmail[29191]: n36BIcms029191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:19:38 splunk3 sendmail[29430]: n36BJcgb029430: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:19:58 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:20:06 splunk3 sendmail[29550]: n36BK6Pb029550: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061120.n36BK6Cr011977@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:20:06 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34429 
Apr  6 04:20:06 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:20:06 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:20:06 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:20:06 splunk3 spamd[6865]: spamd: processing message <200904061120.n36BK6Cr011977@virt2.int.splunk.com> for spamme:501 
Apr  6 04:20:08 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 04:20:08 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34429,mid=<200904061120.n36BK6Cr011977@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:20:08 splunk3 sendmail[29557]: n36BK6Pb029550: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:20:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:20:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:20:38 splunk3 sendmail[29693]: n36BKcwi029693: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:21:38 splunk3 sendmail[29932]: n36BLcC9029932: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:22:38 splunk3 sendmail[30165]: n36BMcKC030165: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:23:38 splunk3 sendmail[30407]: n36BNcjR030407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:24:38 splunk3 sendmail[30643]: n36BOc0K030643: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:24:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:25:07 splunk3 sendmail[30772]: n36BP7Zj030772: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061125.n36BP7TE012588@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:25:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34485 
Apr  6 04:25:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:25:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:25:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:25:07 splunk3 spamd[6865]: spamd: processing message <200904061125.n36BP7TE012588@virt2.int.splunk.com> for spamme:501 
Apr  6 04:25:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 04:25:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34485,mid=<200904061125.n36BP7TE012588@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:25:09 splunk3 sendmail[30773]: n36BP7Zj030772: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:25:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:25:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:25:38 splunk3 sendmail[30908]: n36BPc5b030908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 04:26:38 splunk3 sendmail[31146]: n36BQc55031146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:27:38 splunk3 sendmail[31385]: n36BRcGZ031385: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:28:38 splunk3 sendmail[31620]: n36BScX3031620: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:29:38 splunk3 sendmail[31858]: n36BTct3031858: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:29:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:30:08 splunk3 sendmail[31986]: n36BU82H031986: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061130.n36BU8ek013208@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:30:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34541 
Apr  6 04:30:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:30:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:30:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:30:08 splunk3 spamd[6865]: spamd: processing message <200904061130.n36BU8ek013208@virt2.int.splunk.com> for spamme:501 
Apr  6 04:30:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 04:30:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34541,mid=<200904061130.n36BU8ek013208@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:30:10 splunk3 sendmail[31987]: n36BU82H031986: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:30:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:30:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:30:38 splunk3 sendmail[32122]: n36BUcTj032122: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:31:38 splunk3 sendmail[32361]: n36BVcqQ032361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:32:38 splunk3 sendmail[32595]: n36BWckM032595: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:33:38 splunk3 sendmail[368]: n36BXc0v000368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:34:38 splunk3 sendmail[601]: n36BYc7X000601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:34:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:35:08 splunk3 sendmail[726]: n36BZ88I000726: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061135.n36BZ8SE013959@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:35:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34596 
Apr  6 04:35:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:35:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:35:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:35:08 splunk3 spamd[6865]: spamd: processing message <200904061135.n36BZ8SE013959@virt2.int.splunk.com> for spamme:501 
Apr  6 04:35:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 04:35:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34596,mid=<200904061135.n36BZ8SE013959@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:35:10 splunk3 sendmail[727]: n36BZ88I000726: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:35:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:35:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:35:38 splunk3 sendmail[864]: n36BZcqw000864: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:36:38 splunk3 sendmail[1099]: n36Bac1O001099: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:37:38 splunk3 sendmail[1339]: n36BbcsL001339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:38:38 splunk3 sendmail[1577]: n36BccQH001577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:39:38 splunk3 sendmail[1816]: n36Bdcss001816: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:39:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:40:09 splunk3 sendmail[1945]: n36Be9bq001945: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061140.n36Be9eq014592@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:40:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34652 
Apr  6 04:40:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:40:09 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:40:09 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:40:09 splunk3 spamd[6865]: spamd: processing message <200904061140.n36Be9eq014592@virt2.int.splunk.com> for spamme:501 
Apr  6 04:40:11 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 04:40:11 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34652,mid=<200904061140.n36Be9eq014592@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:40:11 splunk3 sendmail[1946]: n36Be9bq001945: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:40:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:40:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:40:38 splunk3 sendmail[2083]: n36Becbr002083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 04:41:38 splunk3 sendmail[2323]: n36Bfc8Y002323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:42:38 splunk3 sendmail[2560]: n36Bgcah002560: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:43:38 splunk3 sendmail[2811]: n36Bhcel002811: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:44:38 splunk3 sendmail[3056]: n36BichK003056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:44:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:45:09 splunk3 sendmail[3185]: n36Bj9JK003185: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061145.n36Bj9cW015206@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:45:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34708 
Apr  6 04:45:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:45:09 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:45:09 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:45:09 splunk3 spamd[6865]: spamd: processing message <200904061145.n36Bj9cW015206@virt2.int.splunk.com> for spamme:501 
Apr  6 04:45:11 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 04:45:11 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34708,mid=<200904061145.n36Bj9cW015206@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:45:11 splunk3 sendmail[3186]: n36Bj9JK003185: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:45:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:45:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:45:38 splunk3 sendmail[3320]: n36BjcqG003320: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:46:38 splunk3 sendmail[3574]: n36BkcRv003574: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:47:38 splunk3 sendmail[3826]: n36BlcwL003826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:48:38 splunk3 sendmail[4073]: n36BmcDO004073: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:49:38 splunk3 sendmail[4330]: n36BncVn004330: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:49:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:50:10 splunk3 sendmail[4458]: n36BoAY6004458: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061150.n36BoA8J015819@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:50:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34764 
Apr  6 04:50:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:50:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:50:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:50:10 splunk3 spamd[6865]: spamd: processing message <200904061150.n36BoA8J015819@virt2.int.splunk.com> for spamme:501 
Apr  6 04:50:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 04:50:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34764,mid=<200904061150.n36BoA8J015819@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:50:12 splunk3 sendmail[4459]: n36BoAY6004458: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:50:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:50:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:50:38 splunk3 sendmail[4593]: n36BocJ1004593: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:51:38 splunk3 sendmail[4832]: n36BpcMk004832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:52:38 splunk3 sendmail[5077]: n36BqcaX005077: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:53:38 splunk3 sendmail[5360]: n36Brcq5005360: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:54:38 splunk3 sendmail[5597]: n36BscHn005597: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:54:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 04:55:10 splunk3 sendmail[5722]: n36BtAcp005722: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061155.n36BtApV016431@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 04:55:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34819 
Apr  6 04:55:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 04:55:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 04:55:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 04:55:10 splunk3 spamd[6865]: spamd: processing message <200904061155.n36BtApV016431@virt2.int.splunk.com> for spamme:501 
Apr  6 04:55:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 04:55:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34819,mid=<200904061155.n36BtApV016431@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 04:55:12 splunk3 sendmail[5723]: n36BtAcp005722: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 04:55:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 04:55:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 04:55:38 splunk3 sendmail[5858]: n36Btc7g005858: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 04:56:38 splunk3 sendmail[6095]: n36BucAG006095: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:57:38 splunk3 sendmail[6334]: n36BvcB5006334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:58:38 splunk3 sendmail[6568]: n36Bwc8d006568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:59:38 splunk3 sendmail[6806]: n36BxcHn006806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 04:59:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:00:04 splunk3 sendmail[6979]: n36C04To006979: from=root, size=291, class=0, nrcpts=1, msgid=<200904061200.n36C04To006979@splunk3.splunkit.com>, relay=root@localhost
Apr  6 05:00:04 splunk3 sendmail[6983]: n36C045G006983: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061200.n36C04To006979@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 05:00:04 splunk3 sendmail[6979]: n36C04To006979: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36C045G006983 Message accepted for delivery)
Apr  6 05:00:05 splunk3 sendmail[6984]: n36C045G006983: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 05:00:11 splunk3 sendmail[7007]: n36C0B1b007007: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061200.n36C0BfI017064@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:00:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34877 
Apr  6 05:00:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:00:11 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 05:00:11 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 05:00:11 splunk3 sendmail[7008]: n36C0B1b007007: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:00:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:00:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:00:26 splunk3 sendmail[7086]: n36C0Q55007086: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904061200.n36C0Q55007086@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 05:00:26 splunk3 sendmail[7088]: n36C0Q55007086: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 05:00:26 splunk3 sendmail[7088]: n36C0Q55007086: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 05:00:26 splunk3 sendmail[7088]: n36C0Q55007086: n36C0Q55007088: postmaster notify: User unknown
Apr  6 05:00:28 splunk3 sendmail[7088]: n36C0Q55007088: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 05:00:38 splunk3 sendmail[7156]: n36C0cxb007156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:01:04 splunk3 sendmail[7246]: n36C116q007246: from=root, size=443, class=0, nrcpts=1, msgid=<200904061201.n36C116q007246@splunk3.splunkit.com>, relay=root@localhost
Apr  6 05:01:04 splunk3 sendmail[7267]: n36C14Dl007267: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061201.n36C116q007246@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 05:01:04 splunk3 sendmail[7246]: n36C116q007246: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36C14Dl007267 Message accepted for delivery)
Apr  6 05:01:06 splunk3 sendmail[7268]: n36C14Dl007267: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 05:01:38 splunk3 sendmail[7409]: n36C1cxx007409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:02:38 splunk3 sendmail[7653]: n36C2cNL007653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:03:38 splunk3 sendmail[7893]: n36C3cbW007893: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:04:38 splunk3 sendmail[8127]: n36C4c8X008127: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:04:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:05:12 splunk3 sendmail[8270]: n36C5C04008270: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061205.n36C5C3N017750@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:05:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34941 
Apr  6 05:05:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:05:12 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 05:05:12 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 05:05:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:05:12 splunk3 sendmail[8271]: n36C5C04008270: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:05:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:05:38 splunk3 sendmail[8387]: n36C5cIJ008387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:06:38 splunk3 sendmail[8621]: n36C6cps008621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:07:38 splunk3 sendmail[8860]: n36C7c5G008860: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:08:38 splunk3 sendmail[9098]: n36C8cuR009098: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:09:38 splunk3 sendmail[9336]: n36C9c5h009336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:09:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:10:02 splunk3 sendmail[9537]: n36CA2Tk009537: from=root, size=292, class=0, nrcpts=1, msgid=<200904061210.n36CA2Tk009537@splunk3.splunkit.com>, relay=root@localhost
Apr  6 05:10:02 splunk3 sendmail[9542]: n36CA2aj009542: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061210.n36CA2Tk009537@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 05:10:02 splunk3 sendmail[9537]: n36CA2Tk009537: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36CA2aj009542 Message accepted for delivery)
Apr  6 05:10:03 splunk3 sendmail[9543]: n36CA2aj009542: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 05:10:13 splunk3 sendmail[9584]: n36CADee009584: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061210.n36CADgC018365@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:10:13 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34997 
Apr  6 05:10:13 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:10:13 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:10:13 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:10:13 splunk3 spamd[6865]: spamd: processing message <200904061210.n36CADgC018365@virt2.int.splunk.com> for spamme:501 
Apr  6 05:10:15 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 05:10:15 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34997,mid=<200904061210.n36CADgC018365@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:10:15 splunk3 sendmail[9589]: n36CADee009584: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:10:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:10:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:10:37 splunk3 sendmail[3787]: n36BlSVT003787: 118-165-79-135.dynamic.hinet.net [118.165.79.135] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:10:38 splunk3 sendmail[9705]: n36CAcJ7009705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 05:11:38 splunk3 sendmail[9943]: n36CBcsR009943: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:12:38 splunk3 sendmail[10178]: n36CCcEk010178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:13:38 splunk3 sendmail[10417]: n36CDcO1010417: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:14:38 splunk3 sendmail[10651]: n36CEcHD010651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:14:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:15:14 splunk3 sendmail[10801]: n36CFEbC010801: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061215.n36CFEeD019149@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:15:14 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35054 
Apr  6 05:15:14 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:15:14 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:15:14 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:15:14 splunk3 spamd[6865]: spamd: processing message <200904061215.n36CFEeD019149@virt2.int.splunk.com> for spamme:501 
Apr  6 05:15:16 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 05:15:16 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35054,mid=<200904061215.n36CFEeD019149@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:15:17 splunk3 sendmail[10802]: n36CFEbC010801: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:15:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:15:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:15:38 splunk3 sendmail[10916]: n36CFc1w010916: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:16:38 splunk3 sendmail[11150]: n36CGcKt011150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:17:38 splunk3 sendmail[11391]: n36CHc1t011391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:18:38 splunk3 sendmail[11626]: n36CIc9e011626: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:19:39 splunk3 sendmail[11864]: n36CJcVB011864: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:19:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:20:15 splunk3 sendmail[12013]: n36CKFwq012013: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061220.n36CKEKP019784@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:20:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35109 
Apr  6 05:20:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:20:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:20:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:20:15 splunk3 spamd[6865]: spamd: processing message <200904061220.n36CKEKP019784@virt2.int.splunk.com> for spamme:501 
Apr  6 05:20:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 05:20:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35109,mid=<200904061220.n36CKEKP019784@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:20:17 splunk3 sendmail[12014]: n36CKFwq012013: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:20:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:20:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:20:39 splunk3 sendmail[12126]: n36CKd4C012126: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:21:39 splunk3 sendmail[12366]: n36CLdYq012366: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:22:39 splunk3 sendmail[12603]: n36CMd48012603: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:23:39 splunk3 sendmail[12843]: n36CNdpf012843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:24:39 splunk3 sendmail[13077]: n36COddv013077: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:24:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:25:15 splunk3 sendmail[13225]: n36CPFnc013225: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061225.n36CPF13020390@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:25:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35165 
Apr  6 05:25:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:25:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:25:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:25:15 splunk3 spamd[6865]: spamd: processing message <200904061225.n36CPF13020390@virt2.int.splunk.com> for spamme:501 
Apr  6 05:25:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 05:25:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35165,mid=<200904061225.n36CPF13020390@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:25:17 splunk3 sendmail[13226]: n36CPFnc013225: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:25:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:25:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:25:39 splunk3 sendmail[13376]: n36CPdpK013376: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 05:26:39 splunk3 sendmail[13610]: n36CQdPm013610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:27:39 splunk3 sendmail[13849]: n36CRdwp013849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:28:39 splunk3 sendmail[14084]: n36CSdSq014084: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:29:39 splunk3 sendmail[14325]: n36CTdKE014325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:29:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:30:16 splunk3 sendmail[14475]: n36CUGim014475: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061230.n36CUFdF021022@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:30:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35220 
Apr  6 05:30:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:30:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:30:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:30:16 splunk3 spamd[6865]: spamd: processing message <200904061230.n36CUFdF021022@virt2.int.splunk.com> for spamme:501 
Apr  6 05:30:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 05:30:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35220,mid=<200904061230.n36CUFdF021022@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:30:19 splunk3 sendmail[14477]: n36CUGim014475: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:30:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:30:23 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:30:39 splunk3 sendmail[14589]: n36CUdlB014589: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:31:39 splunk3 sendmail[14828]: n36CVdw0014828: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:32:39 splunk3 sendmail[15063]: n36CWdo4015063: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:33:39 splunk3 sendmail[15302]: n36CXdTV015302: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:34:39 splunk3 sendmail[15547]: n36CYd3h015547: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:34:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:35:16 splunk3 sendmail[15697]: n36CZGCg015697: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061235.n36CZG0V021770@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:35:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35276 
Apr  6 05:35:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:35:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:35:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:35:16 splunk3 spamd[6865]: spamd: processing message <200904061235.n36CZG0V021770@virt2.int.splunk.com> for spamme:501 
Apr  6 05:35:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  6 05:35:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35276,mid=<200904061235.n36CZG0V021770@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:35:18 splunk3 sendmail[15698]: n36CZGCg015697: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:35:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:35:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:35:39 splunk3 sendmail[15809]: n36CZdAB015809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:36:39 splunk3 sendmail[16046]: n36CadMo016046: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:37:39 splunk3 sendmail[16286]: n36Cbdr1016286: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:38:39 splunk3 sendmail[16524]: n36CcdAo016524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:39:39 splunk3 sendmail[16763]: n36Cddkp016763: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:39:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:40:17 splunk3 sendmail[16943]: n36CeHu6016943: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061240.n36CeHql022405@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:40:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35340 
Apr  6 05:40:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:40:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:40:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:40:17 splunk3 spamd[6865]: spamd: processing message <200904061240.n36CeHql022405@virt2.int.splunk.com> for spamme:501 
Apr  6 05:40:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  6 05:40:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35340,mid=<200904061240.n36CeHql022405@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:40:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:40:19 splunk3 sendmail[16944]: n36CeHu6016943: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:40:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:40:39 splunk3 sendmail[17026]: n36CedXs017026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 05:41:39 splunk3 sendmail[17265]: n36CfdYf017265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:42:39 splunk3 sendmail[17502]: n36CgdH1017502: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:43:39 splunk3 sendmail[17741]: n36ChdZn017741: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:44:39 splunk3 sendmail[17975]: n36CidiM017975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:44:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:45:17 splunk3 sendmail[18154]: n36CjHY4018154: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061245.n36CjHHc023021@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:45:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35396 
Apr  6 05:45:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:45:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:45:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:45:17 splunk3 spamd[6865]: spamd: processing message <200904061245.n36CjHHc023021@virt2.int.splunk.com> for spamme:501 
Apr  6 05:45:20 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 05:45:20 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35396,mid=<200904061245.n36CjHHc023021@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:45:20 splunk3 sendmail[18155]: n36CjHY4018154: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:45:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:45:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:45:39 splunk3 sendmail[18238]: n36CjdKX018238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:46:39 splunk3 sendmail[18473]: n36CkdYQ018473: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:47:39 splunk3 sendmail[18713]: n36Cld8u018713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:48:39 splunk3 sendmail[18949]: n36CmdOg018949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:49:39 splunk3 sendmail[19188]: n36CndQ7019188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:49:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:50:18 splunk3 sendmail[19369]: n36CoIYj019369: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061250.n36CoIMq023661@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:50:18 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35452 
Apr  6 05:50:18 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:50:18 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:50:18 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:50:18 splunk3 spamd[6865]: spamd: processing message <200904061250.n36CoIMq023661@virt2.int.splunk.com> for spamme:501 
Apr  6 05:50:20 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 05:50:20 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35452,mid=<200904061250.n36CoIMq023661@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:50:20 splunk3 sendmail[19370]: n36CoIYj019369: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:50:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:50:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:50:39 splunk3 sendmail[19451]: n36Cod0C019451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:51:39 splunk3 sendmail[19691]: n36CpdHS019691: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:52:39 splunk3 sendmail[19926]: n36Cqd0Y019926: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:53:39 splunk3 sendmail[20170]: n36Crdx3020170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:54:39 splunk3 sendmail[20404]: n36CsdkK020404: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:54:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 05:55:18 splunk3 sendmail[20582]: n36CtIKm020582: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061255.n36CtIeM024270@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 05:55:18 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35507 
Apr  6 05:55:18 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 05:55:18 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 05:55:18 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 05:55:18 splunk3 spamd[6865]: spamd: processing message <200904061255.n36CtIeM024270@virt2.int.splunk.com> for spamme:501 
Apr  6 05:55:22 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 3.3 seconds, 1308 bytes. 
Apr  6 05:55:22 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=3.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35507,mid=<200904061255.n36CtIeM024270@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 05:55:22 splunk3 sendmail[20583]: n36CtIKm020582: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 05:55:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 05:55:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 05:55:39 splunk3 sendmail[20665]: n36Ctdhp020665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 05:56:39 splunk3 sendmail[20902]: n36Cud4e020902: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:57:39 splunk3 sendmail[21142]: n36CvdXu021142: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:58:39 splunk3 sendmail[21376]: n36CwdYl021376: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:59:39 splunk3 sendmail[21615]: n36Cxd8N021615: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 05:59:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:00:02 splunk3 sendmail[21783]: n36D02WU021783: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061300.n36D02WU021783@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 06:00:02 splunk3 sendmail[21786]: n36D02WU021783: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 06:00:02 splunk3 sendmail[21786]: n36D02WU021783: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 06:00:02 splunk3 sendmail[21786]: n36D02WU021783: n36D02WU021786: postmaster notify: User unknown
Apr  6 06:00:03 splunk3 sendmail[21786]: n36D02WU021786: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 06:00:04 splunk3 sendmail[21810]: n36D04P5021810: from=root, size=291, class=0, nrcpts=1, msgid=<200904061300.n36D04P5021810@splunk3.splunkit.com>, relay=root@localhost
Apr  6 06:00:04 splunk3 sendmail[21814]: n36D04iw021814: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061300.n36D04P5021810@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 06:00:04 splunk3 sendmail[21810]: n36D04P5021810: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36D04iw021814 Message accepted for delivery)
Apr  6 06:00:05 splunk3 sendmail[21815]: n36D04iw021814: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 06:00:19 splunk3 sendmail[21880]: n36D0JVD021880: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061300.n36D0JhM024916@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:00:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35572 
Apr  6 06:00:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:00:19 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 06:00:19 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 06:00:19 splunk3 sendmail[21881]: n36D0JVD021880: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:00:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:00:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:00:39 splunk3 sendmail[21962]: n36D0dPV021962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:01:07 splunk3 sendmail[22052]: n36D111O022052: from=root, size=443, class=0, nrcpts=1, msgid=<200904061301.n36D111O022052@splunk3.splunkit.com>, relay=root@localhost
Apr  6 06:01:07 splunk3 sendmail[22092]: n36D17fe022092: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061301.n36D111O022052@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 06:01:07 splunk3 sendmail[22052]: n36D111O022052: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36D17fe022092 Message accepted for delivery)
Apr  6 06:01:09 splunk3 sendmail[22093]: n36D17fe022092: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 06:01:39 splunk3 sendmail[22212]: n36D1d3v022212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:02:39 splunk3 sendmail[22447]: n36D2d7T022447: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:03:39 splunk3 sendmail[22685]: n36D3dFY022685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:04:39 splunk3 sendmail[22922]: n36D4dOV022922: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:04:40 splunk3 sendmail[22903]: n36D4ccc022903: from=<tavisilo_1994@2000dm.com>, size=1390, class=0, nrcpts=1, msgid=<200904061304.n36D4ccc022903@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=121.246.10.186.dynamic.kolkata.vsnl.net.in [121.246.10.186] (may be forged)
Apr  6 06:04:40 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35614 
Apr  6 06:04:40 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:04:40 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 06:04:40 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 06:04:40 splunk3 sendmail[22923]: n36D4ccc022903: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31765, dsn=2.0.0, stat=Sent
Apr  6 06:04:40 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:04:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:05:20 splunk3 sendmail[23105]: n36D5KbF023105: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061305.n36D5K5j025598@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:05:20 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35629 
Apr  6 06:05:20 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:05:20 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 06:05:20 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 06:05:20 splunk3 sendmail[23106]: n36D5KbF023105: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:05:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:05:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:05:39 splunk3 sendmail[23186]: n36D5d8q023186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:06:39 splunk3 sendmail[23422]: n36D6diR023422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:07:39 splunk3 sendmail[23662]: n36D7dvn023662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:08:39 splunk3 sendmail[23899]: n36D8dhI023899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:09:39 splunk3 sendmail[24139]: n36D9ddG024139: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:09:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:10:02 splunk3 sendmail[24339]: n36DA2AF024339: from=root, size=292, class=0, nrcpts=1, msgid=<200904061310.n36DA2AF024339@splunk3.splunkit.com>, relay=root@localhost
Apr  6 06:10:02 splunk3 sendmail[24344]: n36DA28N024344: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061310.n36DA2AF024339@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 06:10:02 splunk3 sendmail[24339]: n36DA2AF024339: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36DA28N024344 Message accepted for delivery)
Apr  6 06:10:04 splunk3 sendmail[24345]: n36DA28N024344: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 06:10:20 splunk3 sendmail[24424]: n36DAK9Q024424: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061310.n36DAKjr026216@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:10:20 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35686 
Apr  6 06:10:20 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:10:20 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:10:20 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:10:20 splunk3 spamd[6865]: spamd: processing message <200904061310.n36DAKjr026216@virt2.int.splunk.com> for spamme:501 
Apr  6 06:10:22 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 06:10:22 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35686,mid=<200904061310.n36DAKjr026216@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:10:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:10:22 splunk3 sendmail[24425]: n36DAK9Q024424: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:10:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:10:39 splunk3 sendmail[24508]: n36DAdE1024508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 06:11:39 splunk3 sendmail[24747]: n36DBd8Z024747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:12:39 splunk3 sendmail[24983]: n36DCdCk024983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:13:39 splunk3 sendmail[25222]: n36DDd0R025222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:14:39 splunk3 sendmail[25456]: n36DEd7c025456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:14:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:15:21 splunk3 sendmail[25635]: n36DFLiw025635: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061315.n36DFKco026998@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:15:21 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35742 
Apr  6 06:15:21 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:15:21 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:15:21 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:15:21 splunk3 spamd[6865]: spamd: processing message <200904061315.n36DFKco026998@virt2.int.splunk.com> for spamme:501 
Apr  6 06:15:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:15:23 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 06:15:23 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35742,mid=<200904061315.n36DFKco026998@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:15:23 splunk3 sendmail[25636]: n36DFLiw025635: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:15:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:15:39 splunk3 sendmail[25717]: n36DFd77025717: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:16:39 splunk3 sendmail[25952]: n36DGdbM025952: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:17:39 splunk3 sendmail[26190]: n36DHd4M026190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:18:39 splunk3 sendmail[26426]: n36DIdBl026426: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:19:39 splunk3 sendmail[26664]: n36DJdvA026664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:19:50 splunk3 sendmail[20809]: n36CufJO020809: [219.85.85.61] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:19:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:20:21 splunk3 sendmail[26846]: n36DKLd9026846: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061320.n36DKLMG027634@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:20:21 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35798 
Apr  6 06:20:21 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:20:21 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:20:21 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:20:21 splunk3 spamd[6865]: spamd: processing message <200904061320.n36DKLMG027634@virt2.int.splunk.com> for spamme:501 
Apr  6 06:20:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:20:23 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 06:20:23 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35798,mid=<200904061320.n36DKLMG027634@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:20:23 splunk3 sendmail[26848]: n36DKLd9026846: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:20:39 splunk3 sendmail[26928]: n36DKd62026928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:21:39 splunk3 sendmail[27168]: n36DLdTe027168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:22:39 splunk3 sendmail[27401]: n36DMdA0027401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:23:39 splunk3 sendmail[27644]: n36DNdbG027644: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:24:39 splunk3 sendmail[27880]: n36DOdf3027880: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:24:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:25:22 splunk3 sendmail[28060]: n36DPMpe028060: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061325.n36DPLVK028235@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:25:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35854 
Apr  6 06:25:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:25:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:25:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:25:22 splunk3 spamd[6865]: spamd: processing message <200904061325.n36DPLVK028235@virt2.int.splunk.com> for spamme:501 
Apr  6 06:25:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:25:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 06:25:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35854,mid=<200904061325.n36DPLVK028235@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:25:24 splunk3 sendmail[28061]: n36DPMpe028060: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:25:39 splunk3 sendmail[28142]: n36DPdR5028142: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:26:27 splunk3 sendmail[28322]: n36DQRmW028322: ruleset=check_rcpt, arg1=<sseenndd1201@yahoo.com.hk>, relay=118-165-90-238.dynamic.hinet.net [118.165.90.238], reject=550 5.7.1 <sseenndd1201@yahoo.com.hk>... Relaying denied
Apr  6 06:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 06:26:39 splunk3 sendmail[28378]: n36DQdr7028378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:27:39 splunk3 sendmail[28618]: n36DRdpZ028618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:28:39 splunk3 sendmail[28850]: n36DSdwt028850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:29:39 splunk3 sendmail[29088]: n36DTdUM029088: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:29:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:30:22 splunk3 sendmail[29286]: n36DUMkK029286: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061330.n36DUM9f028861@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:30:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:30:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35909 
Apr  6 06:30:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:30:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:30:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:30:22 splunk3 spamd[6865]: spamd: processing message <200904061330.n36DUM9f028861@virt2.int.splunk.com> for spamme:501 
Apr  6 06:30:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  6 06:30:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35909,mid=<200904061330.n36DUM9f028861@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:30:24 splunk3 sendmail[29289]: n36DUMkK029286: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:30:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:30:39 splunk3 sendmail[29352]: n36DUdhN029352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:31:39 splunk3 sendmail[29591]: n36DVdSB029591: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:32:39 splunk3 sendmail[29828]: n36DWdTc029828: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:33:39 splunk3 sendmail[30066]: n36DXdMd030066: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:34:39 splunk3 sendmail[30298]: n36DYdaY030298: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:34:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:35:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:35:23 splunk3 sendmail[30497]: n36DZNOu030497: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061335.n36DZM2k029603@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:35:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35965 
Apr  6 06:35:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:35:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:35:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:35:23 splunk3 spamd[6865]: spamd: processing message <200904061335.n36DZM2k029603@virt2.int.splunk.com> for spamme:501 
Apr  6 06:35:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 06:35:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35965,mid=<200904061335.n36DZM2k029603@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:35:25 splunk3 sendmail[30498]: n36DZNOu030497: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:35:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:35:39 splunk3 sendmail[30560]: n36DZdMW030560: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:36:39 splunk3 sendmail[30795]: n36DadV1030795: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:37:39 splunk3 sendmail[31034]: n36Dbdbg031034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:38:39 splunk3 sendmail[31273]: n36Dcd8q031273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:39:39 splunk3 sendmail[31514]: n36Dddce031514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:39:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:40:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:40:23 splunk3 sendmail[31715]: n36DeN8X031715: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061340.n36DeN20030239@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:40:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36020 
Apr  6 06:40:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:40:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:40:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:40:23 splunk3 spamd[6865]: spamd: processing message <200904061340.n36DeN20030239@virt2.int.splunk.com> for spamme:501 
Apr  6 06:40:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 06:40:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36020,mid=<200904061340.n36DeN20030239@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:40:25 splunk3 sendmail[31716]: n36DeN8X031715: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:40:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:40:39 splunk3 sendmail[31778]: n36Ded1p031778: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 06:41:39 splunk3 sendmail[32017]: n36Dfd1s032017: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:42:39 splunk3 sendmail[32254]: n36DgdCt032254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:43:39 splunk3 sendmail[32492]: n36DhdxV032492: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:44:39 splunk3 sendmail[32726]: n36Didx4032726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:44:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:45:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:45:23 splunk3 sendmail[459]: n36DjNbv000459: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061345.n36DjN7Y030845@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:45:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36077 
Apr  6 06:45:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:45:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:45:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:45:23 splunk3 spamd[6865]: spamd: processing message <200904061345.n36DjN7Y030845@virt2.int.splunk.com> for spamme:501 
Apr  6 06:45:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 06:45:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36077,mid=<200904061345.n36DjN7Y030845@virt2.int.splunk.com>,bayes=0.111882033200734,autolearn=no 
Apr  6 06:45:25 splunk3 sendmail[460]: n36DjNbv000459: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:45:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:45:39 splunk3 sendmail[522]: n36Djd5X000522: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:46:39 splunk3 sendmail[756]: n36DkdSi000756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:47:39 splunk3 sendmail[995]: n36DldXn000995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:48:39 splunk3 sendmail[1229]: n36DmdSf001229: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:49:39 splunk3 sendmail[1469]: n36Dndtd001469: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:49:56 splunk3 sendmail[1533]: n36DnuBL001533: from=<3gwjaSRQKBq8VddVaTPaTgih-cdgTeanVddVaT.RdbhePbbTheajcZXi.Rdb@alerts.bounces.google.com>, size=2896, class=0, nrcpts=1, msgid=<001485f91f026ee2960466e32c34@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.187]
Apr  6 06:49:56 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36121 
Apr  6 06:49:56 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:49:56 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:49:56 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:49:56 splunk3 spamd[6865]: spamd: processing message <001485f91f026ee2960466e32c34@google.com> for spamme:501 
Apr  6 06:49:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:49:58 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.4 seconds, 3326 bytes. 
Apr  6 06:49:58 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.4,size=3326,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36121,mid=<001485f91f026ee2960466e32c34@google.com>,bayes=0,autolearn=ham 
Apr  6 06:49:58 splunk3 sendmail[1534]: n36DnuBL001533: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=33107, dsn=2.0.0, stat=Sent
Apr  6 06:49:58 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:50:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:50:24 splunk3 sendmail[1678]: n36DoOtk001678: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061350.n36DoOjS031458@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:50:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36133 
Apr  6 06:50:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:50:24 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:50:24 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:50:24 splunk3 spamd[6865]: spamd: processing message <200904061350.n36DoOjS031458@virt2.int.splunk.com> for spamme:501 
Apr  6 06:50:26 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 06:50:26 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36133,mid=<200904061350.n36DoOjS031458@virt2.int.splunk.com>,bayes=0.111913987377274,autolearn=no 
Apr  6 06:50:26 splunk3 sendmail[1679]: n36DoOtk001678: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:50:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:50:39 splunk3 sendmail[1737]: n36DodiB001737: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:51:39 splunk3 sendmail[1978]: n36Dpd4S001978: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:52:39 splunk3 sendmail[2213]: n36DqdXE002213: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:53:39 splunk3 sendmail[2456]: n36Drdh7002456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:54:39 splunk3 sendmail[2699]: n36DsdYp002699: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:54:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 06:55:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 06:55:25 splunk3 sendmail[2908]: n36DtOJY002908: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061355.n36DtO0j032065@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 06:55:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36189 
Apr  6 06:55:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 06:55:25 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 06:55:25 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 06:55:25 splunk3 spamd[6865]: spamd: processing message <200904061355.n36DtO0j032065@virt2.int.splunk.com> for spamme:501 
Apr  6 06:55:27 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 06:55:27 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36189,mid=<200904061355.n36DtO0j032065@virt2.int.splunk.com>,bayes=0.111913987377274,autolearn=no 
Apr  6 06:55:27 splunk3 sendmail[2909]: n36DtOJY002908: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 06:55:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 06:55:39 splunk3 sendmail[2972]: n36DtdCM002972: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 06:56:39 splunk3 sendmail[3216]: n36Dudms003216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:57:39 splunk3 sendmail[3454]: n36DvdZ4003454: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:58:39 splunk3 sendmail[3719]: n36DwdKr003719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:59:39 splunk3 sendmail[3960]: n36DxdBL003960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 06:59:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:00:04 splunk3 sendmail[4143]: n36E04uE004143: from=root, size=291, class=0, nrcpts=1, msgid=<200904061400.n36E04uE004143@splunk3.splunkit.com>, relay=root@localhost
Apr  6 07:00:04 splunk3 sendmail[4147]: n36E0401004147: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061400.n36E04uE004143@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 07:00:04 splunk3 sendmail[4143]: n36E04uE004143: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36E0401004147 Message accepted for delivery)
Apr  6 07:00:05 splunk3 sendmail[4148]: n36E0401004147: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 07:00:07 splunk3 sendmail[4181]: n36E07hP004181: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904061400.n36E07hP004181@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 07:00:07 splunk3 sendmail[4183]: n36E07hP004181: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 07:00:07 splunk3 sendmail[4183]: n36E07hP004181: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 07:00:07 splunk3 sendmail[4183]: n36E07hP004181: n36E07hP004183: postmaster notify: User unknown
Apr  6 07:00:09 splunk3 sendmail[4183]: n36E07hP004183: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 07:00:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:00:25 splunk3 sendmail[4264]: n36E0PgM004264: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061400.n36E0PMe032713@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:00:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36253 
Apr  6 07:00:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:00:25 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 07:00:25 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 07:00:25 splunk3 sendmail[4265]: n36E0PgM004264: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 07:00:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:00:39 splunk3 sendmail[4338]: n36E0dNZ004338: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:01:11 splunk3 sendmail[4426]: n36E11Yj004426: from=root, size=443, class=0, nrcpts=1, msgid=<200904061401.n36E11Yj004426@splunk3.splunkit.com>, relay=root@localhost
Apr  6 07:01:11 splunk3 sendmail[4468]: n36E1Bc9004468: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061401.n36E11Yj004426@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 07:01:11 splunk3 sendmail[4426]: n36E11Yj004426: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36E1Bc9004468 Message accepted for delivery)
Apr  6 07:01:13 splunk3 sendmail[4469]: n36E1Bc9004468: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 07:01:39 splunk3 sendmail[4589]: n36E1d6s004589: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:02:39 splunk3 sendmail[4826]: n36E2dW8004826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:03:39 splunk3 sendmail[5076]: n36E3de1005076: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:04:39 splunk3 sendmail[5344]: n36E4d8m005344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:04:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:05:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:05:26 splunk3 sendmail[5550]: n36E5QUu005550: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904061405.n36E5PC6000929@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:05:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36310 
Apr  6 07:05:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:05:26 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 07:05:26 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 07:05:26 splunk3 sendmail[5551]: n36E5QUu005550: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 07:05:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:05:39 splunk3 sendmail[5608]: n36E5ddW005608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:06:39 splunk3 sendmail[5843]: n36E6dri005843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:07:39 splunk3 sendmail[6083]: n36E7dsj006083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:08:39 splunk3 sendmail[6321]: n36E8dj5006321: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:09:39 splunk3 sendmail[6561]: n36E9dMS006561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:09:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:10:02 splunk3 sendmail[6761]: n36EA28D006761: from=root, size=292, class=0, nrcpts=1, msgid=<200904061410.n36EA28D006761@splunk3.splunkit.com>, relay=root@localhost
Apr  6 07:10:02 splunk3 sendmail[6766]: n36EA2SY006766: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061410.n36EA28D006761@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 07:10:02 splunk3 sendmail[6761]: n36EA28D006761: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36EA2SY006766 Message accepted for delivery)
Apr  6 07:10:04 splunk3 sendmail[6767]: n36EA2SY006766: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 07:10:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:10:26 splunk3 sendmail[6871]: n36EAQxd006871: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061410.n36EAQT0001570@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:10:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36366 
Apr  6 07:10:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:10:26 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:10:26 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:10:26 splunk3 spamd[6865]: spamd: processing message <200904061410.n36EAQT0001570@virt2.int.splunk.com> for spamme:501 
Apr  6 07:10:28 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 07:10:28 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36366,mid=<200904061410.n36EAQT0001570@virt2.int.splunk.com>,bayes=0.168791218725784,autolearn=no 
Apr  6 07:10:28 splunk3 sendmail[6872]: n36EAQxd006871: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:10:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:10:39 splunk3 sendmail[6931]: n36EAdI7006931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 07:11:39 splunk3 sendmail[7169]: n36EBddt007169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:12:39 splunk3 sendmail[7407]: n36ECdfH007407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:13:39 splunk3 sendmail[7655]: n36EDdmB007655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:14:39 splunk3 sendmail[7890]: n36EEdUG007890: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:14:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:15:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:15:28 splunk3 sendmail[8108]: n36EFSEV008108: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061415.n36EFQ3W002377@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:15:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36423 
Apr  6 07:15:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:15:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:15:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:15:28 splunk3 spamd[6865]: spamd: processing message <200904061415.n36EFQ3W002377@virt2.int.splunk.com> for spamme:501 
Apr  6 07:15:31 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 07:15:31 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36423,mid=<200904061415.n36EFQ3W002377@virt2.int.splunk.com>,bayes=0.168791218725784,autolearn=no 
Apr  6 07:15:31 splunk3 sendmail[8109]: n36EFSEV008108: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:15:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:15:39 splunk3 sendmail[8154]: n36EFdHA008154: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:15:58 splunk3 sendmail[8211]: n36EFr57008211: from=<iehrohcs@ARMSTRONGAEROSPACE.COM>, size=1876, class=0, nrcpts=1, msgid=<200904061415.n36EFr57008211@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=athedsl-277198.home.otenet.gr [85.73.130.108]
Apr  6 07:15:58 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36428 
Apr  6 07:15:58 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:15:58 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:15:58 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:15:58 splunk3 spamd[6865]: spamd: processing message <200904061415.n36EFr57008211@splunk3.splunkit.com> for spamme:501 
Apr  6 07:16:01 splunk3 spamd[6865]: spamd: identified spam (14.0/5.0) for spamme:501 in 2.8 seconds, 2309 bytes. 
Apr  6 07:16:01 splunk3 spamd[6865]: spamd: result: Y 14 - BAYES_99,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_SBL scantime=2.8,size=2309,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36428,mid=<200904061415.n36EFr57008211@splunk3.splunkit.com>,bayes=0.999512025258098,autolearn=no 
Apr  6 07:16:01 splunk3 sendmail[8232]: n36EFr57008211: to=<spamme@splunkit.com>, delay=00:00:06, xdelay=00:00:03, mailer=local, pri=32207, dsn=2.0.0, stat=Sent
Apr  6 07:16:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:16:39 splunk3 sendmail[8394]: n36EGdJv008394: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:17:39 splunk3 sendmail[8634]: n36EHdTW008634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:18:39 splunk3 sendmail[8868]: n36EIddr008868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:19:39 splunk3 sendmail[9107]: n36EJdt2009107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:19:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:20:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:20:29 splunk3 sendmail[9328]: n36EKToP009328: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061420.n36EKTaU003021@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:20:29 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36480 
Apr  6 07:20:29 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:20:29 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:20:29 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:20:29 splunk3 spamd[6865]: spamd: processing message <200904061420.n36EKTaU003021@virt2.int.splunk.com> for spamme:501 
Apr  6 07:20:31 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 07:20:31 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36480,mid=<200904061420.n36EKTaU003021@virt2.int.splunk.com>,bayes=0.168791218725784,autolearn=no 
Apr  6 07:20:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:20:31 splunk3 sendmail[9329]: n36EKToP009328: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:20:39 splunk3 sendmail[9370]: n36EKdb6009370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:21:39 splunk3 sendmail[9609]: n36ELdt3009609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:22:39 splunk3 sendmail[9845]: n36EMdJg009845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:23:39 splunk3 sendmail[10087]: n36ENd5L010087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:24:39 splunk3 sendmail[10322]: n36EOd4U010322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:24:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:25:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:25:30 splunk3 sendmail[10543]: n36EPUvq010543: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061425.n36EPTbJ003653@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:25:30 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36535 
Apr  6 07:25:30 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:25:30 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:25:30 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:25:30 splunk3 spamd[6865]: spamd: processing message <200904061425.n36EPTbJ003653@virt2.int.splunk.com> for spamme:501 
Apr  6 07:25:32 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 07:25:32 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36535,mid=<200904061425.n36EPTbJ003653@virt2.int.splunk.com>,bayes=0.168791218725784,autolearn=no 
Apr  6 07:25:32 splunk3 sendmail[10544]: n36EPUvq010543: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:25:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:25:39 splunk3 sendmail[10584]: n36EPdCF010584: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:26:27 splunk3 sendmail[28322]: n36DQRmW028322: timeout waiting for input from 118-165-90-238.dynamic.hinet.net during server cmd read
Apr  6 07:26:27 splunk3 sendmail[28322]: n36DQRmW028322: lost input channel from 118-165-90-238.dynamic.hinet.net [118.165.90.238] to MTA after rcpt
Apr  6 07:26:27 splunk3 sendmail[28322]: n36DQRmW028322: from=<oh5k6f8d87@yahoo.com.tw>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-165-90-238.dynamic.hinet.net [118.165.90.238]
Apr  6 07:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 07:26:40 splunk3 sendmail[10820]: n36EQead010820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:27:40 splunk3 sendmail[11061]: n36EReNj011061: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:28:40 splunk3 sendmail[11296]: n36ESe6u011296: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:29:40 splunk3 sendmail[11535]: n36ETerR011535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:29:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:30:00 splunk3 sendmail[11620]: n36EU0n9011620: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061430.n36EU0et004174@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:30:00 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36580 
Apr  6 07:30:00 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:30:00 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:30:00 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:30:00 splunk3 spamd[6865]: spamd: processing message <200904061430.n36EU0et004174@virt2.int.splunk.com> for spamme:501 
Apr  6 07:30:02 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 07:30:02 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36580,mid=<200904061430.n36EU0et004174@virt2.int.splunk.com>,bayes=0.168791218725784,autolearn=no 
Apr  6 07:30:02 splunk3 sendmail[11621]: n36EU0n9011620: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:30:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:30:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:30:40 splunk3 sendmail[11799]: n36EUe0e011799: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:31:40 splunk3 sendmail[12037]: n36EVemC012037: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:32:40 splunk3 sendmail[12273]: n36EWeYE012273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:33:38 splunk3 sendmail[12512]: n36EXb91012512: from=<3wRLaSRQKBvcfnnfkdZkdqsr-mnqdokxfnnfkd.bnlroZlldroktmjhs.bnl@alerts.bounces.google.com>, size=2549, class=0, nrcpts=1, msgid=<0015175707f6b011df0466e3c80e@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.160]
Apr  6 07:33:38 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36622 
Apr  6 07:33:38 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:33:38 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:33:38 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:33:38 splunk3 spamd[6865]: spamd: processing message <0015175707f6b011df0466e3c80e@google.com> for spamme:501 
Apr  6 07:33:40 splunk3 sendmail[12519]: n36EXeGk012519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:33:40 splunk3 spamd[6865]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.4 seconds, 2978 bytes. 
Apr  6 07:33:40 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.4,size=2978,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36622,mid=<0015175707f6b011df0466e3c80e@google.com>,bayes=1.66533453693773e-16,autolearn=ham 
Apr  6 07:33:40 splunk3 sendmail[12513]: n36EXb91012512: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=32759, dsn=2.0.0, stat=Sent
Apr  6 07:33:40 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:34:40 splunk3 sendmail[12752]: n36EYeXr012752: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:34:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:35:00 splunk3 sendmail[12838]: n36EZ0D0012838: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061435.n36EZ0Hn004926@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:35:00 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36637 
Apr  6 07:35:00 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:35:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:35:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:35:01 splunk3 spamd[6865]: spamd: processing message <200904061435.n36EZ0Hn004926@virt2.int.splunk.com> for spamme:501 
Apr  6 07:35:03 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1305 bytes. 
Apr  6 07:35:03 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36637,mid=<200904061435.n36EZ0Hn004926@virt2.int.splunk.com>,bayes=0.168828934882874,autolearn=no 
Apr  6 07:35:03 splunk3 sendmail[12840]: n36EZ0D0012838: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:35:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:35:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:35:40 splunk3 sendmail[13012]: n36EZegX013012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:36:40 splunk3 sendmail[13246]: n36Eae13013246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:37:40 splunk3 sendmail[13524]: n36Ebel3013524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:38:40 splunk3 sendmail[13760]: n36EceCn013760: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:39:40 splunk3 sendmail[13997]: n36EdeFY013997: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:39:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:40:01 splunk3 sendmail[14087]: n36Ee14D014087: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061440.n36Ee1eg005540@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:40:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36692 
Apr  6 07:40:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:40:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:40:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:40:01 splunk3 spamd[6865]: spamd: processing message <200904061440.n36Ee1eg005540@virt2.int.splunk.com> for spamme:501 
Apr  6 07:40:03 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  6 07:40:03 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36692,mid=<200904061440.n36Ee1eg005540@virt2.int.splunk.com>,bayes=0.168828934882874,autolearn=no 
Apr  6 07:40:03 splunk3 sendmail[14088]: n36Ee14D014087: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:40:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:40:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:40:40 splunk3 sendmail[14261]: n36Eee3m014261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 07:41:40 splunk3 sendmail[14500]: n36EfeLO014500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:42:40 splunk3 sendmail[14737]: n36EgeXj014737: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:43:40 splunk3 sendmail[14976]: n36EheTY014976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:44:40 splunk3 sendmail[15210]: n36EieGQ015210: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:44:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:45:01 splunk3 sendmail[15315]: n36Ej1A2015315: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061445.n36Ej1N7006205@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:45:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36749 
Apr  6 07:45:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:45:02 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:45:02 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:45:02 splunk3 spamd[6865]: spamd: processing message <200904061445.n36Ej1N7006205@virt2.int.splunk.com> for spamme:501 
Apr  6 07:45:04 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1305 bytes. 
Apr  6 07:45:04 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36749,mid=<200904061445.n36Ej1N7006205@virt2.int.splunk.com>,bayes=0.168828934882874,autolearn=no 
Apr  6 07:45:04 splunk3 sendmail[15316]: n36Ej1A2015315: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:45:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:45:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:45:40 splunk3 sendmail[15483]: n36Eje6e015483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:46:40 splunk3 sendmail[15717]: n36EkevL015717: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:47:40 splunk3 sendmail[15957]: n36EleTj015957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:48:40 splunk3 sendmail[16193]: n36EmeC1016193: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:49:40 splunk3 sendmail[16432]: n36Ene1p016432: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:49:57 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:50:02 splunk3 sendmail[16539]: n36Eo2DT016539: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061450.n36Eo2hs006824@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:50:02 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36804 
Apr  6 07:50:02 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:50:02 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:50:02 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:50:02 splunk3 spamd[6865]: spamd: processing message <200904061450.n36Eo2hs006824@virt2.int.splunk.com> for spamme:501 
Apr  6 07:50:04 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 07:50:04 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36804,mid=<200904061450.n36Eo2hs006824@virt2.int.splunk.com>,bayes=0.168828934882874,autolearn=no 
Apr  6 07:50:04 splunk3 sendmail[16540]: n36Eo2DT016539: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:50:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:50:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:50:40 splunk3 sendmail[16697]: n36EoeA9016697: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:51:40 splunk3 sendmail[16935]: n36EpeOM016935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:52:40 splunk3 sendmail[17171]: n36EqebE017171: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:53:40 splunk3 sendmail[17412]: n36Ere2v017412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:54:26 splunk3 sendmail[17592]: n36EsPHn017592: from=<3oRfaSRQKBtwEMMEJC8JCPRQ-LMPCNJWEMMEJC.AMKQN8KKCQNJSLIGR.AMK@alerts.bounces.google.com>, size=8800, class=0, nrcpts=1, msgid=<00163630f36713575f0466e41334@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 07:54:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36854 
Apr  6 07:54:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:54:26 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:54:26 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:54:26 splunk3 spamd[6865]: spamd: processing message <00163630f36713575f0466e41334@google.com> for spamme:501 
Apr  6 07:54:29 splunk3 spamd[6865]: spamd: clean message (-2.3/5.0) for spamme:501 in 3.7 seconds, 9234 bytes. 
Apr  6 07:54:29 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=3.7,size=9234,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36854,mid=<00163630f36713575f0466e41334@google.com>,bayes=1.11022302462516e-16,autolearn=ham 
Apr  6 07:54:30 splunk3 sendmail[17593]: n36EsPHn017592: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:04, mailer=local, pri=39015, dsn=2.0.0, stat=Sent
Apr  6 07:54:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:54:40 splunk3 sendmail[17653]: n36EseQN017653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:54:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 07:55:03 splunk3 sendmail[17756]: n36Et33b017756: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061455.n36Et3l0007433@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 07:55:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36861 
Apr  6 07:55:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:55:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:55:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:55:03 splunk3 spamd[6865]: spamd: processing message <200904061455.n36Et3l0007433@virt2.int.splunk.com> for spamme:501 
Apr  6 07:55:05 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 07:55:05 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36861,mid=<200904061455.n36Et3l0007433@virt2.int.splunk.com>,bayes=0.168866647916838,autolearn=no 
Apr  6 07:55:05 splunk3 sendmail[17757]: n36Et33b017756: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 07:55:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:55:22 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 07:55:40 splunk3 sendmail[17914]: n36Ete61017914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:56:28 splunk3 sendmail[18107]: n36EuQkT018107: from=<shlomoa@deleteddomains.com>, size=5737, class=0, nrcpts=1, msgid=<d45f019dc5d3$20c389dd$7b100259@deleteddomains.com>, proto=ESMTP, daemon=MTA, relay=[124.54.150.207]
Apr  6 07:56:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36883 
Apr  6 07:56:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 07:56:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 07:56:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 07:56:28 splunk3 spamd[6865]: spamd: processing message <d45f019dc5d3$20c389dd$7b100259@deleteddomains.com> for spamme:501 
Apr  6 07:56:30 splunk3 spamd[6865]: spamd: identified spam (24.4/5.0) for spamme:501 in 1.9 seconds, 6020 bytes. 
Apr  6 07:56:30 splunk3 spamd[6865]: spamd: result: Y 24 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_JP_SURBL,URIBL_SBL scantime=1.9,size=6020,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36883,mid=<d45f019dc5d3$20c389dd$7b100259@deleteddomains.com>,bayes=1,autolearn=spam 
Apr  6 07:56:30 splunk3 sendmail[18109]: n36EuQkT018107: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35915, dsn=2.0.0, stat=Sent
Apr  6 07:56:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 07:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 07:56:40 splunk3 sendmail[18156]: n36EuewU018156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:57:40 splunk3 sendmail[18398]: n36Eve8d018398: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:58:40 splunk3 sendmail[18632]: n36Ewe6F018632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:59:40 splunk3 sendmail[18870]: n36ExeBV018870: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 07:59:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:00:04 splunk3 sendmail[19032]: n36F04pD019032: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061500.n36F03OB008069@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:00:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36920 
Apr  6 08:00:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:00:04 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 08:00:04 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 08:00:04 splunk3 sendmail[19038]: n36F04pD019032: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 08:00:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:00:04 splunk3 sendmail[19045]: n36F04g9019045: from=root, size=291, class=0, nrcpts=1, msgid=<200904061500.n36F04g9019045@splunk3.splunkit.com>, relay=root@localhost
Apr  6 08:00:04 splunk3 sendmail[19049]: n36F047I019049: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061500.n36F04g9019045@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 08:00:04 splunk3 sendmail[19045]: n36F04g9019045: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36F047I019049 Message accepted for delivery)
Apr  6 08:00:05 splunk3 sendmail[19050]: n36F047I019049: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 08:00:13 splunk3 sendmail[19106]: n36F0DwY019106: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061500.n36F0DwY019106@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 08:00:13 splunk3 sendmail[19108]: n36F0DwY019106: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 08:00:13 splunk3 sendmail[19108]: n36F0DwY019106: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 08:00:13 splunk3 sendmail[19108]: n36F0DwY019106: n36F0DwY019108: postmaster notify: User unknown
Apr  6 08:00:14 splunk3 sendmail[19108]: n36F0DwY019108: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 08:00:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:00:40 splunk3 sendmail[19217]: n36F0ens019217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:01:15 splunk3 sendmail[19321]: n36F11k6019321: from=root, size=443, class=0, nrcpts=1, msgid=<200904061501.n36F11k6019321@splunk3.splunkit.com>, relay=root@localhost
Apr  6 08:01:15 splunk3 sendmail[19372]: n36F1F8i019372: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061501.n36F11k6019321@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 08:01:15 splunk3 sendmail[19321]: n36F11k6019321: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36F1F8i019372 Message accepted for delivery)
Apr  6 08:01:17 splunk3 sendmail[19373]: n36F1F8i019372: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 08:01:40 splunk3 sendmail[19470]: n36F1eme019470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:02:40 splunk3 sendmail[19707]: n36F2erh019707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:03:40 splunk3 sendmail[19947]: n36F3eU8019947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:04:40 splunk3 sendmail[20182]: n36F4eMP020182: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:04:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:05:04 splunk3 sendmail[20288]: n36F54NH020288: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061505.n36F54N9008755@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:05:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36984 
Apr  6 08:05:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:05:04 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 08:05:04 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 08:05:04 splunk3 sendmail[20289]: n36F54NH020288: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 08:05:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:05:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:05:40 splunk3 sendmail[20442]: n36F5ekY020442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:06:40 splunk3 sendmail[20675]: n36F6eIK020675: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:07:40 splunk3 sendmail[20913]: n36F7eFn020913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:08:40 splunk3 sendmail[21154]: n36F8eht021154: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:09:40 splunk3 sendmail[21394]: n36F9em5021394: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:09:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:10:02 splunk3 sendmail[21593]: n36FA2Ad021593: from=root, size=292, class=0, nrcpts=1, msgid=<200904061510.n36FA2Ad021593@splunk3.splunkit.com>, relay=root@localhost
Apr  6 08:10:02 splunk3 sendmail[21598]: n36FA2Rp021598: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061510.n36FA2Ad021593@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 08:10:02 splunk3 sendmail[21593]: n36FA2Ad021593: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36FA2Rp021598 Message accepted for delivery)
Apr  6 08:10:03 splunk3 sendmail[21599]: n36FA2Rp021598: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 08:10:05 splunk3 sendmail[21603]: n36FA5Vd021603: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061510.n36FA5XN009365@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:10:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37041 
Apr  6 08:10:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:10:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:10:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:10:05 splunk3 spamd[6865]: spamd: processing message <200904061510.n36FA5XN009365@virt2.int.splunk.com> for spamme:501 
Apr  6 08:10:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 08:10:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37041,mid=<200904061510.n36FA5XN009365@virt2.int.splunk.com>,bayes=0.168861319438533,autolearn=no 
Apr  6 08:10:07 splunk3 sendmail[21604]: n36FA5Vd021603: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 08:10:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:10:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:10:40 splunk3 sendmail[21762]: n36FAelQ021762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 08:11:40 splunk3 sendmail[22002]: n36FBeNq022002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:12:40 splunk3 sendmail[22238]: n36FCeu1022238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:13:40 splunk3 sendmail[22476]: n36FDeOe022476: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:14:40 splunk3 sendmail[22707]: n36FEeQn022707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:14:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:15:05 splunk3 sendmail[22817]: n36FF5Dp022817: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061515.n36FF5Gw010153@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:15:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37097 
Apr  6 08:15:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:15:06 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:15:06 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:15:06 splunk3 spamd[6865]: spamd: processing message <200904061515.n36FF5Gw010153@virt2.int.splunk.com> for spamme:501 
Apr  6 08:15:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 3.7 seconds, 1308 bytes. 
Apr  6 08:15:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=3.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37097,mid=<200904061515.n36FF5Gw010153@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:15:09 splunk3 sendmail[22818]: n36FF5Dp022817: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:15:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:15:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:15:40 splunk3 sendmail[22971]: n36FFeat022971: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:16:40 splunk3 sendmail[23206]: n36FGeUQ023206: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:17:40 splunk3 sendmail[23446]: n36FHe5i023446: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:18:40 splunk3 sendmail[23683]: n36FIe9G023683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:19:40 splunk3 sendmail[23921]: n36FJeEn023921: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:19:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:20:06 splunk3 sendmail[24047]: n36FK6EO024047: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061520.n36FK6em010790@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:20:06 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37153 
Apr  6 08:20:06 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:20:06 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:20:06 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:20:06 splunk3 spamd[6865]: spamd: processing message <200904061520.n36FK6em010790@virt2.int.splunk.com> for spamme:501 
Apr  6 08:20:08 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 08:20:08 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37153,mid=<200904061520.n36FK6em010790@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:20:08 splunk3 sendmail[24048]: n36FK6EO024047: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:20:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:20:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:20:40 splunk3 sendmail[24184]: n36FKeFV024184: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:21:40 splunk3 sendmail[24423]: n36FLeQK024423: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:22:40 splunk3 sendmail[24659]: n36FMepT024659: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:23:40 splunk3 sendmail[24902]: n36FNe8f024902: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:24:40 splunk3 sendmail[25138]: n36FOeAk025138: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:24:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:25:07 splunk3 sendmail[25260]: n36FP7fN025260: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061525.n36FP6uF011399@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:25:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37208 
Apr  6 08:25:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:25:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:25:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:25:07 splunk3 spamd[6865]: spamd: processing message <200904061525.n36FP6uF011399@virt2.int.splunk.com> for spamme:501 
Apr  6 08:25:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 08:25:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37208,mid=<200904061525.n36FP6uF011399@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:25:09 splunk3 sendmail[25261]: n36FP7fN025260: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:25:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:25:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:25:40 splunk3 sendmail[25401]: n36FPeHQ025401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 08:26:40 splunk3 sendmail[25634]: n36FQexQ025634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:27:40 splunk3 sendmail[25874]: n36FReKw025874: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:28:40 splunk3 sendmail[26105]: n36FSelY026105: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:29:40 splunk3 sendmail[26345]: n36FTe7i026345: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:29:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:30:07 splunk3 sendmail[26471]: n36FU7U7026471: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061530.n36FU7hC012015@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:30:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37264 
Apr  6 08:30:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:30:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:30:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:30:07 splunk3 spamd[6865]: spamd: processing message <200904061530.n36FU7hC012015@virt2.int.splunk.com> for spamme:501 
Apr  6 08:30:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  6 08:30:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37264,mid=<200904061530.n36FU7hC012015@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:30:10 splunk3 sendmail[26472]: n36FU7U7026471: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:30:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:30:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:30:40 splunk3 sendmail[26610]: n36FUeK1026610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:31:40 splunk3 sendmail[26850]: n36FVeQ4026850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:32:40 splunk3 sendmail[27086]: n36FWejv027086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:33:40 splunk3 sendmail[27325]: n36FXenm027325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:34:40 splunk3 sendmail[27559]: n36FYe01027559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:34:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:35:08 splunk3 sendmail[27684]: n36FZ8xe027684: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061535.n36FZ7A2012761@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:35:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37319 
Apr  6 08:35:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:35:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:35:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:35:08 splunk3 spamd[6865]: spamd: processing message <200904061535.n36FZ7A2012761@virt2.int.splunk.com> for spamme:501 
Apr  6 08:35:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 08:35:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37319,mid=<200904061535.n36FZ7A2012761@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:35:10 splunk3 sendmail[27685]: n36FZ8xe027684: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:35:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:35:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:35:40 splunk3 sendmail[27820]: n36FZe7J027820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:36:40 splunk3 sendmail[28056]: n36FaelR028056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:37:40 splunk3 sendmail[28296]: n36FbeNW028296: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:38:40 splunk3 sendmail[28535]: n36Fce3L028535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:39:40 splunk3 sendmail[28774]: n36Fdevx028774: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:39:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:40:08 splunk3 sendmail[28897]: n36Fe8oL028897: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061540.n36Fe8lr013390@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:40:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37375 
Apr  6 08:40:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:40:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:40:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:40:08 splunk3 spamd[6865]: spamd: processing message <200904061540.n36Fe8lr013390@virt2.int.splunk.com> for spamme:501 
Apr  6 08:40:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 08:40:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37375,mid=<200904061540.n36Fe8lr013390@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:40:10 splunk3 sendmail[28898]: n36Fe8oL028897: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:40:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:40:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:40:40 splunk3 sendmail[29036]: n36Fee34029036: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 08:41:40 splunk3 sendmail[29275]: n36FfeYs029275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:42:40 splunk3 sendmail[29511]: n36Fge6d029511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:43:40 splunk3 sendmail[29750]: n36Fhe8m029750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:44:40 splunk3 sendmail[29983]: n36FieiA029983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:44:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:45:09 splunk3 sendmail[30108]: n36Fj9LS030108: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061545.n36Fj9T6014002@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:45:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37431 
Apr  6 08:45:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:45:09 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:45:09 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:45:09 splunk3 spamd[6865]: spamd: processing message <200904061545.n36Fj9T6014002@virt2.int.splunk.com> for spamme:501 
Apr  6 08:45:11 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 08:45:11 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37431,mid=<200904061545.n36Fj9T6014002@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:45:11 splunk3 sendmail[30109]: n36Fj9LS030108: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:45:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:45:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:45:40 splunk3 sendmail[30246]: n36Fje94030246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:46:40 splunk3 sendmail[30481]: n36FkejY030481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:47:40 splunk3 sendmail[30719]: n36Flelm030719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:48:40 splunk3 sendmail[30954]: n36Fme0X030954: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:49:40 splunk3 sendmail[31191]: n36FnesF031191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:49:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:50:09 splunk3 sendmail[31320]: n36Fo9iR031320: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061550.n36Fo9Yi014616@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:50:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37487 
Apr  6 08:50:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:50:09 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:50:09 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:50:09 splunk3 spamd[6865]: spamd: processing message <200904061550.n36Fo9Yi014616@virt2.int.splunk.com> for spamme:501 
Apr  6 08:50:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 08:50:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37487,mid=<200904061550.n36Fo9Yi014616@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:50:12 splunk3 sendmail[31322]: n36Fo9iR031320: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:50:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:50:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:50:40 splunk3 sendmail[31456]: n36FoeRn031456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:51:40 splunk3 sendmail[31696]: n36FpevX031696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:52:40 splunk3 sendmail[31932]: n36FqeTj031932: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:53:40 splunk3 sendmail[32175]: n36Freml032175: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:54:40 splunk3 sendmail[32410]: n36Fsej8032410: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:54:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 08:55:10 splunk3 sendmail[32534]: n36FtAbT032534: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061555.n36FtAu1015223@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 08:55:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37543 
Apr  6 08:55:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 08:55:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 08:55:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 08:55:10 splunk3 spamd[6865]: spamd: processing message <200904061555.n36FtAu1015223@virt2.int.splunk.com> for spamme:501 
Apr  6 08:55:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 08:55:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37543,mid=<200904061555.n36FtAu1015223@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 08:55:12 splunk3 sendmail[32543]: n36FtAbT032534: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 08:55:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 08:55:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 08:55:40 splunk3 sendmail[32670]: n36Fte4l032670: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 08:56:40 splunk3 sendmail[435]: n36Fuep1000435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:57:40 splunk3 sendmail[677]: n36FvenP000677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:58:40 splunk3 sendmail[911]: n36Fweoi000911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:59:40 splunk3 sendmail[1149]: n36FxeQf001149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 08:59:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:00:04 splunk3 sendmail[1318]: n36G04Rg001318: from=root, size=291, class=0, nrcpts=1, msgid=<200904061600.n36G04Rg001318@splunk3.splunkit.com>, relay=root@localhost
Apr  6 09:00:04 splunk3 sendmail[1322]: n36G04nQ001322: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061600.n36G04Rg001318@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 09:00:04 splunk3 sendmail[1318]: n36G04Rg001318: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36G04nQ001322 Message accepted for delivery)
Apr  6 09:00:05 splunk3 sendmail[1323]: n36G04nQ001322: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 09:00:11 splunk3 sendmail[1365]: n36G0BoO001365: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061600.n36G0BkI015859@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:00:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37600 
Apr  6 09:00:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:00:11 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 09:00:11 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 09:00:11 splunk3 sendmail[1366]: n36G0BoO001365: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:00:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:00:19 splunk3 sendmail[1404]: n36G0IY1001404: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904061600.n36G0IY1001404@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 09:00:19 splunk3 sendmail[1406]: n36G0IY1001404: to=<mark@splunk.com>, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 09:00:19 splunk3 sendmail[1406]: n36G0IY1001404: to=<splunk@localhost>, delay=00:00:01, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 09:00:19 splunk3 sendmail[1406]: n36G0IY1001404: n36G0JY1001406: postmaster notify: User unknown
Apr  6 09:00:20 splunk3 sendmail[1406]: n36G0JY1001406: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 09:00:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:00:40 splunk3 sendmail[1511]: n36G0eMj001511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:01:15 splunk3 sendmail[1602]: n36G11BB001602: from=root, size=443, class=0, nrcpts=1, msgid=<200904061601.n36G11BB001602@splunk3.splunkit.com>, relay=root@localhost
Apr  6 09:01:15 splunk3 sendmail[1645]: n36G1FDu001645: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061601.n36G11BB001602@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 09:01:15 splunk3 sendmail[1602]: n36G11BB001602: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36G1FDu001645 Message accepted for delivery)
Apr  6 09:01:16 splunk3 sendmail[1646]: n36G1FDu001645: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 09:01:40 splunk3 sendmail[1770]: n36G1ebM001770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:02:40 splunk3 sendmail[2006]: n36G2eKi002006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:03:40 splunk3 sendmail[2244]: n36G3eo9002244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:04:40 splunk3 sendmail[2479]: n36G4eQI002479: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:04:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:05:11 splunk3 sendmail[2610]: n36G5BfU002610: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061605.n36G5BUH016544@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:05:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37664 
Apr  6 09:05:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:05:11 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 09:05:11 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 09:05:11 splunk3 sendmail[2611]: n36G5BfU002610: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:05:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:05:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:05:40 splunk3 sendmail[2750]: n36G5eum002750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:06:40 splunk3 sendmail[2997]: n36G6eKw002997: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:07:40 splunk3 sendmail[3243]: n36G7eBX003243: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:08:40 splunk3 sendmail[3481]: n36G8eIH003481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:09:40 splunk3 sendmail[3749]: n36G9eU3003749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:09:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:10:02 splunk3 sendmail[3932]: n36GA2ji003932: from=root, size=292, class=0, nrcpts=1, msgid=<200904061610.n36GA2ji003932@splunk3.splunkit.com>, relay=root@localhost
Apr  6 09:10:02 splunk3 sendmail[3937]: n36GA2gx003937: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061610.n36GA2ji003932@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 09:10:02 splunk3 sendmail[3932]: n36GA2ji003932: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36GA2gx003937 Message accepted for delivery)
Apr  6 09:10:04 splunk3 sendmail[3938]: n36GA2gx003937: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 09:10:12 splunk3 sendmail[3981]: n36GACpv003981: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061610.n36GABwl017157@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:10:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37720 
Apr  6 09:10:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:10:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:10:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:10:12 splunk3 spamd[6865]: spamd: processing message <200904061610.n36GABwl017157@virt2.int.splunk.com> for spamme:501 
Apr  6 09:10:14 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 09:10:14 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37720,mid=<200904061610.n36GABwl017157@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 09:10:14 splunk3 sendmail[3982]: n36GACpv003981: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:10:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:10:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:10:40 splunk3 sendmail[4132]: n36GAeGS004132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 09:11:40 splunk3 sendmail[4389]: n36GBebE004389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:12:40 splunk3 sendmail[4626]: n36GCeaO004626: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:13:40 splunk3 sendmail[4873]: n36GDeU9004873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:14:40 splunk3 sendmail[5115]: n36GEeYm005115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:14:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:15:12 splunk3 sendmail[5274]: n36GFCq2005274: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061615.n36GFCYA017943@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:15:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37777 
Apr  6 09:15:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:15:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:15:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:15:12 splunk3 spamd[6865]: spamd: processing message <200904061615.n36GFCYA017943@virt2.int.splunk.com> for spamme:501 
Apr  6 09:15:14 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 09:15:14 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37777,mid=<200904061615.n36GFCYA017943@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 09:15:14 splunk3 sendmail[5275]: n36GFCq2005274: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:15:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:15:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:15:40 splunk3 sendmail[5416]: n36GFe4n005416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:16:40 splunk3 sendmail[5650]: n36GGe5m005650: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:17:40 splunk3 sendmail[5889]: n36GHeTV005889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:18:40 splunk3 sendmail[6125]: n36GIe9a006125: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:19:40 splunk3 sendmail[6364]: n36GJegf006364: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:19:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:20:15 splunk3 sendmail[6503]: n36GKF4n006503: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061620.n36GKDbp018586@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:20:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37833 
Apr  6 09:20:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:20:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:20:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:20:15 splunk3 spamd[6865]: spamd: processing message <200904061620.n36GKDbp018586@virt2.int.splunk.com> for spamme:501 
Apr  6 09:20:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 09:20:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37833,mid=<200904061620.n36GKDbp018586@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 09:20:17 splunk3 sendmail[6512]: n36GKF4n006503: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:20:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:20:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:20:41 splunk3 sendmail[6628]: n36GKe0K006628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:21:41 splunk3 sendmail[6869]: n36GLf9M006869: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:22:41 splunk3 sendmail[7104]: n36GMfe7007104: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:23:41 splunk3 sendmail[7346]: n36GNfaa007346: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:24:41 splunk3 sendmail[7591]: n36GOfhN007591: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:24:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:25:15 splunk3 sendmail[7734]: n36GPFmj007734: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061625.n36GPFU7019200@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:25:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37888 
Apr  6 09:25:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:25:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:25:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:25:15 splunk3 spamd[6865]: spamd: processing message <200904061625.n36GPFU7019200@virt2.int.splunk.com> for spamme:501 
Apr  6 09:25:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  6 09:25:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37888,mid=<200904061625.n36GPFU7019200@virt2.int.splunk.com>,bayes=0.111973455879604,autolearn=no 
Apr  6 09:25:17 splunk3 sendmail[7735]: n36GPFmj007734: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:25:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:25:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:25:41 splunk3 sendmail[7852]: n36GPfaO007852: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 09:26:41 splunk3 sendmail[8088]: n36GQf6b008088: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:27:41 splunk3 sendmail[8329]: n36GRf9T008329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:28:41 splunk3 sendmail[8563]: n36GSfQX008563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:29:00 splunk3 sendmail[8626]: n36GSxWt008626: from=<3yy3aSRQKBh09HH9E73E7KML-GHK7IER9HH9E7.5HFLI3FF7LIENGDBM.5HF@alerts.bounces.google.com>, size=2735, class=0, nrcpts=1, msgid=<001636164ad147fb7a0466e56553@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 09:29:00 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37931 
Apr  6 09:29:00 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:29:00 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:29:00 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:29:00 splunk3 spamd[6865]: spamd: processing message <001636164ad147fb7a0466e56553@google.com> for spamme:501 
Apr  6 09:29:03 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.9 seconds, 3169 bytes. 
Apr  6 09:29:03 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.9,size=3169,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37931,mid=<001636164ad147fb7a0466e56553@google.com>,bayes=0,autolearn=ham 
Apr  6 09:29:03 splunk3 sendmail[8627]: n36GSxWt008626: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=32950, dsn=2.0.0, stat=Sent
Apr  6 09:29:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:29:41 splunk3 sendmail[8808]: n36GTfaq008808: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:29:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:30:16 splunk3 sendmail[8952]: n36GUGNL008952: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061630.n36GUFYu019816@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:30:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37945 
Apr  6 09:30:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:30:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:30:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:30:16 splunk3 spamd[6865]: spamd: processing message <200904061630.n36GUFYu019816@virt2.int.splunk.com> for spamme:501 
Apr  6 09:30:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 09:30:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37945,mid=<200904061630.n36GUFYu019816@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:30:18 splunk3 sendmail[8953]: n36GUGNL008952: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:30:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:30:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:30:41 splunk3 sendmail[9071]: n36GUfdk009071: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:31:41 splunk3 sendmail[9309]: n36GVfYH009309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:32:41 splunk3 sendmail[9545]: n36GWffc009545: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:33:41 splunk3 sendmail[9785]: n36GXf9n009785: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:34:41 splunk3 sendmail[10020]: n36GYfHG010020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:34:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:35:17 splunk3 sendmail[10164]: n36GZHXa010164: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061635.n36GZGkN020565@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:35:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38000 
Apr  6 09:35:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:35:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:35:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:35:17 splunk3 spamd[6865]: spamd: processing message <200904061635.n36GZGkN020565@virt2.int.splunk.com> for spamme:501 
Apr  6 09:35:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 09:35:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38000,mid=<200904061635.n36GZGkN020565@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:35:19 splunk3 sendmail[10165]: n36GZHXa010164: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:35:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:35:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:35:41 splunk3 sendmail[10281]: n36GZfC9010281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:36:41 splunk3 sendmail[10517]: n36GafeM010517: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:37:41 splunk3 sendmail[10755]: n36Gbftq010755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:38:41 splunk3 sendmail[10995]: n36GcfgJ010995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:39:41 splunk3 sendmail[11236]: n36GdfFA011236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:39:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:40:17 splunk3 sendmail[11383]: n36GeHls011383: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061640.n36GeHgE021194@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:40:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38056 
Apr  6 09:40:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:40:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:40:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:40:17 splunk3 spamd[6865]: spamd: processing message <200904061640.n36GeHgE021194@virt2.int.splunk.com> for spamme:501 
Apr  6 09:40:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 09:40:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38056,mid=<200904061640.n36GeHgE021194@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:40:19 splunk3 sendmail[11384]: n36GeHls011383: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:40:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:40:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:40:41 splunk3 sendmail[11500]: n36Gefl8011500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 09:41:41 splunk3 sendmail[11740]: n36Gff6o011740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:42:41 splunk3 sendmail[11976]: n36Ggf3I011976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:43:41 splunk3 sendmail[12214]: n36Ghfga012214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:44:41 splunk3 sendmail[12450]: n36GifnV012450: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:44:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:45:17 splunk3 sendmail[12592]: n36GjHrx012592: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061645.n36GjH3u021808@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:45:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38112 
Apr  6 09:45:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:45:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:45:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:45:17 splunk3 spamd[6865]: spamd: processing message <200904061645.n36GjH3u021808@virt2.int.splunk.com> for spamme:501 
Apr  6 09:45:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 09:45:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38112,mid=<200904061645.n36GjH3u021808@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:45:19 splunk3 sendmail[12593]: n36GjHrx012592: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:45:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:45:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:45:41 splunk3 sendmail[12709]: n36GjfSm012709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:46:41 splunk3 sendmail[12945]: n36Gkfws012945: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:47:41 splunk3 sendmail[13185]: n36GlfY6013185: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:48:41 splunk3 sendmail[13460]: n36Gmf5O013460: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:49:41 splunk3 sendmail[13696]: n36GnfS9013696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:49:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:50:19 splunk3 sendmail[13845]: n36GoIMp013845: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061650.n36GoInt022422@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:50:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38168 
Apr  6 09:50:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:50:19 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:50:19 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:50:19 splunk3 spamd[6865]: spamd: processing message <200904061650.n36GoInt022422@virt2.int.splunk.com> for spamme:501 
Apr  6 09:50:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:50:21 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  6 09:50:21 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38168,mid=<200904061650.n36GoInt022422@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:50:21 splunk3 sendmail[13846]: n36GoIMp013845: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:50:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:50:41 splunk3 sendmail[13962]: n36Goffm013962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:51:41 splunk3 sendmail[14201]: n36GpfKd014201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:52:41 splunk3 sendmail[14431]: n36GqfID014431: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:53:41 splunk3 sendmail[14676]: n36GrfsD014676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:54:41 splunk3 sendmail[14913]: n36GsfrY014913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:54:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 09:55:19 splunk3 sendmail[15060]: n36GtJev015060: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061655.n36GtJIi023029@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 09:55:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38223 
Apr  6 09:55:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:55:19 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:55:19 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:55:19 splunk3 spamd[6865]: spamd: processing message <200904061655.n36GtJIi023029@virt2.int.splunk.com> for spamme:501 
Apr  6 09:55:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 09:55:21 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 09:55:21 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38223,mid=<200904061655.n36GtJIi023029@virt2.int.splunk.com>,bayes=0.112005408506857,autolearn=no 
Apr  6 09:55:21 splunk3 sendmail[15061]: n36GtJev015060: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 09:55:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:55:41 splunk3 sendmail[15176]: n36GtfHY015176: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:55:44 splunk3 sendmail[15177]: n36GthJC015177: from=<spammeanddie@alltheprettywords.com>, size=1534, class=0, nrcpts=1, msgid=<022301c9b6d8$85b20f40$78c30bbe@aqlts>, proto=ESMTP, daemon=MTA, relay=host120.190-11-195.nodosud.com.ar [190.11.195.120] (may be forged)
Apr  6 09:55:44 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38236 
Apr  6 09:55:44 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:55:44 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:55:44 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:55:44 splunk3 spamd[6865]: spamd: processing message <022301c9b6d8$85b20f40$78c30bbe@aqlts> for spamme:501 
Apr  6 09:55:48 splunk3 spamd[6865]: spamd: identified spam (8.9/5.0) for spamme:501 in 3.3 seconds, 1880 bytes. 
Apr  6 09:55:48 splunk3 spamd[6865]: spamd: result: Y 8 - BAYES_80,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL scantime=3.3,size=1880,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38236,mid=<022301c9b6d8$85b20f40$78c30bbe@aqlts>,bayes=0.885451586688215,autolearn=no 
Apr  6 09:55:48 splunk3 sendmail[15179]: n36GthJC015177: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31767, dsn=2.0.0, stat=Sent
Apr  6 09:55:48 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:56:12 splunk3 sendmail[15297]: n36GuB16015297: from=<spammehard@bainland.net>, size=1454, class=0, nrcpts=1, msgid=<006c01c9b6d8$99860c60$55ee50ba@QDDYUUT>, proto=ESMTP, daemon=MTA, relay=Dynamic-IP-1868023885.cable.net.co [186.80.238.85] (may be forged)
Apr  6 09:56:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38240 
Apr  6 09:56:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:56:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:56:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:56:12 splunk3 spamd[6865]: spamd: processing message <006c01c9b6d8$99860c60$55ee50ba@QDDYUUT> for spamme:501 
Apr  6 09:56:13 splunk3 spamd[6865]: spamd: identified spam (6.4/5.0) for spamme:501 in 1.4 seconds, 1777 bytes. 
Apr  6 09:56:13 splunk3 spamd[6865]: spamd: result: Y 6 - BAYES_60,RCVD_IN_SORBS_WEB,RCVD_IN_XBL scantime=1.4,size=1777,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38240,mid=<006c01c9b6d8$99860c60$55ee50ba@QDDYUUT>,bayes=0.665946383525813,autolearn=no 
Apr  6 09:56:13 splunk3 sendmail[15299]: n36GuB16015297: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=31686, dsn=2.0.0, stat=Sent
Apr  6 09:56:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 09:56:41 splunk3 sendmail[15424]: n36Gufj5015424: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:57:17 splunk3 sendmail[15555]: n36GvET1015555: from=<slouchyufe047@bezeqint.net>, size=1672, class=0, nrcpts=1, msgid=<000d01c9b6d8$ba02d9f0$6400a8c0@slouchyufe047>, proto=ESMTP, daemon=MTA, relay=180.Red-88-7-205.staticIP.rima-tde.net [88.7.205.180]
Apr  6 09:57:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38252 
Apr  6 09:57:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 09:57:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 09:57:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 09:57:17 splunk3 spamd[6865]: spamd: processing message <000d01c9b6d8$ba02d9f0$6400a8c0@slouchyufe047> for spamme:501 
Apr  6 09:57:20 splunk3 spamd[6865]: spamd: identified spam (21.0/5.0) for spamme:501 in 2.4 seconds, 2011 bytes. 
Apr  6 09:57:20 splunk3 spamd[6865]: spamd: result: Y 21 - BAYES_99,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,HTML_TITLE_EMPTY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_SBL scantime=2.4,size=2011,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38252,mid=<000d01c9b6d8$ba02d9f0$6400a8c0@slouchyufe047>,bayes=1,autolearn=spam 
Apr  6 09:57:20 splunk3 sendmail[15576]: n36GvET1015555: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=31912, dsn=2.0.0, stat=Sent
Apr  6 09:57:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 09:57:41 splunk3 sendmail[15682]: n36GvfIM015682: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:58:41 splunk3 sendmail[15914]: n36Gwf4X015914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:59:41 splunk3 sendmail[16152]: n36GxfR3016152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 09:59:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:00:04 splunk3 sendmail[16302]: n36H04hE016302: from=root, size=291, class=0, nrcpts=1, msgid=<200904061700.n36H04hE016302@splunk3.splunkit.com>, relay=root@localhost
Apr  6 10:00:04 splunk3 sendmail[16306]: n36H04wi016306: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061700.n36H04hE016302@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 10:00:04 splunk3 sendmail[16302]: n36H04hE016302: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36H04wi016306 Message accepted for delivery)
Apr  6 10:00:06 splunk3 sendmail[16307]: n36H04wi016306: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 10:00:19 splunk3 sendmail[16371]: n36H0JkH016371: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061700.n36H0JR7023704@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:00:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38284 
Apr  6 10:00:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:00:19 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 10:00:19 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 10:00:19 splunk3 sendmail[16372]: n36H0JkH016371: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:00:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:00:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:00:24 splunk3 sendmail[16408]: n36H0OtE016408: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061700.n36H0OtE016408@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 10:00:24 splunk3 sendmail[16410]: n36H0OtE016408: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 10:00:24 splunk3 sendmail[16410]: n36H0OtE016408: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 10:00:24 splunk3 sendmail[16410]: n36H0OtE016408: n36H0OtE016410: postmaster notify: User unknown
Apr  6 10:00:26 splunk3 sendmail[16410]: n36H0OtE016410: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 10:00:41 splunk3 sendmail[16502]: n36H0fxl016502: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:01:05 splunk3 sendmail[16586]: n36H11PD016586: from=root, size=443, class=0, nrcpts=1, msgid=<200904061701.n36H11PD016586@splunk3.splunkit.com>, relay=root@localhost
Apr  6 10:01:05 splunk3 sendmail[16605]: n36H15K4016605: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061701.n36H11PD016586@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 10:01:05 splunk3 sendmail[16586]: n36H11PD016586: to=root, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36H15K4016605 Message accepted for delivery)
Apr  6 10:01:07 splunk3 sendmail[16606]: n36H15K4016605: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 10:01:41 splunk3 sendmail[16752]: n36H1fSE016752: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:02:41 splunk3 sendmail[16988]: n36H2f6b016988: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:03:41 splunk3 sendmail[17227]: n36H3f9E017227: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:04:41 splunk3 sendmail[17462]: n36H4fAo017462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:04:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:05:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:05:22 splunk3 sendmail[17626]: n36H5Mg1017626: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061705.n36H5JUp024392@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:05:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38348 
Apr  6 10:05:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:05:22 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 10:05:22 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 10:05:22 splunk3 sendmail[17627]: n36H5Mg1017626: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:05:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:05:41 splunk3 sendmail[17719]: n36H5f3D017719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:06:41 splunk3 sendmail[17953]: n36H6fdc017953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:07:41 splunk3 sendmail[18194]: n36H7fQl018194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:08:41 splunk3 sendmail[18432]: n36H8fNB018432: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:09:41 splunk3 sendmail[18671]: n36H9fUs018671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:09:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:10:03 splunk3 sendmail[18850]: n36HA3VP018850: from=root, size=292, class=0, nrcpts=1, msgid=<200904061710.n36HA3VP018850@splunk3.splunkit.com>, relay=root@localhost
Apr  6 10:10:03 splunk3 sendmail[18855]: n36HA3em018855: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061710.n36HA3VP018850@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 10:10:03 splunk3 sendmail[18850]: n36HA3VP018850: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36HA3em018855 Message accepted for delivery)
Apr  6 10:10:04 splunk3 sendmail[18856]: n36HA3em018855: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 10:10:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:10:22 splunk3 sendmail[18942]: n36HAMk3018942: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061710.n36HAMaX025012@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:10:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38404 
Apr  6 10:10:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:10:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:10:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:10:22 splunk3 spamd[6865]: spamd: processing message <200904061710.n36HAMaX025012@virt2.int.splunk.com> for spamme:501 
Apr  6 10:10:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 10:10:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38404,mid=<200904061710.n36HAMaX025012@virt2.int.splunk.com>,bayes=0.112006377265624,autolearn=no 
Apr  6 10:10:24 splunk3 sendmail[18943]: n36HAMk3018942: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:10:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:10:41 splunk3 sendmail[19039]: n36HAfwY019039: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 10:11:41 splunk3 sendmail[19279]: n36HBf1R019279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:12:41 splunk3 sendmail[19514]: n36HCfo8019514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:13:41 splunk3 sendmail[19752]: n36HDfql019752: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:14:41 splunk3 sendmail[19988]: n36HEfes019988: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:14:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:15:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:15:23 splunk3 sendmail[20155]: n36HFNGv020155: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061715.n36HFNrf025788@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:15:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38460 
Apr  6 10:15:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:15:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:15:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:15:23 splunk3 spamd[6865]: spamd: processing message <200904061715.n36HFNrf025788@virt2.int.splunk.com> for spamme:501 
Apr  6 10:15:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 10:15:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38460,mid=<200904061715.n36HFNrf025788@virt2.int.splunk.com>,bayes=0.112006377265624,autolearn=no 
Apr  6 10:15:25 splunk3 sendmail[20156]: n36HFNGv020155: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:15:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:15:41 splunk3 sendmail[20252]: n36HFfuD020252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:16:41 splunk3 sendmail[20487]: n36HGf06020487: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:17:41 splunk3 sendmail[20726]: n36HHfI3020726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:18:41 splunk3 sendmail[20962]: n36HIfRA020962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:19:41 splunk3 sendmail[21199]: n36HJfT8021199: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:19:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:20:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:20:24 splunk3 sendmail[21368]: n36HKOaP021368: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061720.n36HKNdo026424@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:20:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38516 
Apr  6 10:20:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:20:24 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:20:24 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:20:24 splunk3 spamd[6865]: spamd: processing message <200904061720.n36HKNdo026424@virt2.int.splunk.com> for spamme:501 
Apr  6 10:20:26 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 10:20:26 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38516,mid=<200904061720.n36HKNdo026424@virt2.int.splunk.com>,bayes=0.112006377265624,autolearn=no 
Apr  6 10:20:26 splunk3 sendmail[21369]: n36HKOaP021368: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:20:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:20:41 splunk3 sendmail[21462]: n36HKfVh021462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:21:41 splunk3 sendmail[21702]: n36HLfg3021702: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:22:41 splunk3 sendmail[21936]: n36HMfL1021936: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:23:12 splunk3 sendmail[22062]: n36HNC3r022062: from=<3fzraSRQKBt0FNNFKD9KDQSR-MNQDOKXFNNFKD.BNLRO9LLDROKTMJHS.BNL@alerts.bounces.google.com>, size=2723, class=0, nrcpts=1, msgid=<000e0cd56b481f62750466e62765@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.191]
Apr  6 10:23:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38550 
Apr  6 10:23:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:23:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:23:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:23:12 splunk3 spamd[6865]: spamd: processing message <000e0cd56b481f62750466e62765@google.com> for spamme:501 
Apr  6 10:23:14 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 1.7 seconds, 3153 bytes. 
Apr  6 10:23:14 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.7,size=3153,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38550,mid=<000e0cd56b481f62750466e62765@google.com>,bayes=0,autolearn=ham 
Apr  6 10:23:14 splunk3 sendmail[22065]: n36HNC3r022062: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32934, dsn=2.0.0, stat=Sent
Apr  6 10:23:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:23:41 splunk3 sendmail[22186]: n36HNfbH022186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:24:41 splunk3 sendmail[22420]: n36HOfKm022420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:24:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:25:21 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:25:24 splunk3 sendmail[22604]: n36HPONv022604: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061725.n36HPO6J027027@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:25:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38572 
Apr  6 10:25:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:25:24 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:25:24 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:25:24 splunk3 spamd[6865]: spamd: processing message <200904061725.n36HPO6J027027@virt2.int.splunk.com> for spamme:501 
Apr  6 10:25:26 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 10:25:26 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38572,mid=<200904061725.n36HPO6J027027@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:25:26 splunk3 sendmail[22605]: n36HPONv022604: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:25:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:25:41 splunk3 sendmail[22682]: n36HPf5V022682: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 10:26:41 splunk3 sendmail[22916]: n36HQfDI022916: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:27:41 splunk3 sendmail[23155]: n36HRfXB023155: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:28:41 splunk3 sendmail[23391]: n36HSf2D023391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:29:41 splunk3 sendmail[23632]: n36HTffB023632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:29:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:30:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:30:25 splunk3 sendmail[23817]: n36HUPaO023817: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061730.n36HUOef027654@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:30:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38628 
Apr  6 10:30:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:30:25 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:30:25 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:30:25 splunk3 spamd[6865]: spamd: processing message <200904061730.n36HUOef027654@virt2.int.splunk.com> for spamme:501 
Apr  6 10:30:27 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 10:30:27 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38628,mid=<200904061730.n36HUOef027654@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:30:27 splunk3 sendmail[23818]: n36HUPaO023817: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:30:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:30:41 splunk3 sendmail[23898]: n36HUffp023898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:31:41 splunk3 sendmail[24136]: n36HVf7w024136: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:32:41 splunk3 sendmail[24372]: n36HWfxZ024372: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:33:41 splunk3 sendmail[24611]: n36HXfCj024611: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:34:41 splunk3 sendmail[24843]: n36HYfmk024843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:34:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:35:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:35:25 splunk3 sendmail[25027]: n36HZPVU025027: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061735.n36HZPnr028394@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:35:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38683 
Apr  6 10:35:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:35:25 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:35:25 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:35:25 splunk3 spamd[6865]: spamd: processing message <200904061735.n36HZPnr028394@virt2.int.splunk.com> for spamme:501 
Apr  6 10:35:27 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 10:35:27 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38683,mid=<200904061735.n36HZPnr028394@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:35:27 splunk3 sendmail[25028]: n36HZPVU025027: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:35:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:35:41 splunk3 sendmail[25106]: n36HZfBJ025106: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:36:41 splunk3 sendmail[25341]: n36HafoE025341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:37:41 splunk3 sendmail[25578]: n36Hbf7U025578: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:38:41 splunk3 sendmail[25816]: n36Hcf46025816: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:39:41 splunk3 sendmail[26056]: n36HdfV8026056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:39:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:40:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:40:26 splunk3 sendmail[26242]: n36HeQOR026242: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061740.n36HeQTT029035@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:40:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38739 
Apr  6 10:40:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:40:26 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:40:26 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:40:26 splunk3 spamd[6865]: spamd: processing message <200904061740.n36HeQTT029035@virt2.int.splunk.com> for spamme:501 
Apr  6 10:40:28 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 10:40:28 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38739,mid=<200904061740.n36HeQTT029035@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:40:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:40:28 splunk3 sendmail[26243]: n36HeQOR026242: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:40:41 splunk3 sendmail[26317]: n36HefkB026317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 10:41:41 splunk3 sendmail[26555]: n36HffVE026555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:42:41 splunk3 sendmail[26790]: n36HgfgU026790: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:43:41 splunk3 sendmail[27031]: n36HhfDM027031: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:44:41 splunk3 sendmail[27266]: n36HifkE027266: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:44:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:45:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:45:27 splunk3 sendmail[27449]: n36HjQIt027449: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061745.n36HjQxv029644@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:45:27 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38795 
Apr  6 10:45:27 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:45:27 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:45:27 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:45:27 splunk3 spamd[6865]: spamd: processing message <200904061745.n36HjQxv029644@virt2.int.splunk.com> for spamme:501 
Apr  6 10:45:29 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 10:45:29 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38795,mid=<200904061745.n36HjQxv029644@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:45:29 splunk3 sendmail[27450]: n36HjQIt027449: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:45:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:45:41 splunk3 sendmail[27528]: n36HjfUv027528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:46:41 splunk3 sendmail[27764]: n36HkfE9027764: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:47:41 splunk3 sendmail[27999]: n36HlfPn027999: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:48:41 splunk3 sendmail[28236]: n36HmfYo028236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:49:41 splunk3 sendmail[28476]: n36HnfpQ028476: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:49:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:50:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:50:29 splunk3 sendmail[28691]: n36HoTkb028691: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061750.n36HoRqi030262@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:50:29 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38859 
Apr  6 10:50:29 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:50:29 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:50:29 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:50:29 splunk3 spamd[6865]: spamd: processing message <200904061750.n36HoRqi030262@virt2.int.splunk.com> for spamme:501 
Apr  6 10:50:32 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 10:50:32 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38859,mid=<200904061750.n36HoRqi030262@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:50:32 splunk3 sendmail[28692]: n36HoTkb028691: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:50:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:50:41 splunk3 sendmail[28741]: n36Hofwl028741: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:51:41 splunk3 sendmail[28980]: n36Hpfgn028980: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:52:41 splunk3 sendmail[29216]: n36Hqfjl029216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:53:41 splunk3 sendmail[29459]: n36HrfHo029459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:54:41 splunk3 sendmail[29690]: n36Hsfj2029690: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:54:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 10:55:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 10:55:30 splunk3 sendmail[29906]: n36HtUQw029906: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061755.n36HtTu9030897@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 10:55:30 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38915 
Apr  6 10:55:30 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 10:55:30 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 10:55:30 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 10:55:30 splunk3 spamd[6865]: spamd: processing message <200904061755.n36HtTu9030897@virt2.int.splunk.com> for spamme:501 
Apr  6 10:55:32 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 10:55:32 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38915,mid=<200904061755.n36HtTu9030897@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 10:55:32 splunk3 sendmail[29907]: n36HtUQw029906: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 10:55:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 10:55:41 splunk3 sendmail[29951]: n36HtfsE029951: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 10:56:41 splunk3 sendmail[30188]: n36HufCj030188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:57:17 splunk3 sendmail[15555]: n36GvET2015555: timeout waiting for input from 180.Red-88-7-205.staticIP.rima-tde.net during server cmd read
Apr  6 10:57:41 splunk3 sendmail[30428]: n36HvfKm030428: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:58:41 splunk3 sendmail[30665]: n36Hwfdg030665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:59:41 splunk3 sendmail[30904]: n36HxfPU030904: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 10:59:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:00:00 splunk3 sendmail[30996]: n36I009Z030996: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061800.n36I009Z030996@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 11:00:00 splunk3 sendmail[30998]: n36I009Z030996: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 11:00:00 splunk3 sendmail[30998]: n36I009Z030996: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 11:00:00 splunk3 sendmail[30998]: n36I009Z030996: n36I009Z030998: postmaster notify: User unknown
Apr  6 11:00:00 splunk3 sendmail[31007]: n36I00v4031007: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061800.n36I00g4031417@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:00:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38975 
Apr  6 11:00:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:00:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:00:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:00:01 splunk3 spamd[6865]: spamd: processing message <200904061800.n36I00g4031417@virt2.int.splunk.com> for spamme:501 
Apr  6 11:00:02 splunk3 sendmail[30998]: n36I009Z030998: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 11:00:03 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.9 seconds, 1308 bytes. 
Apr  6 11:00:03 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.9,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38975,mid=<200904061800.n36I00g4031417@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 11:00:03 splunk3 sendmail[31008]: n36I00v4031007: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 11:00:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:00:05 splunk3 sendmail[31101]: n36I05Cu031101: from=root, size=291, class=0, nrcpts=1, msgid=<200904061800.n36I05Cu031101@splunk3.splunkit.com>, relay=root@localhost
Apr  6 11:00:05 splunk3 sendmail[31105]: n36I05Mf031105: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061800.n36I05Cu031101@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 11:00:05 splunk3 sendmail[31101]: n36I05Cu031101: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36I05Mf031105 Message accepted for delivery)
Apr  6 11:00:06 splunk3 sendmail[31106]: n36I05Mf031105: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 11:00:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:00:41 splunk3 sendmail[31254]: n36I0fjf031254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:01:03 splunk3 sendmail[31338]: n36I11MX031338: from=root, size=443, class=0, nrcpts=1, msgid=<200904061801.n36I11MX031338@splunk3.splunkit.com>, relay=root@localhost
Apr  6 11:01:03 splunk3 sendmail[31344]: n36I134Z031344: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061801.n36I11MX031338@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 11:01:03 splunk3 sendmail[31338]: n36I11MX031338: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36I134Z031344 Message accepted for delivery)
Apr  6 11:01:04 splunk3 sendmail[31345]: n36I134Z031344: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 11:01:41 splunk3 sendmail[31503]: n36I1fCd031503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:02:41 splunk3 sendmail[31737]: n36I2f2f031737: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:03:41 splunk3 sendmail[31979]: n36I3fT2031979: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:04:41 splunk3 sendmail[32213]: n36I4fwp032213: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:04:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:05:01 splunk3 sendmail[32298]: n36I51Jl032298: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061805.n36I51Zu032120@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:05:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39024 
Apr  6 11:05:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:05:01 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 11:05:01 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 11:05:01 splunk3 sendmail[32299]: n36I51Jl032298: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 11:05:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:05:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:05:41 splunk3 sendmail[32476]: n36I5fBX032476: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:06:41 splunk3 sendmail[32712]: n36I6fCD032712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:07:41 splunk3 sendmail[484]: n36I7fps000484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:08:41 splunk3 sendmail[722]: n36I8fGK000722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:09:41 splunk3 sendmail[960]: n36I9fhA000960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:09:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:10:01 splunk3 sendmail[1135]: n36IA163001135: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061810.n36IA1q3032730@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:10:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39080 
Apr  6 11:10:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:10:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:10:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:10:02 splunk3 spamd[6865]: spamd: processing message <200904061810.n36IA1q3032730@virt2.int.splunk.com> for spamme:501 
Apr  6 11:10:02 splunk3 sendmail[1156]: n36IA2eJ001156: from=root, size=292, class=0, nrcpts=1, msgid=<200904061810.n36IA2eJ001156@splunk3.splunkit.com>, relay=root@localhost
Apr  6 11:10:02 splunk3 sendmail[1161]: n36IA2g9001161: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061810.n36IA2eJ001156@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 11:10:02 splunk3 sendmail[1156]: n36IA2eJ001156: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36IA2g9001161 Message accepted for delivery)
Apr  6 11:10:03 splunk3 sendmail[1162]: n36IA2g9001161: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 11:10:04 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 11:10:04 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39080,mid=<200904061810.n36IA1q3032730@virt2.int.splunk.com>,bayes=0.112038329547141,autolearn=no 
Apr  6 11:10:04 splunk3 sendmail[1136]: n36IA163001135: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 11:10:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:10:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:10:41 splunk3 sendmail[1329]: n36IAf3r001329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 11:11:41 splunk3 sendmail[1567]: n36IBfhM001567: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:12:41 splunk3 sendmail[1803]: n36ICfEd001803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:13:41 splunk3 sendmail[2044]: n36IDf2e002044: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:14:41 splunk3 sendmail[2277]: n36IEfC3002277: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:14:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:15:03 splunk3 sendmail[2374]: n36IF3kI002374: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061815.n36IF2Tv001089@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:15:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39145 
Apr  6 11:15:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:15:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:15:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:15:03 splunk3 spamd[6865]: spamd: processing message <200904061815.n36IF2Tv001089@virt2.int.splunk.com> for spamme:501 
Apr  6 11:15:05 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1305 bytes. 
Apr  6 11:15:05 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39145,mid=<200904061815.n36IF2Tv001089@virt2.int.splunk.com>,bayes=0.168943000403907,autolearn=no 
Apr  6 11:15:05 splunk3 sendmail[2375]: n36IF3kI002374: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:15:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:15:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:15:41 splunk3 sendmail[2537]: n36IFfKV002537: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:16:41 splunk3 sendmail[2785]: n36IGfv6002785: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:17:41 splunk3 sendmail[3034]: n36IHfDH003034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:18:41 splunk3 sendmail[3274]: n36IIf0b003274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:19:41 splunk3 sendmail[3515]: n36IJfth003515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:19:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:20:03 splunk3 sendmail[3635]: n36IK3Y5003635: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061820.n36IK3os001760@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:20:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39201 
Apr  6 11:20:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:20:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:20:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:20:03 splunk3 spamd[6865]: spamd: processing message <200904061820.n36IK3os001760@virt2.int.splunk.com> for spamme:501 
Apr  6 11:20:05 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 11:20:05 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39201,mid=<200904061820.n36IK3os001760@virt2.int.splunk.com>,bayes=0.168943000403907,autolearn=no 
Apr  6 11:20:05 splunk3 sendmail[3636]: n36IK3Y5003635: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:20:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:20:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:20:41 splunk3 sendmail[3807]: n36IKfQB003807: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:21:39 splunk3 sendmail[3931]: n36ILALE003931: from=<suzanney@wolf-howl.com>, size=5758, class=0, nrcpts=1, msgid=<718c019dc24d$d26e2f6f$e3b82817@wolf-howl.com>, proto=ESMTP, daemon=MTA, relay=[91.148.67.180]
Apr  6 11:21:39 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39216 
Apr  6 11:21:39 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:21:39 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:21:39 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:21:39 splunk3 spamd[6865]: spamd: processing message <718c019dc24d$d26e2f6f$e3b82817@wolf-howl.com> for spamme:501 
Apr  6 11:21:41 splunk3 spamd[6865]: spamd: identified spam (39.3/5.0) for spamme:501 in 1.7 seconds, 6032 bytes. 
Apr  6 11:21:41 splunk3 spamd[6865]: spamd: result: Y 39 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.7,size=6032,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39216,mid=<718c019dc24d$d26e2f6f$e3b82817@wolf-howl.com>,bayes=1,autolearn=spam 
Apr  6 11:21:41 splunk3 sendmail[4059]: n36ILALE003931: to=<spamme@splunkit.com>, delay=00:00:07, xdelay=00:00:02, mailer=local, pri=35935, dsn=2.0.0, stat=Sent
Apr  6 11:21:41 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:21:41 splunk3 sendmail[4066]: n36ILfTW004066: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:22:41 splunk3 sendmail[4309]: n36IMfNG004309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:23:41 splunk3 sendmail[4561]: n36INfFD004561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:24:03 splunk3 sendmail[4482]: n36INKTl004482: from=<shu_chiew@justdropped.com>, size=5743, class=0, nrcpts=1, msgid=<ba18019dc262$b78ab027$5220e5cb@justdropped.com>, proto=ESMTP, daemon=MTA, relay=66.68.broadband10.iol.cz [90.177.68.66]
Apr  6 11:24:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39239 
Apr  6 11:24:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:24:03 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:24:03 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:24:03 splunk3 spamd[6865]: spamd: processing message <ba18019dc262$b78ab027$5220e5cb@justdropped.com> for spamme:501 
Apr  6 11:24:05 splunk3 spamd[6865]: spamd: identified spam (31.2/5.0) for spamme:501 in 2.4 seconds, 6062 bytes. 
Apr  6 11:24:05 splunk3 spamd[6865]: spamd: result: Y 31 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL scantime=2.4,size=6062,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39239,mid=<ba18019dc262$b78ab027$5220e5cb@justdropped.com>,bayes=1,autolearn=spam 
Apr  6 11:24:05 splunk3 sendmail[4638]: n36INKTl004482: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:02, mailer=local, pri=35959, dsn=2.0.0, stat=Sent
Apr  6 11:24:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:24:42 splunk3 sendmail[4803]: n36IOgRp004803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:24:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:25:04 splunk3 sendmail[4923]: n36IP4gR004923: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061825.n36IP3Ql002380@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:25:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39258 
Apr  6 11:25:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:25:04 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:25:04 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:25:04 splunk3 spamd[6865]: spamd: processing message <200904061825.n36IP3Ql002380@virt2.int.splunk.com> for spamme:501 
Apr  6 11:25:06 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 11:25:06 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39258,mid=<200904061825.n36IP3Ql002380@virt2.int.splunk.com>,bayes=0.168932342349157,autolearn=no 
Apr  6 11:25:06 splunk3 sendmail[4924]: n36IP4gR004923: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:25:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:25:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:25:42 splunk3 sendmail[5076]: n36IPg3k005076: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 11:26:42 splunk3 sendmail[5347]: n36IQgur005347: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:27:19 splunk3 sendmail[5496]: n36IRIfI005496: from=<3hknaSRQKBvMbjjbgZVgZmon-ijmZkgtbjjbgZ.XjhnkVhhZnkgpifdo.Xjh@alerts.bounces.google.com>, size=2823, class=0, nrcpts=1, msgid=<0016e644c70867c9d20466e70cc6@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.185]
Apr  6 11:27:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39281 
Apr  6 11:27:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:27:19 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:27:19 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:27:19 splunk3 spamd[6865]: spamd: processing message <0016e644c70867c9d20466e70cc6@google.com> for spamme:501 
Apr  6 11:27:21 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.3 seconds, 3253 bytes. 
Apr  6 11:27:21 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.3,size=3253,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39281,mid=<0016e644c70867c9d20466e70cc6@google.com>,bayes=0,autolearn=ham 
Apr  6 11:27:21 splunk3 sendmail[5509]: n36IRIfI005496: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33034, dsn=2.0.0, stat=Sent
Apr  6 11:27:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:27:42 splunk3 sendmail[5596]: n36IRgNY005596: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:28:42 splunk3 sendmail[5831]: n36ISgsI005831: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:29:42 splunk3 sendmail[6066]: n36ITgdN006066: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:29:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:30:04 splunk3 sendmail[6183]: n36IU4FS006183: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061830.n36IU4Bo003003@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:30:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39316 
Apr  6 11:30:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:30:04 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:30:04 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:30:04 splunk3 spamd[6865]: spamd: processing message <200904061830.n36IU4Bo003003@virt2.int.splunk.com> for spamme:501 
Apr  6 11:30:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 11:30:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39316,mid=<200904061830.n36IU4Bo003003@virt2.int.splunk.com>,bayes=0.168970044092537,autolearn=no 
Apr  6 11:30:07 splunk3 sendmail[6184]: n36IU4FS006183: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:30:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:30:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:30:42 splunk3 sendmail[6329]: n36IUgAd006329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:31:42 splunk3 sendmail[6568]: n36IVg8P006568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:32:42 splunk3 sendmail[6803]: n36IWg7N006803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:33:42 splunk3 sendmail[7042]: n36IXgce007042: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:34:42 splunk3 sendmail[7277]: n36IYgCI007277: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:34:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:35:05 splunk3 sendmail[7391]: n36IZ5oj007391: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061835.n36IZ5bD003752@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:35:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39371 
Apr  6 11:35:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:35:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:35:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:35:05 splunk3 spamd[6865]: spamd: processing message <200904061835.n36IZ5bD003752@virt2.int.splunk.com> for spamme:501 
Apr  6 11:35:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  6 11:35:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39371,mid=<200904061835.n36IZ5bD003752@virt2.int.splunk.com>,bayes=0.168970044092537,autolearn=no 
Apr  6 11:35:07 splunk3 sendmail[7392]: n36IZ5oj007391: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:35:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:35:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:35:42 splunk3 sendmail[7545]: n36IZgrJ007545: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:36:42 splunk3 sendmail[7781]: n36Iag0p007781: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:37:42 splunk3 sendmail[8020]: n36Ibg2n008020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:38:42 splunk3 sendmail[8260]: n36Icgdc008260: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:39:42 splunk3 sendmail[8501]: n36Idg7E008501: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:39:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:40:06 splunk3 sendmail[8615]: n36Ie6jl008615: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061840.n36Ie6v4004380@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:40:06 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39427 
Apr  6 11:40:06 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:40:06 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:40:06 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:40:06 splunk3 spamd[6865]: spamd: processing message <200904061840.n36Ie6v4004380@virt2.int.splunk.com> for spamme:501 
Apr  6 11:40:08 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 11:40:08 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39427,mid=<200904061840.n36Ie6v4004380@virt2.int.splunk.com>,bayes=0.168970044092537,autolearn=no 
Apr  6 11:40:08 splunk3 sendmail[8616]: n36Ie6jl008615: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:40:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:40:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:40:42 splunk3 sendmail[8765]: n36Iegcl008765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:40:48 splunk3 sendmail[8784]: n36Iemrh008784: from=<3r0zaSRQKBiACKKCHA6HANPO-JKNALHUCKKCHA.8KIOL6IIAOLHQJGEP.8KI@alerts.bounces.google.com>, size=5086, class=0, nrcpts=1, msgid=<000e0cd6a896a56e440466e73c3e@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 11:40:48 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39433 
Apr  6 11:40:48 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:40:48 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:40:48 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:40:48 splunk3 spamd[6865]: spamd: processing message <000e0cd6a896a56e440466e73c3e@google.com> for spamme:501 
Apr  6 11:40:50 splunk3 spamd[6865]: spamd: clean message (-2.3/5.0) for spamme:501 in 2.1 seconds, 5520 bytes. 
Apr  6 11:40:50 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.1,size=5520,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39433,mid=<000e0cd6a896a56e440466e73c3e@google.com>,bayes=5.55111512312578e-17,autolearn=ham 
Apr  6 11:40:50 splunk3 sendmail[8785]: n36Iemrh008784: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=35301, dsn=2.0.0, stat=Sent
Apr  6 11:40:50 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 11:41:42 splunk3 sendmail[9010]: n36IfgfU009010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:42:42 splunk3 sendmail[9246]: n36IggCq009246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:43:42 splunk3 sendmail[9482]: n36IhgJt009482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:44:42 splunk3 sendmail[9716]: n36Iigma009716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:44:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:45:07 splunk3 sendmail[9835]: n36Ij7SH009835: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061845.n36Ij6Ab004997@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:45:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39485 
Apr  6 11:45:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:45:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:45:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:45:07 splunk3 spamd[6865]: spamd: processing message <200904061845.n36Ij6Ab004997@virt2.int.splunk.com> for spamme:501 
Apr  6 11:45:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 11:45:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39485,mid=<200904061845.n36Ij6Ab004997@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 11:45:09 splunk3 sendmail[9836]: n36Ij7SH009835: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:45:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:45:42 splunk3 sendmail[9979]: n36IjghB009979: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:46:42 splunk3 sendmail[10215]: n36IkgIO010215: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:47:42 splunk3 sendmail[10454]: n36IlgTM010454: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:48:42 splunk3 sendmail[10691]: n36ImgB2010691: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:49:42 splunk3 sendmail[10930]: n36Ing0p010930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:49:56 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:50:07 splunk3 sendmail[11046]: n36Io7X9011046: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061850.n36Io7BN005612@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:50:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39540 
Apr  6 11:50:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:50:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:50:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:50:07 splunk3 spamd[6865]: spamd: processing message <200904061850.n36Io7BN005612@virt2.int.splunk.com> for spamme:501 
Apr  6 11:50:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1305 bytes. 
Apr  6 11:50:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39540,mid=<200904061850.n36Io7BN005612@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 11:50:09 splunk3 sendmail[11047]: n36Io7X9011046: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:50:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:50:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:50:42 splunk3 sendmail[11190]: n36Iog7t011190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:51:42 splunk3 sendmail[11430]: n36IpgS1011430: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:52:42 splunk3 sendmail[11665]: n36Iqguh011665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:53:42 splunk3 sendmail[11910]: n36Irg2E011910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:54:42 splunk3 sendmail[12145]: n36IsgrG012145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:54:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 11:55:08 splunk3 sendmail[12259]: n36It7w3012259: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061855.n36It7Km006220@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 11:55:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39596 
Apr  6 11:55:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 11:55:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 11:55:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 11:55:08 splunk3 spamd[6865]: spamd: processing message <200904061855.n36It7Km006220@virt2.int.splunk.com> for spamme:501 
Apr  6 11:55:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 11:55:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39596,mid=<200904061855.n36It7Km006220@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 11:55:10 splunk3 sendmail[12260]: n36It7w3012259: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 11:55:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 11:55:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 11:55:42 splunk3 sendmail[12407]: n36Itgwj012407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 11:56:42 splunk3 sendmail[12643]: n36IuglX012643: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:57:42 splunk3 sendmail[12879]: n36Ivg5Q012879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:58:42 splunk3 sendmail[13115]: n36IwgbP013115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:59:42 splunk3 sendmail[13392]: n36Ixgxq013392: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 11:59:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:00:04 splunk3 sendmail[13556]: n36J04ec013556: from=root, size=291, class=0, nrcpts=1, msgid=<200904061900.n36J04ec013556@splunk3.splunkit.com>, relay=root@localhost
Apr  6 12:00:04 splunk3 sendmail[13560]: n36J04g4013560: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904061900.n36J04ec013556@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 12:00:04 splunk3 sendmail[13556]: n36J04ec013556: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36J04g4013560 Message accepted for delivery)
Apr  6 12:00:05 splunk3 sendmail[13561]: n36J04g4013560: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 12:00:06 splunk3 sendmail[13578]: n36J06Gb013578: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904061900.n36J06Gb013578@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 12:00:06 splunk3 sendmail[13580]: n36J06Gb013578: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 12:00:06 splunk3 sendmail[13580]: n36J06Gb013578: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 12:00:06 splunk3 sendmail[13580]: n36J06Gb013578: n36J06Gb013580: postmaster notify: User unknown
Apr  6 12:00:08 splunk3 sendmail[13580]: n36J06Gb013580: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 12:00:08 splunk3 sendmail[13614]: n36J08kZ013614: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061900.n36J08Qb006860@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:00:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39660 
Apr  6 12:00:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:00:08 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 12:00:08 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 12:00:08 splunk3 sendmail[13615]: n36J08kZ013614: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 12:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:00:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:00:42 splunk3 sendmail[13742]: n36J0gir013742: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:01:14 splunk3 sendmail[13825]: n36J11wv013825: from=root, size=443, class=0, nrcpts=1, msgid=<200904061901.n36J11wv013825@splunk3.splunkit.com>, relay=root@localhost
Apr  6 12:01:14 splunk3 sendmail[13891]: n36J1Eg7013891: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904061901.n36J11wv013825@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 12:01:14 splunk3 sendmail[13825]: n36J11wv013825: to=root, ctladdr=root (0/0), delay=00:00:13, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36J1Eg7013891 Message accepted for delivery)
Apr  6 12:01:15 splunk3 sendmail[13892]: n36J1Eg7013891: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 12:01:42 splunk3 sendmail[13992]: n36J1gdf013992: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:02:42 splunk3 sendmail[14225]: n36J2gGW014225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:03:42 splunk3 sendmail[14465]: n36J3gKs014465: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:04:42 splunk3 sendmail[14695]: n36J4gXO014695: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:04:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:05:09 splunk3 sendmail[14833]: n36J59w2014833: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061905.n36J59kJ007544@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:05:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39717 
Apr  6 12:05:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:05:09 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 12:05:09 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 12:05:09 splunk3 sendmail[14834]: n36J59w2014833: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 12:05:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:05:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:05:42 splunk3 sendmail[14955]: n36J5gJc014955: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:06:42 splunk3 sendmail[15191]: n36J6grJ015191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:07:42 splunk3 sendmail[15433]: n36J7gWV015433: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:08:42 splunk3 sendmail[15681]: n36J8gXl015681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:09:42 splunk3 sendmail[15921]: n36J9gaU015921: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:09:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:10:02 splunk3 sendmail[16100]: n36JA2e3016100: from=root, size=292, class=0, nrcpts=1, msgid=<200904061910.n36JA2e3016100@splunk3.splunkit.com>, relay=root@localhost
Apr  6 12:10:02 splunk3 sendmail[16105]: n36JA2ot016105: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904061910.n36JA2e3016100@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 12:10:02 splunk3 sendmail[16100]: n36JA2e3016100: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36JA2ot016105 Message accepted for delivery)
Apr  6 12:10:03 splunk3 sendmail[16106]: n36JA2ot016105: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 12:10:10 splunk3 sendmail[16161]: n36JAA3A016161: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061910.n36JA97B008158@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:10:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39773 
Apr  6 12:10:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:10:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:10:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:10:10 splunk3 spamd[6865]: spamd: processing message <200904061910.n36JA97B008158@virt2.int.splunk.com> for spamme:501 
Apr  6 12:10:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  6 12:10:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39773,mid=<200904061910.n36JA97B008158@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 12:10:12 splunk3 sendmail[16162]: n36JAA3A016161: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 12:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:10:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:10:42 splunk3 sendmail[16291]: n36JAgXO016291: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 12:11:42 splunk3 sendmail[16527]: n36JBgbc016527: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:12:42 splunk3 sendmail[16763]: n36JCgaJ016763: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:13:42 splunk3 sendmail[17003]: n36JDgRC017003: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:14:42 splunk3 sendmail[17238]: n36JEg5d017238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:14:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:15:10 splunk3 sendmail[17373]: n36JFAIs017373: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061915.n36JFA8p008952@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:15:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39830 
Apr  6 12:15:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:15:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:15:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:15:10 splunk3 spamd[6865]: spamd: processing message <200904061915.n36JFA8p008952@virt2.int.splunk.com> for spamme:501 
Apr  6 12:15:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  6 12:15:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39830,mid=<200904061915.n36JFA8p008952@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 12:15:12 splunk3 sendmail[17374]: n36JFAIs017373: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 12:15:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:15:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:15:42 splunk3 sendmail[17501]: n36JFgFI017501: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:16:42 splunk3 sendmail[17735]: n36JGgil017735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:17:42 splunk3 sendmail[17973]: n36JHgGv017973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:18:42 splunk3 sendmail[18205]: n36JIgE3018205: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:19:42 splunk3 sendmail[18443]: n36JJgWK018443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:19:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:20:11 splunk3 sendmail[18584]: n36JKB8F018584: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904061920.n36JKAa7009582@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:20:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39886 
Apr  6 12:20:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:20:11 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:20:11 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:20:11 splunk3 spamd[6865]: spamd: processing message <200904061920.n36JKAa7009582@virt2.int.splunk.com> for spamme:501 
Apr  6 12:20:13 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  6 12:20:13 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39886,mid=<200904061920.n36JKAa7009582@virt2.int.splunk.com>,bayes=0.169007742710244,autolearn=no 
Apr  6 12:20:13 splunk3 sendmail[18585]: n36JKB8F018584: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 12:20:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:20:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:20:42 splunk3 sendmail[18707]: n36JKgbK018707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:21:39 splunk3 sendmail[3931]: n36ILALF003931: timeout waiting for input from [91.148.67.180] during server cmd read
Apr  6 12:21:42 splunk3 sendmail[18947]: n36JLgI4018947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:22:42 splunk3 sendmail[19181]: n36JMgoJ019181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:23:42 splunk3 sendmail[19425]: n36JNgrv019425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:24:42 splunk3 sendmail[19662]: n36JOg4d019662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:24:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:25:11 splunk3 sendmail[19796]: n36JPBL4019796: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061925.n36JPBv7010189@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:25:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39941 
Apr  6 12:25:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:25:11 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:25:11 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:25:11 splunk3 spamd[6865]: spamd: processing message <200904061925.n36JPBv7010189@virt2.int.splunk.com> for spamme:501 
Apr  6 12:25:13 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 12:25:13 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39941,mid=<200904061925.n36JPBv7010189@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:25:13 splunk3 sendmail[19797]: n36JPBL4019796: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:25:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:25:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:25:42 splunk3 sendmail[19920]: n36JPgLu019920: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 12:26:42 splunk3 sendmail[20156]: n36JQgiK020156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:27:42 splunk3 sendmail[20397]: n36JRgba020397: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:28:42 splunk3 sendmail[20633]: n36JSgSg020633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:29:42 splunk3 sendmail[20872]: n36JTg3b020872: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:29:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:30:12 splunk3 sendmail[21010]: n36JUCZd021010: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061930.n36JUCRZ010804@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:30:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39998 
Apr  6 12:30:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:30:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:30:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:30:12 splunk3 spamd[6865]: spamd: processing message <200904061930.n36JUCRZ010804@virt2.int.splunk.com> for spamme:501 
Apr  6 12:30:14 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 12:30:14 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39998,mid=<200904061930.n36JUCRZ010804@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:30:14 splunk3 sendmail[21011]: n36JUCZd021010: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:30:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:30:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:30:42 splunk3 sendmail[21137]: n36JUgmL021137: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:31:42 splunk3 sendmail[21377]: n36JVggm021377: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:32:42 splunk3 sendmail[21609]: n36JWg8A021609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:33:42 splunk3 sendmail[21850]: n36JXgM8021850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:34:42 splunk3 sendmail[22086]: n36JYgJJ022086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:34:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:35:12 splunk3 sendmail[22225]: n36JZCiv022225: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061935.n36JZC3E011548@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:35:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40053 
Apr  6 12:35:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:35:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:35:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:35:12 splunk3 spamd[6865]: spamd: processing message <200904061935.n36JZC3E011548@virt2.int.splunk.com> for spamme:501 
Apr  6 12:35:14 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  6 12:35:14 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40053,mid=<200904061935.n36JZC3E011548@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:35:14 splunk3 sendmail[22242]: n36JZCiv022225: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:35:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:35:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:35:42 splunk3 sendmail[22347]: n36JZgPI022347: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:36:42 splunk3 sendmail[22583]: n36JagcZ022583: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:37:42 splunk3 sendmail[22821]: n36JbgMZ022821: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:38:42 splunk3 sendmail[23062]: n36JcglT023062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:39:42 splunk3 sendmail[23301]: n36Jdg5l023301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:39:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:40:13 splunk3 sendmail[23455]: n36JeDE6023455: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061940.n36JeDDo012182@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:40:13 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40109 
Apr  6 12:40:13 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:40:13 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:40:13 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:40:13 splunk3 spamd[6865]: spamd: processing message <200904061940.n36JeDDo012182@virt2.int.splunk.com> for spamme:501 
Apr  6 12:40:15 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 12:40:15 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40109,mid=<200904061940.n36JeDDo012182@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:40:15 splunk3 sendmail[23456]: n36JeDE6023455: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:40:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:40:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:40:42 splunk3 sendmail[23562]: n36Jeg6N023562: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 12:41:42 splunk3 sendmail[23802]: n36JfgL5023802: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:42:42 splunk3 sendmail[24038]: n36Jggwr024038: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:43:42 splunk3 sendmail[24279]: n36Jhg9C024279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:44:42 splunk3 sendmail[24513]: n36JigL0024513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:44:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:45:13 splunk3 sendmail[24665]: n36JjDVD024665: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061945.n36JjDo1012794@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:45:13 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40165 
Apr  6 12:45:13 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:45:13 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:45:13 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:45:13 splunk3 spamd[6865]: spamd: processing message <200904061945.n36JjDo1012794@virt2.int.splunk.com> for spamme:501 
Apr  6 12:45:15 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 12:45:15 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40165,mid=<200904061945.n36JjDo1012794@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:45:15 splunk3 sendmail[24666]: n36JjDVD024665: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:45:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:45:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:45:42 splunk3 sendmail[24777]: n36JjgHS024777: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:46:42 splunk3 sendmail[25010]: n36JkgwL025010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:47:42 splunk3 sendmail[25246]: n36JlgnI025246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:48:42 splunk3 sendmail[25482]: n36Jmgrd025482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:49:42 splunk3 sendmail[25722]: n36JngcA025722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:49:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:50:14 splunk3 sendmail[25877]: n36JoErv025877: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061950.n36JoDuu013408@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:50:14 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40221 
Apr  6 12:50:14 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:50:14 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:50:14 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:50:14 splunk3 spamd[6865]: spamd: processing message <200904061950.n36JoDuu013408@virt2.int.splunk.com> for spamme:501 
Apr  6 12:50:16 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 12:50:16 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40221,mid=<200904061950.n36JoDuu013408@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:50:16 splunk3 sendmail[25878]: n36JoErv025877: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:50:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:50:20 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:50:42 splunk3 sendmail[25988]: n36JogEi025988: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:51:42 splunk3 sendmail[26235]: n36Jpg07026235: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:52:42 splunk3 sendmail[26461]: n36JqgOA026461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:53:42 splunk3 sendmail[26704]: n36JrgqK026704: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:54:42 splunk3 sendmail[26949]: n36JsgSn026949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:54:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 12:55:14 splunk3 sendmail[27088]: n36JtEDd027088: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904061955.n36JtEdW014014@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 12:55:14 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40276 
Apr  6 12:55:14 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 12:55:14 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 12:55:14 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 12:55:14 splunk3 spamd[6865]: spamd: processing message <200904061955.n36JtEdW014014@virt2.int.splunk.com> for spamme:501 
Apr  6 12:55:16 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 12:55:16 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40276,mid=<200904061955.n36JtEdW014014@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 12:55:16 splunk3 sendmail[27089]: n36JtEDd027088: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 12:55:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 12:55:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 12:55:42 splunk3 sendmail[27211]: n36JtgDp027211: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 12:56:42 splunk3 sendmail[27447]: n36Jug32027447: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:57:42 splunk3 sendmail[27688]: n36JvguR027688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:58:42 splunk3 sendmail[27923]: n36Jwg7r027923: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:59:42 splunk3 sendmail[28163]: n36JxgPB028163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 12:59:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:00:04 splunk3 sendmail[28311]: n36K04PO028311: from=root, size=291, class=0, nrcpts=1, msgid=<200904062000.n36K04PO028311@splunk3.splunkit.com>, relay=root@localhost
Apr  6 13:00:04 splunk3 sendmail[28315]: n36K041c028315: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904062000.n36K04PO028311@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 13:00:04 splunk3 sendmail[28311]: n36K04PO028311: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36K041c028315 Message accepted for delivery)
Apr  6 13:00:05 splunk3 sendmail[28316]: n36K041c028315: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 13:00:12 splunk3 sendmail[28354]: n36K0Cqo028354: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904062000.n36K0Cqo028354@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 13:00:12 splunk3 sendmail[28356]: n36K0Cqo028354: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 13:00:12 splunk3 sendmail[28356]: n36K0Cqo028354: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 13:00:12 splunk3 sendmail[28356]: n36K0Cqo028354: n36K0Cqo028356: postmaster notify: User unknown
Apr  6 13:00:13 splunk3 sendmail[28356]: n36K0Cqo028356: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 13:00:15 splunk3 sendmail[28386]: n36K0FaL028386: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062000.n36K0EgC014650@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:00:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40341 
Apr  6 13:00:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:00:15 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 13:00:15 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 13:00:15 splunk3 sendmail[28387]: n36K0FaL028386: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:00:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:00:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:00:42 splunk3 sendmail[28510]: n36K0geE028510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:01:13 splunk3 sendmail[28576]: n36K11YO028576: from=root, size=443, class=0, nrcpts=1, msgid=<200904062001.n36K11YO028576@splunk3.splunkit.com>, relay=root@localhost
Apr  6 13:01:13 splunk3 sendmail[28641]: n36K1D1H028641: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904062001.n36K11YO028576@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 13:01:13 splunk3 sendmail[28576]: n36K11YO028576: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36K1D1H028641 Message accepted for delivery)
Apr  6 13:01:14 splunk3 sendmail[28642]: n36K1D1H028641: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 13:01:42 splunk3 sendmail[28760]: n36K1g9h028760: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:02:42 splunk3 sendmail[28995]: n36K2gk1028995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:03:42 splunk3 sendmail[29236]: n36K3gFN029236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:04:42 splunk3 sendmail[29472]: n36K4g1w029472: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:04:55 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:05:15 splunk3 sendmail[29610]: n36K5Fqx029610: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062005.n36K5FNT015339@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:05:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40397 
Apr  6 13:05:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:05:15 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 13:05:15 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 13:05:15 splunk3 sendmail[29611]: n36K5Fqx029610: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:05:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:05:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:05:42 splunk3 sendmail[29732]: n36K5gEG029732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:06:42 splunk3 sendmail[29968]: n36K6gBB029968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:07:42 splunk3 sendmail[30205]: n36K7gDx030205: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:08:42 splunk3 sendmail[30442]: n36K8gjU030442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:09:42 splunk3 sendmail[30683]: n36K9gEV030683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:09:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:10:02 splunk3 sendmail[30862]: n36KA2bp030862: from=root, size=292, class=0, nrcpts=1, msgid=<200904062010.n36KA2bp030862@splunk3.splunkit.com>, relay=root@localhost
Apr  6 13:10:02 splunk3 sendmail[30867]: n36KA2CK030867: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904062010.n36KA2bp030862@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 13:10:02 splunk3 sendmail[30862]: n36KA2bp030862: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36KA2CK030867 Message accepted for delivery)
Apr  6 13:10:03 splunk3 sendmail[30868]: n36KA2CK030867: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 13:10:16 splunk3 sendmail[30927]: n36KAGKe030927: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062010.n36KAFTQ015950@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:10:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40454 
Apr  6 13:10:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:10:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:10:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:10:16 splunk3 spamd[6865]: spamd: processing message <200904062010.n36KAFTQ015950@virt2.int.splunk.com> for spamme:501 
Apr  6 13:10:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 13:10:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40454,mid=<200904062010.n36KAFTQ015950@virt2.int.splunk.com>,bayes=0.112093349233583,autolearn=no 
Apr  6 13:10:18 splunk3 sendmail[30928]: n36KAGKe030927: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:10:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:10:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:10:42 splunk3 sendmail[31052]: n36KAg8A031052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 13:11:42 splunk3 sendmail[31292]: n36KBgoV031292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:12:42 splunk3 sendmail[31527]: n36KCgEb031527: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:13:42 splunk3 sendmail[31768]: n36KDgMs031768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:14:30 splunk3 sendmail[31942]: n36KERaU031942: from=<erherher-4945668@RFDN.ORG>, size=1465, class=0, nrcpts=1, msgid=<200904062014.n36KERaU031942@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=62.43.36.11.dyn.user.ono.com [62.43.36.11]
Apr  6 13:14:30 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40496 
Apr  6 13:14:30 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:14:30 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:14:30 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:14:30 splunk3 spamd[6865]: spamd: processing message <200904062014.n36KERaU031942@splunk3.splunkit.com> for spamme:501 
Apr  6 13:14:32 splunk3 spamd[6865]: spamd: identified spam (37.1/5.0) for spamme:501 in 2.8 seconds, 1882 bytes. 
Apr  6 13:14:32 splunk3 spamd[6865]: spamd: result: Y 37 - BAYES_50,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,SUBJECT_DIET,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=2.8,size=1882,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40496,mid=<200904062014.n36KERaU031942@splunk3.splunkit.com>,bayes=0.518233892286937,autolearn=spam 
Apr  6 13:14:32 splunk3 sendmail[31944]: n36KERaU031942: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31793, dsn=2.0.0, stat=Sent
Apr  6 13:14:33 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:14:42 splunk3 sendmail[32007]: n36KEgOd032007: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:14:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:15:16 splunk3 sendmail[32146]: n36KFGFF032146: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062015.n36KFGvX016737@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:15:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40512 
Apr  6 13:15:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:15:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:15:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:15:16 splunk3 spamd[6865]: spamd: processing message <200904062015.n36KFGvX016737@virt2.int.splunk.com> for spamme:501 
Apr  6 13:15:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 13:15:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40512,mid=<200904062015.n36KFGvX016737@virt2.int.splunk.com>,bayes=0.112085933796224,autolearn=no 
Apr  6 13:15:18 splunk3 sendmail[32147]: n36KFGFF032146: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:15:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:15:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:15:42 splunk3 sendmail[32268]: n36KFg5J032268: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:16:42 splunk3 sendmail[32503]: n36KGgOA032503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:17:42 splunk3 sendmail[32743]: n36KHgT6032743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:18:42 splunk3 sendmail[513]: n36KIg8M000513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:19:42 splunk3 sendmail[750]: n36KJgKc000750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:19:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:20:17 splunk3 sendmail[902]: n36KKHMq000902: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062020.n36KKGNQ017367@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:20:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40567 
Apr  6 13:20:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:20:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:20:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:20:17 splunk3 spamd[6865]: spamd: processing message <200904062020.n36KKGNQ017367@virt2.int.splunk.com> for spamme:501 
Apr  6 13:20:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:20:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 13:20:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40567,mid=<200904062020.n36KKGNQ017367@virt2.int.splunk.com>,bayes=0.112085933796224,autolearn=no 
Apr  6 13:20:19 splunk3 sendmail[903]: n36KKHMq000902: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:20:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:20:42 splunk3 sendmail[1028]: n36KKgJP001028: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:21:42 splunk3 sendmail[1267]: n36KLgMG001267: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:22:42 splunk3 sendmail[1500]: n36KMgFg001500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:23:42 splunk3 sendmail[1745]: n36KNgfc001745: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:24:42 splunk3 sendmail[1980]: n36KOgmM001980: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:24:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:25:18 splunk3 sendmail[2138]: n36KPHH0002138: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062025.n36KPHMA017978@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:25:18 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40623 
Apr  6 13:25:18 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:25:18 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:25:18 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:25:18 splunk3 spamd[6865]: spamd: processing message <200904062025.n36KPHMA017978@virt2.int.splunk.com> for spamme:501 
Apr  6 13:25:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:25:20 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 13:25:20 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40623,mid=<200904062025.n36KPHMA017978@virt2.int.splunk.com>,bayes=0.112085933796224,autolearn=no 
Apr  6 13:25:20 splunk3 sendmail[2139]: n36KPHH0002138: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:25:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:25:42 splunk3 sendmail[2244]: n36KPgbD002244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 13:26:42 splunk3 sendmail[2479]: n36KQgKG002479: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:27:42 splunk3 sendmail[2729]: n36KRgWN002729: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:28:38 splunk3 sendmail[2952]: n36KSbdC002952: from=<39WXaSRQKBn8jrrjohdohuwv-qruhso1jrrjoh.frpvsdpphvsoxqnlw.frp@alerts.bounces.google.com>, size=2525, class=0, nrcpts=1, msgid=<0016e644cf8c48e3310466e8bef6@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.189]
Apr  6 13:28:38 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40656 
Apr  6 13:28:38 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:28:38 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:28:38 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:28:38 splunk3 spamd[6865]: spamd: processing message <0016e644cf8c48e3310466e8bef6@google.com> for spamme:501 
Apr  6 13:28:40 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.4 seconds, 2955 bytes. 
Apr  6 13:28:40 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.4,size=2955,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40656,mid=<0016e644cf8c48e3310466e8bef6@google.com>,bayes=5.55111512312578e-17,autolearn=ham 
Apr  6 13:28:40 splunk3 sendmail[2954]: n36KSbdC002952: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32736, dsn=2.0.0, stat=Sent
Apr  6 13:28:40 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:28:42 splunk3 sendmail[2980]: n36KSgDF002980: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:29:43 splunk3 sendmail[3225]: n36KThWW003225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:29:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:30:18 splunk3 sendmail[3384]: n36KUIoN003384: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062030.n36KUIrg018600@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:30:18 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40680 
Apr  6 13:30:18 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:30:18 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:30:18 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:30:18 splunk3 spamd[6865]: spamd: processing message <200904062030.n36KUIrg018600@virt2.int.splunk.com> for spamme:501 
Apr  6 13:30:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:30:20 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 13:30:20 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40680,mid=<200904062030.n36KUIrg018600@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:30:20 splunk3 sendmail[3385]: n36KUIoN003384: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:30:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:30:43 splunk3 sendmail[3490]: n36KUhRE003490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:31:43 splunk3 sendmail[3759]: n36KVh3s003759: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:32:43 splunk3 sendmail[4002]: n36KWh4s004002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:33:43 splunk3 sendmail[4253]: n36KXhPR004253: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:34:43 splunk3 sendmail[4500]: n36KYhOY004500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:34:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:35:19 splunk3 sendmail[4654]: n36KZJwu004654: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062035.n36KZJ5V019349@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:35:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40736 
Apr  6 13:35:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:35:19 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:35:19 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:35:19 splunk3 spamd[6865]: spamd: processing message <200904062035.n36KZJ5V019349@virt2.int.splunk.com> for spamme:501 
Apr  6 13:35:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:35:21 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 13:35:21 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40736,mid=<200904062035.n36KZJ5V019349@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:35:21 splunk3 sendmail[4655]: n36KZJwu004654: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:35:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:35:43 splunk3 sendmail[4761]: n36KZh1o004761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:36:43 splunk3 sendmail[5006]: n36KahP3005006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:37:43 splunk3 sendmail[5279]: n36KbhLp005279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:38:43 splunk3 sendmail[5557]: n36KchcK005557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:39:43 splunk3 sendmail[5797]: n36KdhZZ005797: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:39:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:40:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:40:21 splunk3 sendmail[5960]: n36KeLMw005960: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062040.n36KeJw6019982@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:40:21 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40792 
Apr  6 13:40:21 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:40:21 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:40:21 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:40:21 splunk3 spamd[6865]: spamd: processing message <200904062040.n36KeJw6019982@virt2.int.splunk.com> for spamme:501 
Apr  6 13:40:23 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 13:40:23 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40792,mid=<200904062040.n36KeJw6019982@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:40:23 splunk3 sendmail[5961]: n36KeLMw005960: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:40:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:40:43 splunk3 sendmail[6060]: n36KehTV006060: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 13:41:43 splunk3 sendmail[6299]: n36Kfhxj006299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:42:43 splunk3 sendmail[6534]: n36Kghbu006534: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:43:43 splunk3 sendmail[6771]: n36Khhbr006771: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:44:43 splunk3 sendmail[7008]: n36Kih6F007008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:44:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:45:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:45:22 splunk3 sendmail[7186]: n36KjM0m007186: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062045.n36KjMjj020607@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:45:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40848 
Apr  6 13:45:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:45:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:45:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:45:22 splunk3 spamd[6865]: spamd: processing message <200904062045.n36KjMjj020607@virt2.int.splunk.com> for spamme:501 
Apr  6 13:45:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 13:45:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40848,mid=<200904062045.n36KjMjj020607@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:45:24 splunk3 sendmail[7187]: n36KjM0m007186: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:45:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:45:43 splunk3 sendmail[7272]: n36KjhhA007272: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:46:43 splunk3 sendmail[7508]: n36KkhEO007508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:47:43 splunk3 sendmail[7755]: n36KlhGV007755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:48:43 splunk3 sendmail[7993]: n36KmhAf007993: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:49:43 splunk3 sendmail[8230]: n36Knh2k008230: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:49:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:50:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:50:22 splunk3 sendmail[8407]: n36KoMJN008407: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062050.n36KoMLK021221@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:50:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40904 
Apr  6 13:50:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:50:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:50:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:50:22 splunk3 spamd[6865]: spamd: processing message <200904062050.n36KoMLK021221@virt2.int.splunk.com> for spamme:501 
Apr  6 13:50:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 13:50:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40904,mid=<200904062050.n36KoMLK021221@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:50:24 splunk3 sendmail[8408]: n36KoMJN008407: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:50:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:50:43 splunk3 sendmail[8492]: n36Kohls008492: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:51:43 splunk3 sendmail[8732]: n36KphN2008732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:52:43 splunk3 sendmail[8968]: n36Kqhbc008968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:53:43 splunk3 sendmail[9212]: n36KrhR6009212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:54:43 splunk3 sendmail[9445]: n36KshM9009445: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:54:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 13:55:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 13:55:23 splunk3 sendmail[9624]: n36KtNAA009624: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062055.n36KtNn1021829@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 13:55:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40959 
Apr  6 13:55:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 13:55:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 13:55:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 13:55:23 splunk3 spamd[6865]: spamd: processing message <200904062055.n36KtNn1021829@virt2.int.splunk.com> for spamme:501 
Apr  6 13:55:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 13:55:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40959,mid=<200904062055.n36KtNn1021829@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 13:55:25 splunk3 sendmail[9625]: n36KtNAA009624: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 13:55:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 13:55:43 splunk3 sendmail[9707]: n36Kth3L009707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 13:56:43 splunk3 sendmail[9941]: n36KuhZG009941: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:57:43 splunk3 sendmail[10179]: n36KvhE4010179: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:58:43 splunk3 sendmail[10415]: n36Kwhs7010415: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:59:43 splunk3 sendmail[10654]: n36Kxh0h010654: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 13:59:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:00:04 splunk3 sendmail[10801]: n36L04F8010801: from=root, size=291, class=0, nrcpts=1, msgid=<200904062100.n36L04F8010801@splunk3.splunkit.com>, relay=root@localhost
Apr  6 14:00:04 splunk3 sendmail[10805]: n36L04cc010805: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904062100.n36L04F8010801@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 14:00:04 splunk3 sendmail[10801]: n36L04F8010801: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36L04cc010805 Message accepted for delivery)
Apr  6 14:00:05 splunk3 sendmail[10806]: n36L04cc010805: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 14:00:17 splunk3 sendmail[10881]: n36L0Hr4010881: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904062100.n36L0Hr4010881@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 14:00:17 splunk3 sendmail[10883]: n36L0Hr4010881: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 14:00:17 splunk3 sendmail[10883]: n36L0Hr4010881: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 14:00:17 splunk3 sendmail[10883]: n36L0Hr4010881: n36L0Hr4010883: postmaster notify: User unknown
Apr  6 14:00:19 splunk3 sendmail[10883]: n36L0Hr4010883: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 14:00:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:00:24 splunk3 sendmail[10917]: n36L0OmP010917: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062100.n36L0NwO022466@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:00:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41024 
Apr  6 14:00:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:00:24 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 14:00:24 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 14:00:24 splunk3 sendmail[10918]: n36L0OmP010917: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:00:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:00:43 splunk3 sendmail[11002]: n36L0hnY011002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:01:04 splunk3 sendmail[11069]: n36L11t1011069: from=root, size=443, class=0, nrcpts=1, msgid=<200904062101.n36L11t1011069@splunk3.splunkit.com>, relay=root@localhost
Apr  6 14:01:04 splunk3 sendmail[11089]: n36L14Et011089: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904062101.n36L11t1011069@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 14:01:04 splunk3 sendmail[11069]: n36L11t1011069: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36L14Et011089 Message accepted for delivery)
Apr  6 14:01:06 splunk3 sendmail[11090]: n36L14Et011089: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 14:01:43 splunk3 sendmail[11253]: n36L1hQj011253: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:02:43 splunk3 sendmail[11488]: n36L2hP9011488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:03:43 splunk3 sendmail[11727]: n36L3hNj011727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:04:43 splunk3 sendmail[11961]: n36L4huG011961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:04:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:05:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:05:24 splunk3 sendmail[12139]: n36L5OOs012139: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062105.n36L5OXB023148@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:05:24 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41080 
Apr  6 14:05:24 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:05:24 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 14:05:24 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 14:05:24 splunk3 sendmail[12140]: n36L5OOs012139: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:05:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:05:43 splunk3 sendmail[12222]: n36L5h1f012222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:06:43 splunk3 sendmail[12458]: n36L6hK2012458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:07:43 splunk3 sendmail[12698]: n36L7hVA012698: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:08:43 splunk3 sendmail[12937]: n36L8h2U012937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:09:43 splunk3 sendmail[13177]: n36L9hn4013177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:09:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:10:02 splunk3 sendmail[13395]: n36LA2nh013395: from=root, size=292, class=0, nrcpts=1, msgid=<200904062110.n36LA2nh013395@splunk3.splunkit.com>, relay=root@localhost
Apr  6 14:10:02 splunk3 sendmail[13400]: n36LA2jY013400: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904062110.n36LA2nh013395@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 14:10:02 splunk3 sendmail[13395]: n36LA2nh013395: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36LA2jY013400 Message accepted for delivery)
Apr  6 14:10:04 splunk3 sendmail[13401]: n36LA2jY013400: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 14:10:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:10:25 splunk3 sendmail[13501]: n36LAP4r013501: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062110.n36LAPC6023797@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:10:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41137 
Apr  6 14:10:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:10:25 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:10:25 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:10:25 splunk3 spamd[6865]: spamd: processing message <200904062110.n36LAPC6023797@virt2.int.splunk.com> for spamme:501 
Apr  6 14:10:29 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  6 14:10:29 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41137,mid=<200904062110.n36LAPC6023797@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 14:10:29 splunk3 sendmail[13502]: n36LAP4r013501: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:10:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:10:43 splunk3 sendmail[13583]: n36LAhxj013583: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 14:11:43 splunk3 sendmail[13822]: n36LBhmK013822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:12:43 splunk3 sendmail[14056]: n36LChA8014056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:13:43 splunk3 sendmail[14295]: n36LDhXW014295: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:14:43 splunk3 sendmail[14530]: n36LEhvF014530: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:14:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:15:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:15:25 splunk3 sendmail[14707]: n36LFPlk014707: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062115.n36LFPtT024575@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:15:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41193 
Apr  6 14:15:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:15:25 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:15:25 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:15:25 splunk3 spamd[6865]: spamd: processing message <200904062115.n36LFPtT024575@virt2.int.splunk.com> for spamme:501 
Apr  6 14:15:27 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 14:15:27 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41193,mid=<200904062115.n36LFPtT024575@virt2.int.splunk.com>,bayes=0.112117882238798,autolearn=no 
Apr  6 14:15:27 splunk3 sendmail[14708]: n36LFPlk014707: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:15:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:15:43 splunk3 sendmail[14791]: n36LFhkU014791: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:15:57 splunk3 sendmail[14828]: n36LFu5G014828: from=<3DHHaSRQKBqEHPPHMFBMFSUT-OPSFQMZHPPHMF.DPNTQBNNFTQMVOLJU.DPN@alerts.bounces.google.com>, size=2778, class=0, nrcpts=1, msgid=<0016e64642627e2ba10466e96795@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.186]
Apr  6 14:15:57 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41198 
Apr  6 14:15:57 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:15:57 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:15:57 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:15:57 splunk3 spamd[6865]: spamd: processing message <0016e64642627e2ba10466e96795@google.com> for spamme:501 
Apr  6 14:16:00 splunk3 spamd[6865]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.8 seconds, 3208 bytes. 
Apr  6 14:16:00 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.8,size=3208,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41198,mid=<0016e64642627e2ba10466e96795@google.com>,bayes=0,autolearn=ham 
Apr  6 14:16:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:16:00 splunk3 sendmail[14846]: n36LFu5G014828: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=32989, dsn=2.0.0, stat=Sent
Apr  6 14:16:43 splunk3 sendmail[15033]: n36LGhhn015033: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:17:43 splunk3 sendmail[15268]: n36LHhnq015268: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:18:43 splunk3 sendmail[15515]: n36LIheW015515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:19:43 splunk3 sendmail[15754]: n36LJhhj015754: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:19:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:20:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:20:26 splunk3 sendmail[15935]: n36LKQhx015935: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062120.n36LKQTe025209@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:20:26 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41250 
Apr  6 14:20:26 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:20:26 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:20:26 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:20:26 splunk3 spamd[6865]: spamd: processing message <200904062120.n36LKQTe025209@virt2.int.splunk.com> for spamme:501 
Apr  6 14:20:28 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 14:20:28 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41250,mid=<200904062120.n36LKQTe025209@virt2.int.splunk.com>,bayes=0.112149830463619,autolearn=no 
Apr  6 14:20:28 splunk3 sendmail[15936]: n36LKQhx015935: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:20:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:20:43 splunk3 sendmail[16020]: n36LKhR7016020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:21:43 splunk3 sendmail[16261]: n36LLh8G016261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:22:43 splunk3 sendmail[16495]: n36LMhMt016495: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:23:43 splunk3 sendmail[16740]: n36LNhFW016740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:24:43 splunk3 sendmail[16974]: n36LOhvo016974: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:24:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:25:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:25:27 splunk3 sendmail[17169]: n36LPRNg017169: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062125.n36LPQ9L025817@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:25:27 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41306 
Apr  6 14:25:27 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:25:27 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:25:27 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:25:27 splunk3 spamd[6865]: spamd: processing message <200904062125.n36LPQ9L025817@virt2.int.splunk.com> for spamme:501 
Apr  6 14:25:29 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 14:25:29 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41306,mid=<200904062125.n36LPQ9L025817@virt2.int.splunk.com>,bayes=0.112149830463619,autolearn=no 
Apr  6 14:25:29 splunk3 sendmail[17170]: n36LPRNg017169: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:25:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:25:43 splunk3 sendmail[17233]: n36LPhS9017233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 14:26:43 splunk3 sendmail[17470]: n36LQhMx017470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:27:43 splunk3 sendmail[17710]: n36LRhlR017710: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:28:43 splunk3 sendmail[17946]: n36LShAI017946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:29:35 splunk3 sendmail[18140]: n36LTZlr018140: from=<3PnTaSRQKBtY8GG8D62D6JLK-FGJ6HDQ8GG8D6.4GEKH2EE6KHDMFCAL.4GE@alerts.bounces.google.com>, size=5181, class=0, nrcpts=1, msgid=<00151750ec4c45bf310466e99862@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.166]
Apr  6 14:29:35 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41347 
Apr  6 14:29:35 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:29:35 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:29:35 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:29:35 splunk3 spamd[6865]: spamd: processing message <00151750ec4c45bf310466e99862@google.com> for spamme:501 
Apr  6 14:29:37 splunk3 spamd[6865]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.1 seconds, 5610 bytes. 
Apr  6 14:29:37 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.1,size=5610,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41347,mid=<00151750ec4c45bf310466e99862@google.com>,bayes=0,autolearn=ham 
Apr  6 14:29:37 splunk3 sendmail[18141]: n36LTZlr018140: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=35391, dsn=2.0.0, stat=Sent
Apr  6 14:29:37 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:29:43 splunk3 sendmail[18189]: n36LThn9018189: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:29:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:30:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:30:27 splunk3 sendmail[18386]: n36LURGC018386: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062130.n36LUR29026438@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:30:27 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41363 
Apr  6 14:30:27 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:30:27 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:30:27 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:30:27 splunk3 spamd[6865]: spamd: processing message <200904062130.n36LUR29026438@virt2.int.splunk.com> for spamme:501 
Apr  6 14:30:29 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  6 14:30:29 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41363,mid=<200904062130.n36LUR29026438@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:30:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:30:29 splunk3 sendmail[18387]: n36LURGC018386: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:30:43 splunk3 sendmail[18454]: n36LUh4t018454: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:31:43 splunk3 sendmail[18689]: n36LVhpd018689: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:32:43 splunk3 sendmail[18920]: n36LWh5G018920: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:33:43 splunk3 sendmail[19161]: n36LXhoT019161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:34:43 splunk3 sendmail[19396]: n36LYhgO019396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:34:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:35:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:35:28 splunk3 sendmail[19591]: n36LZSos019591: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062135.n36LZRuH027205@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:35:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41419 
Apr  6 14:35:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:35:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:35:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:35:28 splunk3 spamd[6865]: spamd: processing message <200904062135.n36LZRuH027205@virt2.int.splunk.com> for spamme:501 
Apr  6 14:35:30 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 14:35:30 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41419,mid=<200904062135.n36LZRuH027205@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:35:30 splunk3 sendmail[19592]: n36LZSos019591: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:35:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:35:43 splunk3 sendmail[19659]: n36LZhOg019659: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:36:43 splunk3 sendmail[19894]: n36LahqW019894: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:37:43 splunk3 sendmail[20135]: n36LbhOQ020135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:38:43 splunk3 sendmail[20373]: n36Lch7n020373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:39:43 splunk3 sendmail[20611]: n36LdhQA020611: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:39:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:40:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:40:28 splunk3 sendmail[20810]: n36LeSAu020810: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062140.n36LeSfX027818@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:40:28 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41474 
Apr  6 14:40:28 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:40:28 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:40:28 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:40:28 splunk3 spamd[6865]: spamd: processing message <200904062140.n36LeSfX027818@virt2.int.splunk.com> for spamme:501 
Apr  6 14:40:30 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 14:40:30 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41474,mid=<200904062140.n36LeSfX027818@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:40:30 splunk3 sendmail[20811]: n36LeSAu020810: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:40:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:40:43 splunk3 sendmail[20875]: n36LehD5020875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 14:41:43 splunk3 sendmail[21115]: n36Lfh9x021115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:42:43 splunk3 sendmail[21352]: n36Lghke021352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:43:43 splunk3 sendmail[21590]: n36Lhhrc021590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:44:43 splunk3 sendmail[21825]: n36Lihrj021825: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:44:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:45:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:45:29 splunk3 sendmail[22021]: n36LjTUe022021: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062145.n36LjT9K028450@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:45:29 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41531 
Apr  6 14:45:29 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:45:29 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:45:29 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:45:29 splunk3 spamd[6865]: spamd: processing message <200904062145.n36LjT9K028450@virt2.int.splunk.com> for spamme:501 
Apr  6 14:45:32 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 14:45:32 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41531,mid=<200904062145.n36LjT9K028450@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:45:32 splunk3 sendmail[22022]: n36LjTUe022021: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:45:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:45:43 splunk3 sendmail[22086]: n36Ljh6b022086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:46:43 splunk3 sendmail[22317]: n36Lkhlr022317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:47:43 splunk3 sendmail[22556]: n36LlhdR022556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:48:43 splunk3 sendmail[22793]: n36Lmh82022793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:49:43 splunk3 sendmail[23032]: n36Lnhjh023032: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:49:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:50:00 splunk3 sendmail[23094]: n36Lo03A023094: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062150.n36Lo0p0028971@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:50:00 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41575 
Apr  6 14:50:00 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:50:00 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:50:00 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:50:00 splunk3 spamd[6865]: spamd: processing message <200904062150.n36Lo0p0028971@virt2.int.splunk.com> for spamme:501 
Apr  6 14:50:02 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  6 14:50:02 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41575,mid=<200904062150.n36Lo0p0028971@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:50:02 splunk3 sendmail[23095]: n36Lo03A023094: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:50:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:50:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:50:43 splunk3 sendmail[23295]: n36LohaB023295: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:51:43 splunk3 sendmail[23536]: n36Lph8g023536: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:52:43 splunk3 sendmail[23769]: n36Lqhob023769: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:53:43 splunk3 sendmail[24010]: n36LrhkT024010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:54:43 splunk3 sendmail[24247]: n36LshgR024247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:54:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 14:55:00 splunk3 sendmail[24314]: n36Lt0dk024314: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062155.n36Lt0He029576@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 14:55:00 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41630 
Apr  6 14:55:00 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 14:55:00 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 14:55:00 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 14:55:00 splunk3 spamd[6865]: spamd: processing message <200904062155.n36Lt0He029576@virt2.int.splunk.com> for spamme:501 
Apr  6 14:55:02 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 14:55:02 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41630,mid=<200904062155.n36Lt0He029576@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 14:55:02 splunk3 sendmail[24315]: n36Lt0dk024314: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 14:55:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 14:55:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 14:55:43 splunk3 sendmail[24510]: n36LthmX024510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 14:56:43 splunk3 sendmail[24747]: n36LuhlN024747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:57:43 splunk3 sendmail[24986]: n36LvhHH024986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:58:43 splunk3 sendmail[25223]: n36Lwhro025223: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:59:43 splunk3 sendmail[25459]: n36Lxhbq025459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 14:59:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:00:01 splunk3 sendmail[25521]: n36M00jX025521: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062200.n36M00qJ030196@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:00:01 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41687 
Apr  6 15:00:01 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:00:01 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:00:01 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:00:01 splunk3 spamd[6865]: spamd: processing message <200904062200.n36M00qJ030196@virt2.int.splunk.com> for spamme:501 
Apr  6 15:00:03 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 15:00:03 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41687,mid=<200904062200.n36M00qJ030196@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 15:00:03 splunk3 sendmail[25522]: n36M00jX025521: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 15:00:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:00:04 splunk3 sendmail[25613]: n36M04NO025613: from=root, size=291, class=0, nrcpts=1, msgid=<200904062200.n36M04NO025613@splunk3.splunkit.com>, relay=root@localhost
Apr  6 15:00:04 splunk3 sendmail[25617]: n36M04ii025617: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904062200.n36M04NO025613@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 15:00:04 splunk3 sendmail[25613]: n36M04NO025613: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36M04ii025617 Message accepted for delivery)
Apr  6 15:00:05 splunk3 sendmail[25618]: n36M04ii025617: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 15:00:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:00:23 splunk3 sendmail[25713]: n36M0NmQ025713: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904062200.n36M0NmQ025713@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 15:00:23 splunk3 sendmail[25715]: n36M0NmQ025713: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 15:00:23 splunk3 sendmail[25715]: n36M0NmQ025713: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 15:00:23 splunk3 sendmail[25715]: n36M0NmQ025713: n36M0NmQ025715: postmaster notify: User unknown
Apr  6 15:00:25 splunk3 sendmail[25715]: n36M0NmQ025715: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 15:00:43 splunk3 sendmail[25806]: n36M0hc5025806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:01:15 splunk3 sendmail[25890]: n36M116L025890: from=root, size=443, class=0, nrcpts=1, msgid=<200904062201.n36M116L025890@splunk3.splunkit.com>, relay=root@localhost
Apr  6 15:01:15 splunk3 sendmail[25937]: n36M1Ft2025937: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904062201.n36M116L025890@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 15:01:15 splunk3 sendmail[25890]: n36M116L025890: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36M1Ft2025937 Message accepted for delivery)
Apr  6 15:01:17 splunk3 sendmail[25938]: n36M1Ft2025937: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 15:01:43 splunk3 sendmail[26058]: n36M1huF026058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:02:43 splunk3 sendmail[26292]: n36M2h4G026292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:03:43 splunk3 sendmail[26533]: n36M3hpo026533: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:04:43 splunk3 sendmail[26766]: n36M4h9L026766: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:04:54 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:05:03 splunk3 sendmail[26850]: n36M5307026850: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062205.n36M514S030907@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:05:03 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41752 
Apr  6 15:05:03 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:05:03 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 15:05:03 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 15:05:03 splunk3 sendmail[26851]: n36M5307026850: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 15:05:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:05:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:05:43 splunk3 sendmail[27027]: n36M5hcV027027: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:06:43 splunk3 sendmail[27260]: n36M6hmp027260: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:07:43 splunk3 sendmail[27498]: n36M7hdi027498: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:08:43 splunk3 sendmail[27738]: n36M8ht3027738: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:09:43 splunk3 sendmail[27979]: n36M9hfK027979: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:09:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:10:02 splunk3 sendmail[28157]: n36MA2OH028157: from=root, size=292, class=0, nrcpts=1, msgid=<200904062210.n36MA2OH028157@splunk3.splunkit.com>, relay=root@localhost
Apr  6 15:10:02 splunk3 sendmail[28162]: n36MA2Rb028162: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904062210.n36MA2OH028157@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 15:10:02 splunk3 sendmail[28157]: n36MA2OH028157: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36MA2Rb028162 Message accepted for delivery)
Apr  6 15:10:04 splunk3 sendmail[28163]: n36MA2Rb028162: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 15:10:04 splunk3 sendmail[28168]: n36MA4YU028168: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062210.n36MA46l031559@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:10:04 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41808 
Apr  6 15:10:04 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:10:04 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:10:04 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:10:04 splunk3 spamd[6865]: spamd: processing message <200904062210.n36MA46l031559@virt2.int.splunk.com> for spamme:501 
Apr  6 15:10:06 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 15:10:06 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41808,mid=<200904062210.n36MA46l031559@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 15:10:06 splunk3 sendmail[28169]: n36MA4YU028168: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 15:10:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:10:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:10:43 splunk3 sendmail[28348]: n36MAhnM028348: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 15:11:43 splunk3 sendmail[28586]: n36MBhDK028586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:12:43 splunk3 sendmail[28821]: n36MChbe028821: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:13:43 splunk3 sendmail[29065]: n36MDhPY029065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:14:43 splunk3 sendmail[29299]: n36MEh7s029299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:14:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:15:04 splunk3 sendmail[29384]: n36MF4SI029384: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062215.n36MF469032342@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:15:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41865 
Apr  6 15:15:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:15:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:15:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:15:05 splunk3 spamd[6865]: spamd: processing message <200904062215.n36MF469032342@virt2.int.splunk.com> for spamme:501 
Apr  6 15:15:07 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 15:15:07 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41865,mid=<200904062215.n36MF469032342@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 15:15:07 splunk3 sendmail[29385]: n36MF4SI029384: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 15:15:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:15:19 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:15:43 splunk3 sendmail[29562]: n36MFhvt029562: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:16:43 splunk3 sendmail[29798]: n36MGhoM029798: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:17:43 splunk3 sendmail[30035]: n36MHhru030035: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:18:43 splunk3 sendmail[30270]: n36MIhkT030270: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:19:43 splunk3 sendmail[30508]: n36MJhNb030508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:19:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:20:05 splunk3 sendmail[30597]: n36MK5v6030597: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904062220.n36MK5sT000512@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:20:05 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41920 
Apr  6 15:20:05 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:20:05 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:20:05 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:20:05 splunk3 spamd[6865]: spamd: processing message <200904062220.n36MK5sT000512@virt2.int.splunk.com> for spamme:501 
Apr  6 15:20:08 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1302 bytes. 
Apr  6 15:20:08 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41920,mid=<200904062220.n36MK5sT000512@virt2.int.splunk.com>,bayes=0.0661337509260596,autolearn=no 
Apr  6 15:20:08 splunk3 sendmail[30598]: n36MK5v6030597: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 15:20:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:20:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:20:43 splunk3 sendmail[30771]: n36MKhQB030771: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:21:43 splunk3 sendmail[31009]: n36MLh1T031009: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:22:43 splunk3 sendmail[31245]: n36MMhgd031245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:23:43 splunk3 sendmail[31490]: n36MNhul031490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:24:43 splunk3 sendmail[31726]: n36MOhnu031726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:24:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:25:06 splunk3 sendmail[31830]: n36MP6Kj031830: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062225.n36MP53h001122@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:25:06 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41976 
Apr  6 15:25:06 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:25:06 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:25:06 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:25:06 splunk3 spamd[6865]: spamd: processing message <200904062225.n36MP53h001122@virt2.int.splunk.com> for spamme:501 
Apr  6 15:25:08 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 15:25:08 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41976,mid=<200904062225.n36MP53h001122@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:25:08 splunk3 sendmail[31831]: n36MP6Kj031830: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:25:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:25:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:25:43 splunk3 sendmail[31987]: n36MPhpn031987: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 15:26:43 splunk3 sendmail[32224]: n36MQhW3032224: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:27:43 splunk3 sendmail[32461]: n36MRhAr032461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:28:43 splunk3 sendmail[32694]: n36MShTV032694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:29:43 splunk3 sendmail[468]: n36MThfO000468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:29:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:30:07 splunk3 sendmail[575]: n36MU7uq000575: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062230.n36MU6VY001779@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:30:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42032 
Apr  6 15:30:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:30:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:30:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:30:07 splunk3 spamd[6865]: spamd: processing message <200904062230.n36MU6VY001779@virt2.int.splunk.com> for spamme:501 
Apr  6 15:30:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  6 15:30:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42032,mid=<200904062230.n36MU6VY001779@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:30:09 splunk3 sendmail[576]: n36MU7uq000575: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:30:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:30:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:30:43 splunk3 sendmail[734]: n36MUh82000734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:31:43 splunk3 sendmail[974]: n36MVhG7000974: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:32:43 splunk3 sendmail[1208]: n36MWhab001208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:33:43 splunk3 sendmail[1449]: n36MXhmv001449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:34:43 splunk3 sendmail[1681]: n36MYhvS001681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:34:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:35:07 splunk3 sendmail[1790]: n36MZ7o6001790: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062235.n36MZ7af002543@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:35:07 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42088 
Apr  6 15:35:07 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:35:07 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:35:07 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:35:07 splunk3 spamd[6865]: spamd: processing message <200904062235.n36MZ7af002543@virt2.int.splunk.com> for spamme:501 
Apr  6 15:35:09 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 15:35:09 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42088,mid=<200904062235.n36MZ7af002543@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:35:09 splunk3 sendmail[1791]: n36MZ7o6001790: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:35:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:35:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:35:43 splunk3 sendmail[1940]: n36MZhNS001940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:36:43 splunk3 sendmail[2178]: n36Mahko002178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:37:43 splunk3 sendmail[2415]: n36MbhnJ002415: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:38:43 splunk3 sendmail[2662]: n36Mchl0002662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:39:43 splunk3 sendmail[2911]: n36MdhwG002911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:39:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:40:08 splunk3 sendmail[3026]: n36Me8vD003026: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062240.n36Me8D4003177@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:40:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42143 
Apr  6 15:40:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:40:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:40:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:40:08 splunk3 spamd[6865]: spamd: processing message <200904062240.n36Me8D4003177@virt2.int.splunk.com> for spamme:501 
Apr  6 15:40:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 15:40:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42143,mid=<200904062240.n36Me8D4003177@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:40:10 splunk3 sendmail[3027]: n36Me8vD003026: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:40:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:40:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:40:43 splunk3 sendmail[3187]: n36Meh1A003187: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 15:41:43 splunk3 sendmail[3424]: n36Mfhg4003424: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:42:43 splunk3 sendmail[3678]: n36MghXR003678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:43:43 splunk3 sendmail[3928]: n36Mhht7003928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:44:44 splunk3 sendmail[4178]: n36MiiEP004178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:44:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:45:08 splunk3 sendmail[4290]: n36Mj8v4004290: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062245.n36Mj810003787@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:45:08 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42200 
Apr  6 15:45:08 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:45:08 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:45:08 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:45:08 splunk3 spamd[6865]: spamd: processing message <200904062245.n36Mj810003787@virt2.int.splunk.com> for spamme:501 
Apr  6 15:45:10 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 15:45:10 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42200,mid=<200904062245.n36Mj810003787@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:45:10 splunk3 sendmail[4291]: n36Mj8v4004290: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:45:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:45:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:45:44 splunk3 sendmail[4458]: n36MjiqD004458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:46:44 splunk3 sendmail[4692]: n36MkiQS004692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:47:44 splunk3 sendmail[4943]: n36MliwY004943: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:48:44 splunk3 sendmail[5212]: n36MmiKi005212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:49:44 splunk3 sendmail[5453]: n36MniNF005453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:49:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:50:09 splunk3 sendmail[5566]: n36Mo9YM005566: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062250.n36Mo9K7004396@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:50:09 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42256 
Apr  6 15:50:09 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:50:09 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:50:09 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:50:09 splunk3 spamd[6865]: spamd: processing message <200904062250.n36Mo9K7004396@virt2.int.splunk.com> for spamme:501 
Apr  6 15:50:11 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 15:50:11 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42256,mid=<200904062250.n36Mo9K7004396@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:50:11 splunk3 sendmail[5567]: n36Mo9YM005566: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:50:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:50:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:50:44 splunk3 sendmail[5719]: n36MoifT005719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:51:44 splunk3 sendmail[5957]: n36Mpi0u005957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:52:44 splunk3 sendmail[6191]: n36Mqi6P006191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:53:44 splunk3 sendmail[6434]: n36MricE006434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:54:44 splunk3 sendmail[6671]: n36MsiUR006671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:54:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 15:55:10 splunk3 sendmail[6777]: n36Mt9Xg006777: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062255.n36Mt9aV005003@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 15:55:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42311 
Apr  6 15:55:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 15:55:10 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 15:55:10 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 15:55:10 splunk3 spamd[6865]: spamd: processing message <200904062255.n36Mt9aV005003@virt2.int.splunk.com> for spamme:501 
Apr  6 15:55:12 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  6 15:55:12 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42311,mid=<200904062255.n36Mt9aV005003@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 15:55:12 splunk3 sendmail[6778]: n36Mt9Xg006777: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 15:55:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 15:55:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 15:55:44 splunk3 sendmail[6931]: n36MtiKx006931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 15:56:44 splunk3 sendmail[7164]: n36MuiOM007164: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:57:44 splunk3 sendmail[7406]: n36Mvinn007406: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:58:44 splunk3 sendmail[7651]: n36Mwiva007651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:59:44 splunk3 sendmail[7891]: n36MxiDJ007891: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 15:59:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:00:04 splunk3 sendmail[8038]: n36N04SS008038: from=root, size=291, class=0, nrcpts=1, msgid=<200904062300.n36N04SS008038@splunk3.splunkit.com>, relay=root@localhost
Apr  6 16:00:04 splunk3 sendmail[8042]: n36N04lH008042: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904062300.n36N04SS008038@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 16:00:04 splunk3 sendmail[8038]: n36N04SS008038: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36N04lH008042 Message accepted for delivery)
Apr  6 16:00:06 splunk3 sendmail[8043]: n36N04lH008042: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 16:00:10 splunk3 sendmail[8084]: n36N0Alg008084: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062300.n36N0ANA005642@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:00:10 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42369 
Apr  6 16:00:10 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:00:10 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 16:00:10 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 16:00:10 splunk3 sendmail[8085]: n36N0Alg008084: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:00:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:00:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:00:29 splunk3 sendmail[8161]: n36N0TMd008161: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904062300.n36N0TMd008161@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 16:00:29 splunk3 sendmail[8163]: n36N0TMd008161: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 16:00:29 splunk3 sendmail[8163]: n36N0TMd008161: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 16:00:29 splunk3 sendmail[8163]: n36N0TMd008161: n36N0TMd008163: postmaster notify: User unknown
Apr  6 16:00:30 splunk3 sendmail[8163]: n36N0TMd008163: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 16:00:44 splunk3 sendmail[8238]: n36N0iK0008238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:01:02 splunk3 sendmail[8320]: n36N11bn008320: from=root, size=443, class=0, nrcpts=1, msgid=<200904062301.n36N11bn008320@splunk3.splunkit.com>, relay=root@localhost
Apr  6 16:01:02 splunk3 sendmail[8325]: n36N12b1008325: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904062301.n36N11bn008320@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 16:01:02 splunk3 sendmail[8320]: n36N11bn008320: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36N12b1008325 Message accepted for delivery)
Apr  6 16:01:04 splunk3 sendmail[8326]: n36N12b1008325: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 16:01:44 splunk3 sendmail[8489]: n36N1i9e008489: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:02:44 splunk3 sendmail[8723]: n36N2i48008723: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:03:44 splunk3 sendmail[8960]: n36N3iK7008960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:04:44 splunk3 sendmail[9198]: n36N4iAo009198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:04:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:05:11 splunk3 sendmail[9323]: n36N5BkC009323: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062305.n36N5BDn006325@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:05:11 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42432 
Apr  6 16:05:11 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:05:11 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 16:05:11 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 16:05:11 splunk3 sendmail[9324]: n36N5BkC009323: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:05:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:05:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:05:44 splunk3 sendmail[9459]: n36N5irY009459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:06:44 splunk3 sendmail[9696]: n36N6ipn009696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:07:44 splunk3 sendmail[9933]: n36N7ikT009933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:08:25 splunk3 sendmail[10090]: n36N8Pod010090: from=<3aYvaSRQKBhk5DD5A3zA3GIH-CDG3EAN5DD5A3.1DBHEzBB3HEAJC97I.1DB@alerts.bounces.google.com>, size=2812, class=0, nrcpts=1, msgid=<00163630f367bbebec0466eaf9cd@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.162]
Apr  6 16:08:25 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42470 
Apr  6 16:08:25 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:08:25 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 16:08:25 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 16:08:25 splunk3 sendmail[10107]: n36N8Pod010090: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=33022, dsn=2.0.0, stat=Sent
Apr  6 16:08:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:08:38 splunk3 sendmail[10153]: n36N8bTs010153: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=61-231-68-166.dynamic.hinet.net [61.231.68.166], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  6 16:08:44 splunk3 sendmail[10179]: n36N8iCv010179: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:09:44 splunk3 sendmail[10418]: n36N9iZ5010418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:09:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:10:02 splunk3 sendmail[10604]: n36NA2UH010604: from=root, size=292, class=0, nrcpts=1, msgid=<200904062310.n36NA2UH010604@splunk3.splunkit.com>, relay=root@localhost
Apr  6 16:10:02 splunk3 sendmail[10609]: n36NA2od010609: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904062310.n36NA2UH010604@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 16:10:02 splunk3 sendmail[10604]: n36NA2UH010604: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n36NA2od010609 Message accepted for delivery)
Apr  6 16:10:03 splunk3 sendmail[10610]: n36NA2od010609: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 16:10:12 splunk3 sendmail[10659]: n36NACaC010659: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062310.n36NACRs006932@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:10:12 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42498 
Apr  6 16:10:12 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:10:12 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:10:12 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:10:12 splunk3 spamd[6865]: spamd: processing message <200904062310.n36NACRs006932@virt2.int.splunk.com> for spamme:501 
Apr  6 16:10:14 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 16:10:14 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42498,mid=<200904062310.n36NACRs006932@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 16:10:14 splunk3 sendmail[10661]: n36NACaC010659: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:10:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:10:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:10:44 splunk3 sendmail[10783]: n36NAitJ010783: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 16:11:44 splunk3 sendmail[11023]: n36NBiI0011023: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:12:44 splunk3 sendmail[11259]: n36NCiN0011259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:13:44 splunk3 sendmail[11500]: n36NDila011500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:14:44 splunk3 sendmail[11735]: n36NEig7011735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:14:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:15:13 splunk3 sendmail[11871]: n36NFDrS011871: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062315.n36NFC78007720@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:15:13 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42554 
Apr  6 16:15:13 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:15:13 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:15:13 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:15:13 splunk3 spamd[6865]: spamd: processing message <200904062315.n36NFC78007720@virt2.int.splunk.com> for spamme:501 
Apr  6 16:15:15 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 16:15:15 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42554,mid=<200904062315.n36NFC78007720@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 16:15:15 splunk3 sendmail[11872]: n36NFDrS011871: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:15:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:15:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:15:44 splunk3 sendmail[11999]: n36NFiLI011999: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:16:44 splunk3 sendmail[12233]: n36NGi36012233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:17:44 splunk3 sendmail[12468]: n36NHi3g012468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:18:44 splunk3 sendmail[12705]: n36NIiv0012705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:19:44 splunk3 sendmail[12944]: n36NJi0g012944: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:19:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:20:14 splunk3 sendmail[13084]: n36NKE2r013084: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062320.n36NKDjR008350@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:20:14 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42610 
Apr  6 16:20:14 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:20:14 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:20:14 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:20:14 splunk3 spamd[6865]: spamd: processing message <200904062320.n36NKDjR008350@virt2.int.splunk.com> for spamme:501 
Apr  6 16:20:16 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 16:20:16 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42610,mid=<200904062320.n36NKDjR008350@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 16:20:16 splunk3 sendmail[13085]: n36NKE2r013084: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:20:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:20:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:20:44 splunk3 sendmail[13209]: n36NKiU9013209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:21:44 splunk3 sendmail[13487]: n36NLiYG013487: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:22:44 splunk3 sendmail[13721]: n36NMiPX013721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:23:44 splunk3 sendmail[13964]: n36NNia1013964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:24:44 splunk3 sendmail[14198]: n36NOivA014198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:24:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:25:14 splunk3 sendmail[14339]: n36NPEL5014339: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062325.n36NPEnE008959@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:25:14 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42666 
Apr  6 16:25:14 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:25:14 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:25:14 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:25:14 splunk3 spamd[6865]: spamd: processing message <200904062325.n36NPEnE008959@virt2.int.splunk.com> for spamme:501 
Apr  6 16:25:16 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 16:25:16 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42666,mid=<200904062325.n36NPEnE008959@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 16:25:16 splunk3 sendmail[14340]: n36NPEL5014339: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:25:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:25:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:25:44 splunk3 sendmail[14462]: n36NPieA014462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 16:26:44 splunk3 sendmail[14699]: n36NQiHH014699: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:27:44 splunk3 sendmail[14939]: n36NRiHl014939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:28:44 splunk3 sendmail[15173]: n36NSiQM015173: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:29:44 splunk3 sendmail[15411]: n36NTiuh015411: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:29:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:30:15 splunk3 sendmail[15575]: n36NUF9b015575: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904062330.n36NUEu9009581@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:30:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42722 
Apr  6 16:30:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:30:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:30:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:30:15 splunk3 spamd[6865]: spamd: processing message <200904062330.n36NUEu9009581@virt2.int.splunk.com> for spamme:501 
Apr  6 16:30:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 16:30:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42722,mid=<200904062330.n36NUEu9009581@virt2.int.splunk.com>,bayes=0.169112018231913,autolearn=no 
Apr  6 16:30:17 splunk3 sendmail[15579]: n36NUF9b015575: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 16:30:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:30:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:30:44 splunk3 sendmail[15686]: n36NUiwi015686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:31:44 splunk3 sendmail[15922]: n36NViXE015922: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:32:44 splunk3 sendmail[16158]: n36NWidV016158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:33:44 splunk3 sendmail[16399]: n36NXiBf016399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:34:44 splunk3 sendmail[16635]: n36NYisB016635: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:34:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:35:15 splunk3 sendmail[16787]: n36NZFG2016787: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062335.n36NZFTh010326@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:35:15 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42778 
Apr  6 16:35:15 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:35:15 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:35:15 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:35:15 splunk3 spamd[6865]: spamd: processing message <200904062335.n36NZFTh010326@virt2.int.splunk.com> for spamme:501 
Apr  6 16:35:17 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 16:35:17 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42778,mid=<200904062335.n36NZFTh010326@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 16:35:17 splunk3 sendmail[16788]: n36NZFG2016787: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 16:35:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:35:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:35:44 splunk3 sendmail[16896]: n36NZiXk016896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:36:44 splunk3 sendmail[17131]: n36NainU017131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:37:44 splunk3 sendmail[17371]: n36NbiY3017371: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:38:44 splunk3 sendmail[17606]: n36Nciuk017606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:39:44 splunk3 sendmail[17847]: n36NdiMx017847: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:39:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:40:16 splunk3 sendmail[18005]: n36NeGGA018005: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062340.n36NeF8H010958@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:40:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42833 
Apr  6 16:40:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:40:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:40:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:40:16 splunk3 spamd[6865]: spamd: processing message <200904062340.n36NeF8H010958@virt2.int.splunk.com> for spamme:501 
Apr  6 16:40:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:40:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 16:40:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42833,mid=<200904062340.n36NeF8H010958@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 16:40:18 splunk3 sendmail[18006]: n36NeGGA018005: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 16:40:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:40:44 splunk3 sendmail[18112]: n36Neia6018112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 16:41:44 splunk3 sendmail[18350]: n36NfiU9018350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:42:44 splunk3 sendmail[18586]: n36NgiJG018586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:43:44 splunk3 sendmail[18824]: n36Nhidm018824: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:44:44 splunk3 sendmail[19059]: n36NiiR9019059: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:44:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:45:16 splunk3 sendmail[19213]: n36NjG5o019213: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062345.n36NjGs7011573@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:45:16 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42890 
Apr  6 16:45:16 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:45:16 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:45:16 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:45:16 splunk3 spamd[6865]: spamd: processing message <200904062345.n36NjGs7011573@virt2.int.splunk.com> for spamme:501 
Apr  6 16:45:18 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 16:45:18 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42890,mid=<200904062345.n36NjGs7011573@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 16:45:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:45:18 splunk3 sendmail[19214]: n36NjG5o019213: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 16:45:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:45:44 splunk3 sendmail[19318]: n36Njigg019318: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:46:44 splunk3 sendmail[19554]: n36NkihB019554: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:47:44 splunk3 sendmail[19793]: n36NliPw019793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:48:44 splunk3 sendmail[20030]: n36Nmis7020030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:49:44 splunk3 sendmail[20269]: n36NniJC020269: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:49:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:50:17 splunk3 sendmail[20423]: n36NoHN8020423: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062350.n36NoHB4012189@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:50:17 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42945 
Apr  6 16:50:17 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:50:17 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:50:17 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:50:17 splunk3 spamd[6865]: spamd: processing message <200904062350.n36NoHB4012189@virt2.int.splunk.com> for spamme:501 
Apr  6 16:50:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:50:19 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 16:50:19 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42945,mid=<200904062350.n36NoHB4012189@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 16:50:19 splunk3 sendmail[20424]: n36NoHN8020423: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 16:50:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:50:44 splunk3 sendmail[20534]: n36NoiFC020534: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:51:44 splunk3 sendmail[20772]: n36NpixM020772: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:52:44 splunk3 sendmail[21004]: n36NqiQH021004: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:53:44 splunk3 sendmail[21247]: n36NriWx021247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:54:44 splunk3 sendmail[21484]: n36NsiBb021484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:54:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 16:55:18 splunk3 sendmail[21642]: n36NtI8r021642: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904062355.n36NtHbw012799@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 16:55:18 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43001 
Apr  6 16:55:18 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 16:55:18 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 16:55:18 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 16:55:18 splunk3 spamd[6865]: spamd: processing message <200904062355.n36NtHbw012799@virt2.int.splunk.com> for spamme:501 
Apr  6 16:55:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 16:55:20 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 16:55:20 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43001,mid=<200904062355.n36NtHbw012799@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 16:55:20 splunk3 sendmail[21643]: n36NtI8r021642: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 16:55:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 16:55:44 splunk3 sendmail[21746]: n36NtiSS021746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 16:56:44 splunk3 sendmail[21982]: n36NuiAL021982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:57:44 splunk3 sendmail[22225]: n36Nvig7022225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:58:44 splunk3 sendmail[22467]: n36Nwirq022467: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:59:44 splunk3 sendmail[22708]: n36Nxi7s022708: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 16:59:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:00:04 splunk3 sendmail[22839]: n37004qF022839: from=root, size=291, class=0, nrcpts=1, msgid=<200904070000.n37004qF022839@splunk3.splunkit.com>, relay=root@localhost
Apr  6 17:00:04 splunk3 sendmail[22843]: n37004aJ022843: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070000.n37004qF022839@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 17:00:04 splunk3 sendmail[22839]: n37004qF022839: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37004aJ022843 Message accepted for delivery)
Apr  6 17:00:04 splunk3 sendmail[22877]: n370049s022877: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070000.n370049s022877@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 17:00:04 splunk3 sendmail[22882]: n370049s022877: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 17:00:04 splunk3 sendmail[22882]: n370049s022877: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 17:00:04 splunk3 sendmail[22882]: n370049s022877: n370049s022882: postmaster notify: User unknown
Apr  6 17:00:05 splunk3 sendmail[22844]: n37004aJ022843: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 17:00:14 splunk3 sendmail[22882]: n370049s022882: to=root, delay=00:00:10, xdelay=00:00:10, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 17:00:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:00:19 splunk3 sendmail[22940]: n3700Jfe022940: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070000.n3700I3T013440@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:00:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43066 
Apr  6 17:00:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:00:19 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 17:00:19 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 17:00:19 splunk3 sendmail[22941]: n3700Jfe022940: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:00:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:00:44 splunk3 sendmail[23054]: n3700iBf023054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:01:11 splunk3 sendmail[23125]: n37011cP023125: from=root, size=443, class=0, nrcpts=1, msgid=<200904070001.n37011cP023125@splunk3.splunkit.com>, relay=root@localhost
Apr  6 17:01:11 splunk3 sendmail[23172]: n3701BTn023172: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070001.n37011cP023125@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 17:01:11 splunk3 sendmail[23125]: n37011cP023125: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3701BTn023172 Message accepted for delivery)
Apr  6 17:01:13 splunk3 sendmail[23173]: n3701BTn023172: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 17:01:44 splunk3 sendmail[23309]: n3701icR023309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:02:44 splunk3 sendmail[23545]: n3702iYe023545: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:03:44 splunk3 sendmail[23784]: n3703ijx023784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:04:44 splunk3 sendmail[24022]: n3704i0P024022: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:04:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:05:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:05:19 splunk3 sendmail[24177]: n3705J4o024177: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070005.n3705JDD014122@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:05:19 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43122 
Apr  6 17:05:19 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:05:19 splunk3 spamd[6865]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 17:05:19 splunk3 spamd[6865]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 17:05:19 splunk3 sendmail[24178]: n3705J4o024177: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:05:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:05:44 splunk3 sendmail[24281]: n3705ip7024281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:06:44 splunk3 sendmail[24514]: n3706ieE024514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:07:44 splunk3 sendmail[24753]: n3707iHp024753: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:08:38 splunk3 sendmail[10153]: n36N8bTs010153: timeout waiting for input from 61-231-68-166.dynamic.hinet.net during server cmd read
Apr  6 17:08:38 splunk3 sendmail[10153]: n36N8bTs010153: lost input channel from 61-231-68-166.dynamic.hinet.net [61.231.68.166] to MTA after rcpt
Apr  6 17:08:38 splunk3 sendmail[10153]: n36N8bTs010153: from=<0403pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=61-231-68-166.dynamic.hinet.net [61.231.68.166]
Apr  6 17:08:44 splunk3 sendmail[24992]: n3708ign024992: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:09:44 splunk3 sendmail[25234]: n3709i8m025234: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:09:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:10:02 splunk3 sendmail[25395]: n370A2mn025395: from=root, size=292, class=0, nrcpts=1, msgid=<200904070010.n370A2mn025395@splunk3.splunkit.com>, relay=root@localhost
Apr  6 17:10:03 splunk3 sendmail[25400]: n370A2ks025400: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070010.n370A2mn025395@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 17:10:03 splunk3 sendmail[25395]: n370A2mn025395: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n370A2ks025400 Message accepted for delivery)
Apr  6 17:10:04 splunk3 sendmail[25401]: n370A2ks025400: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 17:10:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:10:20 splunk3 sendmail[25498]: n370AK8m025498: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070010.n370AKK7014738@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:10:20 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43179 
Apr  6 17:10:20 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:10:20 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:10:20 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:10:20 splunk3 spamd[6865]: spamd: processing message <200904070010.n370AKK7014738@virt2.int.splunk.com> for spamme:501 
Apr  6 17:10:22 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 17:10:22 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43179,mid=<200904070010.n370AKK7014738@virt2.int.splunk.com>,bayes=0.112181778469336,autolearn=no 
Apr  6 17:10:22 splunk3 sendmail[25500]: n370AK8m025498: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:10:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:10:38 splunk3 sendmail[25566]: n370Ac2t025566: from=<3_pnaSRQKBrwiqqingcngtvu-pqtgrn0iqqing.eqourcoogurnwpmkv.eqo@alerts.bounces.google.com>, size=4298, class=0, nrcpts=1, msgid=<0016e644de5e3cd0120466ebd8c6@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.190]
Apr  6 17:10:38 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43182 
Apr  6 17:10:38 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:10:38 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:10:38 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:10:38 splunk3 spamd[6865]: spamd: processing message <0016e644de5e3cd0120466ebd8c6@google.com> for spamme:501 
Apr  6 17:10:40 splunk3 spamd[6865]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.0 seconds, 4728 bytes. 
Apr  6 17:10:40 splunk3 spamd[6865]: spamd: result: . -2 - AWL,BAYES_00,FREE_SAMPLE,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.0,size=4728,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43182,mid=<0016e644de5e3cd0120466ebd8c6@google.com>,bayes=5.55111512312578e-17,autolearn=ham 
Apr  6 17:10:40 splunk3 sendmail[25567]: n370Ac2t025566: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=34509, dsn=2.0.0, stat=Sent
Apr  6 17:10:40 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:10:44 splunk3 sendmail[25608]: n370Ai67025608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 17:11:44 splunk3 sendmail[25848]: n370BiHm025848: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:12:44 splunk3 sendmail[26082]: n370Ci3x026082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:13:44 splunk3 sendmail[26319]: n370DipL026319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:14:44 splunk3 sendmail[26554]: n370Eii6026554: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:14:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:15:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:15:21 splunk3 sendmail[26716]: n370FKMo026716: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070015.n370FKj2015522@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:15:21 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43236 
Apr  6 17:15:21 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:15:21 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:15:21 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:15:21 splunk3 spamd[6865]: spamd: processing message <200904070015.n370FKj2015522@virt2.int.splunk.com> for spamme:501 
Apr  6 17:15:23 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 17:15:23 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43236,mid=<200904070015.n370FKj2015522@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:15:23 splunk3 sendmail[26717]: n370FKMo026716: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:15:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:15:44 splunk3 sendmail[26817]: n370Fi2w026817: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:16:44 splunk3 sendmail[27051]: n370Giqx027051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:17:44 splunk3 sendmail[27290]: n370HipJ027290: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:18:44 splunk3 sendmail[27526]: n370IixB027526: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:19:44 splunk3 sendmail[27765]: n370JiKw027765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:19:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:20:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:20:21 splunk3 sendmail[27925]: n370KLV3027925: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070020.n370KLMY016158@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:20:21 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43292 
Apr  6 17:20:21 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:20:21 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:20:21 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:20:21 splunk3 spamd[6865]: spamd: processing message <200904070020.n370KLMY016158@virt2.int.splunk.com> for spamme:501 
Apr  6 17:20:23 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 17:20:23 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43292,mid=<200904070020.n370KLMY016158@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:20:23 splunk3 sendmail[27926]: n370KLV3027925: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:20:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:20:44 splunk3 sendmail[28026]: n370Ki76028026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:21:44 splunk3 sendmail[28268]: n370LivH028268: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:22:44 splunk3 sendmail[28503]: n370Miev028503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:23:44 splunk3 sendmail[28747]: n370NiYc028747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:24:44 splunk3 sendmail[28983]: n370Oisp028983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:24:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:25:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:25:22 splunk3 sendmail[29144]: n370PMAl029144: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070025.n370PLB8016759@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:25:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43347 
Apr  6 17:25:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:25:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:25:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:25:22 splunk3 spamd[6865]: spamd: processing message <200904070025.n370PLB8016759@virt2.int.splunk.com> for spamme:501 
Apr  6 17:25:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 17:25:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43347,mid=<200904070025.n370PLB8016759@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:25:24 splunk3 sendmail[29145]: n370PMAl029144: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:25:44 splunk3 sendmail[29245]: n370Piwv029245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 17:26:44 splunk3 sendmail[29480]: n370QiTV029480: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:27:44 splunk3 sendmail[29717]: n370Rigc029717: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:28:44 splunk3 sendmail[29952]: n370SixN029952: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:29:44 splunk3 sendmail[30191]: n370TiKD030191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:29:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:30:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:30:22 splunk3 sendmail[30355]: n370UMJc030355: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070030.n370UM2g017380@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:30:22 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43404 
Apr  6 17:30:22 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:30:22 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:30:22 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:30:22 splunk3 spamd[6865]: spamd: processing message <200904070030.n370UM2g017380@virt2.int.splunk.com> for spamme:501 
Apr  6 17:30:24 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 17:30:24 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43404,mid=<200904070030.n370UM2g017380@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:30:24 splunk3 sendmail[30356]: n370UMJc030355: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:30:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:30:44 splunk3 sendmail[30457]: n370UiPT030457: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:31:44 splunk3 sendmail[30694]: n370ViNv030694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:32:44 splunk3 sendmail[30929]: n370Wi2R030929: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:33:44 splunk3 sendmail[31168]: n370XiYH031168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:34:44 splunk3 sendmail[31401]: n370YiAp031401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:34:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:35:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:35:23 splunk3 sendmail[31563]: n370ZNv7031563: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070035.n370ZMEr018126@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:35:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43459 
Apr  6 17:35:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:35:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:35:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:35:23 splunk3 spamd[6865]: spamd: processing message <200904070035.n370ZMEr018126@virt2.int.splunk.com> for spamme:501 
Apr  6 17:35:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 17:35:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43459,mid=<200904070035.n370ZMEr018126@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:35:25 splunk3 sendmail[31564]: n370ZNv7031563: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:35:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:35:44 splunk3 sendmail[31664]: n370ZiN4031664: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:36:44 splunk3 sendmail[31900]: n370aiGw031900: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:37:44 splunk3 sendmail[32140]: n370biEu032140: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:38:44 splunk3 sendmail[32378]: n370ciCt032378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:39:44 splunk3 sendmail[32619]: n370disC032619: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:39:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:40:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:40:23 splunk3 sendmail[313]: n370eNis000313: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070040.n370eNFa018766@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:40:23 splunk3 spamd[6865]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43515 
Apr  6 17:40:23 splunk3 spamd[6865]: spamd: setuid to spamme succeeded 
Apr  6 17:40:23 splunk3 spamd[6865]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:40:23 splunk3 spamd[6865]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:40:23 splunk3 spamd[6865]: spamd: processing message <200904070040.n370eNFa018766@virt2.int.splunk.com> for spamme:501 
Apr  6 17:40:25 splunk3 spamd[6865]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 17:40:25 splunk3 spamd[6865]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43515,mid=<200904070040.n370eNFa018766@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:40:25 splunk3 sendmail[314]: n370eNis000313: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:40:25 splunk3 spamd[3033]: prefork: child states: BI 
Apr  6 17:40:25 splunk3 spamd[3033]: spamd: handled cleanup of child pid 6865 due to SIGCHLD 
Apr  6 17:40:25 splunk3 spamd[3033]: spamd: server successfully spawned child process, pid 338 
Apr  6 17:40:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:40:44 splunk3 sendmail[416]: n370eiZj000416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 17:41:44 splunk3 sendmail[653]: n370fih2000653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:42:44 splunk3 sendmail[890]: n370giNj000890: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:43:44 splunk3 sendmail[1129]: n370hiCu001129: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:44:45 splunk3 sendmail[1368]: n370ijgE001368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:44:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:45:18 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:45:24 splunk3 sendmail[1545]: n370jOih001545: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070045.n370jN9T019378@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:45:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43572 
Apr  6 17:45:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 17:45:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:45:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:45:24 splunk3 spamd[338]: spamd: processing message <200904070045.n370jN9T019378@virt2.int.splunk.com> for spamme:501 
Apr  6 17:45:26 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 17:45:26 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43572,mid=<200904070045.n370jN9T019378@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:45:26 splunk3 sendmail[1546]: n370jOih001545: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:45:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:45:45 splunk3 sendmail[1630]: n370jjhx001630: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:46:45 splunk3 sendmail[1864]: n370kjZC001864: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:47:45 splunk3 sendmail[2102]: n370ljRr002102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:48:45 splunk3 sendmail[2334]: n370mjAn002334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:49:45 splunk3 sendmail[2577]: n370njtg002577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:49:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:50:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:50:25 splunk3 sendmail[2766]: n370oPMi002766: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070050.n370oO6t019992@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:50:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43627 
Apr  6 17:50:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 17:50:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:50:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:50:25 splunk3 spamd[338]: spamd: processing message <200904070050.n370oO6t019992@virt2.int.splunk.com> for spamme:501 
Apr  6 17:50:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 17:50:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43627,mid=<200904070050.n370oO6t019992@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:50:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:50:27 splunk3 sendmail[2767]: n370oPMi002766: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:50:45 splunk3 sendmail[2851]: n370ojLa002851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:51:45 splunk3 sendmail[3102]: n370pjse003102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:52:45 splunk3 sendmail[3338]: n370qjc7003338: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:53:45 splunk3 sendmail[3600]: n370rjo6003600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:54:45 splunk3 sendmail[3846]: n370sjdt003846: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:54:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 17:55:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 17:55:26 splunk3 sendmail[4032]: n370tQiD004032: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070055.n370tPtv020598@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 17:55:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43683 
Apr  6 17:55:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 17:55:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 17:55:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 17:55:26 splunk3 spamd[338]: spamd: processing message <200904070055.n370tPtv020598@virt2.int.splunk.com> for spamme:501 
Apr  6 17:55:28 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 17:55:28 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43683,mid=<200904070055.n370tPtv020598@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 17:55:28 splunk3 sendmail[4033]: n370tQiD004032: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 17:55:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 17:55:45 splunk3 sendmail[4119]: n370tj9i004119: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 17:56:45 splunk3 sendmail[4373]: n370uj5O004373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:57:45 splunk3 sendmail[4614]: n370vj8A004614: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:58:45 splunk3 sendmail[4850]: n370wjw4004850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:59:45 splunk3 sendmail[5100]: n370xjPX005100: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 17:59:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:00:04 splunk3 sendmail[5287]: n37104Fr005287: from=root, size=291, class=0, nrcpts=1, msgid=<200904070100.n37104Fr005287@splunk3.splunkit.com>, relay=root@localhost
Apr  6 18:00:04 splunk3 sendmail[5291]: n371044r005291: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070100.n37104Fr005287@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 18:00:04 splunk3 sendmail[5287]: n37104Fr005287: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n371044r005291 Message accepted for delivery)
Apr  6 18:00:06 splunk3 sendmail[5292]: n371044r005291: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 18:00:12 splunk3 sendmail[5327]: n3710CtB005327: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904070100.n3710CtB005327@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 18:00:12 splunk3 sendmail[5329]: n3710CtB005327: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 18:00:12 splunk3 sendmail[5329]: n3710CtB005327: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 18:00:12 splunk3 sendmail[5329]: n3710CtB005327: n3710CtB005329: postmaster notify: User unknown
Apr  6 18:00:13 splunk3 sendmail[5329]: n3710CtB005329: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 18:00:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:00:26 splunk3 sendmail[5406]: n3710QYT005406: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070100.n3710Qx4021241@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:00:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43747 
Apr  6 18:00:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:00:26 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 18:00:26 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 18:00:26 splunk3 sendmail[5407]: n3710QYT005406: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:00:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:00:45 splunk3 sendmail[5489]: n3710j7i005489: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:01:09 splunk3 sendmail[5554]: n371111u005554: from=root, size=443, class=0, nrcpts=1, msgid=<200904070101.n371111u005554@splunk3.splunkit.com>, relay=root@localhost
Apr  6 18:01:09 splunk3 sendmail[5598]: n37119tx005598: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070101.n371111u005554@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 18:01:09 splunk3 sendmail[5554]: n371111u005554: to=root, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37119tx005598 Message accepted for delivery)
Apr  6 18:01:11 splunk3 sendmail[5599]: n37119tx005598: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 18:01:45 splunk3 sendmail[5740]: n3711jXG005740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:02:45 splunk3 sendmail[5972]: n3712j1u005972: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:03:45 splunk3 sendmail[6213]: n3713jer006213: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:04:45 splunk3 sendmail[6449]: n3714j91006449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:04:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:05:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:05:27 splunk3 sendmail[6628]: n3715Riw006628: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070105.n3715QcT021919@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:05:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43804 
Apr  6 18:05:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:05:27 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 18:05:27 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 18:05:27 splunk3 sendmail[6629]: n3715Riw006628: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:05:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:05:45 splunk3 sendmail[6711]: n3715j4c006711: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:06:45 splunk3 sendmail[6946]: n3716j7o006946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:07:45 splunk3 sendmail[7185]: n3717jRC007185: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:08:45 splunk3 sendmail[7423]: n3718jnM007423: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:09:45 splunk3 sendmail[7670]: n3719jpn007670: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:09:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:10:02 splunk3 sendmail[7833]: n371A2Ad007833: from=root, size=292, class=0, nrcpts=1, msgid=<200904070110.n371A2Ad007833@splunk3.splunkit.com>, relay=root@localhost
Apr  6 18:10:02 splunk3 sendmail[7838]: n371A2mG007838: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070110.n371A2Ad007833@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 18:10:02 splunk3 sendmail[7833]: n371A2Ad007833: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n371A2mG007838 Message accepted for delivery)
Apr  6 18:10:04 splunk3 sendmail[7839]: n371A2mG007838: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 18:10:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:10:27 splunk3 sendmail[7953]: n371AR37007953: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070110.n371ARIU022532@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:10:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43860 
Apr  6 18:10:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:10:27 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:10:27 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:10:27 splunk3 spamd[338]: spamd: processing message <200904070110.n371ARIU022532@virt2.int.splunk.com> for spamme:501 
Apr  6 18:10:31 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 3.4 seconds, 1308 bytes. 
Apr  6 18:10:31 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=3.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43860,mid=<200904070110.n371ARIU022532@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 18:10:31 splunk3 sendmail[7954]: n371AR37007953: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:10:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:10:45 splunk3 sendmail[8041]: n371Aj2c008041: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 18:11:45 splunk3 sendmail[8281]: n371Bjhx008281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:12:45 splunk3 sendmail[8518]: n371CjPp008518: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:13:45 splunk3 sendmail[8756]: n371DjA6008756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:14:45 splunk3 sendmail[8992]: n371EjOV008992: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:14:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:15:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:15:28 splunk3 sendmail[9172]: n371FS3w009172: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070115.n371FRC9023338@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:15:28 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43917 
Apr  6 18:15:28 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:15:28 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:15:28 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:15:28 splunk3 spamd[338]: spamd: processing message <200904070115.n371FRC9023338@virt2.int.splunk.com> for spamme:501 
Apr  6 18:15:30 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 18:15:30 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43917,mid=<200904070115.n371FRC9023338@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 18:15:30 splunk3 sendmail[9173]: n371FS3w009172: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:15:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:15:45 splunk3 sendmail[9254]: n371Fjk5009254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:16:45 splunk3 sendmail[9486]: n371Gj4Q009486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:17:45 splunk3 sendmail[9726]: n371HjmB009726: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:18:45 splunk3 sendmail[9962]: n371Ijff009962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:19:45 splunk3 sendmail[10203]: n371Jjtg010203: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:19:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:20:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:20:28 splunk3 sendmail[10385]: n371KSgD010385: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070120.n371KSdT023981@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:20:28 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43973 
Apr  6 18:20:28 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:20:28 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:20:28 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:20:28 splunk3 spamd[338]: spamd: processing message <200904070120.n371KSdT023981@virt2.int.splunk.com> for spamme:501 
Apr  6 18:20:30 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 18:20:30 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43973,mid=<200904070120.n371KSdT023981@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 18:20:30 splunk3 sendmail[10386]: n371KSgD010385: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:20:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:20:45 splunk3 sendmail[10467]: n371KjPb010467: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:21:45 splunk3 sendmail[10705]: n371LjLF010705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:22:45 splunk3 sendmail[10939]: n371Mjl7010939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:23:45 splunk3 sendmail[11180]: n371NjKn011180: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:24:45 splunk3 sendmail[11418]: n371Ojfa011418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:24:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:25:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:25:29 splunk3 sendmail[11612]: n371PTsp011612: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070125.n371PScb024613@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:25:29 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44028 
Apr  6 18:25:29 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:25:29 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:25:29 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:25:29 splunk3 spamd[338]: spamd: processing message <200904070125.n371PScb024613@virt2.int.splunk.com> for spamme:501 
Apr  6 18:25:31 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 18:25:31 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44028,mid=<200904070125.n371PScb024613@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 18:25:31 splunk3 sendmail[11613]: n371PTsp011612: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:25:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:25:45 splunk3 sendmail[11680]: n371PjGm011680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 18:26:45 splunk3 sendmail[11917]: n371QjEq011917: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:27:45 splunk3 sendmail[12156]: n371Rjul012156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:28:45 splunk3 sendmail[12391]: n371SjhY012391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:29:45 splunk3 sendmail[12630]: n371Tj9j012630: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:29:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:30:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:30:29 splunk3 sendmail[12829]: n371UTfj012829: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070130.n371UTYW025214@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:30:29 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44085 
Apr  6 18:30:29 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:30:29 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:30:29 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:30:29 splunk3 spamd[338]: spamd: processing message <200904070130.n371UTYW025214@virt2.int.splunk.com> for spamme:501 
Apr  6 18:30:31 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 18:30:31 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44085,mid=<200904070130.n371UTYW025214@virt2.int.splunk.com>,bayes=0.112213726254597,autolearn=no 
Apr  6 18:30:31 splunk3 sendmail[12830]: n371UTfj012829: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:30:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:30:45 splunk3 sendmail[12892]: n371UjmC012892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:31:45 splunk3 sendmail[13132]: n371VjHZ013132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:32:45 splunk3 sendmail[13406]: n371Wjso013406: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:33:45 splunk3 sendmail[13648]: n371XjtH013648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:34:12 splunk3 sendmail[13584]: n371XYNQ013584: from=<tede@wsmdomains.com>, size=5716, class=0, nrcpts=1, msgid=<7839019dc44b$c8e77572$46e1cc30@wsmdomains.com>, proto=ESMTP, daemon=MTA, relay=200-102-99-123.cslce701.dsl.brasiltelecom.net.br [200.102.99.123]
Apr  6 18:34:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44119 
Apr  6 18:34:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:34:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:34:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:34:12 splunk3 spamd[338]: spamd: processing message <7839019dc44b$c8e77572$46e1cc30@wsmdomains.com> for spamme:501 
Apr  6 18:34:14 splunk3 spamd[338]: spamd: identified spam (47.8/5.0) for spamme:501 in 1.9 seconds, 6073 bytes. 
Apr  6 18:34:14 splunk3 spamd[338]: spamd: result: Y 47 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.9,size=6073,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44119,mid=<7839019dc44b$c8e77572$46e1cc30@wsmdomains.com>,bayes=1,autolearn=spam 
Apr  6 18:34:14 splunk3 sendmail[13744]: n371XYNQ013584: to=<spamme@splunkit.com>, delay=00:00:10, xdelay=00:00:02, mailer=local, pri=35982, dsn=2.0.0, stat=Sent
Apr  6 18:34:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:34:45 splunk3 sendmail[13888]: n371YjSw013888: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:34:53 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:35:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:35:30 splunk3 sendmail[14084]: n371ZUQX014084: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070135.n371ZTmV025981@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:35:30 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44141 
Apr  6 18:35:30 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:35:30 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:35:30 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:35:30 splunk3 spamd[338]: spamd: processing message <200904070135.n371ZTmV025981@virt2.int.splunk.com> for spamme:501 
Apr  6 18:35:32 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 18:35:32 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44141,mid=<200904070135.n371ZTmV025981@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 18:35:32 splunk3 sendmail[14085]: n371ZUQX014084: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:35:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:35:45 splunk3 sendmail[14149]: n371Zjhl014149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:36:45 splunk3 sendmail[14383]: n371ajwn014383: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:37:45 splunk3 sendmail[14618]: n371bjcG014618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:38:45 splunk3 sendmail[14857]: n371cjdk014857: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:39:45 splunk3 sendmail[15097]: n371djNK015097: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:39:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:40:00 splunk3 sendmail[15158]: n371e0gF015158: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070140.n371e0cJ026498@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:40:00 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44185 
Apr  6 18:40:00 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:40:00 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:40:00 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:40:00 splunk3 spamd[338]: spamd: processing message <200904070140.n371e0cJ026498@virt2.int.splunk.com> for spamme:501 
Apr  6 18:40:02 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 18:40:02 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44185,mid=<200904070140.n371e0cJ026498@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 18:40:02 splunk3 sendmail[15159]: n371e0gF015158: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:40:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:40:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:40:45 splunk3 sendmail[15361]: n371ejPp015361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 18:41:45 splunk3 sendmail[15609]: n371fjDc015609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:42:45 splunk3 sendmail[15845]: n371gjGI015845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:43:45 splunk3 sendmail[16083]: n371hjrO016083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:44:45 splunk3 sendmail[16316]: n371ijtC016316: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:44:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:45:01 splunk3 sendmail[16384]: n371j1iO016384: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070145.n371j02Q027131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:45:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44242 
Apr  6 18:45:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:45:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:45:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:45:01 splunk3 spamd[338]: spamd: processing message <200904070145.n371j02Q027131@virt2.int.splunk.com> for spamme:501 
Apr  6 18:45:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 18:45:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44242,mid=<200904070145.n371j02Q027131@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 18:45:03 splunk3 sendmail[16385]: n371j1iO016384: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:45:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:45:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:45:45 splunk3 sendmail[16579]: n371jjJ2016579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:46:45 splunk3 sendmail[16815]: n371kjGR016815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:47:45 splunk3 sendmail[17055]: n371ljVV017055: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:48:45 splunk3 sendmail[17289]: n371mjdp017289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:49:45 splunk3 sendmail[17530]: n371njht017530: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:49:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:50:01 splunk3 sendmail[17595]: n371o1CE017595: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070150.n371o1td027747@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:50:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44297 
Apr  6 18:50:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:50:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:50:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:50:01 splunk3 spamd[338]: spamd: processing message <200904070150.n371o1td027747@virt2.int.splunk.com> for spamme:501 
Apr  6 18:50:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 18:50:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44297,mid=<200904070150.n371o1td027747@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 18:50:03 splunk3 sendmail[17596]: n371o1CE017595: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:50:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:50:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:50:45 splunk3 sendmail[17793]: n371ojgV017793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:51:45 splunk3 sendmail[18030]: n371pjwl018030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:52:45 splunk3 sendmail[18266]: n371qj91018266: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:53:32 splunk3 sendmail[18447]: n371rVQ5018447: ruleset=check_rcpt, arg1=<s2288@mail2000.com.tw>, relay=118-167-129-153.dynamic.hinet.net [118.167.129.153], reject=550 5.7.1 <s2288@mail2000.com.tw>... Relaying denied
Apr  6 18:53:45 splunk3 sendmail[18510]: n371rjsP018510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:53:59 splunk3 sendmail[18551]: n371rwac018551: from=<inlandsb_1991@Argonautgroup.com>, size=1904, class=0, nrcpts=1, msgid=<200904070153.n371rwac018551@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=pool-173-56-173-165.nycmny.east.verizon.net [173.56.173.165]
Apr  6 18:53:59 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44342 
Apr  6 18:53:59 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:53:59 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:53:59 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:53:59 splunk3 spamd[338]: spamd: processing message <200904070153.n371rwac018551@splunk3.splunkit.com> for spamme:501 
Apr  6 18:54:02 splunk3 spamd[338]: spamd: identified spam (18.4/5.0) for spamme:501 in 2.8 seconds, 2366 bytes. 
Apr  6 18:54:02 splunk3 spamd[338]: spamd: result: Y 18 - BAYES_99,DNS_FROM_RFC_ABUSE,HELO_DYNAMIC_IPADDR,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_SBL scantime=2.8,size=2366,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44342,mid=<200904070153.n371rwac018551@splunk3.splunkit.com>,bayes=0.999489995461871,autolearn=no 
Apr  6 18:54:02 splunk3 sendmail[18568]: n371rwac018551: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=32264, dsn=2.0.0, stat=Sent
Apr  6 18:54:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:54:45 splunk3 sendmail[18754]: n371sj0A018754: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:54:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 18:55:02 splunk3 sendmail[18819]: n371t2C0018819: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070155.n371t19c028394@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 18:55:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44354 
Apr  6 18:55:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 18:55:02 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 18:55:02 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 18:55:02 splunk3 spamd[338]: spamd: processing message <200904070155.n371t19c028394@virt2.int.splunk.com> for spamme:501 
Apr  6 18:55:04 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 18:55:04 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44354,mid=<200904070155.n371t19c028394@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 18:55:04 splunk3 sendmail[18820]: n371t2C0018819: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 18:55:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 18:55:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 18:55:45 splunk3 sendmail[19015]: n371tjHK019015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 18:56:45 splunk3 sendmail[19252]: n371ujNa019252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:57:45 splunk3 sendmail[19486]: n371vj7H019486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:58:45 splunk3 sendmail[19720]: n371wjWB019720: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:59:45 splunk3 sendmail[19961]: n371xja2019961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 18:59:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:00:02 splunk3 sendmail[20082]: n37202p5020082: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070200.n37202pe029067@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:00:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44410 
Apr  6 19:00:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:00:02 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 19:00:02 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 19:00:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:00:02 splunk3 sendmail[20083]: n37202p5020082: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:00:04 splunk3 sendmail[20117]: n372043e020117: from=root, size=291, class=0, nrcpts=1, msgid=<200904070200.n372043e020117@splunk3.splunkit.com>, relay=root@localhost
Apr  6 19:00:04 splunk3 sendmail[20121]: n37204V0020121: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070200.n372043e020117@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 19:00:04 splunk3 sendmail[20117]: n372043e020117: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37204V0020121 Message accepted for delivery)
Apr  6 19:00:06 splunk3 sendmail[20122]: n37204V0020121: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 19:00:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:00:20 splunk3 sendmail[20199]: n3720KEI020199: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070200.n3720KEI020199@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 19:00:20 splunk3 sendmail[20201]: n3720KEI020199: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 19:00:20 splunk3 sendmail[20201]: n3720KEI020199: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 19:00:20 splunk3 sendmail[20201]: n3720KEI020199: n3720KEI020201: postmaster notify: User unknown
Apr  6 19:00:21 splunk3 sendmail[20201]: n3720KEI020201: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 19:00:45 splunk3 sendmail[20310]: n3720jGh020310: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:01:06 splunk3 sendmail[20377]: n37211Yt020377: from=root, size=443, class=0, nrcpts=1, msgid=<200904070201.n37211Yt020377@splunk3.splunkit.com>, relay=root@localhost
Apr  6 19:01:06 splunk3 sendmail[20401]: n37216eD020401: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070201.n37211Yt020377@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 19:01:06 splunk3 sendmail[20377]: n37211Yt020377: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37216eD020401 Message accepted for delivery)
Apr  6 19:01:08 splunk3 sendmail[20402]: n37216eD020401: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 19:01:45 splunk3 sendmail[20563]: n3721juX020563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:02:45 splunk3 sendmail[20796]: n3722jgY020796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:03:45 splunk3 sendmail[21039]: n3723jdh021039: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:04:45 splunk3 sendmail[21271]: n3724jwi021271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:04:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:05:03 splunk3 sendmail[21359]: n37253Zw021359: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070205.n37253bf029753@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:05:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44475 
Apr  6 19:05:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:05:03 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 19:05:03 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 19:05:03 splunk3 sendmail[21360]: n37253Zw021359: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:05:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:05:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:05:45 splunk3 sendmail[21532]: n3725jYu021532: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:06:45 splunk3 sendmail[21767]: n3726jh8021767: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:07:45 splunk3 sendmail[22005]: n3727jt0022005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:08:45 splunk3 sendmail[22245]: n3728jbF022245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:09:45 splunk3 sendmail[22484]: n3729j0V022484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:09:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:10:03 splunk3 sendmail[22646]: n372A3Nr022646: from=root, size=292, class=0, nrcpts=1, msgid=<200904070210.n372A3Nr022646@splunk3.splunkit.com>, relay=root@localhost
Apr  6 19:10:03 splunk3 sendmail[22651]: n372A3Kh022651: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070210.n372A3Nr022646@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 19:10:03 splunk3 sendmail[22646]: n372A3Nr022646: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n372A3Kh022651 Message accepted for delivery)
Apr  6 19:10:04 splunk3 sendmail[22677]: n372A4LB022677: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070210.n372A3dL030362@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:10:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44531 
Apr  6 19:10:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:10:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:10:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:10:04 splunk3 spamd[338]: spamd: processing message <200904070210.n372A3dL030362@virt2.int.splunk.com> for spamme:501 
Apr  6 19:10:04 splunk3 sendmail[22652]: n372A3Kh022651: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 19:10:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 19:10:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44531,mid=<200904070210.n372A3dL030362@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 19:10:06 splunk3 sendmail[22678]: n372A4LB022677: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:10:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:10:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:10:45 splunk3 sendmail[22853]: n372AjCj022853: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 19:11:45 splunk3 sendmail[23088]: n372Bjn7023088: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:12:45 splunk3 sendmail[23324]: n372Cj5o023324: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:13:45 splunk3 sendmail[23564]: n372Dj7c023564: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:14:45 splunk3 sendmail[23799]: n372Ej14023799: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:14:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:15:04 splunk3 sendmail[23888]: n372F40F023888: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070215.n372F4xw031148@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:15:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44588 
Apr  6 19:15:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:15:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:15:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:15:04 splunk3 spamd[338]: spamd: processing message <200904070215.n372F4xw031148@virt2.int.splunk.com> for spamme:501 
Apr  6 19:15:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 19:15:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44588,mid=<200904070215.n372F4xw031148@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 19:15:06 splunk3 sendmail[23889]: n372F40F023888: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:15:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:15:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:15:45 splunk3 sendmail[24063]: n372FjiG024063: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:16:45 splunk3 sendmail[24296]: n372Gj1E024296: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:17:45 splunk3 sendmail[24536]: n372Hjw8024536: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:18:45 splunk3 sendmail[24768]: n372IjlT024768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:19:45 splunk3 sendmail[25008]: n372JjOp025008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:19:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:20:05 splunk3 sendmail[25099]: n372K5pH025099: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070220.n372K4Vm031780@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:20:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44643 
Apr  6 19:20:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:20:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:20:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:20:05 splunk3 spamd[338]: spamd: processing message <200904070220.n372K4Vm031780@virt2.int.splunk.com> for spamme:501 
Apr  6 19:20:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 19:20:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44643,mid=<200904070220.n372K4Vm031780@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 19:20:07 splunk3 sendmail[25100]: n372K5pH025099: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:20:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:20:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:20:45 splunk3 sendmail[25273]: n372KjJe025273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:21:45 splunk3 sendmail[25514]: n372Ljkj025514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:22:45 splunk3 sendmail[25750]: n372MjgM025750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:23:45 splunk3 sendmail[25991]: n372NjaW025991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:24:45 splunk3 sendmail[26229]: n372Oj13026229: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:24:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:25:05 splunk3 sendmail[26316]: n372P5x5026316: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070225.n372P5oQ032390@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:25:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44699 
Apr  6 19:25:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:25:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:25:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:25:05 splunk3 spamd[338]: spamd: processing message <200904070225.n372P5oQ032390@virt2.int.splunk.com> for spamme:501 
Apr  6 19:25:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 19:25:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44699,mid=<200904070225.n372P5oQ032390@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 19:25:07 splunk3 sendmail[26317]: n372P5x5026316: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 19:25:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:25:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:25:45 splunk3 sendmail[26486]: n372PjGj026486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 19:26:45 splunk3 sendmail[26720]: n372Qjvb026720: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:27:45 splunk3 sendmail[26960]: n372RjRV026960: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:28:45 splunk3 sendmail[27195]: n372SjgL027195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:29:45 splunk3 sendmail[27436]: n372TjgD027436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:29:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:30:06 splunk3 sendmail[27526]: n372U5nM027526: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904070230.n372U5Nm000542@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:30:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44755 
Apr  6 19:30:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:30:06 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:30:06 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:30:06 splunk3 spamd[338]: spamd: processing message <200904070230.n372U5Nm000542@virt2.int.splunk.com> for spamme:501 
Apr  6 19:30:08 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1302 bytes. 
Apr  6 19:30:08 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44755,mid=<200904070230.n372U5Nm000542@virt2.int.splunk.com>,bayes=0.0661522652664829,autolearn=no 
Apr  6 19:30:08 splunk3 sendmail[27527]: n372U5nM027526: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 19:30:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:30:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:30:45 splunk3 sendmail[27699]: n372UjHH027699: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:31:45 splunk3 sendmail[27937]: n372VjBD027937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:32:45 splunk3 sendmail[28169]: n372WjUE028169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:33:45 splunk3 sendmail[28409]: n372XjsW028409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:34:45 splunk3 sendmail[28646]: n372YjBi028646: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:34:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:35:06 splunk3 sendmail[28734]: n372Z6ao028734: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070235.n372Z6ZH001304@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:35:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44811 
Apr  6 19:35:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:35:06 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:35:06 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:35:06 splunk3 spamd[338]: spamd: processing message <200904070235.n372Z6ZH001304@virt2.int.splunk.com> for spamme:501 
Apr  6 19:35:08 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 19:35:08 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44811,mid=<200904070235.n372Z6ZH001304@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 19:35:08 splunk3 sendmail[28735]: n372Z6ao028734: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 19:35:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:35:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:35:45 splunk3 sendmail[28907]: n372Zj1Z028907: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:36:45 splunk3 sendmail[29144]: n372ajOT029144: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:37:45 splunk3 sendmail[29382]: n372bjPv029382: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:38:45 splunk3 sendmail[29621]: n372cjrI029621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:39:45 splunk3 sendmail[29858]: n372djW7029858: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:39:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:40:07 splunk3 sendmail[29949]: n372e7R1029949: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070240.n372e6nV001962@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:40:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44867 
Apr  6 19:40:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:40:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:40:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:40:07 splunk3 spamd[338]: spamd: processing message <200904070240.n372e6nV001962@virt2.int.splunk.com> for spamme:501 
Apr  6 19:40:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 19:40:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44867,mid=<200904070240.n372e6nV001962@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 19:40:09 splunk3 sendmail[29950]: n372e7R1029949: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 19:40:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:40:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:40:45 splunk3 sendmail[30123]: n372ejrX030123: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 19:41:45 splunk3 sendmail[30363]: n372fj2F030363: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:42:45 splunk3 sendmail[30600]: n372gjE8030600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:43:45 splunk3 sendmail[30840]: n372hjbX030840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:44:45 splunk3 sendmail[31075]: n372ijni031075: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:44:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:45:07 splunk3 sendmail[31182]: n372j7Op031182: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070245.n372j7Tl002589@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:45:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44923 
Apr  6 19:45:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:45:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:45:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:45:07 splunk3 spamd[338]: spamd: processing message <200904070245.n372j7Tl002589@virt2.int.splunk.com> for spamme:501 
Apr  6 19:45:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 19:45:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44923,mid=<200904070245.n372j7Tl002589@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 19:45:09 splunk3 sendmail[31183]: n372j7Op031182: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 19:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:45:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:45:45 splunk3 sendmail[31337]: n372jjSp031337: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:46:45 splunk3 sendmail[31568]: n372kjtG031568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:47:45 splunk3 sendmail[31807]: n372ljBa031807: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:48:45 splunk3 sendmail[32042]: n372mjv5032042: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:49:45 splunk3 sendmail[32282]: n372njVn032282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:49:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:50:08 splunk3 sendmail[32389]: n372o8Cd032389: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070250.n372o8KJ003200@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:50:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 44979 
Apr  6 19:50:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:50:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:50:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:50:08 splunk3 spamd[338]: spamd: processing message <200904070250.n372o8KJ003200@virt2.int.splunk.com> for spamme:501 
Apr  6 19:50:10 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 19:50:10 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44979,mid=<200904070250.n372o8KJ003200@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 19:50:10 splunk3 sendmail[32390]: n372o8Cd032389: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 19:50:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:50:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:50:45 splunk3 sendmail[32547]: n372ojg3032547: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:51:45 splunk3 sendmail[318]: n372pjYQ000318: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:52:45 splunk3 sendmail[553]: n372qju8000553: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:53:32 splunk3 sendmail[18447]: n371rVQ5018447: timeout waiting for input from 118-167-129-153.dynamic.hinet.net during server cmd read
Apr  6 19:53:32 splunk3 sendmail[18447]: n371rVQ5018447: lost input channel from 118-167-129-153.dynamic.hinet.net [118.167.129.153] to MTA after rcpt
Apr  6 19:53:32 splunk3 sendmail[18447]: n371rVQ5018447: from=<t8.t8@msa.hinet.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-167-129-153.dynamic.hinet.net [118.167.129.153]
Apr  6 19:53:45 splunk3 sendmail[792]: n372rj9Y000792: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:54:45 splunk3 sendmail[1030]: n372sjGl001030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:54:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 19:55:08 splunk3 sendmail[1134]: n372t8cL001134: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070255.n372t8C5003805@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 19:55:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45034 
Apr  6 19:55:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 19:55:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 19:55:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 19:55:08 splunk3 spamd[338]: spamd: processing message <200904070255.n372t8C5003805@virt2.int.splunk.com> for spamme:501 
Apr  6 19:55:10 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 19:55:10 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45034,mid=<200904070255.n372t8C5003805@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 19:55:10 splunk3 sendmail[1135]: n372t8cL001134: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 19:55:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 19:55:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 19:55:46 splunk3 sendmail[1294]: n372tjwu001294: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 19:56:46 splunk3 sendmail[1531]: n372ukY4001531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:57:46 splunk3 sendmail[1772]: n372vkZQ001772: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:58:46 splunk3 sendmail[2008]: n372wkF3002008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:59:46 splunk3 sendmail[2247]: n372xkET002247: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 19:59:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:00:04 splunk3 sendmail[2394]: n37304di002394: from=root, size=291, class=0, nrcpts=1, msgid=<200904070300.n37304di002394@splunk3.splunkit.com>, relay=root@localhost
Apr  6 20:00:04 splunk3 sendmail[2398]: n37304lA002398: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070300.n37304di002394@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 20:00:04 splunk3 sendmail[2394]: n37304di002394: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37304lA002398 Message accepted for delivery)
Apr  6 20:00:06 splunk3 sendmail[2399]: n37304lA002398: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 20:00:09 splunk3 sendmail[2426]: n37309pr002426: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070300.n37309Ql004451@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:00:09 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45092 
Apr  6 20:00:09 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:00:09 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 20:00:09 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 20:00:09 splunk3 sendmail[2427]: n37309pr002426: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:00:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:00:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:00:25 splunk3 sendmail[2497]: n3730P1u002497: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904070300.n3730P1u002497@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 20:00:25 splunk3 sendmail[2499]: n3730P1u002497: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 20:00:25 splunk3 sendmail[2499]: n3730P1u002497: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  6 20:00:25 splunk3 sendmail[2499]: n3730P1u002497: n3730P1u002499: postmaster notify: User unknown
Apr  6 20:00:27 splunk3 sendmail[2499]: n3730P1u002499: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  6 20:00:46 splunk3 sendmail[2596]: n3730kvV002596: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:01:07 splunk3 sendmail[2666]: n373116J002666: from=root, size=443, class=0, nrcpts=1, msgid=<200904070301.n373116J002666@splunk3.splunkit.com>, relay=root@localhost
Apr  6 20:01:07 splunk3 sendmail[2707]: n37317Ho002707: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070301.n373116J002666@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 20:01:07 splunk3 sendmail[2666]: n373116J002666: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37317Ho002707 Message accepted for delivery)
Apr  6 20:01:09 splunk3 sendmail[2708]: n37317Ho002707: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 20:01:46 splunk3 sendmail[2859]: n3731ktE002859: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:02:46 splunk3 sendmail[3103]: n3732kTc003103: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:03:46 splunk3 sendmail[3344]: n3733kUh003344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:04:46 splunk3 sendmail[3600]: n3734kYe003600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:04:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:05:10 splunk3 sendmail[3715]: n3735AHk003715: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070305.n373598s005131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:05:10 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45155 
Apr  6 20:05:10 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:05:10 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 20:05:10 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 20:05:10 splunk3 sendmail[3716]: n3735AHk003715: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:05:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:05:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:05:46 splunk3 sendmail[3870]: n3735kip003870: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:06:46 splunk3 sendmail[4118]: n3736kCD004118: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:07:46 splunk3 sendmail[4371]: n3737krM004371: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:08:46 splunk3 sendmail[4612]: n3738ktY004612: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:09:46 splunk3 sendmail[4855]: n3739kf4004855: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:09:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:10:02 splunk3 sendmail[5047]: n373A2eG005047: from=root, size=292, class=0, nrcpts=1, msgid=<200904070310.n373A2eG005047@splunk3.splunkit.com>, relay=root@localhost
Apr  6 20:10:02 splunk3 sendmail[5052]: n373A2md005052: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070310.n373A2eG005047@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 20:10:02 splunk3 sendmail[5047]: n373A2eG005047: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n373A2md005052 Message accepted for delivery)
Apr  6 20:10:04 splunk3 sendmail[5053]: n373A2md005052: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 20:10:10 splunk3 sendmail[5074]: n373AA7A005074: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070310.n373AACp005742@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:10:10 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45212 
Apr  6 20:10:10 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:10:10 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:10:10 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:10:10 splunk3 spamd[338]: spamd: processing message <200904070310.n373AACp005742@virt2.int.splunk.com> for spamme:501 
Apr  6 20:10:12 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 20:10:12 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45212,mid=<200904070310.n373AACp005742@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:10:12 splunk3 sendmail[5075]: n373AA7A005074: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:10:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:10:46 splunk3 sendmail[5270]: n373AkcA005270: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 20:11:46 splunk3 sendmail[5515]: n373BkKS005515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:12:46 splunk3 sendmail[5750]: n373CkJo005750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:13:46 splunk3 sendmail[5987]: n373DkKD005987: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:14:46 splunk3 sendmail[6219]: n373Ekss006219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:14:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:15:11 splunk3 sendmail[6331]: n373FB1o006331: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070315.n373FAgN006531@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:15:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45268 
Apr  6 20:15:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:15:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:15:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:15:11 splunk3 spamd[338]: spamd: processing message <200904070315.n373FAgN006531@virt2.int.splunk.com> for spamme:501 
Apr  6 20:15:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  6 20:15:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45268,mid=<200904070315.n373FAgN006531@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:15:13 splunk3 sendmail[6332]: n373FB1o006331: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:15:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:15:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:15:46 splunk3 sendmail[6484]: n373FkFd006484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:16:46 splunk3 sendmail[6719]: n373GkBg006719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:17:46 splunk3 sendmail[6957]: n373HkQ4006957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:18:46 splunk3 sendmail[7194]: n373Ik0S007194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:19:46 splunk3 sendmail[7431]: n373JkVc007431: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:19:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:20:11 splunk3 sendmail[7546]: n373KB1U007546: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070320.n373KB4F007161@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:20:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45324 
Apr  6 20:20:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:20:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:20:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:20:11 splunk3 spamd[338]: spamd: processing message <200904070320.n373KB4F007161@virt2.int.splunk.com> for spamme:501 
Apr  6 20:20:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  6 20:20:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45324,mid=<200904070320.n373KB4F007161@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:20:13 splunk3 sendmail[7547]: n373KB1U007546: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:20:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:20:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:20:46 splunk3 sendmail[7703]: n373KkFV007703: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:21:46 splunk3 sendmail[7939]: n373LkVx007939: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:22:46 splunk3 sendmail[8178]: n373Mkmf008178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:23:46 splunk3 sendmail[8422]: n373Nk7O008422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:24:46 splunk3 sendmail[8659]: n373OkXu008659: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:24:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:25:12 splunk3 sendmail[8765]: n373PCW4008765: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070325.n373PCJk007767@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:25:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45380 
Apr  6 20:25:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:25:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:25:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:25:12 splunk3 spamd[338]: spamd: processing message <200904070325.n373PCJk007767@virt2.int.splunk.com> for spamme:501 
Apr  6 20:25:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  6 20:25:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45380,mid=<200904070325.n373PCJk007767@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:25:14 splunk3 sendmail[8781]: n373PCW4008765: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:25:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:25:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:25:46 splunk3 sendmail[8922]: n373PkB6008922: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 20:26:46 splunk3 sendmail[9156]: n373QkF2009156: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:27:46 splunk3 sendmail[9397]: n373Rk1h009397: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:28:46 splunk3 sendmail[9626]: n373Skfn009626: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:29:46 splunk3 sendmail[9868]: n373Tkng009868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:29:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:30:12 splunk3 sendmail[9995]: n373UC5L009995: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070330.n373UCOC008396@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:30:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45436 
Apr  6 20:30:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:30:13 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:30:13 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:30:13 splunk3 spamd[338]: spamd: processing message <200904070330.n373UCOC008396@virt2.int.splunk.com> for spamme:501 
Apr  6 20:30:15 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  6 20:30:15 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45436,mid=<200904070330.n373UCOC008396@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:30:15 splunk3 sendmail[9996]: n373UC5L009995: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:30:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:30:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:30:46 splunk3 sendmail[10133]: n373UkCX010133: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:31:46 splunk3 sendmail[10372]: n373Vk1u010372: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:32:46 splunk3 sendmail[10608]: n373Wkwh010608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:33:46 splunk3 sendmail[10845]: n373Xk87010845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:34:46 splunk3 sendmail[11080]: n373YkSq011080: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:34:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:35:13 splunk3 sendmail[11204]: n373ZDlM011204: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070335.n373ZD3K009138@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:35:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45492 
Apr  6 20:35:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:35:13 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:35:13 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:35:13 splunk3 spamd[338]: spamd: processing message <200904070335.n373ZD3K009138@virt2.int.splunk.com> for spamme:501 
Apr  6 20:35:15 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 20:35:15 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45492,mid=<200904070335.n373ZD3K009138@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:35:15 splunk3 sendmail[11205]: n373ZDlM011204: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:35:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:35:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:35:46 splunk3 sendmail[11336]: n373Zk1A011336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:36:46 splunk3 sendmail[11586]: n373ak72011586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:37:46 splunk3 sendmail[11826]: n373bk7o011826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:38:46 splunk3 sendmail[12065]: n373ckL0012065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:39:46 splunk3 sendmail[12307]: n373dkD7012307: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:39:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:40:15 splunk3 sendmail[12430]: n373eFmb012430: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070340.n373eDi7009775@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:40:15 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45547 
Apr  6 20:40:15 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:40:15 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:40:15 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:40:15 splunk3 spamd[338]: spamd: processing message <200904070340.n373eDi7009775@virt2.int.splunk.com> for spamme:501 
Apr  6 20:40:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:40:17 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.3 seconds, 1305 bytes. 
Apr  6 20:40:17 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45547,mid=<200904070340.n373eDi7009775@virt2.int.splunk.com>,bayes=0.169144371647354,autolearn=no 
Apr  6 20:40:17 splunk3 sendmail[12431]: n373eFmb012430: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 20:40:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:40:46 splunk3 sendmail[12570]: n373ek8g012570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 20:41:46 splunk3 sendmail[12807]: n373fkSl012807: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:42:46 splunk3 sendmail[13040]: n373gkkB013040: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:43:46 splunk3 sendmail[13308]: n373hkYk013308: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:44:46 splunk3 sendmail[13557]: n373ikTF013557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:44:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:45:16 splunk3 sendmail[13681]: n373jGHn013681: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070345.n373jGSZ010384@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:45:16 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45604 
Apr  6 20:45:16 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:45:16 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:45:16 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:45:16 splunk3 spamd[338]: spamd: processing message <200904070345.n373jGSZ010384@virt2.int.splunk.com> for spamme:501 
Apr  6 20:45:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:45:19 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 20:45:19 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45604,mid=<200904070345.n373jGSZ010384@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 20:45:19 splunk3 sendmail[13682]: n373jGHn013681: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 20:45:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:45:46 splunk3 sendmail[13820]: n373jkaH013820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:46:46 splunk3 sendmail[14056]: n373kkik014056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:47:46 splunk3 sendmail[14292]: n373lkZf014292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:48:46 splunk3 sendmail[14525]: n373mkAo014525: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:49:46 splunk3 sendmail[14761]: n373nkc2014761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:49:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:50:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:50:16 splunk3 sendmail[14909]: n373oG9b014909: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070350.n373oG1L010993@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:50:16 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45668 
Apr  6 20:50:16 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:50:16 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:50:16 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:50:16 splunk3 spamd[338]: spamd: processing message <200904070350.n373oG1L010993@virt2.int.splunk.com> for spamme:501 
Apr  6 20:50:18 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 20:50:18 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45668,mid=<200904070350.n373oG1L010993@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 20:50:18 splunk3 sendmail[14910]: n373oG9b014909: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 20:50:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:50:46 splunk3 sendmail[15027]: n373okgs015027: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:51:46 splunk3 sendmail[15268]: n373pkn8015268: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:52:46 splunk3 sendmail[15513]: n373qkOd015513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:53:46 splunk3 sendmail[15755]: n373rkUT015755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:54:46 splunk3 sendmail[15991]: n373skGn015991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:54:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 20:55:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 20:55:19 splunk3 sendmail[16147]: n373tJ0E016147: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070355.n373tH9S011598@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 20:55:19 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45723 
Apr  6 20:55:19 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 20:55:19 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 20:55:19 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 20:55:19 splunk3 spamd[338]: spamd: processing message <200904070355.n373tH9S011598@virt2.int.splunk.com> for spamme:501 
Apr  6 20:55:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 20:55:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45723,mid=<200904070355.n373tH9S011598@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 20:55:21 splunk3 sendmail[16148]: n373tJ0E016147: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 20:55:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 20:55:46 splunk3 sendmail[16250]: n373tkZo016250: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 20:56:46 splunk3 sendmail[16488]: n373ukFE016488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:57:46 splunk3 sendmail[16728]: n373vk2A016728: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:58:46 splunk3 sendmail[16964]: n373wkYY016964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:59:46 splunk3 sendmail[17204]: n373xkNM017204: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 20:59:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:00:01 splunk3 sendmail[17280]: n37401Gs017280: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070400.n37401Gs017280@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 21:00:01 splunk3 sendmail[17282]: n37401Gs017280: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 21:00:01 splunk3 sendmail[17282]: n37401Gs017280: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 21:00:01 splunk3 sendmail[17282]: n37401Gs017280: n37401Gs017282: postmaster notify: User unknown
Apr  6 21:00:03 splunk3 sendmail[17282]: n37401Gs017282: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 21:00:04 splunk3 sendmail[17383]: n3740404017383: from=root, size=291, class=0, nrcpts=1, msgid=<200904070400.n3740404017383@splunk3.splunkit.com>, relay=root@localhost
Apr  6 21:00:04 splunk3 sendmail[17387]: n374047m017387: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070400.n3740404017383@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 21:00:04 splunk3 sendmail[17383]: n3740404017383: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n374047m017387 Message accepted for delivery)
Apr  6 21:00:06 splunk3 sendmail[17388]: n374047m017387: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 21:00:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:00:20 splunk3 sendmail[17451]: n3740KOW017451: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070400.n3740J7C012238@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:00:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45788 
Apr  6 21:00:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:00:20 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 21:00:20 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 21:00:20 splunk3 sendmail[17452]: n3740KOW017451: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:00:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:00:46 splunk3 sendmail[17554]: n3740k9n017554: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:01:04 splunk3 sendmail[17642]: n374120B017642: from=root, size=443, class=0, nrcpts=1, msgid=<200904070401.n374120B017642@splunk3.splunkit.com>, relay=root@localhost
Apr  6 21:01:04 splunk3 sendmail[17646]: n374141V017646: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070401.n374120B017642@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 21:01:04 splunk3 sendmail[17642]: n374120B017642: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n374141V017646 Message accepted for delivery)
Apr  6 21:01:05 splunk3 sendmail[17647]: n374141V017646: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 21:01:46 splunk3 sendmail[17806]: n3741kVO017806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:02:46 splunk3 sendmail[18038]: n3742kMu018038: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:03:46 splunk3 sendmail[18277]: n3743ko8018277: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:04:46 splunk3 sendmail[18528]: n3744kPw018528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:04:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:05:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:05:22 splunk3 sendmail[18691]: n3745MbZ018691: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070405.n3745KZr012927@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:05:22 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45845 
Apr  6 21:05:22 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:05:22 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 21:05:22 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 21:05:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:05:22 splunk3 sendmail[18692]: n3745MbZ018691: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:05:46 splunk3 sendmail[18788]: n3745kMB018788: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:06:46 splunk3 sendmail[19024]: n3746k0j019024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:07:46 splunk3 sendmail[19252]: n3747k6o019252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:08:46 splunk3 sendmail[19500]: n3748ke0019500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:09:46 splunk3 sendmail[19739]: n3749kb2019739: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:09:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:10:02 splunk3 sendmail[19916]: n374A2uL019916: from=root, size=292, class=0, nrcpts=1, msgid=<200904070410.n374A2uL019916@splunk3.splunkit.com>, relay=root@localhost
Apr  6 21:10:02 splunk3 sendmail[19921]: n374A2Ff019921: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070410.n374A2uL019916@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 21:10:02 splunk3 sendmail[19916]: n374A2uL019916: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n374A2Ff019921 Message accepted for delivery)
Apr  6 21:10:04 splunk3 sendmail[19922]: n374A2Ff019921: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 21:10:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:10:22 splunk3 sendmail[20005]: n374AMlq020005: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070410.n374AMvx013541@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:10:22 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45901 
Apr  6 21:10:22 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:10:22 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:10:22 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:10:22 splunk3 spamd[338]: spamd: processing message <200904070410.n374AMvx013541@virt2.int.splunk.com> for spamme:501 
Apr  6 21:10:24 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 21:10:24 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45901,mid=<200904070410.n374AMvx013541@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:10:24 splunk3 sendmail[20006]: n374AMlq020005: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:10:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:10:32 splunk3 sendmail[19767]: n374ATbS019767: from=<DickyBabes@wow.homeclassify.com>, size=7367, class=0, nrcpts=1, msgid=<kxhnxlibdybtpohp@recordshome.com>, proto=SMTP, daemon=MTA, relay=203-122-119-66.static.unleashedserver.com [66.119.122.203] (may be forged)
Apr  6 21:10:32 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45903 
Apr  6 21:10:32 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:10:32 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:10:32 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:10:32 splunk3 spamd[338]: spamd: processing message <kxhnxlibdybtpohp@recordshome.com> for spamme:501 
Apr  6 21:10:34 splunk3 spamd[338]: spamd: identified spam (15.5/5.0) for spamme:501 in 2.3 seconds, 7671 bytes. 
Apr  6 21:10:34 splunk3 spamd[338]: spamd: result: Y 15 - BAYES_50,DATE_IN_FUTURE_06_12,DNS_FROM_AHBL_RHSBL,FORGED_RCVD_HELO,HTML_40_50,HTML_MESSAGE,HTML_TINY_FONT,MSGID_SPAM_LETTERS,URIBL_JP_SURBL,URIBL_WS_SURBL,X_MAILER_SPAM scantime=2.3,size=7671,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45903,mid=<kxhnxlibdybtpohp@recordshome.com>,bayes=0.499981436478794,autolearn=no 
Apr  6 21:10:34 splunk3 sendmail[20056]: n374ATbS019767: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=37609, dsn=2.0.0, stat=Sent
Apr  6 21:10:34 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:10:46 splunk3 sendmail[20112]: n374Ak1M020112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 21:11:46 splunk3 sendmail[20353]: n374BkBA020353: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:12:46 splunk3 sendmail[20589]: n374CkGc020589: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:13:46 splunk3 sendmail[20833]: n374DkoU020833: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:14:46 splunk3 sendmail[21070]: n374EkLg021070: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:14:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:15:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:15:23 splunk3 sendmail[21229]: n374FNl8021229: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070415.n374FMVN014330@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:15:23 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45959 
Apr  6 21:15:23 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:15:23 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:15:23 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:15:23 splunk3 spamd[338]: spamd: processing message <200904070415.n374FMVN014330@virt2.int.splunk.com> for spamme:501 
Apr  6 21:15:25 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 21:15:25 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45959,mid=<200904070415.n374FMVN014330@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:15:25 splunk3 sendmail[21230]: n374FNl8021229: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:15:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:15:46 splunk3 sendmail[21332]: n374FkrC021332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:16:46 splunk3 sendmail[21565]: n374GkLu021565: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:17:46 splunk3 sendmail[21801]: n374HkMw021801: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:18:46 splunk3 sendmail[22039]: n374Ik8Q022039: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:19:46 splunk3 sendmail[22280]: n374JkO6022280: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:19:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:20:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:20:23 splunk3 sendmail[22444]: n374KNhO022444: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070420.n374KNcJ014965@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:20:23 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46014 
Apr  6 21:20:23 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:20:23 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:20:23 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:20:23 splunk3 spamd[338]: spamd: processing message <200904070420.n374KNcJ014965@virt2.int.splunk.com> for spamme:501 
Apr  6 21:20:25 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 21:20:25 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46014,mid=<200904070420.n374KNcJ014965@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:20:25 splunk3 sendmail[22445]: n374KNhO022444: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:20:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:20:46 splunk3 sendmail[22544]: n374KkVm022544: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:21:46 splunk3 sendmail[22783]: n374LkQq022783: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:22:46 splunk3 sendmail[23015]: n374Mkb5023015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:23:46 splunk3 sendmail[23254]: n374NkgC023254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:24:46 splunk3 sendmail[23486]: n374Okaf023486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:24:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:25:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:25:24 splunk3 sendmail[23650]: n374POca023650: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070425.n374PNdU015567@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:25:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46070 
Apr  6 21:25:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:25:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:25:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:25:24 splunk3 spamd[338]: spamd: processing message <200904070425.n374PNdU015567@virt2.int.splunk.com> for spamme:501 
Apr  6 21:25:26 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 21:25:26 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46070,mid=<200904070425.n374PNdU015567@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:25:26 splunk3 sendmail[23651]: n374POca023650: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:25:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:25:46 splunk3 sendmail[23751]: n374PkxS023751: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:26:08 splunk3 sendmail[23818]: n374Q6xc023818: from=<spamme@splunkit.com>, size=657, class=0, nrcpts=1, msgid=<200904070426.n374Q6xc023818@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=pool-173-58-93-209.lsanca.fios.verizon.net [173.58.93.209]
Apr  6 21:26:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46078 
Apr  6 21:26:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:26:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:26:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:26:08 splunk3 spamd[338]: spamd: processing message <200904070426.n374Q6xc023818@splunk3.splunkit.com> for spamme:501 
Apr  6 21:26:10 splunk3 spamd[338]: spamd: identified spam (17.1/5.0) for spamme:501 in 2.7 seconds, 1091 bytes. 
Apr  6 21:26:10 splunk3 spamd[338]: spamd: result: Y 17 - BAYES_80,HELO_DYNAMIC_IPADDR,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL scantime=2.7,size=1091,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46078,mid=<200904070426.n374Q6xc023818@splunk3.splunkit.com>,bayes=0.803656592557964,autolearn=no 
Apr  6 21:26:10 splunk3 sendmail[23835]: n374Q6xc023818: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31015, dsn=2.0.0, stat=Sent
Apr  6 21:26:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 21:26:46 splunk3 sendmail[23995]: n374QkEa023995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:27:46 splunk3 sendmail[24234]: n374RkPR024234: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:28:46 splunk3 sendmail[24470]: n374SkbD024470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:29:46 splunk3 sendmail[24710]: n374Tkal024710: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:29:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:30:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:30:25 splunk3 sendmail[24870]: n374UOC4024870: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070430.n374UOf1016193@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:30:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46127 
Apr  6 21:30:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:30:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:30:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:30:25 splunk3 spamd[338]: spamd: processing message <200904070430.n374UOf1016193@virt2.int.splunk.com> for spamme:501 
Apr  6 21:30:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 21:30:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46127,mid=<200904070430.n374UOf1016193@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:30:27 splunk3 sendmail[24871]: n374UOC4024870: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:30:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:30:46 splunk3 sendmail[24972]: n374UkTu024972: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:31:46 splunk3 sendmail[25208]: n374VkGl025208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:32:46 splunk3 sendmail[25445]: n374Wkn6025445: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:33:46 splunk3 sendmail[25685]: n374XkrG025685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:34:46 splunk3 sendmail[25920]: n374YkIL025920: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:34:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:35:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:35:25 splunk3 sendmail[26084]: n374ZPMo026084: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070435.n374ZPFp016932@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:35:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46183 
Apr  6 21:35:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:35:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:35:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:35:25 splunk3 spamd[338]: spamd: processing message <200904070435.n374ZPFp016932@virt2.int.splunk.com> for spamme:501 
Apr  6 21:35:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 21:35:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46183,mid=<200904070435.n374ZPFp016932@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:35:27 splunk3 sendmail[26085]: n374ZPMo026084: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:35:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:35:46 splunk3 sendmail[26185]: n374Zksd026185: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:36:46 splunk3 sendmail[26420]: n374akFN026420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:37:46 splunk3 sendmail[26654]: n374bkdS026654: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:38:46 splunk3 sendmail[26891]: n374ckV1026891: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:39:46 splunk3 sendmail[27130]: n374dkb5027130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:39:52 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:40:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:40:25 splunk3 sendmail[27296]: n374ePQa027296: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070440.n374ePHB017565@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:40:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46239 
Apr  6 21:40:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:40:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:40:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:40:25 splunk3 spamd[338]: spamd: processing message <200904070440.n374ePHB017565@virt2.int.splunk.com> for spamme:501 
Apr  6 21:40:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  6 21:40:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46239,mid=<200904070440.n374ePHB017565@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:40:27 splunk3 sendmail[27297]: n374ePQa027296: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:40:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:40:46 splunk3 sendmail[27396]: n374ekOD027396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 21:41:46 splunk3 sendmail[27638]: n374fkx1027638: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:42:46 splunk3 sendmail[27873]: n374gkZR027873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:43:46 splunk3 sendmail[28113]: n374hkWe028113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:44:46 splunk3 sendmail[28346]: n374ik8x028346: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:44:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:45:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:45:26 splunk3 sendmail[28505]: n374jQ4h028505: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070445.n374jP6F018185@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:45:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46295 
Apr  6 21:45:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:45:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:45:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:45:26 splunk3 spamd[338]: spamd: processing message <200904070445.n374jP6F018185@virt2.int.splunk.com> for spamme:501 
Apr  6 21:45:28 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  6 21:45:28 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46295,mid=<200904070445.n374jP6F018185@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:45:28 splunk3 sendmail[28519]: n374jQ4h028505: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:45:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:45:46 splunk3 sendmail[28606]: n374jkoK028606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:46:46 splunk3 sendmail[28842]: n374kkZq028842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:47:46 splunk3 sendmail[29083]: n374lkfm029083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:48:46 splunk3 sendmail[29318]: n374mkIP029318: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:49:46 splunk3 sendmail[29559]: n374nkCX029559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:49:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:50:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:50:26 splunk3 sendmail[29739]: n374oQKO029739: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070450.n374oQ1f018801@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:50:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46351 
Apr  6 21:50:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:50:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:50:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:50:26 splunk3 spamd[338]: spamd: processing message <200904070450.n374oQ1f018801@virt2.int.splunk.com> for spamme:501 
Apr  6 21:50:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  6 21:50:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46351,mid=<200904070450.n374oQ1f018801@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:50:29 splunk3 sendmail[29740]: n374oQKO029739: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:50:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:50:46 splunk3 sendmail[29824]: n374ok3j029824: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:51:46 splunk3 sendmail[30059]: n374pkw3030059: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:52:46 splunk3 sendmail[30292]: n374qkZ0030292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:53:46 splunk3 sendmail[30537]: n374rkF4030537: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:54:46 splunk3 sendmail[30772]: n374skL9030772: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:54:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 21:55:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 21:55:27 splunk3 sendmail[30952]: n374tRvd030952: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070455.n374tRn0019407@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 21:55:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46406 
Apr  6 21:55:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 21:55:27 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 21:55:27 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 21:55:27 splunk3 spamd[338]: spamd: processing message <200904070455.n374tRn0019407@virt2.int.splunk.com> for spamme:501 
Apr  6 21:55:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 21:55:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46406,mid=<200904070455.n374tRn0019407@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 21:55:29 splunk3 sendmail[30953]: n374tRvd030952: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 21:55:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 21:55:46 splunk3 sendmail[31034]: n374tkR8031034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 21:56:46 splunk3 sendmail[31271]: n374ukp5031271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:57:46 splunk3 sendmail[31511]: n374vk0J031511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:58:46 splunk3 sendmail[31742]: n374wk26031742: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:59:46 splunk3 sendmail[31980]: n374xkiL031980: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 21:59:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:00:04 splunk3 sendmail[32116]: n37504TP032116: from=root, size=291, class=0, nrcpts=1, msgid=<200904070500.n37504TP032116@splunk3.splunkit.com>, relay=root@localhost
Apr  6 22:00:04 splunk3 sendmail[32120]: n37504Ie032120: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070500.n37504TP032116@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 22:00:04 splunk3 sendmail[32116]: n37504TP032116: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37504Ie032120 Message accepted for delivery)
Apr  6 22:00:05 splunk3 sendmail[32121]: n37504Ie032120: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 22:00:06 splunk3 sendmail[32153]: n37506Ou032153: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070500.n37506Ou032153@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 22:00:06 splunk3 sendmail[32155]: n37506Ou032153: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 22:00:06 splunk3 sendmail[32155]: n37506Ou032153: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 22:00:06 splunk3 sendmail[32155]: n37506Ou032153: n37506Ou032155: postmaster notify: User unknown
Apr  6 22:00:08 splunk3 sendmail[32155]: n37506Ou032155: to=root, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 22:00:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:00:27 splunk3 sendmail[32246]: n3750ROq032246: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070500.n3750RgX020041@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:00:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46471 
Apr  6 22:00:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:00:27 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 22:00:27 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 22:00:27 splunk3 sendmail[32247]: n3750ROq032246: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:00:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:00:46 splunk3 sendmail[32330]: n3750kJt032330: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:01:16 splunk3 sendmail[32402]: n37511qD032402: from=root, size=443, class=0, nrcpts=1, msgid=<200904070501.n37511qD032402@splunk3.splunkit.com>, relay=root@localhost
Apr  6 22:01:16 splunk3 sendmail[32466]: n3751GoH032466: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070501.n37511qD032402@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 22:01:16 splunk3 sendmail[32402]: n37511qD032402: to=root, ctladdr=root (0/0), delay=00:00:15, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3751GoH032466 Message accepted for delivery)
Apr  6 22:01:17 splunk3 sendmail[32467]: n3751GoH032466: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 22:01:28 splunk3 sendmail[32506]: n3751Sfk032506: from=<3J97aSRQKBioMUUMRKGRKXZY-TUXKVReMUUMRK.IUSYVGSSKYVRaTQOZ.IUS@alerts.bounces.google.com>, size=10330, class=0, nrcpts=1, msgid=<000e0cd6aa2e5342e70466efe8cb@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 22:01:28 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46482 
Apr  6 22:01:28 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:01:28 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 22:01:28 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 22:01:28 splunk3 sendmail[32507]: n3751Sfk032506: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=40545, dsn=2.0.0, stat=Sent
Apr  6 22:01:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:01:47 splunk3 sendmail[32589]: n3751lv1032589: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:02:47 splunk3 sendmail[359]: n3752l2j000359: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:03:47 splunk3 sendmail[598]: n3753l5x000598: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:04:47 splunk3 sendmail[834]: n3754lfs000834: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:04:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:05:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:05:28 splunk3 sendmail[1014]: n3755ScC001014: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070505.n3755SBL020743@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:05:28 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46528 
Apr  6 22:05:28 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:05:28 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 22:05:28 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 22:05:28 splunk3 sendmail[1015]: n3755ScC001014: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:05:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:05:47 splunk3 sendmail[1093]: n3755lOV001093: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:06:47 splunk3 sendmail[1327]: n3756los001327: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:07:47 splunk3 sendmail[1567]: n3757lSm001567: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:08:47 splunk3 sendmail[1809]: n3758l0i001809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:09:47 splunk3 sendmail[2049]: n3759lCc002049: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:09:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:10:02 splunk3 sendmail[2216]: n375A21K002216: from=root, size=292, class=0, nrcpts=1, msgid=<200904070510.n375A21K002216@splunk3.splunkit.com>, relay=root@localhost
Apr  6 22:10:02 splunk3 sendmail[2221]: n375A2Aa002221: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070510.n375A21K002216@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 22:10:02 splunk3 sendmail[2216]: n375A21K002216: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n375A2Aa002221 Message accepted for delivery)
Apr  6 22:10:04 splunk3 sendmail[2222]: n375A2Aa002221: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 22:10:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:10:29 splunk3 sendmail[2334]: n375AT51002334: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070510.n375ATA9021327@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:10:29 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46585 
Apr  6 22:10:29 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:10:29 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:10:29 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:10:29 splunk3 spamd[338]: spamd: processing message <200904070510.n375ATA9021327@virt2.int.splunk.com> for spamme:501 
Apr  6 22:10:33 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.2 seconds, 1308 bytes. 
Apr  6 22:10:33 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46585,mid=<200904070510.n375ATA9021327@virt2.int.splunk.com>,bayes=0.112209281717786,autolearn=no 
Apr  6 22:10:33 splunk3 sendmail[2335]: n375AT51002334: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:10:33 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:10:47 splunk3 sendmail[2420]: n375AlPB002420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 22:11:47 splunk3 sendmail[2666]: n375BlGr002666: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:12:47 splunk3 sendmail[2906]: n375Cl8k002906: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:13:08 splunk3 sendmail[2910]: n375Cm97002910: from=<stephonm@aol.com>, size=5732, class=0, nrcpts=1, msgid=<fa07019db24e$a11de021$eb32dd11@aol.com>, proto=ESMTP, daemon=MTA, relay=pool-70-106-214-76.chi.dsl-w.verizon.net [70.106.214.76]
Apr  6 22:13:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46613 
Apr  6 22:13:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:13:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:13:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:13:08 splunk3 spamd[338]: spamd: processing message <fa07019db24e$a11de021$eb32dd11@aol.com> for spamme:501 
Apr  6 22:13:10 splunk3 spamd[338]: spamd: identified spam (21.1/5.0) for spamme:501 in 2.5 seconds, 6068 bytes. 
Apr  6 22:13:10 splunk3 spamd[338]: spamd: result: Y 21 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_SORBS_DUL,SUBJECT_EXCESS_BASE64,URIBL_SBL scantime=2.5,size=6068,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46613,mid=<fa07019db24e$a11de021$eb32dd11@aol.com>,bayes=1,autolearn=spam 
Apr  6 22:13:10 splunk3 sendmail[3001]: n375Cm97002910: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35983, dsn=2.0.0, stat=Sent
Apr  6 22:13:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:13:47 splunk3 sendmail[3158]: n375Dlbj003158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:14:47 splunk3 sendmail[3397]: n375El9h003397: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:14:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:15:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:15:30 splunk3 sendmail[3595]: n375FUUG003595: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070515.n375FTW4022130@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:15:30 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46642 
Apr  6 22:15:30 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:15:30 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:15:30 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:15:30 splunk3 spamd[338]: spamd: processing message <200904070515.n375FTW4022130@virt2.int.splunk.com> for spamme:501 
Apr  6 22:15:32 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 22:15:32 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46642,mid=<200904070515.n375FTW4022130@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:15:32 splunk3 sendmail[3596]: n375FUUG003595: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:15:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:15:47 splunk3 sendmail[3683]: n375FlZP003683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:16:05 splunk3 sendmail[3752]: n375G4ap003752: from=<3lOHaSRQKBpoAIIAF84F8LNM-HIL8JFSAIIAF8.6IGMJ4GG8MJFOHECN.6IG@alerts.bounces.google.com>, size=3478, class=0, nrcpts=1, msgid=<0016361e86bc9671250466f01c72@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  6 22:16:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46648 
Apr  6 22:16:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:16:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:16:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:16:05 splunk3 spamd[338]: spamd: processing message <0016361e86bc9671250466f01c72@google.com> for spamme:501 
Apr  6 22:16:07 splunk3 spamd[338]: spamd: clean message (-1.4/5.0) for spamme:501 in 2.2 seconds, 3912 bytes. 
Apr  6 22:16:07 splunk3 spamd[338]: spamd: result: . -1 - AWL,BAYES_00,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY scantime=2.2,size=3912,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46648,mid=<0016361e86bc9671250466f01c72@google.com>,bayes=5.55111512312578e-17,autolearn=no 
Apr  6 22:16:07 splunk3 sendmail[3753]: n375G4ap003752: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=33693, dsn=2.0.0, stat=Sent
Apr  6 22:16:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:16:47 splunk3 sendmail[3934]: n375Gl7D003934: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:17:47 splunk3 sendmail[4187]: n375HlZi004187: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:18:47 splunk3 sendmail[4439]: n375Ilcw004439: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:19:47 splunk3 sendmail[4675]: n375JlbQ004675: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:19:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:20:01 splunk3 sendmail[4740]: n375K0eG004740: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070520.n375K0f9022646@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:20:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46687 
Apr  6 22:20:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:20:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:20:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:20:01 splunk3 spamd[338]: spamd: processing message <200904070520.n375K0f9022646@virt2.int.splunk.com> for spamme:501 
Apr  6 22:20:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  6 22:20:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46687,mid=<200904070520.n375K0f9022646@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:20:03 splunk3 sendmail[4747]: n375K0eG004740: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:20:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:20:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:20:47 splunk3 sendmail[4950]: n375Klnk004950: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:21:47 splunk3 sendmail[5227]: n375Ll2J005227: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:22:47 splunk3 sendmail[5467]: n375Mlk3005467: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:23:47 splunk3 sendmail[5711]: n375Nle3005711: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:24:47 splunk3 sendmail[5944]: n375Oli5005944: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:24:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:25:02 splunk3 sendmail[6012]: n375P2h4006012: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070525.n375P1UT023280@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:25:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46743 
Apr  6 22:25:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:25:02 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:25:02 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:25:02 splunk3 spamd[338]: spamd: processing message <200904070525.n375P1UT023280@virt2.int.splunk.com> for spamme:501 
Apr  6 22:25:04 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 22:25:04 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46743,mid=<200904070525.n375P1UT023280@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:25:04 splunk3 sendmail[6013]: n375P2h4006012: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:25:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:25:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:25:47 splunk3 sendmail[6208]: n375Plgn006208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 22:26:47 splunk3 sendmail[6441]: n375QlZu006441: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:27:47 splunk3 sendmail[6678]: n375RlOx006678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:28:47 splunk3 sendmail[6913]: n375Sl6r006913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:29:47 splunk3 sendmail[7153]: n375Tl0S007153: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:29:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:30:02 splunk3 sendmail[7226]: n375U21j007226: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070530.n375U2U2023972@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:30:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46800 
Apr  6 22:30:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:30:02 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:30:02 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:30:02 splunk3 spamd[338]: spamd: processing message <200904070530.n375U2U2023972@virt2.int.splunk.com> for spamme:501 
Apr  6 22:30:04 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  6 22:30:04 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46800,mid=<200904070530.n375U2U2023972@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:30:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:30:04 splunk3 sendmail[7227]: n375U21j007226: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:30:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:30:47 splunk3 sendmail[7417]: n375UlLX007417: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:31:47 splunk3 sendmail[7665]: n375Vll4007665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:32:47 splunk3 sendmail[7902]: n375WlEN007902: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:33:47 splunk3 sendmail[8138]: n375XlI2008138: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:34:47 splunk3 sendmail[8373]: n375Ylq5008373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:34:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:35:03 splunk3 sendmail[8445]: n375Z3PQ008445: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070535.n375Z3rm024723@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:35:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46855 
Apr  6 22:35:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:35:03 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:35:03 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:35:03 splunk3 spamd[338]: spamd: processing message <200904070535.n375Z3rm024723@virt2.int.splunk.com> for spamme:501 
Apr  6 22:35:05 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 22:35:05 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46855,mid=<200904070535.n375Z3rm024723@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:35:05 splunk3 sendmail[8446]: n375Z3PQ008445: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:35:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:35:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:35:47 splunk3 sendmail[8636]: n375ZlKl008636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:36:47 splunk3 sendmail[8873]: n375alkh008873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:37:47 splunk3 sendmail[9112]: n375blYX009112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:38:47 splunk3 sendmail[9352]: n375clwW009352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:39:47 splunk3 sendmail[9590]: n375dluQ009590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:39:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:40:04 splunk3 sendmail[9660]: n375e4of009660: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070540.n375e4dN025352@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:40:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46911 
Apr  6 22:40:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:40:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:40:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:40:04 splunk3 spamd[338]: spamd: processing message <200904070540.n375e4dN025352@virt2.int.splunk.com> for spamme:501 
Apr  6 22:40:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 22:40:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46911,mid=<200904070540.n375e4dN025352@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:40:06 splunk3 sendmail[9661]: n375e4of009660: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:40:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:40:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:40:47 splunk3 sendmail[9851]: n375elJn009851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 22:41:47 splunk3 sendmail[10091]: n375flXI010091: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:42:47 splunk3 sendmail[10325]: n375glvs010325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:43:47 splunk3 sendmail[10565]: n375hlfP010565: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:44:41 splunk3 sendmail[10760]: n375icw8010760: from=<tihougik1999@margaretshope.com>, size=1355, class=0, nrcpts=1, msgid=<200904070544.n375icw8010760@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=bbb72-0-177-50.bendbroadband.com [72.0.177.50]
Apr  6 22:44:41 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46963 
Apr  6 22:44:41 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:44:41 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:44:41 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:44:41 splunk3 spamd[338]: spamd: processing message <200904070544.n375icw8010760@splunk3.splunkit.com> for spamme:501 
Apr  6 22:44:44 splunk3 spamd[338]: spamd: identified spam (7.5/5.0) for spamme:501 in 2.3 seconds, 1790 bytes. 
Apr  6 22:44:44 splunk3 spamd[338]: spamd: result: Y 7 - BAYES_50,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=2.3,size=1790,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46963,mid=<200904070544.n375icw8010760@splunk3.splunkit.com>,bayes=0.499613186927841,autolearn=no 
Apr  6 22:44:44 splunk3 sendmail[10782]: n375icw8010760: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=31691, dsn=2.0.0, stat=Sent
Apr  6 22:44:44 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:44:47 splunk3 sendmail[10805]: n375ilZL010805: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:44:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:45:04 splunk3 sendmail[10877]: n375j47X010877: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070545.n375j4gr025963@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:45:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 46968 
Apr  6 22:45:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:45:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:45:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:45:04 splunk3 spamd[338]: spamd: processing message <200904070545.n375j4gr025963@virt2.int.splunk.com> for spamme:501 
Apr  6 22:45:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  6 22:45:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46968,mid=<200904070545.n375j4gr025963@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:45:06 splunk3 sendmail[10878]: n375j47X010877: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:45:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:45:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:45:47 splunk3 sendmail[11068]: n375jlls011068: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:46:47 splunk3 sendmail[11304]: n375klNW011304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:47:47 splunk3 sendmail[11540]: n375llrb011540: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:48:47 splunk3 sendmail[11774]: n375mlDo011774: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:49:47 splunk3 sendmail[12013]: n375nl7b012013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:49:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:50:05 splunk3 sendmail[12088]: n375o5MX012088: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070550.n375o5M4026573@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:50:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47024 
Apr  6 22:50:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:50:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:50:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:50:05 splunk3 spamd[338]: spamd: processing message <200904070550.n375o5M4026573@virt2.int.splunk.com> for spamme:501 
Apr  6 22:50:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  6 22:50:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47024,mid=<200904070550.n375o5M4026573@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:50:07 splunk3 sendmail[12089]: n375o5MX012088: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:50:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:50:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:50:47 splunk3 sendmail[12280]: n375olgV012280: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:51:47 splunk3 sendmail[12519]: n375plTP012519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:52:47 splunk3 sendmail[12755]: n375qlXO012755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:53:47 splunk3 sendmail[12999]: n375rlnO012999: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:54:47 splunk3 sendmail[13232]: n375slTr013232: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:54:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 22:55:05 splunk3 sendmail[13351]: n375t5Z9013351: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070555.n375t5hc027185@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 22:55:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47079 
Apr  6 22:55:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 22:55:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 22:55:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 22:55:05 splunk3 spamd[338]: spamd: processing message <200904070555.n375t5hc027185@virt2.int.splunk.com> for spamme:501 
Apr  6 22:55:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  6 22:55:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47079,mid=<200904070555.n375t5hc027185@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 22:55:07 splunk3 sendmail[13354]: n375t5Z9013351: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 22:55:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 22:55:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 22:55:47 splunk3 sendmail[13532]: n375tlAw013532: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 22:56:47 splunk3 sendmail[13770]: n375ul2n013770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:57:47 splunk3 sendmail[14009]: n375vlnW014009: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:58:47 splunk3 sendmail[14244]: n375wlEq014244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:59:47 splunk3 sendmail[14485]: n375xlss014485: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 22:59:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:00:04 splunk3 sendmail[14617]: n37604OF014617: from=root, size=291, class=0, nrcpts=1, msgid=<200904070600.n37604OF014617@splunk3.splunkit.com>, relay=root@localhost
Apr  6 23:00:04 splunk3 sendmail[14621]: n376040p014621: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070600.n37604OF014617@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 23:00:04 splunk3 sendmail[14617]: n37604OF014617: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n376040p014621 Message accepted for delivery)
Apr  6 23:00:06 splunk3 sendmail[14623]: n376040p014621: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  6 23:00:06 splunk3 sendmail[14645]: n37606Zd014645: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070600.n37605mV027821@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:00:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47137 
Apr  6 23:00:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:00:06 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 23:00:06 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 23:00:06 splunk3 sendmail[14646]: n37606Zd014645: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:00:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:00:12 splunk3 sendmail[14679]: n3760Cfc014679: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070600.n3760Cfc014679@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 23:00:12 splunk3 sendmail[14681]: n3760Cfc014679: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  6 23:00:12 splunk3 sendmail[14681]: n3760Cfc014679: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  6 23:00:12 splunk3 sendmail[14681]: n3760Cfc014679: n3760Cfc014681: postmaster notify: User unknown
Apr  6 23:00:13 splunk3 sendmail[14681]: n3760Cfc014681: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  6 23:00:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:00:47 splunk3 sendmail[14833]: n3760lZO014833: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:01:12 splunk3 sendmail[14900]: n37611rQ014900: from=root, size=443, class=0, nrcpts=1, msgid=<200904070601.n37611rQ014900@splunk3.splunkit.com>, relay=root@localhost
Apr  6 23:01:12 splunk3 sendmail[14943]: n3761CK3014943: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070601.n37611rQ014900@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 23:01:12 splunk3 sendmail[14900]: n37611rQ014900: to=root, ctladdr=root (0/0), delay=00:00:11, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3761CK3014943 Message accepted for delivery)
Apr  6 23:01:13 splunk3 sendmail[14944]: n3761CK3014943: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  6 23:01:47 splunk3 sendmail[15083]: n3761lc4015083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:02:47 splunk3 sendmail[15317]: n3762lQ6015317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:03:47 splunk3 sendmail[15568]: n3763ldr015568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:04:47 splunk3 sendmail[15803]: n3764lvE015803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:04:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:05:07 splunk3 sendmail[15892]: n37656O0015892: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070605.n37656kG028504@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:05:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47200 
Apr  6 23:05:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:05:07 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  6 23:05:07 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  6 23:05:07 splunk3 sendmail[15893]: n37656O0015892: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:05:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:05:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:05:47 splunk3 sendmail[16065]: n3765l7A016065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:06:47 splunk3 sendmail[16300]: n3766ltM016300: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:07:47 splunk3 sendmail[16538]: n3767ljD016538: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:08:47 splunk3 sendmail[16776]: n3768l0a016776: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:09:47 splunk3 sendmail[17014]: n3769lT9017014: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:09:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:10:02 splunk3 sendmail[17180]: n376A2rW017180: from=root, size=292, class=0, nrcpts=1, msgid=<200904070610.n376A2rW017180@splunk3.splunkit.com>, relay=root@localhost
Apr  6 23:10:02 splunk3 sendmail[17185]: n376A28j017185: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070610.n376A2rW017180@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  6 23:10:02 splunk3 sendmail[17180]: n376A2rW017180: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n376A28j017185 Message accepted for delivery)
Apr  6 23:10:03 splunk3 sendmail[17186]: n376A28j017185: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  6 23:10:07 splunk3 sendmail[17206]: n376A7e5017206: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070610.n376A7Wo029120@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:10:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47257 
Apr  6 23:10:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:10:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:10:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:10:07 splunk3 spamd[338]: spamd: processing message <200904070610.n376A7Wo029120@virt2.int.splunk.com> for spamme:501 
Apr  6 23:10:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  6 23:10:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47257,mid=<200904070610.n376A7Wo029120@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:10:09 splunk3 sendmail[17207]: n376A7e5017206: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:10:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:10:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:10:47 splunk3 sendmail[17384]: n376Algx017384: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 23:11:47 splunk3 sendmail[17626]: n376Bl2E017626: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:12:47 splunk3 sendmail[17862]: n376Cl2c017862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:13:47 splunk3 sendmail[18100]: n376DlPU018100: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:14:47 splunk3 sendmail[18335]: n376ElVe018335: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:14:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:15:08 splunk3 sendmail[18423]: n376F8a3018423: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070615.n376F7IU029905@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:15:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47314 
Apr  6 23:15:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:15:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:15:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:15:08 splunk3 spamd[338]: spamd: processing message <200904070615.n376F7IU029905@virt2.int.splunk.com> for spamme:501 
Apr  6 23:15:10 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 23:15:10 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47314,mid=<200904070615.n376F7IU029905@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:15:10 splunk3 sendmail[18425]: n376F8a3018423: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:15:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:15:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:15:47 splunk3 sendmail[18594]: n376Fl0k018594: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:16:47 splunk3 sendmail[18828]: n376GllP018828: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:17:47 splunk3 sendmail[19067]: n376Hlv4019067: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:18:47 splunk3 sendmail[19303]: n376Ilva019303: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:19:47 splunk3 sendmail[19542]: n376JloF019542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:19:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:20:08 splunk3 sendmail[19634]: n376K8kb019634: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070620.n376K8Ep030535@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:20:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47369 
Apr  6 23:20:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:20:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:20:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:20:08 splunk3 spamd[338]: spamd: processing message <200904070620.n376K8Ep030535@virt2.int.splunk.com> for spamme:501 
Apr  6 23:20:10 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 23:20:10 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47369,mid=<200904070620.n376K8Ep030535@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:20:10 splunk3 sendmail[19635]: n376K8kb019634: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:20:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:20:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:20:47 splunk3 sendmail[19809]: n376KlCS019809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:21:47 splunk3 sendmail[20047]: n376LlV1020047: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:22:47 splunk3 sendmail[20279]: n376MllS020279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:23:47 splunk3 sendmail[20523]: n376Nlm7020523: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:24:47 splunk3 sendmail[20758]: n376OlCd020758: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:24:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:25:08 splunk3 sendmail[20846]: n376P88i020846: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070625.n376P8K3031142@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:25:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47425 
Apr  6 23:25:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:25:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:25:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:25:08 splunk3 spamd[338]: spamd: processing message <200904070625.n376P8K3031142@virt2.int.splunk.com> for spamme:501 
Apr  6 23:25:11 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 23:25:11 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47425,mid=<200904070625.n376P8K3031142@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:25:11 splunk3 sendmail[20847]: n376P88i020846: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:25:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:25:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:25:47 splunk3 sendmail[21022]: n376Pl8B021022: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 23:26:47 splunk3 sendmail[21259]: n376Qlaa021259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:27:47 splunk3 sendmail[21499]: n376RlKg021499: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:28:47 splunk3 sendmail[21731]: n376SlXu021731: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:29:47 splunk3 sendmail[21969]: n376TlXo021969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:29:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:30:11 splunk3 sendmail[22080]: n376UBUZ022080: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070630.n376U9Rw031764@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:30:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47481 
Apr  6 23:30:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:30:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:30:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:30:11 splunk3 spamd[338]: spamd: processing message <200904070630.n376U9Rw031764@virt2.int.splunk.com> for spamme:501 
Apr  6 23:30:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  6 23:30:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47481,mid=<200904070630.n376U9Rw031764@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:30:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:30:13 splunk3 sendmail[22081]: n376UBUZ022080: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:30:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:30:47 splunk3 sendmail[22233]: n376UlQw022233: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:31:47 splunk3 sendmail[22471]: n376VlF5022471: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:32:47 splunk3 sendmail[22707]: n376WlFm022707: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:33:47 splunk3 sendmail[22944]: n376XlRY022944: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:34:47 splunk3 sendmail[23178]: n376YlU6023178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:34:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:35:11 splunk3 sendmail[23283]: n376ZBAQ023283: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070635.n376ZB7u032513@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:35:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47537 
Apr  6 23:35:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:35:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:35:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:35:11 splunk3 spamd[338]: spamd: processing message <200904070635.n376ZB7u032513@virt2.int.splunk.com> for spamme:501 
Apr  6 23:35:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  6 23:35:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47537,mid=<200904070635.n376ZB7u032513@virt2.int.splunk.com>,bayes=0.112204837541855,autolearn=no 
Apr  6 23:35:13 splunk3 sendmail[23284]: n376ZBAQ023283: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  6 23:35:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:35:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:35:47 splunk3 sendmail[23439]: n376Zl7d023439: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:36:47 splunk3 sendmail[23672]: n376alwv023672: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:37:47 splunk3 sendmail[23910]: n376blCe023910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:38:47 splunk3 sendmail[24150]: n376cluA024150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:39:47 splunk3 sendmail[24390]: n376dlOR024390: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:39:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:40:12 splunk3 sendmail[24497]: n376eCiK024497: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904070640.n376eBtu000677@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:40:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47592 
Apr  6 23:40:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:40:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:40:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:40:12 splunk3 spamd[338]: spamd: processing message <200904070640.n376eBtu000677@virt2.int.splunk.com> for spamme:501 
Apr  6 23:40:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1302 bytes. 
Apr  6 23:40:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47592,mid=<200904070640.n376eBtu000677@virt2.int.splunk.com>,bayes=0.0661502463526312,autolearn=no 
Apr  6 23:40:14 splunk3 sendmail[24498]: n376eCiK024497: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  6 23:40:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:40:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:40:47 splunk3 sendmail[24656]: n376elWD024656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 23:41:47 splunk3 sendmail[24898]: n376flB5024898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:42:47 splunk3 sendmail[25131]: n376glVk025131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:43:47 splunk3 sendmail[25368]: n376hlTH025368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:44:47 splunk3 sendmail[25603]: n376ilsY025603: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:44:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:45:12 splunk3 sendmail[25710]: n376jC7r025710: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070645.n376jCBn001303@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:45:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47649 
Apr  6 23:45:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:45:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:45:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:45:12 splunk3 spamd[338]: spamd: processing message <200904070645.n376jCBn001303@virt2.int.splunk.com> for spamme:501 
Apr  6 23:45:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  6 23:45:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47649,mid=<200904070645.n376jCBn001303@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  6 23:45:14 splunk3 sendmail[25711]: n376jC7r025710: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 23:45:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:45:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:45:47 splunk3 sendmail[25866]: n376jl1k025866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:46:47 splunk3 sendmail[26102]: n376kl72026102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:47:20 splunk3 sendmail[26222]: n376lJcs026222: from=<yoneyama-ts@jp.fujitsu.com>, size=1751, class=0, nrcpts=1, msgid=<200904070646.AA00137@FM-312211088.jp.fujitsu.com>, proto=ESMTP, daemon=MTA, relay=fgwmail5.fujitsu.co.jp [192.51.44.35]
Apr  6 23:47:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47678 
Apr  6 23:47:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:47:20 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:47:20 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:47:20 splunk3 spamd[338]: spamd: processing message <200904070646.AA00137@FM-312211088.jp.fujitsu.com> for spamme:501 
Apr  6 23:47:22 splunk3 spamd[338]: spamd: clean message (-0.4/5.0) for spamme:501 in 2.1 seconds, 2058 bytes. 
Apr  6 23:47:22 splunk3 spamd[338]: spamd: result: . 0 - BAYES_20,DNS_FROM_RFC_ABUSE,FORGED_RCVD_HELO scantime=2.1,size=2058,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47678,mid=<200904070646.AA00137@FM-312211088.jp.fujitsu.com>,bayes=0.134758024919066,autolearn=no 
Apr  6 23:47:22 splunk3 sendmail[26241]: n376lJcs026222: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31959, dsn=2.0.0, stat=Sent
Apr  6 23:47:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:47:47 splunk3 sendmail[26347]: n376llZ6026347: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:48:47 splunk3 sendmail[26581]: n376mlf2026581: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:49:47 splunk3 sendmail[26815]: n376nlpY026815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:49:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:50:12 splunk3 sendmail[26927]: n376oCTh026927: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070650.n376oCdJ001937@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:50:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47706 
Apr  6 23:50:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:50:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:50:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:50:12 splunk3 spamd[338]: spamd: processing message <200904070650.n376oCdJ001937@virt2.int.splunk.com> for spamme:501 
Apr  6 23:50:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1305 bytes. 
Apr  6 23:50:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47706,mid=<200904070650.n376oCdJ001937@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  6 23:50:14 splunk3 sendmail[26928]: n376oCTh026927: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 23:50:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:50:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:50:47 splunk3 sendmail[27079]: n376olZ5027079: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:51:47 splunk3 sendmail[27316]: n376plE2027316: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:52:47 splunk3 sendmail[27551]: n376qloP027551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:53:47 splunk3 sendmail[27803]: n376rlsr027803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:54:47 splunk3 sendmail[28038]: n376slXi028038: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:54:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  6 23:55:13 splunk3 sendmail[28143]: n376tD6q028143: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070655.n376tDK7002557@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  6 23:55:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47761 
Apr  6 23:55:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  6 23:55:13 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  6 23:55:13 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  6 23:55:13 splunk3 spamd[338]: spamd: processing message <200904070655.n376tDK7002557@virt2.int.splunk.com> for spamme:501 
Apr  6 23:55:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  6 23:55:15 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  6 23:55:15 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47761,mid=<200904070655.n376tDK7002557@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  6 23:55:15 splunk3 sendmail[28144]: n376tD6q028143: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  6 23:55:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  6 23:55:47 splunk3 sendmail[28301]: n376tlLp028301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  6 23:56:47 splunk3 sendmail[28537]: n376ulYf028537: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:57:47 splunk3 sendmail[28774]: n376vlMf028774: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:58:47 splunk3 sendmail[29008]: n376wlZI029008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:59:47 splunk3 sendmail[29248]: n376xl4l029248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  6 23:59:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:00:04 splunk3 sendmail[29399]: n377047g029399: from=root, size=291, class=0, nrcpts=1, msgid=<200904070700.n377047g029399@splunk3.splunkit.com>, relay=root@localhost
Apr  7 00:00:04 splunk3 sendmail[29403]: n37704X7029403: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070700.n377047g029399@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 00:00:04 splunk3 sendmail[29399]: n377047g029399: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37704X7029403 Message accepted for delivery)
Apr  7 00:00:06 splunk3 sendmail[29404]: n37704X7029403: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 00:00:13 splunk3 sendmail[29428]: n3770Dgv029428: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070700.n3770DpJ003198@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:00:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47819 
Apr  7 00:00:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:00:13 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 00:00:13 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 00:00:13 splunk3 sendmail[29429]: n3770Dgv029428: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:00:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:00:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:00:18 splunk3 sendmail[29467]: n3770H3i029467: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070700.n3770H3i029467@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 00:00:18 splunk3 sendmail[29469]: n3770H3i029467: to=<mark@splunk.com>, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 00:00:18 splunk3 sendmail[29469]: n3770H3i029467: to=<splunk@localhost>, delay=00:00:01, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 00:00:18 splunk3 sendmail[29469]: n3770H3i029467: n3770I3i029469: postmaster notify: User unknown
Apr  7 00:00:19 splunk3 sendmail[29469]: n3770I3i029469: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 00:00:47 splunk3 sendmail[29598]: n3770lVd029598: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:01:03 splunk3 sendmail[29667]: n37711kO029667: from=root, size=443, class=0, nrcpts=1, msgid=<200904070701.n37711kO029667@splunk3.splunkit.com>, relay=root@localhost
Apr  7 00:01:03 splunk3 sendmail[29671]: n37713Ox029671: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070701.n37711kO029667@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 00:01:03 splunk3 sendmail[29667]: n37711kO029667: to=root, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37713Ox029671 Message accepted for delivery)
Apr  7 00:01:04 splunk3 sendmail[29672]: n37713Ox029671: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 00:01:47 splunk3 sendmail[29849]: n3771lE3029849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:02:47 splunk3 sendmail[30084]: n3772lG0030084: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:03:47 splunk3 sendmail[30321]: n3773lvC030321: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:04:47 splunk3 sendmail[30555]: n3774lB1030555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:04:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:05:14 splunk3 sendmail[30665]: n3775EXc030665: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070705.n3775D6D003885@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:05:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47882 
Apr  7 00:05:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:05:14 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 00:05:14 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 00:05:14 splunk3 sendmail[30666]: n3775EXc030665: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:05:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:05:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:05:47 splunk3 sendmail[30817]: n3775lCM030817: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:06:47 splunk3 sendmail[31051]: n3776l5Z031051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:07:47 splunk3 sendmail[31289]: n3777lfV031289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:08:47 splunk3 sendmail[31528]: n3778l00031528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:09:47 splunk3 sendmail[31767]: n3779lwT031767: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:09:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:10:02 splunk3 sendmail[31928]: n377A2ps031928: from=root, size=292, class=0, nrcpts=1, msgid=<200904070710.n377A2ps031928@splunk3.splunkit.com>, relay=root@localhost
Apr  7 00:10:02 splunk3 sendmail[31933]: n377A2KP031933: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070710.n377A2ps031928@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 00:10:02 splunk3 sendmail[31928]: n377A2ps031928: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n377A2KP031933 Message accepted for delivery)
Apr  7 00:10:03 splunk3 sendmail[31934]: n377A2KP031933: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 00:10:14 splunk3 sendmail[31993]: n377AEKx031993: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070710.n377AELp004500@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:10:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47939 
Apr  7 00:10:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:10:14 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:10:14 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:10:14 splunk3 spamd[338]: spamd: processing message <200904070710.n377AELp004500@virt2.int.splunk.com> for spamme:501 
Apr  7 00:10:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:10:16 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 00:10:16 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47939,mid=<200904070710.n377AELp004500@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:10:16 splunk3 sendmail[31994]: n377AEKx031993: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:10:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:10:47 splunk3 sendmail[32135]: n377AldV032135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 00:11:47 splunk3 sendmail[32374]: n377Blvp032374: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:12:48 splunk3 sendmail[32608]: n377Cmog032608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:13:48 splunk3 sendmail[381]: n377Dm0S000381: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:14:48 splunk3 sendmail[618]: n377EmBr000618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:14:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:15:15 splunk3 sendmail[740]: n377FEQx000740: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070715.n377FEsN005283@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:15:15 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47995 
Apr  7 00:15:15 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:15:15 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:15:15 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:15:15 splunk3 spamd[338]: spamd: processing message <200904070715.n377FEsN005283@virt2.int.splunk.com> for spamme:501 
Apr  7 00:15:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:15:17 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 00:15:17 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47995,mid=<200904070715.n377FEsN005283@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:15:17 splunk3 sendmail[741]: n377FEQx000740: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:15:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:15:48 splunk3 sendmail[881]: n377FmfD000881: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:16:48 splunk3 sendmail[1117]: n377Gmjc001117: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:17:48 splunk3 sendmail[1355]: n377HmXq001355: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:18:48 splunk3 sendmail[1588]: n377Immv001588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:19:48 splunk3 sendmail[1827]: n377Jm6B001827: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:19:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:20:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:20:17 splunk3 sendmail[1961]: n377KHgP001961: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070720.n377KFwK005914@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:20:17 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48051 
Apr  7 00:20:17 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:20:17 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:20:17 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:20:17 splunk3 spamd[338]: spamd: processing message <200904070720.n377KFwK005914@virt2.int.splunk.com> for spamme:501 
Apr  7 00:20:20 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  7 00:20:20 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48051,mid=<200904070720.n377KFwK005914@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:20:20 splunk3 sendmail[1962]: n377KHgP001961: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:20:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:20:48 splunk3 sendmail[2096]: n377KmOF002096: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:21:48 splunk3 sendmail[2335]: n377LmAx002335: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:22:48 splunk3 sendmail[2570]: n377Mm1O002570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:23:48 splunk3 sendmail[2826]: n377Nmr4002826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:24:48 splunk3 sendmail[3069]: n377OmEh003069: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:24:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:25:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:25:17 splunk3 sendmail[3199]: n377PHX3003199: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070725.n377PH9O006528@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:25:17 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48107 
Apr  7 00:25:17 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:25:17 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:25:17 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:25:17 splunk3 spamd[338]: spamd: processing message <200904070725.n377PH9O006528@virt2.int.splunk.com> for spamme:501 
Apr  7 00:25:19 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 00:25:19 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48107,mid=<200904070725.n377PH9O006528@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:25:19 splunk3 sendmail[3200]: n377PHX3003199: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:25:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:25:48 splunk3 sendmail[3332]: n377PmI4003332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 00:26:48 splunk3 sendmail[3587]: n377QmEd003587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:27:48 splunk3 sendmail[3836]: n377Rmn3003836: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:28:48 splunk3 sendmail[4084]: n377Sm18004084: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:29:48 splunk3 sendmail[4342]: n377TmPe004342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:29:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:30:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:30:18 splunk3 sendmail[4470]: n377UI8X004470: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070730.n377UHTF007147@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:30:18 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48163 
Apr  7 00:30:18 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:30:18 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:30:18 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:30:18 splunk3 spamd[338]: spamd: processing message <200904070730.n377UHTF007147@virt2.int.splunk.com> for spamme:501 
Apr  7 00:30:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 00:30:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48163,mid=<200904070730.n377UHTF007147@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:30:21 splunk3 sendmail[4471]: n377UI8X004470: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:30:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:30:48 splunk3 sendmail[4608]: n377UmDU004608: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:31:48 splunk3 sendmail[4846]: n377VmVF004846: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:32:48 splunk3 sendmail[5091]: n377Wmo4005091: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:33:48 splunk3 sendmail[5369]: n377XmxN005369: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:34:48 splunk3 sendmail[5604]: n377YmTi005604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:34:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:35:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:35:19 splunk3 sendmail[5735]: n377ZIuM005735: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070735.n377ZIQj007894@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:35:19 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48219 
Apr  7 00:35:19 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:35:19 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:35:19 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:35:19 splunk3 spamd[338]: spamd: processing message <200904070735.n377ZIQj007894@virt2.int.splunk.com> for spamme:501 
Apr  7 00:35:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 00:35:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48219,mid=<200904070735.n377ZIQj007894@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:35:21 splunk3 sendmail[5736]: n377ZIuM005735: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:35:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:35:48 splunk3 sendmail[5869]: n377ZmKM005869: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:36:48 splunk3 sendmail[6104]: n377amt8006104: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:37:48 splunk3 sendmail[6341]: n377bmsD006341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:38:48 splunk3 sendmail[6578]: n377cmuu006578: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:39:48 splunk3 sendmail[6814]: n377dmfS006814: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:39:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:40:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:40:19 splunk3 sendmail[6962]: n377eJpx006962: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070740.n377eJKk008527@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:40:19 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48274 
Apr  7 00:40:19 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:40:19 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:40:19 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:40:19 splunk3 spamd[338]: spamd: processing message <200904070740.n377eJKk008527@virt2.int.splunk.com> for spamme:501 
Apr  7 00:40:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 00:40:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48274,mid=<200904070740.n377eJKk008527@virt2.int.splunk.com>,bayes=0.169139040252454,autolearn=no 
Apr  7 00:40:21 splunk3 sendmail[6963]: n377eJpx006962: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:40:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:40:48 splunk3 sendmail[7078]: n377em9l007078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:41:05 splunk3 sendmail[7097]: n377epMg007097: from=<toves@freshdrop.net>, size=5717, class=0, nrcpts=1, msgid=<83f7019dbb15$601aa877$55feebee@freshdrop.net>, proto=ESMTP, daemon=MTA, relay=86-121-127-164.rdsnet.ro [86.121.127.164] (may be forged)
Apr  7 00:41:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48289 
Apr  7 00:41:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:41:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:41:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:41:05 splunk3 spamd[338]: spamd: processing message <83f7019dbb15$601aa877$55feebee@freshdrop.net> for spamme:501 
Apr  7 00:41:08 splunk3 spamd[338]: spamd: identified spam (33.4/5.0) for spamme:501 in 2.3 seconds, 6042 bytes. 
Apr  7 00:41:08 splunk3 spamd[338]: spamd: result: Y 33 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.3,size=6042,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48289,mid=<83f7019dbb15$601aa877$55feebee@freshdrop.net>,bayes=1,autolearn=spam 
Apr  7 00:41:08 splunk3 sendmail[7162]: n377epMg007097: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=35951, dsn=2.0.0, stat=Sent
Apr  7 00:41:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 00:41:48 splunk3 sendmail[7326]: n377fmNT007326: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:42:48 splunk3 sendmail[7570]: n377gmhd007570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:43:48 splunk3 sendmail[7809]: n377hmBd007809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:44:48 splunk3 sendmail[8045]: n377imTe008045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:44:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:45:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:45:20 splunk3 sendmail[8186]: n377jKBu008186: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070745.n377jKdO009140@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:45:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48332 
Apr  7 00:45:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:45:20 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:45:20 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:45:20 splunk3 spamd[338]: spamd: processing message <200904070745.n377jKdO009140@virt2.int.splunk.com> for spamme:501 
Apr  7 00:45:22 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 00:45:22 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48332,mid=<200904070745.n377jKdO009140@virt2.int.splunk.com>,bayes=0.169133709227958,autolearn=no 
Apr  7 00:45:22 splunk3 sendmail[8187]: n377jKBu008186: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:45:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:45:48 splunk3 sendmail[8307]: n377jmZs008307: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:46:48 splunk3 sendmail[8540]: n377kmed008540: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:47:48 splunk3 sendmail[8780]: n377lmDK008780: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:48:48 splunk3 sendmail[9015]: n377mmEo009015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:49:48 splunk3 sendmail[9255]: n377nmfF009255: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:49:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:50:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:50:20 splunk3 sendmail[9403]: n377oKWG009403: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904070750.n377oKif009759@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:50:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48387 
Apr  7 00:50:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:50:20 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:50:20 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:50:20 splunk3 spamd[338]: spamd: processing message <200904070750.n377oKif009759@virt2.int.splunk.com> for spamme:501 
Apr  7 00:50:22 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 00:50:22 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48387,mid=<200904070750.n377oKif009759@virt2.int.splunk.com>,bayes=0.169133709227958,autolearn=no 
Apr  7 00:50:22 splunk3 sendmail[9404]: n377oKWG009403: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 00:50:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:50:48 splunk3 sendmail[9521]: n377omWs009521: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:51:48 splunk3 sendmail[9759]: n377pmts009759: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:52:48 splunk3 sendmail[9991]: n377qm7B009991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:53:08 splunk3 sendmail[10075]: n377r8Y3010075: from=<3YwbbSRQKBo4y66y3ws3w9BA-569w73Gy66y3w.u64A7s44wA73C520B.u64@alerts.bounces.google.com>, size=2795, class=0, nrcpts=1, msgid=<0016e640cdd040a2e30466f24e8c@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.163]
Apr  7 00:53:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48421 
Apr  7 00:53:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:53:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:53:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:53:08 splunk3 spamd[338]: spamd: processing message <0016e640cdd040a2e30466f24e8c@google.com> for spamme:501 
Apr  7 00:53:10 splunk3 spamd[338]: spamd: clean message (-2.2/5.0) for spamme:501 in 1.7 seconds, 3224 bytes. 
Apr  7 00:53:10 splunk3 spamd[338]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.7,size=3224,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48421,mid=<0016e640cdd040a2e30466f24e8c@google.com>,bayes=1.66533453693773e-16,autolearn=ham 
Apr  7 00:53:10 splunk3 sendmail[10076]: n377r8Y3010075: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=33005, dsn=2.0.0, stat=Sent
Apr  7 00:53:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:53:48 splunk3 sendmail[10237]: n377rm7Q010237: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:54:48 splunk3 sendmail[10470]: n377smFj010470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:54:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 00:55:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 00:55:21 splunk3 sendmail[10618]: n377tLXP010618: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070755.n377tLll010365@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 00:55:21 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48444 
Apr  7 00:55:21 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 00:55:21 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 00:55:21 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 00:55:21 splunk3 spamd[338]: spamd: processing message <200904070755.n377tLll010365@virt2.int.splunk.com> for spamme:501 
Apr  7 00:55:23 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 00:55:23 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48444,mid=<200904070755.n377tLll010365@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 00:55:23 splunk3 sendmail[10619]: n377tLXP010618: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 00:55:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 00:55:48 splunk3 sendmail[10733]: n377tmcf010733: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 00:56:48 splunk3 sendmail[10969]: n377umpf010969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:57:48 splunk3 sendmail[11207]: n377vmIe011207: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:58:48 splunk3 sendmail[11442]: n377wmsH011442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:59:48 splunk3 sendmail[11683]: n377xmm3011683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 00:59:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:00:04 splunk3 sendmail[11830]: n37804hP011830: from=root, size=291, class=0, nrcpts=1, msgid=<200904070800.n37804hP011830@splunk3.splunkit.com>, relay=root@localhost
Apr  7 01:00:04 splunk3 sendmail[11834]: n37804d2011834: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070800.n37804hP011830@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 01:00:04 splunk3 sendmail[11830]: n37804hP011830: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37804d2011834 Message accepted for delivery)
Apr  7 01:00:05 splunk3 sendmail[11835]: n37804d2011834: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 01:00:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:00:22 splunk3 sendmail[11897]: n3780MnP011897: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070800.n3780M9r011002@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:00:22 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48501 
Apr  7 01:00:22 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:00:22 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 01:00:22 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 01:00:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:00:22 splunk3 sendmail[11898]: n3780MnP011897: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:00:23 splunk3 sendmail[11916]: n3780NgH011916: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070800.n3780NgH011916@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 01:00:23 splunk3 sendmail[11918]: n3780NgH011916: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 01:00:23 splunk3 sendmail[11918]: n3780NgH011916: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 01:00:23 splunk3 sendmail[11918]: n3780NgH011916: n3780NgH011918: postmaster notify: User unknown
Apr  7 01:00:25 splunk3 sendmail[11918]: n3780NgH011918: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 01:00:48 splunk3 sendmail[12029]: n3780mLo012029: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:01:07 splunk3 sendmail[12099]: n378114l012099: from=root, size=443, class=0, nrcpts=1, msgid=<200904070801.n378114l012099@splunk3.splunkit.com>, relay=root@localhost
Apr  7 01:01:07 splunk3 sendmail[12118]: n37817Gk012118: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070801.n378114l012099@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 01:01:07 splunk3 sendmail[12099]: n378114l012099: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37817Gk012118 Message accepted for delivery)
Apr  7 01:01:08 splunk3 sendmail[12119]: n37817Gk012118: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 01:01:48 splunk3 sendmail[12280]: n3781mK8012280: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:02:48 splunk3 sendmail[12516]: n3782mVc012516: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:03:48 splunk3 sendmail[12756]: n3783mdS012756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:04:48 splunk3 sendmail[12991]: n3784mhb012991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:04:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:05:15 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:05:23 splunk3 sendmail[13137]: n3785N19013137: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070805.n3785MEh011680@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:05:23 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48565 
Apr  7 01:05:23 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:05:23 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 01:05:23 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 01:05:23 splunk3 sendmail[13138]: n3785N19013137: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:05:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:05:48 splunk3 sendmail[13259]: n3785mp7013259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:06:48 splunk3 sendmail[13528]: n3786mDH013528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:07:48 splunk3 sendmail[13765]: n3787mww013765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:08:48 splunk3 sendmail[14003]: n3788mCr014003: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:09:48 splunk3 sendmail[14246]: n3789mdn014246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:09:51 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:10:02 splunk3 sendmail[14408]: n378A2px014408: from=root, size=292, class=0, nrcpts=1, msgid=<200904070810.n378A2px014408@splunk3.splunkit.com>, relay=root@localhost
Apr  7 01:10:02 splunk3 sendmail[14413]: n378A2wA014413: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070810.n378A2px014408@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 01:10:02 splunk3 sendmail[14408]: n378A2px014408: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n378A2wA014413 Message accepted for delivery)
Apr  7 01:10:03 splunk3 sendmail[14414]: n378A2wA014413: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 01:10:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:10:23 splunk3 sendmail[14512]: n378ANRh014512: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070810.n378ANfZ012304@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:10:23 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48622 
Apr  7 01:10:23 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:10:23 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:10:23 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:10:23 splunk3 spamd[338]: spamd: processing message <200904070810.n378ANfZ012304@virt2.int.splunk.com> for spamme:501 
Apr  7 01:10:25 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 01:10:25 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48622,mid=<200904070810.n378ANfZ012304@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:10:25 splunk3 sendmail[14513]: n378ANRh014512: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:10:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:10:48 splunk3 sendmail[14621]: n378Am6u014621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 01:11:48 splunk3 sendmail[14866]: n378BmUQ014866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:12:48 splunk3 sendmail[15101]: n378CmkU015101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:13:48 splunk3 sendmail[15339]: n378Dm2o015339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:14:48 splunk3 sendmail[15587]: n378EmNU015587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:14:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:15:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:15:24 splunk3 sendmail[15730]: n378FO6P015730: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070815.n378FOZ8013083@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:15:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48678 
Apr  7 01:15:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:15:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:15:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:15:24 splunk3 spamd[338]: spamd: processing message <200904070815.n378FOZ8013083@virt2.int.splunk.com> for spamme:501 
Apr  7 01:15:26 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 01:15:26 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48678,mid=<200904070815.n378FOZ8013083@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:15:27 splunk3 sendmail[15731]: n378FO6P015730: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:15:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:15:48 splunk3 sendmail[15846]: n378Fmu8015846: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:16:48 splunk3 sendmail[16082]: n378GmdF016082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:17:48 splunk3 sendmail[16323]: n378Hmdo016323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:18:48 splunk3 sendmail[16558]: n378ImYn016558: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:19:48 splunk3 sendmail[16796]: n378JmGm016796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:19:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:20:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:20:25 splunk3 sendmail[16945]: n378KPwV016945: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070820.n378KOhS013716@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:20:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48734 
Apr  7 01:20:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:20:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:20:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:20:25 splunk3 spamd[338]: spamd: processing message <200904070820.n378KOhS013716@virt2.int.splunk.com> for spamme:501 
Apr  7 01:20:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 01:20:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48734,mid=<200904070820.n378KOhS013716@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:20:27 splunk3 sendmail[16946]: n378KPwV016945: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:20:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:20:48 splunk3 sendmail[17063]: n378KmEw017063: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:21:48 splunk3 sendmail[17298]: n378Lm4q017298: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:22:48 splunk3 sendmail[17533]: n378MmNP017533: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:23:48 splunk3 sendmail[17776]: n378NmoG017776: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:24:48 splunk3 sendmail[18016]: n378OmX1018016: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:24:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:25:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:25:25 splunk3 sendmail[18169]: n378PPV8018169: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070825.n378PP3d014323@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:25:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48797 
Apr  7 01:25:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:25:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:25:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:25:25 splunk3 spamd[338]: spamd: processing message <200904070825.n378PP3d014323@virt2.int.splunk.com> for spamme:501 
Apr  7 01:25:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 01:25:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48797,mid=<200904070825.n378PP3d014323@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:25:27 splunk3 sendmail[18173]: n378PPV8018169: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:25:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:25:48 splunk3 sendmail[18274]: n378Pm72018274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 01:26:48 splunk3 sendmail[18511]: n378Qmr9018511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:27:48 splunk3 sendmail[18748]: n378Rmmc018748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:28:48 splunk3 sendmail[18978]: n378SmkU018978: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:29:48 splunk3 sendmail[19222]: n378Tmak019222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:29:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:30:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:30:26 splunk3 sendmail[19380]: n378UQZd019380: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070830.n378UQ4d014944@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:30:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48854 
Apr  7 01:30:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:30:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:30:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:30:26 splunk3 spamd[338]: spamd: processing message <200904070830.n378UQ4d014944@virt2.int.splunk.com> for spamme:501 
Apr  7 01:30:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 01:30:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48854,mid=<200904070830.n378UQ4d014944@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:30:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:30:29 splunk3 sendmail[19381]: n378UQZd019380: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:30:48 splunk3 sendmail[19483]: n378UmNT019483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:31:48 splunk3 sendmail[19723]: n378VmZt019723: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:32:48 splunk3 sendmail[19958]: n378WmYb019958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:33:48 splunk3 sendmail[20198]: n378XmME020198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:34:48 splunk3 sendmail[20435]: n378Ym1a020435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:34:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:35:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:35:27 splunk3 sendmail[20591]: n378ZRIe020591: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070835.n378ZQHp015689@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:35:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48909 
Apr  7 01:35:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:35:27 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:35:27 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:35:27 splunk3 spamd[338]: spamd: processing message <200904070835.n378ZQHp015689@virt2.int.splunk.com> for spamme:501 
Apr  7 01:35:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 01:35:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48909,mid=<200904070835.n378ZQHp015689@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:35:29 splunk3 sendmail[20592]: n378ZRIe020591: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:35:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:35:48 splunk3 sendmail[20694]: n378ZmZn020694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:36:48 splunk3 sendmail[20928]: n378am8W020928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:37:48 splunk3 sendmail[21166]: n378bmYw021166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:38:48 splunk3 sendmail[21407]: n378cm8B021407: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:39:48 splunk3 sendmail[21651]: n378dmvE021651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:39:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:40:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:40:27 splunk3 sendmail[21811]: n378eRwS021811: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070840.n378eRZm016330@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:40:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 48965 
Apr  7 01:40:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:40:27 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:40:27 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:40:27 splunk3 spamd[338]: spamd: processing message <200904070840.n378eRZm016330@virt2.int.splunk.com> for spamme:501 
Apr  7 01:40:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 01:40:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48965,mid=<200904070840.n378eRZm016330@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:40:29 splunk3 sendmail[21812]: n378eRwS021811: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:40:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:40:48 splunk3 sendmail[21913]: n378emEa021913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 01:41:48 splunk3 sendmail[22151]: n378fmrM022151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:42:48 splunk3 sendmail[22384]: n378gmNZ022384: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:43:48 splunk3 sendmail[22622]: n378hmeJ022622: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:44:47 splunk3 sendmail[22838]: n378iiE3022838: from=<spamme@splunkit.com>, size=659, class=0, nrcpts=1, msgid=<200904070844.n378iiE3022838@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=[125.176.212.167]
Apr  7 01:44:47 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49007 
Apr  7 01:44:47 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:44:47 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:44:47 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:44:47 splunk3 spamd[338]: spamd: processing message <200904070844.n378iiE3022838@splunk3.splunkit.com> for spamme:501 
Apr  7 01:44:48 splunk3 sendmail[22866]: n378imeO022866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:44:49 splunk3 spamd[338]: spamd: identified spam (11.4/5.0) for spamme:501 in 2.6 seconds, 1020 bytes. 
Apr  7 01:44:49 splunk3 spamd[338]: spamd: result: Y 11 - BAYES_80,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_XBL scantime=2.6,size=1020,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49007,mid=<200904070844.n378iiE3022838@splunk3.splunkit.com>,bayes=0.801179161952754,autolearn=no 
Apr  7 01:44:49 splunk3 sendmail[22841]: n378iiE3022838: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=30944, dsn=2.0.0, stat=Sent
Apr  7 01:44:49 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:44:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:45:17 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:45:30 splunk3 sendmail[23043]: n378jUOg023043: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070845.n378jRbT016962@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:45:30 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49023 
Apr  7 01:45:30 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:45:30 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:45:30 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:45:30 splunk3 spamd[338]: spamd: processing message <200904070845.n378jRbT016962@virt2.int.splunk.com> for spamme:501 
Apr  7 01:45:32 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 01:45:32 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49023,mid=<200904070845.n378jRbT016962@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:45:32 splunk3 sendmail[23044]: n378jUOg023043: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:45:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:45:48 splunk3 sendmail[23126]: n378jmT2023126: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:46:48 splunk3 sendmail[23361]: n378kmjG023361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:47:48 splunk3 sendmail[23600]: n378lmm7023600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:48:48 splunk3 sendmail[23831]: n378mmJI023831: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:49:48 splunk3 sendmail[24074]: n378nm49024074: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:49:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:50:01 splunk3 sendmail[24118]: n378o057024118: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070850.n378o0aL017488@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:50:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49067 
Apr  7 01:50:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:50:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:50:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:50:01 splunk3 spamd[338]: spamd: processing message <200904070850.n378o0aL017488@virt2.int.splunk.com> for spamme:501 
Apr  7 01:50:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 01:50:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49067,mid=<200904070850.n378o0aL017488@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:50:03 splunk3 sendmail[24119]: n378o057024118: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:50:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:50:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:50:48 splunk3 sendmail[24334]: n378omCC024334: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:51:48 splunk3 sendmail[24573]: n378pmvI024573: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:52:48 splunk3 sendmail[24810]: n378qmdb024810: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:53:48 splunk3 sendmail[25054]: n378rmiY025054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:54:48 splunk3 sendmail[25295]: n378smJu025295: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:54:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 01:55:01 splunk3 sendmail[25338]: n378t1FH025338: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070855.n378t1od018103@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 01:55:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49122 
Apr  7 01:55:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 01:55:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 01:55:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 01:55:01 splunk3 spamd[338]: spamd: processing message <200904070855.n378t1od018103@virt2.int.splunk.com> for spamme:501 
Apr  7 01:55:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 01:55:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49122,mid=<200904070855.n378t1od018103@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 01:55:03 splunk3 sendmail[25339]: n378t1FH025338: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 01:55:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 01:55:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 01:55:48 splunk3 sendmail[25552]: n378tm83025552: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 01:56:48 splunk3 sendmail[25786]: n378umfh025786: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:57:48 splunk3 sendmail[26024]: n378vmZk026024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:58:48 splunk3 sendmail[26259]: n378wmG9026259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:59:48 splunk3 sendmail[26505]: n378xmhK026505: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 01:59:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:00:01 splunk3 sendmail[26603]: n37901sQ026603: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070900.n37901vX018754@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:00:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49179 
Apr  7 02:00:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:00:01 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 02:00:01 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 02:00:01 splunk3 sendmail[26604]: n37901sQ026603: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:00:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:00:04 splunk3 sendmail[26638]: n37904L9026638: from=root, size=291, class=0, nrcpts=1, msgid=<200904070900.n37904L9026638@splunk3.splunkit.com>, relay=root@localhost
Apr  7 02:00:04 splunk3 sendmail[26642]: n37904bo026642: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904070900.n37904L9026638@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 02:00:04 splunk3 sendmail[26638]: n37904L9026638: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37904bo026642 Message accepted for delivery)
Apr  7 02:00:05 splunk3 sendmail[26643]: n37904bo026642: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 02:00:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:00:28 splunk3 sendmail[26756]: n3790Spq026756: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904070900.n3790Spq026756@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 02:00:28 splunk3 sendmail[26758]: n3790Spq026756: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 02:00:28 splunk3 sendmail[26758]: n3790Spq026756: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 02:00:28 splunk3 sendmail[26758]: n3790Spq026756: n3790Spq026758: postmaster notify: User unknown
Apr  7 02:00:30 splunk3 sendmail[26758]: n3790Spq026758: to=root, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 02:00:48 splunk3 sendmail[26848]: n3790mTP026848: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:01:06 splunk3 sendmail[26897]: n37911qm026897: from=root, size=443, class=0, nrcpts=1, msgid=<200904070901.n37911qm026897@splunk3.splunkit.com>, relay=root@localhost
Apr  7 02:01:06 splunk3 sendmail[26922]: n37916k2026922: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904070901.n37911qm026897@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 02:01:06 splunk3 sendmail[26897]: n37911qm026897: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37916k2026922 Message accepted for delivery)
Apr  7 02:01:08 splunk3 sendmail[26923]: n37916k2026922: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 02:01:48 splunk3 sendmail[27099]: n3791mn7027099: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:02:48 splunk3 sendmail[27332]: n3792mRr027332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:03:48 splunk3 sendmail[27568]: n3793mkU027568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:04:48 splunk3 sendmail[27807]: n3794mgT027807: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:04:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:05:02 splunk3 sendmail[27857]: n37952bL027857: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070905.n37951oB019456@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:05:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49243 
Apr  7 02:05:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:05:02 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 02:05:02 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 02:05:02 splunk3 sendmail[27858]: n37952bL027857: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:05:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:05:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:05:48 splunk3 sendmail[28065]: n3795mQn028065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:06:48 splunk3 sendmail[28302]: n3796muX028302: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:07:48 splunk3 sendmail[28541]: n3797mHj028541: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:08:48 splunk3 sendmail[28782]: n3798mpV028782: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:09:48 splunk3 sendmail[29024]: n3799mBR029024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:09:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:10:02 splunk3 sendmail[29164]: n379A21I029164: from=root, size=292, class=0, nrcpts=1, msgid=<200904070910.n379A21I029164@splunk3.splunkit.com>, relay=root@localhost
Apr  7 02:10:02 splunk3 sendmail[29169]: n379A2mr029169: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904070910.n379A21I029164@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 02:10:02 splunk3 sendmail[29164]: n379A21I029164: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n379A2mr029169 Message accepted for delivery)
Apr  7 02:10:03 splunk3 sendmail[29190]: n379A3PV029190: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070910.n379A2iR020067@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:10:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49300 
Apr  7 02:10:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:10:03 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:10:03 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:10:03 splunk3 spamd[338]: spamd: processing message <200904070910.n379A2iR020067@virt2.int.splunk.com> for spamme:501 
Apr  7 02:10:04 splunk3 sendmail[29174]: n379A2mr029169: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 02:10:05 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  7 02:10:05 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49300,mid=<200904070910.n379A2iR020067@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:10:05 splunk3 sendmail[29191]: n379A3PV029190: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:10:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:10:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:10:48 splunk3 sendmail[29387]: n379AmGb029387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 02:11:49 splunk3 sendmail[29627]: n379Bncs029627: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:12:49 splunk3 sendmail[29861]: n379CnUc029861: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:13:49 splunk3 sendmail[30101]: n379DnSn030101: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:14:49 splunk3 sendmail[30341]: n379EnaC030341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:14:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:15:03 splunk3 sendmail[30415]: n379F3AG030415: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070915.n379F3dL020856@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:15:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49364 
Apr  7 02:15:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:15:03 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:15:03 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:15:03 splunk3 spamd[338]: spamd: processing message <200904070915.n379F3dL020856@virt2.int.splunk.com> for spamme:501 
Apr  7 02:15:05 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 02:15:05 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49364,mid=<200904070915.n379F3dL020856@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:15:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:15:05 splunk3 sendmail[30416]: n379F3AG030415: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:15:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:15:49 splunk3 sendmail[30600]: n379FnDN030600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:16:49 splunk3 sendmail[30830]: n379Gng0030830: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:17:49 splunk3 sendmail[31070]: n379HnBP031070: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:18:49 splunk3 sendmail[31305]: n379In7I031305: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:19:49 splunk3 sendmail[31549]: n379JnNh031549: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:19:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:20:04 splunk3 sendmail[31630]: n379K3lB031630: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070920.n379K3lq021489@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:20:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49420 
Apr  7 02:20:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:20:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:20:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:20:04 splunk3 spamd[338]: spamd: processing message <200904070920.n379K3lq021489@virt2.int.splunk.com> for spamme:501 
Apr  7 02:20:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 02:20:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49420,mid=<200904070920.n379K3lq021489@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:20:06 splunk3 sendmail[31631]: n379K3lB031630: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:20:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:20:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:20:49 splunk3 sendmail[31811]: n379KnNR031811: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:21:49 splunk3 sendmail[32050]: n379Ln73032050: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:22:49 splunk3 sendmail[32286]: n379Mnfc032286: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:23:49 splunk3 sendmail[32527]: n379Nnl9032527: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:24:49 splunk3 sendmail[300]: n379Onwu000300: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:24:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:25:04 splunk3 sendmail[378]: n379P4ut000378: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070925.n379P49d022102@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:25:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49475 
Apr  7 02:25:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:25:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:25:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:25:04 splunk3 spamd[338]: spamd: processing message <200904070925.n379P49d022102@virt2.int.splunk.com> for spamme:501 
Apr  7 02:25:08 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  7 02:25:08 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49475,mid=<200904070925.n379P49d022102@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:25:08 splunk3 sendmail[379]: n379P4ut000378: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:25:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:25:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:25:49 splunk3 sendmail[559]: n379PnXB000559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 02:26:49 splunk3 sendmail[796]: n379QnXt000796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:27:49 splunk3 sendmail[1037]: n379RnAe001037: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:28:49 splunk3 sendmail[1273]: n379SnJg001273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:29:49 splunk3 sendmail[1519]: n379Tn2G001519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:29:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:30:05 splunk3 sendmail[1594]: n379U4m1001594: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070930.n379U4jL022720@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:30:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49532 
Apr  7 02:30:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:30:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:30:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:30:05 splunk3 spamd[338]: spamd: processing message <200904070930.n379U4jL022720@virt2.int.splunk.com> for spamme:501 
Apr  7 02:30:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 02:30:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49532,mid=<200904070930.n379U4jL022720@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:30:07 splunk3 sendmail[1595]: n379U4m1001594: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:30:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:30:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:30:49 splunk3 sendmail[1776]: n379UnWN001776: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:31:49 splunk3 sendmail[2016]: n379Vnif002016: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:32:49 splunk3 sendmail[2250]: n379Wnpc002250: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:33:49 splunk3 sendmail[2488]: n379XnNt002488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:34:49 splunk3 sendmail[2736]: n379Ynu8002736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:34:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:35:05 splunk3 sendmail[2821]: n379Z5QN002821: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070935.n379Z5dC023497@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:35:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49588 
Apr  7 02:35:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:35:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:35:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:35:05 splunk3 spamd[338]: spamd: processing message <200904070935.n379Z5dC023497@virt2.int.splunk.com> for spamme:501 
Apr  7 02:35:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 02:35:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49588,mid=<200904070935.n379Z5dC023497@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:35:07 splunk3 sendmail[2822]: n379Z5QN002821: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:35:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:35:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:35:49 splunk3 sendmail[3008]: n379ZnnQ003008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:36:49 splunk3 sendmail[3248]: n379anCj003248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:37:49 splunk3 sendmail[3483]: n379bn5H003483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:38:49 splunk3 sendmail[3752]: n379cn5u003752: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:39:49 splunk3 sendmail[4003]: n379dnRQ004003: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:39:50 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:40:06 splunk3 sendmail[4087]: n379e6fT004087: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070940.n379e5Fq024132@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:40:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49643 
Apr  7 02:40:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:40:06 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:40:06 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:40:06 splunk3 spamd[338]: spamd: processing message <200904070940.n379e5Fq024132@virt2.int.splunk.com> for spamme:501 
Apr  7 02:40:08 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 02:40:08 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49643,mid=<200904070940.n379e5Fq024132@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:40:08 splunk3 sendmail[4088]: n379e6fT004087: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:40:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:40:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:40:49 splunk3 sendmail[4274]: n379en24004274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 02:41:49 splunk3 sendmail[4528]: n379fnen004528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:42:49 splunk3 sendmail[4765]: n379gnNT004765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:43:49 splunk3 sendmail[5015]: n379hnxL005015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:44:49 splunk3 sendmail[5289]: n379inm7005289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:44:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:45:06 splunk3 sendmail[5371]: n379j6X5005371: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070945.n379j67C024745@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:45:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49700 
Apr  7 02:45:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:45:06 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:45:06 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:45:06 splunk3 spamd[338]: spamd: processing message <200904070945.n379j67C024745@virt2.int.splunk.com> for spamme:501 
Apr  7 02:45:08 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 02:45:08 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49700,mid=<200904070945.n379j67C024745@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:45:08 splunk3 sendmail[5372]: n379j6X5005371: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:45:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:45:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:45:49 splunk3 sendmail[5553]: n379jnkX005553: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:46:49 splunk3 sendmail[5787]: n379knvQ005787: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:47:49 splunk3 sendmail[6026]: n379lne8006026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:48:49 splunk3 sendmail[6261]: n379mnE3006261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:49:49 splunk3 sendmail[6503]: n379nnia006503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:49:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:50:07 splunk3 sendmail[6584]: n379o6Ou006584: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070950.n379o6JR025354@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:50:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49755 
Apr  7 02:50:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:50:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:50:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:50:07 splunk3 spamd[338]: spamd: processing message <200904070950.n379o6JR025354@virt2.int.splunk.com> for spamme:501 
Apr  7 02:50:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 02:50:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49755,mid=<200904070950.n379o6JR025354@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:50:09 splunk3 sendmail[6585]: n379o6Ou006584: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:50:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:50:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:50:49 splunk3 sendmail[6764]: n379onAw006764: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:51:49 splunk3 sendmail[7000]: n379pn3d007000: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:52:49 splunk3 sendmail[7235]: n379qnih007235: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:53:49 splunk3 sendmail[7477]: n379rnLc007477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:54:49 splunk3 sendmail[7725]: n379sn9D007725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:54:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 02:55:07 splunk3 sendmail[7803]: n379t7l0007803: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904070955.n379t704025961@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 02:55:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49811 
Apr  7 02:55:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 02:55:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 02:55:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 02:55:07 splunk3 spamd[338]: spamd: processing message <200904070955.n379t704025961@virt2.int.splunk.com> for spamme:501 
Apr  7 02:55:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 02:55:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49811,mid=<200904070955.n379t704025961@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 02:55:09 splunk3 sendmail[7804]: n379t7l0007803: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 02:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 02:55:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 02:55:49 splunk3 sendmail[7982]: n379tntW007982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 02:56:49 splunk3 sendmail[8220]: n379unfb008220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:57:49 splunk3 sendmail[8459]: n379vnVf008459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:58:49 splunk3 sendmail[8692]: n379wnlA008692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:59:49 splunk3 sendmail[8937]: n379xnpO008937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 02:59:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:00:04 splunk3 sendmail[9064]: n37A04pO009064: from=root, size=291, class=0, nrcpts=1, msgid=<200904071000.n37A04pO009064@splunk3.splunkit.com>, relay=root@localhost
Apr  7 03:00:04 splunk3 sendmail[9068]: n37A04Dg009068: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071000.n37A04pO009064@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 03:00:04 splunk3 sendmail[9064]: n37A04pO009064: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37A04Dg009068 Message accepted for delivery)
Apr  7 03:00:05 splunk3 sendmail[9086]: n37A05DY009086: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904071000.n37A05DY009086@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 03:00:05 splunk3 sendmail[9088]: n37A05DY009086: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 03:00:05 splunk3 sendmail[9088]: n37A05DY009086: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 03:00:05 splunk3 sendmail[9088]: n37A05DY009086: n37A05DY009088: postmaster notify: User unknown
Apr  7 03:00:06 splunk3 sendmail[9069]: n37A04Dg009068: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 03:00:07 splunk3 sendmail[9115]: n37A07Qg009115: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071000.n37A07Ga026599@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:00:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49875 
Apr  7 03:00:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:00:07 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 03:00:07 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 03:00:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:00:07 splunk3 sendmail[9116]: n37A07Qg009115: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:00:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:00:15 splunk3 sendmail[9088]: n37A05DY009088: to=root, delay=00:00:10, xdelay=00:00:10, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 03:00:49 splunk3 sendmail[9280]: n37A0nQR009280: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:01:06 splunk3 sendmail[9334]: n37A11h8009334: from=root, size=443, class=0, nrcpts=1, msgid=<200904071001.n37A11h8009334@splunk3.splunkit.com>, relay=root@localhost
Apr  7 03:01:06 splunk3 sendmail[9357]: n37A16Ip009357: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071001.n37A11h8009334@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 03:01:06 splunk3 sendmail[9334]: n37A11h8009334: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37A16Ip009357 Message accepted for delivery)
Apr  7 03:01:07 splunk3 sendmail[9358]: n37A16Ip009357: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 03:01:49 splunk3 sendmail[9532]: n37A1nIU009532: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:02:49 splunk3 sendmail[9768]: n37A2ndk009768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:03:49 splunk3 sendmail[10008]: n37A3nkD010008: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:04:49 splunk3 sendmail[10248]: n37A4nKZ010248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:04:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:04:52 splunk3 sendmail[10244]: n37A4n6R010244: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=218-160-114-227.dynamic.hinet.net [218.160.114.227], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  7 03:05:08 splunk3 sendmail[10341]: n37A58tY010341: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071005.n37A58mg027281@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:05:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49932 
Apr  7 03:05:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:05:08 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 03:05:08 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 03:05:08 splunk3 sendmail[10342]: n37A58tY010341: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:05:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:05:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:05:49 splunk3 sendmail[10505]: n37A5n5m010505: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:06:49 splunk3 sendmail[10738]: n37A6nsZ010738: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:07:49 splunk3 sendmail[10974]: n37A7nSd010974: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:08:49 splunk3 sendmail[11214]: n37A8ncD011214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:09:49 splunk3 sendmail[11459]: n37A9nq1011459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:09:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:10:02 splunk3 sendmail[11616]: n37AA2KO011616: from=root, size=292, class=0, nrcpts=1, msgid=<200904071010.n37AA2KO011616@splunk3.splunkit.com>, relay=root@localhost
Apr  7 03:10:02 splunk3 sendmail[11621]: n37AA2se011621: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071010.n37AA2KO011616@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 03:10:02 splunk3 sendmail[11616]: n37AA2KO011616: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37AA2se011621 Message accepted for delivery)
Apr  7 03:10:03 splunk3 sendmail[11622]: n37AA2se011621: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 03:10:09 splunk3 sendmail[11659]: n37AA9qG011659: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071010.n37AA9Qn027895@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:10:09 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 49988 
Apr  7 03:10:09 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:10:09 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:10:09 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:10:09 splunk3 spamd[338]: spamd: processing message <200904071010.n37AA9Qn027895@virt2.int.splunk.com> for spamme:501 
Apr  7 03:10:11 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 03:10:11 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=49988,mid=<200904071010.n37AA9Qn027895@virt2.int.splunk.com>,bayes=0.112219416925218,autolearn=no 
Apr  7 03:10:11 splunk3 sendmail[11660]: n37AA9qG011659: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:10:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:10:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:10:49 splunk3 sendmail[11823]: n37AAnMT011823: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 03:11:49 splunk3 sendmail[12065]: n37ABn5S012065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:11:51 splunk3 sendmail[12067]: n37ABpn6012067: from=<35ybbSRQKBjMVddVaTPaTgih-cdgTeanVddVaT.RdbhePbbTheajcZXi.Rdb@alerts.bounces.google.com>, size=5782, class=0, nrcpts=1, msgid=<001485f547345b95ff0466f43eb2@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.191]
Apr  7 03:11:51 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50005 
Apr  7 03:11:51 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:11:51 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:11:51 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:11:51 splunk3 spamd[338]: spamd: processing message <001485f547345b95ff0466f43eb2@google.com> for spamme:501 
Apr  7 03:11:53 splunk3 spamd[338]: spamd: clean message (-2.3/5.0) for spamme:501 in 2.1 seconds, 6212 bytes. 
Apr  7 03:11:53 splunk3 spamd[338]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.1,size=6212,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50005,mid=<001485f547345b95ff0466f43eb2@google.com>,bayes=1.66533453693773e-16,autolearn=ham 
Apr  7 03:11:53 splunk3 sendmail[12068]: n37ABpn6012067: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=35993, dsn=2.0.0, stat=Sent
Apr  7 03:11:53 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:12:49 splunk3 sendmail[12304]: n37ACnC1012304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:13:49 splunk3 sendmail[12547]: n37ADnoC012547: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:14:49 splunk3 sendmail[12787]: n37AEnub012787: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:14:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:15:10 splunk3 sendmail[12883]: n37AFALE012883: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071015.n37AFANE028677@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:15:10 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50046 
Apr  7 03:15:10 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:15:10 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:15:10 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:15:10 splunk3 spamd[338]: spamd: processing message <200904071015.n37AFANE028677@virt2.int.splunk.com> for spamme:501 
Apr  7 03:15:12 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 03:15:12 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50046,mid=<200904071015.n37AFANE028677@virt2.int.splunk.com>,bayes=0.112251359807493,autolearn=no 
Apr  7 03:15:12 splunk3 sendmail[12884]: n37AFALE012883: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:15:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:15:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:15:49 splunk3 sendmail[13044]: n37AFnN4013044: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:16:49 splunk3 sendmail[13308]: n37AGnq9013308: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:17:15 splunk3 sendmail[13423]: n37AHEmh013423: from=<spammer@platinum.net>, size=3993, class=0, nrcpts=1, msgid=<20090407031823.12095.qmail@TG>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=PPPoE-60-108.EuroCom.Od.UA [93.88.60.108]
Apr  7 03:17:16 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50067 
Apr  7 03:17:16 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:17:16 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:17:16 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:17:16 splunk3 spamd[338]: spamd: processing message <20090407031823.12095.qmail@TG> for spamme:501 
Apr  7 03:17:19 splunk3 spamd[338]: spamd: identified spam (38.7/5.0) for spamme:501 in 3.0 seconds, 4271 bytes. 
Apr  7 03:17:19 splunk3 spamd[338]: spamd: result: Y 38 - ADDRESS_IN_SUBJECT,BAYES_99,DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,SUBJ_HAS_UNIQ_ID,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=3.0,size=4271,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50067,mid=<20090407031823.12095.qmail@TG>,bayes=1,autolearn=spam 
Apr  7 03:17:19 splunk3 sendmail[13426]: n37AHEmh013423: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=34187, dsn=2.0.0, stat=Sent
Apr  7 03:17:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:17:49 splunk3 sendmail[13566]: n37AHnsj013566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:18:49 splunk3 sendmail[13801]: n37AInPB013801: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:19:49 splunk3 sendmail[14043]: n37AJnPx014043: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:19:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:20:10 splunk3 sendmail[14141]: n37AKA8R014141: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071020.n37AKAS6029313@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:20:10 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50103 
Apr  7 03:20:10 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:20:10 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:20:10 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:20:10 splunk3 spamd[338]: spamd: processing message <200904071020.n37AKAS6029313@virt2.int.splunk.com> for spamme:501 
Apr  7 03:20:12 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 03:20:12 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50103,mid=<200904071020.n37AKAS6029313@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:20:12 splunk3 sendmail[14142]: n37AKA8R014141: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:20:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:20:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:20:49 splunk3 sendmail[14303]: n37AKnOb014303: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:21:49 splunk3 sendmail[14539]: n37ALnqf014539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:22:49 splunk3 sendmail[14773]: n37AMnKl014773: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:23:49 splunk3 sendmail[15016]: n37ANnhT015016: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:24:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:24:49 splunk3 sendmail[15255]: n37AOnv4015255: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:25:11 splunk3 sendmail[15350]: n37APB0X015350: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071025.n37APBvM029919@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:25:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50158 
Apr  7 03:25:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:25:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:25:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:25:11 splunk3 spamd[338]: spamd: processing message <200904071025.n37APBvM029919@virt2.int.splunk.com> for spamme:501 
Apr  7 03:25:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 03:25:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50158,mid=<200904071025.n37APBvM029919@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:25:13 splunk3 sendmail[15352]: n37APB0X015350: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:25:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:25:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:25:49 splunk3 sendmail[15523]: n37APnFY015523: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 03:26:49 splunk3 sendmail[15757]: n37AQn3V015757: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:27:49 splunk3 sendmail[15996]: n37ARn70015996: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:28:49 splunk3 sendmail[16230]: n37ASnv0016230: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:29:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:29:49 splunk3 sendmail[16476]: n37ATn9J016476: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:30:12 splunk3 sendmail[16591]: n37AUB1Z016591: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071030.n37AUBB1030539@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:30:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50215 
Apr  7 03:30:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:30:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:30:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:30:12 splunk3 spamd[338]: spamd: processing message <200904071030.n37AUBB1030539@virt2.int.splunk.com> for spamme:501 
Apr  7 03:30:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:30:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 03:30:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50215,mid=<200904071030.n37AUBB1030539@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:30:14 splunk3 sendmail[16592]: n37AUB1Z016591: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:30:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:30:49 splunk3 sendmail[16736]: n37AUnPe016736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:31:49 splunk3 sendmail[16976]: n37AVnlX016976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:32:49 splunk3 sendmail[17212]: n37AWnrb017212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:33:49 splunk3 sendmail[17448]: n37AXn6C017448: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:34:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:34:49 splunk3 sendmail[17688]: n37AYnPf017688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:35:12 splunk3 sendmail[17801]: n37AZC1w017801: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071035.n37AZCNq031287@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:35:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50270 
Apr  7 03:35:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:35:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:35:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:35:12 splunk3 spamd[338]: spamd: processing message <200904071035.n37AZCNq031287@virt2.int.splunk.com> for spamme:501 
Apr  7 03:35:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:35:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 03:35:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50270,mid=<200904071035.n37AZCNq031287@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:35:14 splunk3 sendmail[17802]: n37AZC1w017801: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:35:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:35:49 splunk3 sendmail[17946]: n37AZnBe017946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:36:49 splunk3 sendmail[18181]: n37AanEm018181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:37:49 splunk3 sendmail[18422]: n37AbnDx018422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:38:49 splunk3 sendmail[18662]: n37Acnli018662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:39:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:39:49 splunk3 sendmail[18905]: n37AdnvH018905: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:40:13 splunk3 sendmail[19019]: n37AeDL6019019: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071040.n37AeCvw031920@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:40:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50326 
Apr  7 03:40:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:40:13 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:40:13 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:40:13 splunk3 spamd[338]: spamd: processing message <200904071040.n37AeCvw031920@virt2.int.splunk.com> for spamme:501 
Apr  7 03:40:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:40:15 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 03:40:15 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50326,mid=<200904071040.n37AeCvw031920@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:40:15 splunk3 sendmail[19020]: n37AeDL6019019: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:40:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:40:49 splunk3 sendmail[19161]: n37AenAm019161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 03:41:49 splunk3 sendmail[19403]: n37AfnnQ019403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:42:49 splunk3 sendmail[19636]: n37Agntf019636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:43:49 splunk3 sendmail[19875]: n37AhnpQ019875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:44:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:44:49 splunk3 sendmail[20116]: n37Ain0T020116: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:45:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:45:14 splunk3 sendmail[20232]: n37AjELf020232: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071045.n37AjEcT032535@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:45:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50382 
Apr  7 03:45:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:45:14 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:45:14 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:45:14 splunk3 spamd[338]: spamd: processing message <200904071045.n37AjEcT032535@virt2.int.splunk.com> for spamme:501 
Apr  7 03:45:16 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 03:45:16 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50382,mid=<200904071045.n37AjEcT032535@virt2.int.splunk.com>,bayes=0.114457141850283,autolearn=no 
Apr  7 03:45:16 splunk3 sendmail[20233]: n37AjELf020232: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 03:45:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:45:49 splunk3 sendmail[20373]: n37Ajnxr020373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:46:49 splunk3 sendmail[20609]: n37AknP7020609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:47:49 splunk3 sendmail[20847]: n37AlnEM020847: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:48:49 splunk3 sendmail[21082]: n37Amn6W021082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:49:49 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:49:49 splunk3 sendmail[21325]: n37AnnsS021325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:50:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:50:14 splunk3 sendmail[21445]: n37AoEBQ021445: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904071050.n37AoEx0000682@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:50:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50438 
Apr  7 03:50:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:50:14 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:50:14 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:50:14 splunk3 spamd[338]: spamd: processing message <200904071050.n37AoEx0000682@virt2.int.splunk.com> for spamme:501 
Apr  7 03:50:16 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1302 bytes. 
Apr  7 03:50:16 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50438,mid=<200904071050.n37AoEx0000682@virt2.int.splunk.com>,bayes=0.0678813204239168,autolearn=no 
Apr  7 03:50:16 splunk3 sendmail[21446]: n37AoEBQ021445: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  7 03:50:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:50:49 splunk3 sendmail[21585]: n37Aonqv021585: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:51:49 splunk3 sendmail[21825]: n37Apnts021825: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:52:49 splunk3 sendmail[22060]: n37Aqn0n022060: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:53:49 splunk3 sendmail[22303]: n37Arnjo022303: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:54:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:54:49 splunk3 sendmail[22539]: n37Asnqs022539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:55:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 03:55:15 splunk3 sendmail[22657]: n37AtFA9022657: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071055.n37AtEfQ001305@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 03:55:15 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50494 
Apr  7 03:55:15 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 03:55:15 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 03:55:15 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 03:55:15 splunk3 spamd[338]: spamd: processing message <200904071055.n37AtEfQ001305@virt2.int.splunk.com> for spamme:501 
Apr  7 03:55:17 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 03:55:17 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50494,mid=<200904071055.n37AtEfQ001305@virt2.int.splunk.com>,bayes=0.171759317410465,autolearn=no 
Apr  7 03:55:17 splunk3 sendmail[22658]: n37AtFA9022657: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 03:55:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 03:55:49 splunk3 sendmail[22795]: n37AtnlP022795: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 03:56:49 splunk3 sendmail[23032]: n37Aun4Q023032: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:57:49 splunk3 sendmail[23271]: n37AvnhY023271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:58:49 splunk3 sendmail[23506]: n37AwnQs023506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 03:59:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 03:59:49 splunk3 sendmail[23750]: n37AxnAc023750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:00:04 splunk3 sendmail[23876]: n37B04hL023876: from=root, size=291, class=0, nrcpts=1, msgid=<200904071100.n37B04hL023876@splunk3.splunkit.com>, relay=root@localhost
Apr  7 04:00:04 splunk3 sendmail[23880]: n37B049F023880: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071100.n37B04hL023876@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 04:00:04 splunk3 sendmail[23876]: n37B04hL023876: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37B049F023880 Message accepted for delivery)
Apr  7 04:00:05 splunk3 sendmail[23881]: n37B049F023880: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 04:00:11 splunk3 sendmail[23918]: n37B0BSr023918: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071100.n37B0BSr023918@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 04:00:11 splunk3 sendmail[23920]: n37B0BSr023918: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 04:00:11 splunk3 sendmail[23920]: n37B0BSr023918: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 04:00:11 splunk3 sendmail[23920]: n37B0BSr023918: n37B0BSr023920: postmaster notify: User unknown
Apr  7 04:00:12 splunk3 sendmail[23920]: n37B0BSr023920: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 04:00:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:00:15 splunk3 sendmail[23952]: n37B0F8B023952: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071100.n37B0Fg8001966@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:00:15 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50558 
Apr  7 04:00:15 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:00:15 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 04:00:15 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 04:00:15 splunk3 sendmail[23953]: n37B0F8B023952: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:00:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:00:49 splunk3 sendmail[24093]: n37B0n9t024093: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:01:11 splunk3 sendmail[24143]: n37B11Hn024143: from=root, size=443, class=0, nrcpts=1, msgid=<200904071101.n37B11Hn024143@splunk3.splunkit.com>, relay=root@localhost
Apr  7 04:01:11 splunk3 sendmail[24205]: n37B1BSi024205: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071101.n37B11Hn024143@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 04:01:11 splunk3 sendmail[24143]: n37B11Hn024143: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37B1BSi024205 Message accepted for delivery)
Apr  7 04:01:13 splunk3 sendmail[24206]: n37B1BSi024205: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 04:01:49 splunk3 sendmail[24344]: n37B1ntt024344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:02:04 splunk3 sendmail[24716]: n37B24Hh024716: from=root, size=2126, class=0, nrcpts=1, msgid=<200904071102.n37B24Hh024716@splunk3.splunkit.com>, relay=root@localhost
Apr  7 04:02:04 splunk3 sendmail[24718]: n37B247C024718: from=<root@splunk3.splunkit.com>, size=2426, class=0, nrcpts=1, msgid=<200904071102.n37B24Hh024716@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 04:02:04 splunk3 sendmail[24716]: n37B24Hh024716: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32126, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37B247C024718 Message accepted for delivery)
Apr  7 04:02:07 splunk3 sendmail[24719]: n37B247C024718: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=local, pri=32659, dsn=2.0.0, stat=Sent
Apr  7 04:02:49 splunk3 sendmail[25040]: n37B2nno025040: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:03:49 splunk3 sendmail[25278]: n37B3n6i025278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:04:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:04:49 splunk3 sendmail[25519]: n37B4ngU025519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:04:52 splunk3 sendmail[10244]: n37A4n6R010244: timeout waiting for input from 218-160-114-227.dynamic.hinet.net during server cmd read
Apr  7 04:04:52 splunk3 sendmail[10244]: n37A4n6R010244: lost input channel from 218-160-114-227.dynamic.hinet.net [218.160.114.227] to MTA after rcpt
Apr  7 04:04:52 splunk3 sendmail[10244]: n37A4n6R010244: from=<0407pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=218-160-114-227.dynamic.hinet.net [218.160.114.227]
Apr  7 04:05:16 splunk3 sendmail[25650]: n37B5GjW025650: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071105.n37B5G3m003216@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:05:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:05:16 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50616 
Apr  7 04:05:16 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:05:16 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 04:05:16 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 04:05:16 splunk3 sendmail[25651]: n37B5GjW025650: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:05:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:05:49 splunk3 sendmail[25777]: n37B5nwA025777: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:06:49 splunk3 sendmail[26013]: n37B6nSq026013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:07:49 splunk3 sendmail[26252]: n37B7n7D026252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:08:49 splunk3 sendmail[26490]: n37B8nht026490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:09:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:09:49 splunk3 sendmail[26732]: n37B9nrx026732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:10:02 splunk3 sendmail[26892]: n37BA26x026892: from=root, size=292, class=0, nrcpts=1, msgid=<200904071110.n37BA26x026892@splunk3.splunkit.com>, relay=root@localhost
Apr  7 04:10:03 splunk3 sendmail[26897]: n37BA27R026897: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071110.n37BA26x026892@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 04:10:03 splunk3 sendmail[26892]: n37BA26x026892: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37BA27R026897 Message accepted for delivery)
Apr  7 04:10:04 splunk3 sendmail[26898]: n37BA27R026897: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 04:10:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:10:17 splunk3 sendmail[26987]: n37BAHaK026987: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071110.n37BAGR1003828@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:10:17 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50672 
Apr  7 04:10:17 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:10:17 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:10:17 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:10:17 splunk3 spamd[338]: spamd: processing message <200904071110.n37BAGR1003828@virt2.int.splunk.com> for spamme:501 
Apr  7 04:10:19 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:10:19 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50672,mid=<200904071110.n37BAGR1003828@virt2.int.splunk.com>,bayes=0.171759317410465,autolearn=no 
Apr  7 04:10:19 splunk3 sendmail[26988]: n37BAHaK026987: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:10:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:10:49 splunk3 sendmail[27108]: n37BAnYJ027108: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 04:11:49 splunk3 sendmail[27350]: n37BBn4k027350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:12:49 splunk3 sendmail[27586]: n37BCnF9027586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:13:49 splunk3 sendmail[27827]: n37BDn5Z027827: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:14:25 splunk3 sendmail[27785]: n37BDbUD027785: from=<stuarti@zdnetasia.com>, size=5727, class=0, nrcpts=1, msgid=<6c0e019dbd4f$61193d05$8b709d92@zdnetasia.com>, proto=ESMTP, daemon=MTA, relay=[78.171.200.114]
Apr  7 04:14:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50713 
Apr  7 04:14:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:14:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:14:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:14:25 splunk3 spamd[338]: spamd: processing message <6c0e019dbd4f$61193d05$8b709d92@zdnetasia.com> for spamme:501 
Apr  7 04:14:28 splunk3 spamd[338]: spamd: identified spam (27.9/5.0) for spamme:501 in 2.5 seconds, 6000 bytes. 
Apr  7 04:14:28 splunk3 spamd[338]: spamd: result: Y 27 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.5,size=6000,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50713,mid=<6c0e019dbd4f$61193d05$8b709d92@zdnetasia.com>,bayes=1,autolearn=spam 
Apr  7 04:14:28 splunk3 sendmail[27964]: n37BDbUD027785: to=<spamme@splunkit.com>, delay=00:00:06, xdelay=00:00:03, mailer=local, pri=35905, dsn=2.0.0, stat=Sent
Apr  7 04:14:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:14:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:14:49 splunk3 sendmail[28073]: n37BEn0x028073: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:15:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:15:18 splunk3 sendmail[28205]: n37BFIN7028205: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071115.n37BFH7N004611@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:15:18 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50730 
Apr  7 04:15:18 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:15:18 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:15:18 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:15:18 splunk3 spamd[338]: spamd: processing message <200904071115.n37BFH7N004611@virt2.int.splunk.com> for spamme:501 
Apr  7 04:15:20 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 04:15:20 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50730,mid=<200904071115.n37BFH7N004611@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:15:20 splunk3 sendmail[28206]: n37BFIN7028205: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:15:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:15:49 splunk3 sendmail[28327]: n37BFn1a028327: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:16:49 splunk3 sendmail[28562]: n37BGnYH028562: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:17:49 splunk3 sendmail[28801]: n37BHnDQ028801: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:18:49 splunk3 sendmail[29037]: n37BInjA029037: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:19:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:19:49 splunk3 sendmail[29282]: n37BJn1B029282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:20:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:20:18 splunk3 sendmail[29418]: n37BKIO4029418: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071120.n37BKIeK005242@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:20:18 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50785 
Apr  7 04:20:18 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:20:18 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:20:18 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:20:18 splunk3 spamd[338]: spamd: processing message <200904071120.n37BKIeK005242@virt2.int.splunk.com> for spamme:501 
Apr  7 04:20:20 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 04:20:20 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50785,mid=<200904071120.n37BKIeK005242@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:20:20 splunk3 sendmail[29419]: n37BKIO4029418: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:20:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:20:49 splunk3 sendmail[29542]: n37BKneI029542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:21:49 splunk3 sendmail[29780]: n37BLnFu029780: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:22:49 splunk3 sendmail[30015]: n37BMnWF030015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:23:49 splunk3 sendmail[30258]: n37BNna5030258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:24:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:24:49 splunk3 sendmail[30497]: n37BOnif030497: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:25:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:25:19 splunk3 sendmail[30634]: n37BPJE3030634: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071125.n37BPIAQ005852@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:25:19 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50842 
Apr  7 04:25:19 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:25:19 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:25:19 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:25:19 splunk3 spamd[338]: spamd: processing message <200904071125.n37BPIAQ005852@virt2.int.splunk.com> for spamme:501 
Apr  7 04:25:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:25:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50842,mid=<200904071125.n37BPIAQ005852@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:25:21 splunk3 sendmail[30635]: n37BPJE3030634: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:25:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:25:49 splunk3 sendmail[30755]: n37BPnTA030755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 04:26:50 splunk3 sendmail[30993]: n37BQoYV030993: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:27:50 splunk3 sendmail[31231]: n37BRoKl031231: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:28:50 splunk3 sendmail[31464]: n37BSoBe031464: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:29:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:29:50 splunk3 sendmail[31705]: n37BTo5t031705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:30:16 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:30:19 splunk3 sendmail[31842]: n37BUJ4n031842: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071130.n37BUJvZ006468@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:30:19 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50898 
Apr  7 04:30:19 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:30:19 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:30:19 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:30:19 splunk3 spamd[338]: spamd: processing message <200904071130.n37BUJvZ006468@virt2.int.splunk.com> for spamme:501 
Apr  7 04:30:21 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 04:30:21 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50898,mid=<200904071130.n37BUJvZ006468@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:30:21 splunk3 sendmail[31843]: n37BUJ4n031842: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:30:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:30:50 splunk3 sendmail[31963]: n37BUoeW031963: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:31:50 splunk3 sendmail[32202]: n37BVoD8032202: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:32:50 splunk3 sendmail[32439]: n37BWoYa032439: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:33:50 splunk3 sendmail[32679]: n37BXoKN032679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:34:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:34:50 splunk3 sendmail[453]: n37BYo6S000453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:35:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:35:20 splunk3 sendmail[586]: n37BZKum000586: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071135.n37BZJOl007213@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:35:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50954 
Apr  7 04:35:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:35:20 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:35:20 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:35:20 splunk3 spamd[338]: spamd: processing message <200904071135.n37BZJOl007213@virt2.int.splunk.com> for spamme:501 
Apr  7 04:35:22 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:35:22 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50954,mid=<200904071135.n37BZJOl007213@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:35:22 splunk3 sendmail[587]: n37BZKum000586: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:35:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:35:50 splunk3 sendmail[709]: n37BZoeY000709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:35:54 splunk3 sendmail[713]: n37BZpBE000713: from=<strjohdg@bodyrubinc.com>, size=4545, class=0, nrcpts=1, msgid=<841077221.75202232522050@bodyrubinc.com>, proto=ESMTP, daemon=MTA, relay=dsl.dynamic859615933.ttnet.net.tr [85.96.159.33] (may be forged)
Apr  7 04:35:54 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50959 
Apr  7 04:35:54 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:35:54 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:35:54 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:35:54 splunk3 spamd[338]: spamd: processing message <841077221.75202232522050@bodyrubinc.com> for spamme:501 
Apr  7 04:35:56 splunk3 spamd[338]: spamd: identified spam (13.0/5.0) for spamme:501 in 2.3 seconds, 4886 bytes. 
Apr  7 04:35:56 splunk3 spamd[338]: spamd: result: Y 13 - BAYES_99,HTML_90_100,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HEAD,HTML_TITLE_EMPTY,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=2.3,size=4886,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50959,mid=<841077221.75202232522050@bodyrubinc.com>,bayes=0.998842533595794,autolearn=no 
Apr  7 04:35:56 splunk3 sendmail[731]: n37BZpBE000713: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:02, mailer=local, pri=34795, dsn=2.0.0, stat=Sent
Apr  7 04:35:56 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:36:50 splunk3 sendmail[951]: n37Baovo000951: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:37:50 splunk3 sendmail[1188]: n37BboAl001188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:38:50 splunk3 sendmail[1428]: n37Bco2f001428: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:39:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:39:50 splunk3 sendmail[1674]: n37Bdown001674: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:40:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:40:20 splunk3 sendmail[1812]: n37BeKJl001812: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071140.n37BeKnl007848@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:40:20 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51011 
Apr  7 04:40:20 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:40:20 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:40:20 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:40:20 splunk3 spamd[338]: spamd: processing message <200904071140.n37BeKnl007848@virt2.int.splunk.com> for spamme:501 
Apr  7 04:40:23 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:40:23 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51011,mid=<200904071140.n37BeKnl007848@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:40:23 splunk3 sendmail[1813]: n37BeKJl001812: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:40:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:40:50 splunk3 sendmail[1935]: n37Beo4I001935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 04:41:50 splunk3 sendmail[2178]: n37BfoX6002178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:42:50 splunk3 sendmail[2411]: n37BgoXD002411: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:43:50 splunk3 sendmail[2654]: n37BhoZK002654: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:44:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:44:50 splunk3 sendmail[2901]: n37BioKA002901: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:45:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:45:21 splunk3 sendmail[3064]: n37BjLh9003064: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071145.n37BjKjR008458@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:45:21 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51067 
Apr  7 04:45:21 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:45:21 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:45:21 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:45:21 splunk3 spamd[338]: spamd: processing message <200904071145.n37BjKjR008458@virt2.int.splunk.com> for spamme:501 
Apr  7 04:45:23 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  7 04:45:23 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51067,mid=<200904071145.n37BjKjR008458@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:45:23 splunk3 sendmail[3065]: n37BjLh9003064: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:45:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:45:50 splunk3 sendmail[3165]: n37Bjo1U003165: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:46:50 splunk3 sendmail[3403]: n37Bkoa6003403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:47:50 splunk3 sendmail[3663]: n37BloFP003663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:48:50 splunk3 sendmail[3910]: n37Bmoba003910: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:49:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:49:50 splunk3 sendmail[4166]: n37Bno6d004166: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:50:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:50:21 splunk3 sendmail[4334]: n37BoLFK004334: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071150.n37BoLYQ009072@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:50:21 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51123 
Apr  7 04:50:21 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:50:21 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:50:21 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:50:21 splunk3 spamd[338]: spamd: processing message <200904071150.n37BoLYQ009072@virt2.int.splunk.com> for spamme:501 
Apr  7 04:50:23 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:50:23 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51123,mid=<200904071150.n37BoLYQ009072@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:50:23 splunk3 sendmail[4335]: n37BoLFK004334: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:50:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:50:50 splunk3 sendmail[4441]: n37Boo6k004441: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:51:50 splunk3 sendmail[4680]: n37BpofB004680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:52:50 splunk3 sendmail[4922]: n37Bqoa7004922: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:53:50 splunk3 sendmail[5206]: n37Bro4I005206: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:54:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:54:50 splunk3 sendmail[5451]: n37Bsol6005451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:55:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 04:55:22 splunk3 sendmail[5601]: n37BtMQm005601: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071155.n37BtLZ8009675@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 04:55:22 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51178 
Apr  7 04:55:22 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 04:55:22 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 04:55:22 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 04:55:22 splunk3 spamd[338]: spamd: processing message <200904071155.n37BtLZ8009675@virt2.int.splunk.com> for spamme:501 
Apr  7 04:55:24 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 04:55:24 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51178,mid=<200904071155.n37BtLZ8009675@virt2.int.splunk.com>,bayes=0.171753965211296,autolearn=no 
Apr  7 04:55:24 splunk3 sendmail[5602]: n37BtMQm005601: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 04:55:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 04:55:50 splunk3 sendmail[5709]: n37BtoUh005709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 04:56:50 splunk3 sendmail[5945]: n37Buok7005945: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:57:50 splunk3 sendmail[6183]: n37BvolG006183: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:58:50 splunk3 sendmail[6414]: n37Bwop6006414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 04:59:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 04:59:50 splunk3 sendmail[6658]: n37Bxoi5006658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:00:04 splunk3 sendmail[6788]: n37C047E006788: from=root, size=291, class=0, nrcpts=1, msgid=<200904071200.n37C047E006788@splunk3.splunkit.com>, relay=root@localhost
Apr  7 05:00:04 splunk3 sendmail[6792]: n37C04Vf006792: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071200.n37C047E006788@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 05:00:04 splunk3 sendmail[6788]: n37C047E006788: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37C04Vf006792 Message accepted for delivery)
Apr  7 05:00:05 splunk3 sendmail[6577]: n37BxRqZ006577: from=<tsea@droppatrol.de>, size=5692, class=0, nrcpts=1, msgid=<b082019dc03a$fcb015dc$cb84ba0a@droppatrol.de>, proto=ESMTP, daemon=MTA, relay=triband-del-59.178.146.196.bol.net.in [59.178.146.196] (may be forged)
Apr  7 05:00:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51226 
Apr  7 05:00:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:00:05 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 05:00:05 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 05:00:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:00:05 splunk3 sendmail[6797]: n37BxRqZ006577: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=35924, dsn=2.0.0, stat=Sent
Apr  7 05:00:06 splunk3 sendmail[6793]: n37C04Vf006792: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 05:00:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:00:20 splunk3 sendmail[6870]: n37C0Knf006870: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904071200.n37C0Knf006870@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 05:00:20 splunk3 sendmail[6872]: n37C0Knf006870: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 05:00:20 splunk3 sendmail[6872]: n37C0Knf006870: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 05:00:20 splunk3 sendmail[6872]: n37C0Knf006870: n37C0Knf006872: postmaster notify: User unknown
Apr  7 05:00:21 splunk3 sendmail[6872]: n37C0Knf006872: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 05:00:22 splunk3 sendmail[6904]: n37C0Mft006904: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071200.n37C0MAV010315@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:00:22 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51244 
Apr  7 05:00:22 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:00:22 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 05:00:22 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 05:00:22 splunk3 sendmail[6905]: n37C0Mft006904: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:00:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:00:50 splunk3 sendmail[7006]: n37C0oSK007006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:01:12 splunk3 sendmail[7072]: n37C11xi007072: from=root, size=443, class=0, nrcpts=1, msgid=<200904071201.n37C11xi007072@splunk3.splunkit.com>, relay=root@localhost
Apr  7 05:01:12 splunk3 sendmail[7111]: n37C1CqM007111: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071201.n37C11xi007072@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 05:01:12 splunk3 sendmail[7072]: n37C11xi007072: to=root, ctladdr=root (0/0), delay=00:00:11, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37C1CqM007111 Message accepted for delivery)
Apr  7 05:01:13 splunk3 sendmail[7112]: n37C1CqM007111: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 05:01:50 splunk3 sendmail[7258]: n37C1oQa007258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:02:50 splunk3 sendmail[7493]: n37C2oXx007493: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:03:50 splunk3 sendmail[7740]: n37C3ogW007740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:04:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:04:50 splunk3 sendmail[7975]: n37C4ojZ007975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:05:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:05:23 splunk3 sendmail[8127]: n37C5Nr4008127: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071205.n37C5NaA010994@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:05:23 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51300 
Apr  7 05:05:23 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:05:23 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 05:05:23 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 05:05:23 splunk3 sendmail[8128]: n37C5Nr4008127: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:05:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:05:50 splunk3 sendmail[8231]: n37C5oHr008231: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:06:50 splunk3 sendmail[8466]: n37C6opb008466: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:07:50 splunk3 sendmail[8706]: n37C7oaE008706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:08:50 splunk3 sendmail[8947]: n37C8oJN008947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:09:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:09:50 splunk3 sendmail[9191]: n37C9oRh009191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:10:02 splunk3 sendmail[9346]: n37CA2Po009346: from=root, size=292, class=0, nrcpts=1, msgid=<200904071210.n37CA2Po009346@splunk3.splunkit.com>, relay=root@localhost
Apr  7 05:10:02 splunk3 sendmail[9351]: n37CA2bV009351: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071210.n37CA2Po009346@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 05:10:02 splunk3 sendmail[9346]: n37CA2Po009346: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37CA2bV009351 Message accepted for delivery)
Apr  7 05:10:03 splunk3 sendmail[9352]: n37CA2bV009351: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 05:10:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:10:23 splunk3 sendmail[9446]: n37CANgp009446: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071210.n37CANSC011615@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:10:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51357 
Apr  7 05:10:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:10:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:10:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:10:24 splunk3 spamd[338]: spamd: processing message <200904071210.n37CANSC011615@virt2.int.splunk.com> for spamme:501 
Apr  7 05:10:26 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 05:10:26 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51357,mid=<200904071210.n37CANSC011615@virt2.int.splunk.com>,bayes=0.114452657024474,autolearn=no 
Apr  7 05:10:26 splunk3 sendmail[9447]: n37CANgp009446: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:10:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:10:50 splunk3 sendmail[9555]: n37CAoYN009555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 05:11:50 splunk3 sendmail[9795]: n37CBoqp009795: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:12:50 splunk3 sendmail[10028]: n37CCoZT010028: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:13:50 splunk3 sendmail[10265]: n37CDo1Q010265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:14:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:14:50 splunk3 sendmail[10507]: n37CEoEo010507: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:15:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:15:24 splunk3 sendmail[10659]: n37CFOdm010659: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071215.n37CFOTw012399@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:15:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51413 
Apr  7 05:15:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:15:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:15:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:15:24 splunk3 spamd[338]: spamd: processing message <200904071215.n37CFOTw012399@virt2.int.splunk.com> for spamme:501 
Apr  7 05:15:26 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 05:15:26 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51413,mid=<200904071215.n37CFOTw012399@virt2.int.splunk.com>,bayes=0.114452657024474,autolearn=no 
Apr  7 05:15:26 splunk3 sendmail[10660]: n37CFOdm010659: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:15:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:15:50 splunk3 sendmail[10763]: n37CFoYO010763: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:16:50 splunk3 sendmail[10998]: n37CGoRU010998: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:17:50 splunk3 sendmail[11237]: n37CHoAV011237: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:18:50 splunk3 sendmail[11468]: n37CIo6N011468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:19:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:19:50 splunk3 sendmail[11709]: n37CJoEk011709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:20:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:20:24 splunk3 sendmail[11866]: n37CKOlT011866: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071220.n37CKOaE013027@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:20:24 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51469 
Apr  7 05:20:24 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:20:24 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:20:24 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:20:24 splunk3 spamd[338]: spamd: processing message <200904071220.n37CKOaE013027@virt2.int.splunk.com> for spamme:501 
Apr  7 05:20:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 05:20:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51469,mid=<200904071220.n37CKOaE013027@virt2.int.splunk.com>,bayes=0.114452657024474,autolearn=no 
Apr  7 05:20:27 splunk3 sendmail[11867]: n37CKOlT011866: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:20:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:20:50 splunk3 sendmail[11968]: n37CKoww011968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:21:50 splunk3 sendmail[12209]: n37CLoih012209: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:22:50 splunk3 sendmail[12445]: n37CMo52012445: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:23:50 splunk3 sendmail[12706]: n37CNoYV012706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:23:51 splunk3 sendmail[12707]: n37CNpCU012707: from=<310XbSRQKBkIksskpiepivxw-rsvitp2ksskpi.gsqwteqqiwtpyromx.gsq@alerts.bounces.google.com>, size=5179, class=0, nrcpts=1, msgid=<001636164ad16c1d840466f616a2@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  7 05:23:51 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51502 
Apr  7 05:23:51 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:23:51 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:23:51 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:23:51 splunk3 spamd[338]: spamd: processing message <001636164ad16c1d840466f616a2@google.com> for spamme:501 
Apr  7 05:23:54 splunk3 spamd[338]: spamd: clean message (-2.3/5.0) for spamme:501 in 2.3 seconds, 5613 bytes. 
Apr  7 05:23:54 splunk3 spamd[338]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.3,size=5613,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51502,mid=<001636164ad16c1d840466f616a2@google.com>,bayes=1.11022302462516e-16,autolearn=ham 
Apr  7 05:23:54 splunk3 sendmail[12709]: n37CNpCU012707: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=35394, dsn=2.0.0, stat=Sent
Apr  7 05:23:54 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:24:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:24:50 splunk3 sendmail[12950]: n37COoJF012950: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:25:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:25:25 splunk3 sendmail[13086]: n37CPPQs013086: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071225.n37CPPUf013631@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:25:25 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51526 
Apr  7 05:25:25 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:25:25 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:25:25 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:25:25 splunk3 spamd[338]: spamd: processing message <200904071225.n37CPPUf013631@virt2.int.splunk.com> for spamme:501 
Apr  7 05:25:27 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.9 seconds, 1308 bytes. 
Apr  7 05:25:27 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.9,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51526,mid=<200904071225.n37CPPUf013631@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:25:27 splunk3 sendmail[13087]: n37CPPQs013086: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:25:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:25:50 splunk3 sendmail[13208]: n37CPoOx013208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 05:26:50 splunk3 sendmail[13482]: n37CQorE013482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:27:50 splunk3 sendmail[13721]: n37CRotI013721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:28:50 splunk3 sendmail[13957]: n37CSoAY013957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:29:48 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:29:50 splunk3 sendmail[14203]: n37CToWB014203: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:30:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:30:25 splunk3 sendmail[14361]: n37CUPDB014361: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071230.n37CUP4W014262@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:30:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51582 
Apr  7 05:30:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:30:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:30:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:30:26 splunk3 spamd[338]: spamd: processing message <200904071230.n37CUP4W014262@virt2.int.splunk.com> for spamme:501 
Apr  7 05:30:28 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 05:30:28 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51582,mid=<200904071230.n37CUP4W014262@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:30:28 splunk3 sendmail[14362]: n37CUPDB014361: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:30:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:30:50 splunk3 sendmail[14461]: n37CUom3014461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:31:50 splunk3 sendmail[14700]: n37CVo8P014700: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:32:50 splunk3 sendmail[14934]: n37CWoIR014934: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:33:50 splunk3 sendmail[15168]: n37CXo1c015168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:34:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:34:50 splunk3 sendmail[15409]: n37CYoju015409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:35:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:35:26 splunk3 sendmail[15579]: n37CZQlA015579: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071235.n37CZQmt015005@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:35:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51638 
Apr  7 05:35:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:35:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:35:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:35:26 splunk3 spamd[338]: spamd: processing message <200904071235.n37CZQmt015005@virt2.int.splunk.com> for spamme:501 
Apr  7 05:35:28 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 05:35:28 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51638,mid=<200904071235.n37CZQmt015005@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:35:28 splunk3 sendmail[15580]: n37CZQlA015579: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:35:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:35:50 splunk3 sendmail[15677]: n37CZoLr015677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:36:50 splunk3 sendmail[15912]: n37CaoOd015912: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:37:50 splunk3 sendmail[16149]: n37CboMe016149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:38:50 splunk3 sendmail[16388]: n37CcoNJ016388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:39:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:39:50 splunk3 sendmail[16632]: n37CdodT016632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:40:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:40:26 splunk3 sendmail[16791]: n37CeQmK016791: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071240.n37CeQrt015640@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:40:26 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51693 
Apr  7 05:40:26 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:40:26 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:40:26 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:40:26 splunk3 spamd[338]: spamd: processing message <200904071240.n37CeQrt015640@virt2.int.splunk.com> for spamme:501 
Apr  7 05:40:28 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 05:40:28 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51693,mid=<200904071240.n37CeQrt015640@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:40:28 splunk3 sendmail[16792]: n37CeQmK016791: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:40:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:40:50 splunk3 sendmail[16889]: n37Ceoha016889: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 05:41:50 splunk3 sendmail[17131]: n37Cfoqp017131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:42:50 splunk3 sendmail[17367]: n37Cgoih017367: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:43:50 splunk3 sendmail[17607]: n37Chonx017607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:44:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:44:50 splunk3 sendmail[17847]: n37Cio7b017847: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:45:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:45:27 splunk3 sendmail[18004]: n37CjRI4018004: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071245.n37CjRWd016264@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:45:27 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51750 
Apr  7 05:45:27 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:45:27 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:45:27 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:45:27 splunk3 spamd[338]: spamd: processing message <200904071245.n37CjRWd016264@virt2.int.splunk.com> for spamme:501 
Apr  7 05:45:29 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  7 05:45:29 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51750,mid=<200904071245.n37CjRWd016264@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:45:29 splunk3 sendmail[18005]: n37CjRI4018004: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:45:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:45:50 splunk3 sendmail[18103]: n37CjoYo018103: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:46:50 splunk3 sendmail[18339]: n37CkocD018339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:47:50 splunk3 sendmail[18576]: n37CloN7018576: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:48:50 splunk3 sendmail[18810]: n37Cmo9L018810: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:49:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:49:50 splunk3 sendmail[19054]: n37Cnooh019054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:50:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:50:28 splunk3 sendmail[19217]: n37CoSSE019217: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071250.n37CoSkI016868@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:50:28 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51805 
Apr  7 05:50:28 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:50:28 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:50:28 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:50:28 splunk3 spamd[338]: spamd: processing message <200904071250.n37CoSkI016868@virt2.int.splunk.com> for spamme:501 
Apr  7 05:50:30 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 05:50:30 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51805,mid=<200904071250.n37CoSkI016868@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:50:30 splunk3 sendmail[19218]: n37CoSSE019217: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:50:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:50:50 splunk3 sendmail[19315]: n37CooM7019315: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:51:50 splunk3 sendmail[19554]: n37CpoFg019554: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:52:50 splunk3 sendmail[19787]: n37Cqo7K019787: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:53:50 splunk3 sendmail[20031]: n37CroHQ020031: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:54:10 splunk3 sendmail[20092]: n37CsAC8020092: from=<aw-confirm@ebay.com>, size=2392, class=0, nrcpts=1, msgid=<PFCS-FS021XyCTr9rf30000016e@pfcs-fs02.pfcsinc.loc>, proto=ESMTP, daemon=MTA, relay=75-150-119-178-NewEngland.hfc.comcastbusiness.net [75.150.119.178] (may be forged)
Apr  7 05:54:10 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51840 
Apr  7 05:54:10 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:54:10 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:54:10 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:54:10 splunk3 spamd[338]: spamd: processing message <PFCS-FS021XyCTr9rf30000016e@pfcs-fs02.pfcsinc.loc> for spamme:501 
Apr  7 05:54:12 splunk3 spamd[338]: spamd: identified spam (22.5/5.0) for spamme:501 in 1.4 seconds, 2697 bytes. 
Apr  7 05:54:12 splunk3 spamd[338]: spamd: result: Y 22 - AWL,BAYES_99,DNS_FROM_RFC_ABUSE,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORGED_RCVD_HELO,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,NO_REAL_NAME,TO_CC_NONE,URIBL_PH_SURBL scantime=1.4,size=2697,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51840,mid=<PFCS-FS021XyCTr9rf30000016e@pfcs-fs02.pfcsinc.loc>,bayes=1,autolearn=no 
Apr  7 05:54:12 splunk3 sendmail[20111]: n37CsAC8020092: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32645, dsn=2.0.0, stat=Sent
Apr  7 05:54:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:54:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:54:50 splunk3 sendmail[20275]: n37CsodV020275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:55:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 05:55:29 splunk3 sendmail[20435]: n37CtTGT020435: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071255.n37CtTon017499@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 05:55:29 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51862 
Apr  7 05:55:29 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 05:55:29 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 05:55:29 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 05:55:29 splunk3 spamd[338]: spamd: processing message <200904071255.n37CtTon017499@virt2.int.splunk.com> for spamme:501 
Apr  7 05:55:31 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 05:55:31 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51862,mid=<200904071255.n37CtTon017499@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 05:55:31 splunk3 sendmail[20436]: n37CtTGT020435: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 05:55:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 05:55:50 splunk3 sendmail[20531]: n37Ctok3020531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 05:56:50 splunk3 sendmail[20770]: n37Cuolu020770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:57:50 splunk3 sendmail[21010]: n37CvoKm021010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:58:50 splunk3 sendmail[21246]: n37Cwolg021246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 05:59:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 05:59:50 splunk3 sendmail[21489]: n37CxoJi021489: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:00:04 splunk3 sendmail[21597]: n37D04fb021597: from=root, size=291, class=0, nrcpts=1, msgid=<200904071300.n37D04fb021597@splunk3.splunkit.com>, relay=root@localhost
Apr  7 06:00:04 splunk3 sendmail[21601]: n37D047x021601: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071300.n37D04fb021597@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 06:00:04 splunk3 sendmail[21597]: n37D04fb021597: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37D047x021601 Message accepted for delivery)
Apr  7 06:00:05 splunk3 sendmail[6577]: n37BxRqa006577: timeout waiting for input from triband-del-59.178.146.196.bol.net.in during server cmd read
Apr  7 06:00:05 splunk3 sendmail[21603]: n37D047x021601: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 06:00:13 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:00:25 splunk3 sendmail[21716]: n37D0P9Z021716: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071300.n37D0P9Z021716@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 06:00:25 splunk3 sendmail[21718]: n37D0P9Z021716: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 06:00:25 splunk3 sendmail[21718]: n37D0P9Z021716: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 06:00:25 splunk3 sendmail[21718]: n37D0P9Z021716: n37D0P9Z021718: postmaster notify: User unknown
Apr  7 06:00:27 splunk3 sendmail[21718]: n37D0P9Z021718: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 06:00:30 splunk3 sendmail[21735]: n37D0TUF021735: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071300.n37D0TuV018112@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:00:30 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51926 
Apr  7 06:00:30 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:00:30 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 06:00:30 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 06:00:30 splunk3 sendmail[21736]: n37D0TUF021735: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:00:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:00:50 splunk3 sendmail[21832]: n37D0oGV021832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:01:05 splunk3 sendmail[21883]: n37D11eT021883: from=root, size=443, class=0, nrcpts=1, msgid=<200904071301.n37D11eT021883@splunk3.splunkit.com>, relay=root@localhost
Apr  7 06:01:06 splunk3 sendmail[21902]: n37D15Il021902: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071301.n37D11eT021883@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 06:01:06 splunk3 sendmail[21883]: n37D11eT021883: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37D15Il021902 Message accepted for delivery)
Apr  7 06:01:07 splunk3 sendmail[21903]: n37D15Il021902: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 06:01:50 splunk3 sendmail[22084]: n37D1o9i022084: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:02:50 splunk3 sendmail[22319]: n37D2o4p022319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:03:50 splunk3 sendmail[22559]: n37D3omF022559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:04:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:04:50 splunk3 sendmail[22798]: n37D4omR022798: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:05:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:05:30 splunk3 sendmail[22974]: n37D5UnY022974: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071305.n37D5UiG018822@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:05:30 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51983 
Apr  7 06:05:30 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:05:30 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 06:05:30 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 06:05:30 splunk3 sendmail[22975]: n37D5UnY022974: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:05:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:05:50 splunk3 sendmail[23055]: n37D5ocE023055: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:06:50 splunk3 sendmail[23288]: n37D6ou5023288: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:07:50 splunk3 sendmail[23525]: n37D7o7c023525: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:08:50 splunk3 sendmail[23761]: n37D8owu023761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:09:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:09:50 splunk3 sendmail[24003]: n37D9oYI024003: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:10:01 splunk3 sendmail[24048]: n37DA0Gb024048: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071310.n37DA0TI019337@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:10:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52027 
Apr  7 06:10:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:10:01 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 06:10:01 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 06:10:01 splunk3 sendmail[24049]: n37DA0Gb024048: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:10:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:10:02 splunk3 sendmail[24152]: n37DA22m024152: from=root, size=292, class=0, nrcpts=1, msgid=<200904071310.n37DA22m024152@splunk3.splunkit.com>, relay=root@localhost
Apr  7 06:10:02 splunk3 sendmail[24157]: n37DA28I024157: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071310.n37DA22m024152@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 06:10:02 splunk3 sendmail[24152]: n37DA22m024152: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37DA28I024157 Message accepted for delivery)
Apr  7 06:10:03 splunk3 sendmail[24158]: n37DA28I024157: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 06:10:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:10:50 splunk3 sendmail[24367]: n37DAoAr024367: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 06:11:50 splunk3 sendmail[24610]: n37DBoip024610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:12:50 splunk3 sendmail[24845]: n37DCoGH024845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:13:50 splunk3 sendmail[25082]: n37DDoCS025082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:14:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:14:50 splunk3 sendmail[25324]: n37DEoqC025324: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:15:01 splunk3 sendmail[25370]: n37DF1JZ025370: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071315.n37DF1fN020121@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:15:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52084 
Apr  7 06:15:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:15:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:15:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:15:01 splunk3 spamd[338]: spamd: processing message <200904071315.n37DF1fN020121@virt2.int.splunk.com> for spamme:501 
Apr  7 06:15:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 06:15:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52084,mid=<200904071315.n37DF1fN020121@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 06:15:03 splunk3 sendmail[25371]: n37DF1JZ025370: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:15:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:15:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:15:50 splunk3 sendmail[25579]: n37DFoAS025579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:16:50 splunk3 sendmail[25814]: n37DGoVh025814: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:17:50 splunk3 sendmail[26055]: n37DHoLv026055: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:18:50 splunk3 sendmail[26291]: n37DIouW026291: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:19:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:19:50 splunk3 sendmail[26535]: n37DJo5W026535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:20:01 splunk3 sendmail[26580]: n37DK1gj026580: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071320.n37DK1BY020781@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:20:01 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52140 
Apr  7 06:20:01 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:20:01 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:20:01 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:20:01 splunk3 spamd[338]: spamd: processing message <200904071320.n37DK1BY020781@virt2.int.splunk.com> for spamme:501 
Apr  7 06:20:03 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  7 06:20:03 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52140,mid=<200904071320.n37DK1BY020781@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 06:20:03 splunk3 sendmail[26581]: n37DK1gj026580: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:20:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:20:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:20:50 splunk3 sendmail[26793]: n37DKoiE026793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:21:50 splunk3 sendmail[27033]: n37DLoB8027033: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:22:50 splunk3 sendmail[27265]: n37DMooi027265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:23:50 splunk3 sendmail[27507]: n37DNodf027507: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:24:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:24:50 splunk3 sendmail[27748]: n37DOofO027748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:25:02 splunk3 sendmail[27795]: n37DP2r7027795: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071325.n37DP2vI021401@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:25:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52195 
Apr  7 06:25:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:25:02 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:25:02 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:25:02 splunk3 spamd[338]: spamd: processing message <200904071325.n37DP2vI021401@virt2.int.splunk.com> for spamme:501 
Apr  7 06:25:04 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 06:25:04 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52195,mid=<200904071325.n37DP2vI021401@virt2.int.splunk.com>,bayes=0.114484886241002,autolearn=no 
Apr  7 06:25:04 splunk3 sendmail[27796]: n37DP2r7027795: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:25:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:25:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:25:50 splunk3 sendmail[28006]: n37DPowS028006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 06:26:51 splunk3 sendmail[28244]: n37DQpb0028244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:27:51 splunk3 sendmail[28481]: n37DRpvw028481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:27:57 splunk3 sendmail[28506]: n37DRukh028506: from=<33FTbSRQKBlY4CC492y92FHG-BCF2D9M4CC492.0CAGDyAA2GD9IB86H.0CA@alerts.bounces.google.com>, size=2488, class=0, nrcpts=1, msgid=<0016361e7d94a692db0466f6fb87@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  7 06:27:57 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52231 
Apr  7 06:27:57 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:27:57 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:27:57 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:27:57 splunk3 spamd[338]: spamd: processing message <0016361e7d94a692db0466f6fb87@google.com> for spamme:501 
Apr  7 06:28:01 splunk3 spamd[338]: spamd: clean message (-2.4/5.0) for spamme:501 in 4.2 seconds, 2922 bytes. 
Apr  7 06:28:01 splunk3 spamd[338]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=4.2,size=2922,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52231,mid=<0016361e7d94a692db0466f6fb87@google.com>,bayes=1.11022302462516e-16,autolearn=ham 
Apr  7 06:28:01 splunk3 sendmail[28507]: n37DRukh028506: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=32703, dsn=2.0.0, stat=Sent
Apr  7 06:28:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:28:51 splunk3 sendmail[28722]: n37DSpPS028722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:29:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:29:51 splunk3 sendmail[28965]: n37DTpXO028965: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:30:02 splunk3 sendmail[29016]: n37DU2Ao029016: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071330.n37DU2Ut022024@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:30:02 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52253 
Apr  7 06:30:02 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:30:02 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:30:02 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:30:02 splunk3 spamd[338]: spamd: processing message <200904071330.n37DU2Ut022024@virt2.int.splunk.com> for spamme:501 
Apr  7 06:30:04 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  7 06:30:04 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52253,mid=<200904071330.n37DU2Ut022024@virt2.int.splunk.com>,bayes=0.114517115123007,autolearn=no 
Apr  7 06:30:04 splunk3 sendmail[29017]: n37DU2Ao029016: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:30:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:30:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:30:51 splunk3 sendmail[29223]: n37DUpLX029223: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:31:51 splunk3 sendmail[29464]: n37DVpQt029464: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:32:51 splunk3 sendmail[29701]: n37DWp9k029701: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:33:51 splunk3 sendmail[29940]: n37DXpfh029940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:34:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:34:51 splunk3 sendmail[30178]: n37DYphW030178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:35:03 splunk3 sendmail[30224]: n37DZ33u030224: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071335.n37DZ3ui022768@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:35:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52309 
Apr  7 06:35:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:35:03 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:35:03 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:35:03 splunk3 spamd[338]: spamd: processing message <200904071335.n37DZ3ui022768@virt2.int.splunk.com> for spamme:501 
Apr  7 06:35:05 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 06:35:05 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52309,mid=<200904071335.n37DZ3ui022768@virt2.int.splunk.com>,bayes=0.114517115123007,autolearn=no 
Apr  7 06:35:05 splunk3 sendmail[30225]: n37DZ33u030224: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:35:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:35:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:35:51 splunk3 sendmail[30436]: n37DZpcS030436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:36:51 splunk3 sendmail[30670]: n37DapEG030670: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:37:51 splunk3 sendmail[30907]: n37Dbp66030907: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:38:51 splunk3 sendmail[31146]: n37Dcpou031146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:39:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:39:51 splunk3 sendmail[31389]: n37DdpqK031389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:40:03 splunk3 sendmail[31437]: n37De3Pf031437: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071340.n37De317023399@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:40:03 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52364 
Apr  7 06:40:03 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:40:03 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:40:03 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:40:03 splunk3 spamd[338]: spamd: processing message <200904071340.n37De317023399@virt2.int.splunk.com> for spamme:501 
Apr  7 06:40:05 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  7 06:40:05 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52364,mid=<200904071340.n37De317023399@virt2.int.splunk.com>,bayes=0.114517115123007,autolearn=no 
Apr  7 06:40:05 splunk3 sendmail[31438]: n37De3Pf031437: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:40:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:40:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:40:51 splunk3 sendmail[31648]: n37Dep1P031648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 06:41:51 splunk3 sendmail[31887]: n37Dfp9t031887: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:42:51 splunk3 sendmail[32121]: n37Dgplc032121: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:43:51 splunk3 sendmail[32358]: n37Dhpvv032358: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:44:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:44:51 splunk3 sendmail[32598]: n37DipFR032598: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:45:04 splunk3 sendmail[32648]: n37Dj4GG032648: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071345.n37Dj4vu024044@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:45:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52421 
Apr  7 06:45:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:45:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:45:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:45:04 splunk3 spamd[338]: spamd: processing message <200904071345.n37Dj4vu024044@virt2.int.splunk.com> for spamme:501 
Apr  7 06:45:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 06:45:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52421,mid=<200904071345.n37Dj4vu024044@virt2.int.splunk.com>,bayes=0.114517115123007,autolearn=no 
Apr  7 06:45:07 splunk3 sendmail[32649]: n37Dj4GG032648: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:45:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:45:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:45:51 splunk3 sendmail[390]: n37DjpS3000390: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:46:51 splunk3 sendmail[627]: n37DkpCS000627: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:47:51 splunk3 sendmail[867]: n37Dlpqq000867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:48:21 splunk3 sendmail[966]: n37DmK7i000966: from=<timv@barringtonhomesinc.com>, size=2162, class=0, nrcpts=1, msgid=<a6c4019dbf40$db11e81b$b826a99b@barringtonhomesinc.com>, proto=ESMTP, daemon=MTA, relay=201-212-46-251.cab.prima.net.ar [201.212.46.251]
Apr  7 06:48:21 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52460 
Apr  7 06:48:21 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:48:21 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:48:21 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:48:21 splunk3 spamd[338]: spamd: processing message <a6c4019dbf40$db11e81b$b826a99b@barringtonhomesinc.com> for spamme:501 
Apr  7 06:48:24 splunk3 spamd[338]: spamd: identified spam (36.0/5.0) for spamme:501 in 2.9 seconds, 2501 bytes. 
Apr  7 06:48:24 splunk3 spamd[338]: spamd: result: Y 35 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_ABUSE,FROM_EXCESS_BASE64,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,REPLICA_WATCH,SUBJECT_EXCESS_BASE64,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.9,size=2501,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52460,mid=<a6c4019dbf40$db11e81b$b826a99b@barringtonhomesinc.com>,bayes=1,autolearn=spam 
Apr  7 06:48:24 splunk3 sendmail[984]: n37DmK7i000966: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=32394, dsn=2.0.0, stat=Sent
Apr  7 06:48:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:48:51 splunk3 sendmail[1106]: n37Dmprq001106: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:49:47 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:49:51 splunk3 sendmail[1351]: n37Dnpk0001351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:50:04 splunk3 sendmail[1429]: n37Do4q5001429: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071350.n37Do448024652@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:50:04 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52485 
Apr  7 06:50:04 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:50:04 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:50:04 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:50:04 splunk3 spamd[338]: spamd: processing message <200904071350.n37Do448024652@virt2.int.splunk.com> for spamme:501 
Apr  7 06:50:06 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 06:50:06 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52485,mid=<200904071350.n37Do448024652@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 06:50:06 splunk3 sendmail[1430]: n37Do4q5001429: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:50:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:50:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:50:51 splunk3 sendmail[1609]: n37DopUq001609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:51:51 splunk3 sendmail[1849]: n37Dpphw001849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:52:51 splunk3 sendmail[2088]: n37DqpOe002088: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:53:51 splunk3 sendmail[2332]: n37DrpuK002332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:54:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:54:51 splunk3 sendmail[2571]: n37Dsp3F002571: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:55:05 splunk3 sendmail[2651]: n37Dt5ZU002651: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071355.n37Dt4fR025258@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 06:55:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52541 
Apr  7 06:55:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 06:55:05 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 06:55:05 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 06:55:05 splunk3 spamd[338]: spamd: processing message <200904071355.n37Dt4fR025258@virt2.int.splunk.com> for spamme:501 
Apr  7 06:55:07 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 06:55:07 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52541,mid=<200904071355.n37Dt4fR025258@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 06:55:07 splunk3 sendmail[2652]: n37Dt5ZU002651: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 06:55:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 06:55:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 06:55:51 splunk3 sendmail[2840]: n37Dtp3j002840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 06:56:51 splunk3 sendmail[3087]: n37DupUA003087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:57:51 splunk3 sendmail[3326]: n37DvpV9003326: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:58:51 splunk3 sendmail[3579]: n37DwpVK003579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 06:59:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 06:59:51 splunk3 sendmail[3834]: n37DxpxY003834: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:00:01 splunk3 sendmail[3946]: n37E01Z5003946: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904071400.n37E01Z5003946@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 07:00:01 splunk3 sendmail[3948]: n37E01Z5003946: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 07:00:01 splunk3 sendmail[3948]: n37E01Z5003946: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 07:00:01 splunk3 sendmail[3948]: n37E01Z5003946: n37E01Z5003948: postmaster notify: User unknown
Apr  7 07:00:02 splunk3 sendmail[3948]: n37E01Z5003948: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 07:00:04 splunk3 sendmail[3975]: n37E04mP003975: from=root, size=291, class=0, nrcpts=1, msgid=<200904071400.n37E04mP003975@splunk3.splunkit.com>, relay=root@localhost
Apr  7 07:00:04 splunk3 sendmail[3979]: n37E049n003979: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071400.n37E04mP003975@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 07:00:04 splunk3 sendmail[3975]: n37E04mP003975: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37E049n003979 Message accepted for delivery)
Apr  7 07:00:05 splunk3 sendmail[3980]: n37E049n003979: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 07:00:05 splunk3 sendmail[4007]: n37E05xg004007: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071400.n37E058M025893@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:00:05 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52605 
Apr  7 07:00:05 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:00:05 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 07:00:05 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 07:00:05 splunk3 sendmail[4008]: n37E05xg004007: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:00:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:00:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:00:51 splunk3 sendmail[4195]: n37E0pfB004195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:01:11 splunk3 sendmail[4248]: n37E11Rt004248: from=root, size=443, class=0, nrcpts=1, msgid=<200904071401.n37E11Rt004248@splunk3.splunkit.com>, relay=root@localhost
Apr  7 07:01:11 splunk3 sendmail[4294]: n37E1Bkb004294: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071401.n37E11Rt004248@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 07:01:11 splunk3 sendmail[4248]: n37E11Rt004248: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37E1Bkb004294 Message accepted for delivery)
Apr  7 07:01:13 splunk3 sendmail[4295]: n37E1Bkb004294: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 07:01:51 splunk3 sendmail[4462]: n37E1pq2004462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:02:51 splunk3 sendmail[4697]: n37E2pqj004697: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:03:51 splunk3 sendmail[4947]: n37E3pXs004947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:04:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:04:51 splunk3 sendmail[5222]: n37E4plo005222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:05:06 splunk3 sendmail[5299]: n37E56QF005299: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071405.n37E56lZ026574@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:05:06 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52662 
Apr  7 07:05:06 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:05:06 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 07:05:06 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 07:05:06 splunk3 sendmail[5300]: n37E56QF005299: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:05:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:05:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:05:51 splunk3 sendmail[5481]: n37E5pHh005481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:06:51 splunk3 sendmail[5718]: n37E6p3H005718: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:07:51 splunk3 sendmail[5958]: n37E7pgV005958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:08:51 splunk3 sendmail[6198]: n37E8pjk006198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:09:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:09:51 splunk3 sendmail[6441]: n37E9pFj006441: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:10:03 splunk3 sendmail[6593]: n37EA2af006593: from=root, size=292, class=0, nrcpts=1, msgid=<200904071410.n37EA2af006593@splunk3.splunkit.com>, relay=root@localhost
Apr  7 07:10:03 splunk3 sendmail[6598]: n37EA3ZO006598: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071410.n37EA2af006593@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 07:10:03 splunk3 sendmail[6593]: n37EA2af006593: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37EA3ZO006598 Message accepted for delivery)
Apr  7 07:10:04 splunk3 sendmail[6599]: n37EA3ZO006598: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 07:10:07 splunk3 sendmail[6622]: n37EA7dN006622: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071410.n37EA6q6027188@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:10:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52718 
Apr  7 07:10:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:10:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:10:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:10:07 splunk3 spamd[338]: spamd: processing message <200904071410.n37EA6q6027188@virt2.int.splunk.com> for spamme:501 
Apr  7 07:10:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 07:10:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52718,mid=<200904071410.n37EA6q6027188@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:10:09 splunk3 sendmail[6623]: n37EA7dN006622: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:10:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:10:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:10:51 splunk3 sendmail[6805]: n37EAptT006805: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 07:11:51 splunk3 sendmail[7045]: n37EBpLO007045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:12:51 splunk3 sendmail[7278]: n37ECpVS007278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:13:51 splunk3 sendmail[7520]: n37EDpQM007520: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:14:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:14:51 splunk3 sendmail[7768]: n37EEppE007768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:15:07 splunk3 sendmail[7845]: n37EF7g0007845: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071415.n37EF7i1027976@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:15:07 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52775 
Apr  7 07:15:07 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:15:07 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:15:07 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:15:07 splunk3 spamd[338]: spamd: processing message <200904071415.n37EF7i1027976@virt2.int.splunk.com> for spamme:501 
Apr  7 07:15:09 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.1 seconds, 1308 bytes. 
Apr  7 07:15:09 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52775,mid=<200904071415.n37EF7i1027976@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:15:09 splunk3 sendmail[7846]: n37EF7g0007845: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:15:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:15:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:15:51 splunk3 sendmail[8024]: n37EFp8Y008024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:16:51 splunk3 sendmail[8259]: n37EGpeL008259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:17:51 splunk3 sendmail[8499]: n37EHpHV008499: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:18:51 splunk3 sendmail[8732]: n37EIpwC008732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:19:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:19:51 splunk3 sendmail[8975]: n37EJpAV008975: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:20:08 splunk3 sendmail[9057]: n37EK8me009057: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071420.n37EK8Is028612@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:20:08 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52831 
Apr  7 07:20:08 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:20:08 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:20:08 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:20:08 splunk3 spamd[338]: spamd: processing message <200904071420.n37EK8Is028612@virt2.int.splunk.com> for spamme:501 
Apr  7 07:20:10 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 07:20:10 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52831,mid=<200904071420.n37EK8Is028612@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:20:10 splunk3 sendmail[9058]: n37EK8me009057: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:20:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:20:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:20:51 splunk3 sendmail[9236]: n37EKpFO009236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:21:51 splunk3 sendmail[9477]: n37ELptw009477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:22:51 splunk3 sendmail[9711]: n37EMp9b009711: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:23:51 splunk3 sendmail[9954]: n37ENpB5009954: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:24:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:24:51 splunk3 sendmail[10194]: n37EOpfW010194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:25:08 splunk3 sendmail[10271]: n37EP8af010271: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071425.n37EP8QX029218@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:25:09 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52886 
Apr  7 07:25:09 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:25:09 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:25:09 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:25:09 splunk3 spamd[338]: spamd: processing message <200904071425.n37EP8QX029218@virt2.int.splunk.com> for spamme:501 
Apr  7 07:25:11 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 07:25:11 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52886,mid=<200904071425.n37EP8QX029218@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:25:11 splunk3 sendmail[10272]: n37EP8af010271: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:25:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:25:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:25:51 splunk3 sendmail[10450]: n37EPpvh010450: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 07:26:51 splunk3 sendmail[10687]: n37EQpXZ010687: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:27:51 splunk3 sendmail[10927]: n37ERpTQ010927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:28:51 splunk3 sendmail[11161]: n37ESpVb011161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:29:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:29:51 splunk3 sendmail[11404]: n37ETp7H011404: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:30:09 splunk3 sendmail[11499]: n37EU9fX011499: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071430.n37EU852029836@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:30:09 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52943 
Apr  7 07:30:09 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:30:09 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:30:09 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:30:09 splunk3 spamd[338]: spamd: processing message <200904071430.n37EU852029836@virt2.int.splunk.com> for spamme:501 
Apr  7 07:30:11 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 07:30:11 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52943,mid=<200904071430.n37EU852029836@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:30:11 splunk3 sendmail[11500]: n37EU9fX011499: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:30:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:30:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:30:51 splunk3 sendmail[11662]: n37EUpnL011662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:31:51 splunk3 sendmail[11902]: n37EVpuQ011902: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:32:51 splunk3 sendmail[12135]: n37EWpO5012135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:33:51 splunk3 sendmail[12372]: n37EXpKx012372: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:34:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:34:51 splunk3 sendmail[12613]: n37EYpCC012613: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:35:11 splunk3 sendmail[12709]: n37EZBjL012709: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071435.n37EZATQ030590@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:35:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52998 
Apr  7 07:35:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:35:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:35:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:35:11 splunk3 spamd[338]: spamd: processing message <200904071435.n37EZATQ030590@virt2.int.splunk.com> for spamme:501 
Apr  7 07:35:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:35:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 07:35:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52998,mid=<200904071435.n37EZATQ030590@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:35:13 splunk3 sendmail[12710]: n37EZBjL012709: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:35:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:35:51 splunk3 sendmail[12872]: n37EZp0M012872: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:36:51 splunk3 sendmail[13108]: n37EaprX013108: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:37:51 splunk3 sendmail[13384]: n37Ebpqb013384: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:38:51 splunk3 sendmail[13624]: n37EcpHg013624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:39:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:39:51 splunk3 sendmail[13867]: n37Edp5l013867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:40:11 splunk3 sendmail[13964]: n37EeBhp013964: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071440.n37EeB2h031221@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:40:11 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53054 
Apr  7 07:40:11 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:40:11 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:40:11 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:40:11 splunk3 spamd[338]: spamd: processing message <200904071440.n37EeB2h031221@virt2.int.splunk.com> for spamme:501 
Apr  7 07:40:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:40:13 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  7 07:40:13 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53054,mid=<200904071440.n37EeB2h031221@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:40:13 splunk3 sendmail[13965]: n37EeBhp013964: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:40:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:40:51 splunk3 sendmail[14124]: n37Eepxh014124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 07:41:51 splunk3 sendmail[14367]: n37EfpEM014367: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:42:51 splunk3 sendmail[14601]: n37EgpOD014601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:43:51 splunk3 sendmail[14840]: n37EhpHE014840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:44:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:44:51 splunk3 sendmail[15079]: n37EipwQ015079: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:45:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:45:12 splunk3 sendmail[15177]: n37EjCKa015177: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071445.n37EjCXE031835@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:45:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53110 
Apr  7 07:45:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:45:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:45:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:45:12 splunk3 spamd[338]: spamd: processing message <200904071445.n37EjCXE031835@virt2.int.splunk.com> for spamme:501 
Apr  7 07:45:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 07:45:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53110,mid=<200904071445.n37EjCXE031835@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:45:14 splunk3 sendmail[15178]: n37EjCKa015177: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:45:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:45:51 splunk3 sendmail[15337]: n37Ejppk015337: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:46:51 splunk3 sendmail[15582]: n37Ekpxg015582: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:47:51 splunk3 sendmail[15820]: n37Elp2Q015820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:48:51 splunk3 sendmail[16056]: n37Emp1N016056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:49:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:49:51 splunk3 sendmail[16301]: n37EnpAm016301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:50:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:50:12 splunk3 sendmail[16402]: n37EoChx016402: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071450.n37EoCjG032452@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:50:12 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53166 
Apr  7 07:50:12 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:50:12 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:50:12 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:50:12 splunk3 spamd[338]: spamd: processing message <200904071450.n37EoCjG032452@virt2.int.splunk.com> for spamme:501 
Apr  7 07:50:14 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.9 seconds, 1308 bytes. 
Apr  7 07:50:14 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.9,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53166,mid=<200904071450.n37EoCjG032452@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 07:50:14 splunk3 sendmail[16403]: n37EoChx016402: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 07:50:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:50:51 splunk3 sendmail[16561]: n37EopNu016561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:51:51 splunk3 sendmail[16799]: n37EppsN016799: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:52:51 splunk3 sendmail[17034]: n37Eqp3Q017034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:53:51 splunk3 sendmail[17277]: n37ErprM017277: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:54:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:54:51 splunk3 sendmail[17515]: n37EspQ0017515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:55:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 07:55:13 splunk3 sendmail[17614]: n37EtDAh017614: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904071455.n37EtDOo000592@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 07:55:13 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53222 
Apr  7 07:55:13 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:55:13 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:55:13 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:55:13 splunk3 spamd[338]: spamd: processing message <200904071455.n37EtDOo000592@virt2.int.splunk.com> for spamme:501 
Apr  7 07:55:15 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1302 bytes. 
Apr  7 07:55:15 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53222,mid=<200904071455.n37EtDOo000592@virt2.int.splunk.com>,bayes=0.067918911440823,autolearn=no 
Apr  7 07:55:15 splunk3 sendmail[17615]: n37EtDAh017614: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  7 07:55:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:55:51 splunk3 sendmail[17773]: n37EtpKm017773: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 07:56:51 splunk3 sendmail[18012]: n37Eup1D018012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:57:51 splunk3 sendmail[18252]: n37Evpir018252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:57:53 splunk3 sendmail[18231]: n37Evl79018231: from=<spamme@splunkit.com>, size=648, class=0, nrcpts=1, msgid=<200904071457.n37Evl79018231@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=id186.internetdsl.tpnet.pl [80.53.107.186]
Apr  7 07:57:53 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53248 
Apr  7 07:57:53 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 07:57:53 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 07:57:53 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 07:57:53 splunk3 spamd[338]: spamd: processing message <200904071457.n37Evl79018231@splunk3.splunkit.com> for spamme:501 
Apr  7 07:57:55 splunk3 spamd[338]: spamd: identified spam (11.9/5.0) for spamme:501 in 2.3 seconds, 1050 bytes. 
Apr  7 07:57:55 splunk3 spamd[338]: spamd: result: Y 11 - BAYES_60,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL scantime=2.3,size=1050,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53248,mid=<200904071457.n37Evl79018231@splunk3.splunkit.com>,bayes=0.717455857886604,autolearn=no 
Apr  7 07:57:55 splunk3 sendmail[18254]: n37Evl79018231: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:05, xdelay=00:00:02, mailer=local, pri=30974, dsn=2.0.0, stat=Sent
Apr  7 07:57:55 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 07:58:51 splunk3 sendmail[18490]: n37EwpMD018490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 07:59:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 07:59:51 splunk3 sendmail[18735]: n37Exp5D018735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:00:04 splunk3 sendmail[18860]: n37F04MP018860: from=root, size=291, class=0, nrcpts=1, msgid=<200904071500.n37F04MP018860@splunk3.splunkit.com>, relay=root@localhost
Apr  7 08:00:04 splunk3 sendmail[18864]: n37F04G6018864: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071500.n37F04MP018860@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 08:00:04 splunk3 sendmail[18860]: n37F04MP018860: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37F04G6018864 Message accepted for delivery)
Apr  7 08:00:06 splunk3 sendmail[18865]: n37F04G6018864: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 08:00:06 splunk3 sendmail[18881]: n37F068R018881: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071500.n37F068R018881@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 08:00:06 splunk3 sendmail[18883]: n37F068R018881: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 08:00:06 splunk3 sendmail[18883]: n37F068R018881: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 08:00:07 splunk3 sendmail[18883]: n37F068R018881: n37F078R018883: postmaster notify: User unknown
Apr  7 08:00:08 splunk3 sendmail[18883]: n37F078R018883: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 08:00:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:00:14 splunk3 sendmail[18936]: n37F0Dwl018936: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071500.n37F0Dnl001238@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:00:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53287 
Apr  7 08:00:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:00:14 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 08:00:14 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 08:00:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:00:14 splunk3 sendmail[18937]: n37F0Dwl018936: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:00:51 splunk3 sendmail[19077]: n37F0p8h019077: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:01:05 splunk3 sendmail[19130]: n37F113d019130: from=root, size=443, class=0, nrcpts=1, msgid=<200904071501.n37F113d019130@splunk3.splunkit.com>, relay=root@localhost
Apr  7 08:01:06 splunk3 sendmail[19149]: n37F15QA019149: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071501.n37F113d019130@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 08:01:06 splunk3 sendmail[19130]: n37F113d019130: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37F15QA019149 Message accepted for delivery)
Apr  7 08:01:07 splunk3 sendmail[19150]: n37F15QA019149: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 08:01:51 splunk3 sendmail[19327]: n37F1p4Y019327: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:02:51 splunk3 sendmail[19564]: n37F2pcQ019564: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:03:51 splunk3 sendmail[19804]: n37F3pBj019804: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:04:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:04:51 splunk3 sendmail[20044]: n37F4p4m020044: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:05:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:05:14 splunk3 sendmail[20160]: n37F5EmV020160: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071505.n37F5Enn001950@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:05:14 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53344 
Apr  7 08:05:14 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:05:14 splunk3 spamd[338]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 08:05:14 splunk3 spamd[338]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 08:05:14 splunk3 sendmail[20161]: n37F5EmV020160: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:05:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:05:51 splunk3 sendmail[20296]: n37F5pEp020296: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:06:51 splunk3 sendmail[20533]: n37F6pn6020533: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:07:51 splunk3 sendmail[20771]: n37F7pt0020771: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:08:51 splunk3 sendmail[21009]: n37F8p6b021009: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:09:46 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:09:51 splunk3 sendmail[21254]: n37F9pmn021254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:10:02 splunk3 sendmail[21395]: n37FA2cI021395: from=root, size=292, class=0, nrcpts=1, msgid=<200904071510.n37FA2cI021395@splunk3.splunkit.com>, relay=root@localhost
Apr  7 08:10:02 splunk3 sendmail[21400]: n37FA2vQ021400: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071510.n37FA2cI021395@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 08:10:02 splunk3 sendmail[21395]: n37FA2cI021395: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37FA2vQ021400 Message accepted for delivery)
Apr  7 08:10:03 splunk3 sendmail[21401]: n37FA2vQ021400: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 08:10:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:10:15 splunk3 sendmail[21474]: n37FAFrq021474: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071510.n37FAFxb002573@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:10:15 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53400 
Apr  7 08:10:15 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:10:15 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:10:15 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:10:15 splunk3 spamd[338]: spamd: processing message <200904071510.n37FAFxb002573@virt2.int.splunk.com> for spamme:501 
Apr  7 08:10:17 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 08:10:17 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53400,mid=<200904071510.n37FAFxb002573@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:10:17 splunk3 sendmail[21475]: n37FAFrq021474: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:10:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:10:51 splunk3 sendmail[21619]: n37FApjT021619: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 08:11:51 splunk3 sendmail[21862]: n37FBpRH021862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:12:51 splunk3 sendmail[22095]: n37FCpHn022095: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:13:51 splunk3 sendmail[22335]: n37FDpdq022335: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:14:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:14:51 splunk3 sendmail[22574]: n37FEpUh022574: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:15:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:15:16 splunk3 sendmail[22691]: n37FFGv3022691: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071515.n37FFGhh003356@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:15:16 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53457 
Apr  7 08:15:16 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:15:16 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:15:16 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:15:16 splunk3 spamd[338]: spamd: processing message <200904071515.n37FFGhh003356@virt2.int.splunk.com> for spamme:501 
Apr  7 08:15:18 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 08:15:18 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53457,mid=<200904071515.n37FFGhh003356@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:15:18 splunk3 sendmail[22692]: n37FFGv3022691: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:15:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:15:51 splunk3 sendmail[22831]: n37FFp5q022831: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:16:51 splunk3 sendmail[23067]: n37FGpRI023067: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:17:51 splunk3 sendmail[23308]: n37FHpHp023308: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:18:51 splunk3 sendmail[23542]: n37FIpqw023542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:19:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:19:51 splunk3 sendmail[23781]: n37FJpYS023781: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:20:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:20:17 splunk3 sendmail[23903]: n37FKHma023903: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071520.n37FKH8K003991@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:20:17 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53512 
Apr  7 08:20:17 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:20:17 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:20:17 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:20:17 splunk3 spamd[338]: spamd: processing message <200904071520.n37FKH8K003991@virt2.int.splunk.com> for spamme:501 
Apr  7 08:20:19 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 08:20:19 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53512,mid=<200904071520.n37FKH8K003991@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:20:19 splunk3 sendmail[23904]: n37FKHma023903: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:20:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:20:51 splunk3 sendmail[24043]: n37FKpFB024043: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:21:51 splunk3 sendmail[24281]: n37FLpPX024281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:22:52 splunk3 sendmail[24515]: n37FMp4g024515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:23:52 splunk3 sendmail[24760]: n37FNq9U024760: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:24:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:24:52 splunk3 sendmail[25002]: n37FOqAC025002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:25:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:25:18 splunk3 sendmail[25118]: n37FPHxH025118: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071525.n37FPHjt004596@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:25:18 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53568 
Apr  7 08:25:18 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:25:18 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:25:18 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:25:18 splunk3 spamd[338]: spamd: processing message <200904071525.n37FPHjt004596@virt2.int.splunk.com> for spamme:501 
Apr  7 08:25:20 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 08:25:20 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53568,mid=<200904071525.n37FPHjt004596@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:25:20 splunk3 sendmail[25119]: n37FPHxH025118: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:25:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:25:52 splunk3 sendmail[25259]: n37FPqLW025259: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 08:26:52 splunk3 sendmail[25495]: n37FQqEl025495: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:27:52 splunk3 sendmail[25735]: n37FRqbi025735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:28:52 splunk3 sendmail[25968]: n37FSqXH025968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:29:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:29:52 splunk3 sendmail[26212]: n37FTq5R026212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:30:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:30:18 splunk3 sendmail[26333]: n37FUIC7026333: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071530.n37FUIYW005217@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:30:18 splunk3 spamd[338]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53625 
Apr  7 08:30:18 splunk3 spamd[338]: spamd: setuid to spamme succeeded 
Apr  7 08:30:18 splunk3 spamd[338]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:30:18 splunk3 spamd[338]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:30:18 splunk3 spamd[338]: spamd: processing message <200904071530.n37FUIYW005217@virt2.int.splunk.com> for spamme:501 
Apr  7 08:30:20 splunk3 spamd[338]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 08:30:20 splunk3 spamd[338]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53625,mid=<200904071530.n37FUIYW005217@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:30:20 splunk3 sendmail[26334]: n37FUIC7026333: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:30:20 splunk3 spamd[3033]: prefork: child states: BI 
Apr  7 08:30:20 splunk3 spamd[3033]: spamd: handled cleanup of child pid 338 due to SIGCHLD 
Apr  7 08:30:20 splunk3 spamd[3033]: spamd: server successfully spawned child process, pid 26356 
Apr  7 08:30:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:30:52 splunk3 sendmail[26473]: n37FUqm8026473: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:31:52 splunk3 sendmail[26712]: n37FVqeQ026712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:32:52 splunk3 sendmail[26947]: n37FWq77026947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:33:52 splunk3 sendmail[27182]: n37FXqeb027182: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:34:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:34:52 splunk3 sendmail[27420]: n37FYqTF027420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:35:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:35:19 splunk3 sendmail[27555]: n37FZJoQ027555: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071535.n37FZIoh005962@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:35:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53680 
Apr  7 08:35:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 08:35:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:35:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:35:19 splunk3 spamd[26356]: spamd: processing message <200904071535.n37FZIoh005962@virt2.int.splunk.com> for spamme:501 
Apr  7 08:35:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 08:35:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53680,mid=<200904071535.n37FZIoh005962@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:35:21 splunk3 sendmail[27557]: n37FZJoQ027555: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:35:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:35:52 splunk3 sendmail[27676]: n37FZqYU027676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:36:52 splunk3 sendmail[27909]: n37FaqEi027909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:37:52 splunk3 sendmail[28150]: n37FbqHh028150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:38:52 splunk3 sendmail[28393]: n37FcqcB028393: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:39:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:39:52 splunk3 sendmail[28637]: n37Fdqsa028637: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:40:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:40:19 splunk3 sendmail[28771]: n37FeJYJ028771: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071540.n37FeJG3006600@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:40:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53736 
Apr  7 08:40:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 08:40:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:40:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:40:19 splunk3 spamd[26356]: spamd: processing message <200904071540.n37FeJG3006600@virt2.int.splunk.com> for spamme:501 
Apr  7 08:40:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 08:40:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53736,mid=<200904071540.n37FeJG3006600@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:40:21 splunk3 sendmail[28772]: n37FeJYJ028771: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:40:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:40:52 splunk3 sendmail[28893]: n37FeqL6028893: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 08:41:52 splunk3 sendmail[29136]: n37FfqkK029136: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:42:52 splunk3 sendmail[29369]: n37Fgq1b029369: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:43:52 splunk3 sendmail[29607]: n37Fhqcw029607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:44:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:44:52 splunk3 sendmail[29849]: n37FiqdI029849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:45:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:45:20 splunk3 sendmail[29983]: n37FjKLv029983: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071545.n37FjJng007210@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:45:20 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53792 
Apr  7 08:45:20 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 08:45:20 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:45:20 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:45:20 splunk3 spamd[26356]: spamd: processing message <200904071545.n37FjJng007210@virt2.int.splunk.com> for spamme:501 
Apr  7 08:45:22 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 08:45:22 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53792,mid=<200904071545.n37FjJng007210@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:45:22 splunk3 sendmail[29984]: n37FjKLv029983: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:45:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:45:52 splunk3 sendmail[30107]: n37FjqDQ030107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:46:52 splunk3 sendmail[30342]: n37FkqeL030342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:47:52 splunk3 sendmail[30580]: n37FlqXN030580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:48:52 splunk3 sendmail[30816]: n37FmqI9030816: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:49:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:49:52 splunk3 sendmail[31058]: n37FnqZi031058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:50:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:50:21 splunk3 sendmail[31196]: n37FoLhZ031196: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071550.n37FoKW6007828@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:50:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53848 
Apr  7 08:50:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 08:50:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:50:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:50:21 splunk3 spamd[26356]: spamd: processing message <200904071550.n37FoKW6007828@virt2.int.splunk.com> for spamme:501 
Apr  7 08:50:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1305 bytes. 
Apr  7 08:50:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53848,mid=<200904071550.n37FoKW6007828@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:50:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:50:24 splunk3 sendmail[31197]: n37FoLhZ031196: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:50:52 splunk3 sendmail[31317]: n37FoqHQ031317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:51:52 splunk3 sendmail[31555]: n37FpqvG031555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:52:52 splunk3 sendmail[31793]: n37FqqiE031793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:53:52 splunk3 sendmail[32036]: n37Frqf2032036: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:54:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:54:52 splunk3 sendmail[32274]: n37FsqUY032274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:55:14 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 08:55:21 splunk3 sendmail[32410]: n37FtLng032410: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071555.n37FtLRc008430@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 08:55:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53903 
Apr  7 08:55:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 08:55:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 08:55:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 08:55:21 splunk3 spamd[26356]: spamd: processing message <200904071555.n37FtLRc008430@virt2.int.splunk.com> for spamme:501 
Apr  7 08:55:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 08:55:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=53903,mid=<200904071555.n37FtLRc008430@virt2.int.splunk.com>,bayes=0.171824244331644,autolearn=no 
Apr  7 08:55:23 splunk3 sendmail[32411]: n37FtLng032410: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 08:55:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 08:55:52 splunk3 sendmail[32531]: n37Ftqd2032531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 08:56:52 splunk3 sendmail[301]: n37FuqIg000301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:57:52 splunk3 sendmail[539]: n37FvqG0000539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:58:52 splunk3 sendmail[775]: n37Fwqk9000775: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 08:59:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 08:59:52 splunk3 sendmail[1021]: n37FxqxK001021: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:00:04 splunk3 sendmail[1144]: n37G040x001144: from=root, size=291, class=0, nrcpts=1, msgid=<200904071600.n37G040x001144@splunk3.splunkit.com>, relay=root@localhost
Apr  7 09:00:04 splunk3 sendmail[1148]: n37G04V7001148: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071600.n37G040x001144@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 09:00:04 splunk3 sendmail[1144]: n37G040x001144: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37G04V7001148 Message accepted for delivery)
Apr  7 09:00:05 splunk3 sendmail[1149]: n37G04V7001148: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 09:00:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:00:13 splunk3 sendmail[1205]: n37G0DMR001205: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904071600.n37G0DMR001205@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 09:00:13 splunk3 sendmail[1207]: n37G0DMR001205: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 09:00:13 splunk3 sendmail[1207]: n37G0DMR001205: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 09:00:13 splunk3 sendmail[1207]: n37G0DMR001205: n37G0DMR001207: postmaster notify: User unknown
Apr  7 09:00:14 splunk3 sendmail[1207]: n37G0DMR001207: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 09:00:22 splunk3 sendmail[1239]: n37G0MJg001239: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071600.n37G0Ll0009074@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:00:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 53968 
Apr  7 09:00:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:00:22 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 09:00:22 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 09:00:22 splunk3 sendmail[1241]: n37G0MJg001239: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 09:00:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:00:52 splunk3 sendmail[1362]: n37G0qjp001362: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:01:07 splunk3 sendmail[1411]: n37G11Xv001411: from=root, size=443, class=0, nrcpts=1, msgid=<200904071601.n37G11Xv001411@splunk3.splunkit.com>, relay=root@localhost
Apr  7 09:01:07 splunk3 sendmail[1434]: n37G17Q3001434: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071601.n37G11Xv001411@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 09:01:07 splunk3 sendmail[1411]: n37G11Xv001411: to=root, ctladdr=root (0/0), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37G17Q3001434 Message accepted for delivery)
Apr  7 09:01:09 splunk3 sendmail[1435]: n37G17Q3001434: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 09:01:52 splunk3 sendmail[1613]: n37G1qhj001613: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:02:52 splunk3 sendmail[1851]: n37G2qQJ001851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:03:52 splunk3 sendmail[2090]: n37G3q0M002090: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:04:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:04:52 splunk3 sendmail[2329]: n37G4q4p002329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:05:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:05:22 splunk3 sendmail[2466]: n37G5MwV002466: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071605.n37G5Mmr009752@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:05:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54024 
Apr  7 09:05:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:05:22 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 09:05:22 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 09:05:22 splunk3 sendmail[2467]: n37G5MwV002466: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 09:05:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:05:52 splunk3 sendmail[2590]: n37G5qlp002590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:06:52 splunk3 sendmail[2837]: n37G6qhn002837: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:07:52 splunk3 sendmail[3087]: n37G7qNg003087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:08:52 splunk3 sendmail[3326]: n37G8qtf003326: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:09:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:09:52 splunk3 sendmail[3589]: n37G9qh8003589: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:10:02 splunk3 sendmail[3740]: n37GA2v3003740: from=root, size=292, class=0, nrcpts=1, msgid=<200904071610.n37GA2v3003740@splunk3.splunkit.com>, relay=root@localhost
Apr  7 09:10:02 splunk3 sendmail[3745]: n37GA2nt003745: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071610.n37GA2v3003740@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 09:10:02 splunk3 sendmail[3740]: n37GA2v3003740: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37GA2nt003745 Message accepted for delivery)
Apr  7 09:10:04 splunk3 sendmail[3746]: n37GA2nt003745: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 09:10:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:10:23 splunk3 sendmail[3860]: n37GANT4003860: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071610.n37GAMAE010373@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:10:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54081 
Apr  7 09:10:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:10:23 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:10:23 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:10:23 splunk3 spamd[26356]: spamd: processing message <200904071610.n37GAMAE010373@virt2.int.splunk.com> for spamme:501 
Apr  7 09:10:25 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 09:10:25 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54081,mid=<200904071610.n37GAMAE010373@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:10:25 splunk3 sendmail[3861]: n37GANT4003860: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:10:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:10:52 splunk3 sendmail[3962]: n37GAq1H003962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 09:11:52 splunk3 sendmail[4219]: n37GBqPd004219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:12:52 splunk3 sendmail[4468]: n37GCqCd004468: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:13:52 splunk3 sendmail[4713]: n37GDq4Z004713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:14:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:14:52 splunk3 sendmail[4964]: n37GEq8m004964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:15:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:15:24 splunk3 sendmail[5121]: n37GFOgk005121: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071615.n37GFNXx011161@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:15:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54138 
Apr  7 09:15:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:15:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:15:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:15:24 splunk3 spamd[26356]: spamd: processing message <200904071615.n37GFNXx011161@virt2.int.splunk.com> for spamme:501 
Apr  7 09:15:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 09:15:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54138,mid=<200904071615.n37GFNXx011161@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:15:26 splunk3 sendmail[5154]: n37GFOgk005121: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:15:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:15:52 splunk3 sendmail[5256]: n37GFqVU005256: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:16:52 splunk3 sendmail[5497]: n37GGqdM005497: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:17:52 splunk3 sendmail[5736]: n37GHqIK005736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:18:52 splunk3 sendmail[5970]: n37GIqAW005970: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:19:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:19:52 splunk3 sendmail[6214]: n37GJqhu006214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:20:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:20:24 splunk3 sendmail[6372]: n37GKOYK006372: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071620.n37GKOkn011800@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:20:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54193 
Apr  7 09:20:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:20:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:20:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:20:24 splunk3 spamd[26356]: spamd: processing message <200904071620.n37GKOkn011800@virt2.int.splunk.com> for spamme:501 
Apr  7 09:20:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 09:20:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54193,mid=<200904071620.n37GKOkn011800@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:20:26 splunk3 sendmail[6373]: n37GKOYK006372: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:20:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:20:52 splunk3 sendmail[6475]: n37GKqgX006475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:21:52 splunk3 sendmail[6712]: n37GLqT8006712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:22:52 splunk3 sendmail[6946]: n37GMq5R006946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:23:52 splunk3 sendmail[7190]: n37GNq51007190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:24:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:24:52 splunk3 sendmail[7427]: n37GOqYg007427: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:25:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:25:25 splunk3 sendmail[7594]: n37GPPbA007594: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071625.n37GPO0E012404@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:25:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54249 
Apr  7 09:25:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:25:25 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:25:25 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:25:25 splunk3 spamd[26356]: spamd: processing message <200904071625.n37GPO0E012404@virt2.int.splunk.com> for spamme:501 
Apr  7 09:25:27 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 09:25:27 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54249,mid=<200904071625.n37GPO0E012404@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:25:27 splunk3 sendmail[7595]: n37GPPbA007594: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:25:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:25:52 splunk3 sendmail[7692]: n37GPqV4007692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 09:26:52 splunk3 sendmail[7929]: n37GQqIR007929: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:27:52 splunk3 sendmail[8170]: n37GRqnL008170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:28:52 splunk3 sendmail[8402]: n37GSqHI008402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:29:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:29:52 splunk3 sendmail[8647]: n37GTqNJ008647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:30:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:30:25 splunk3 sendmail[8805]: n37GUPlq008805: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071630.n37GUPFQ013028@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:30:26 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54305 
Apr  7 09:30:26 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:30:26 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:30:26 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:30:26 splunk3 spamd[26356]: spamd: processing message <200904071630.n37GUPFQ013028@virt2.int.splunk.com> for spamme:501 
Apr  7 09:30:28 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 09:30:28 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54305,mid=<200904071630.n37GUPFQ013028@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:30:28 splunk3 sendmail[8806]: n37GUPlq008805: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:30:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:30:52 splunk3 sendmail[8906]: n37GUq59008906: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:31:52 splunk3 sendmail[9145]: n37GVqr0009145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:32:52 splunk3 sendmail[9381]: n37GWqvQ009381: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:33:52 splunk3 sendmail[9620]: n37GXqkg009620: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:34:45 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:34:52 splunk3 sendmail[9881]: n37GYqa8009881: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:35:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:35:26 splunk3 sendmail[10018]: n37GZQlM010018: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071635.n37GZQf3013767@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:35:26 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54361 
Apr  7 09:35:26 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:35:26 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:35:26 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:35:26 splunk3 spamd[26356]: spamd: processing message <200904071635.n37GZQf3013767@virt2.int.splunk.com> for spamme:501 
Apr  7 09:35:28 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 09:35:28 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54361,mid=<200904071635.n37GZQf3013767@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:35:28 splunk3 sendmail[10019]: n37GZQlM010018: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:35:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:35:52 splunk3 sendmail[10137]: n37GZq1c010137: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:36:52 splunk3 sendmail[10373]: n37GaqNH010373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:37:52 splunk3 sendmail[10613]: n37Gbqwr010613: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:38:52 splunk3 sendmail[10851]: n37Gcq0A010851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:39:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:39:52 splunk3 sendmail[11094]: n37GdqDj011094: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:40:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:40:27 splunk3 sendmail[11234]: n37GeR7f011234: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071640.n37GeQln014404@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:40:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54416 
Apr  7 09:40:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:40:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:40:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:40:27 splunk3 spamd[26356]: spamd: processing message <200904071640.n37GeQln014404@virt2.int.splunk.com> for spamme:501 
Apr  7 09:40:29 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 09:40:29 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54416,mid=<200904071640.n37GeQln014404@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:40:29 splunk3 sendmail[11235]: n37GeR7f011234: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:40:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:40:52 splunk3 sendmail[11352]: n37Geqgu011352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 09:41:52 splunk3 sendmail[11593]: n37GfqjF011593: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:42:52 splunk3 sendmail[11824]: n37Ggql3011824: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:43:52 splunk3 sendmail[12064]: n37Ghq1G012064: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:44:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:44:52 splunk3 sendmail[12305]: n37Giqfd012305: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:45:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:45:27 splunk3 sendmail[12456]: n37GjRGq012456: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071645.n37GjR7X015044@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:45:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54473 
Apr  7 09:45:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:45:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:45:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:45:27 splunk3 spamd[26356]: spamd: processing message <200904071645.n37GjR7X015044@virt2.int.splunk.com> for spamme:501 
Apr  7 09:45:29 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 09:45:29 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54473,mid=<200904071645.n37GjR7X015044@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:45:29 splunk3 sendmail[12457]: n37GjRGq012456: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:45:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:45:52 splunk3 sendmail[12560]: n37GjqZa012560: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:46:52 splunk3 sendmail[12794]: n37GkqOC012794: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:47:52 splunk3 sendmail[13036]: n37Glqk0013036: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:48:52 splunk3 sendmail[13279]: n37GmqQt013279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:49:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:49:52 splunk3 sendmail[13553]: n37GnqF5013553: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:50:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:50:28 splunk3 sendmail[13712]: n37GoRKh013712: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071650.n37GoRAv015633@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:50:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54528 
Apr  7 09:50:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:50:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:50:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:50:28 splunk3 spamd[26356]: spamd: processing message <200904071650.n37GoRAv015633@virt2.int.splunk.com> for spamme:501 
Apr  7 09:50:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 09:50:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54528,mid=<200904071650.n37GoRAv015633@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:50:30 splunk3 sendmail[13713]: n37GoRKh013712: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:50:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:50:52 splunk3 sendmail[13814]: n37Goq45013814: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:51:52 splunk3 sendmail[14053]: n37Gpqk9014053: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:52:52 splunk3 sendmail[14287]: n37GqqP2014287: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:53:52 splunk3 sendmail[14530]: n37GrqrQ014530: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:54:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:54:52 splunk3 sendmail[14769]: n37GsqnJ014769: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:55:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 09:55:28 splunk3 sendmail[14920]: n37GtSYD014920: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071655.n37GtSqa016267@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 09:55:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54584 
Apr  7 09:55:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:55:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:55:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:55:28 splunk3 spamd[26356]: spamd: processing message <200904071655.n37GtSqa016267@virt2.int.splunk.com> for spamme:501 
Apr  7 09:55:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.3 seconds, 1308 bytes. 
Apr  7 09:55:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54584,mid=<200904071655.n37GtSqa016267@virt2.int.splunk.com>,bayes=0.114512628840515,autolearn=no 
Apr  7 09:55:30 splunk3 sendmail[14921]: n37GtSYD014920: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 09:55:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:55:52 splunk3 sendmail[15025]: n37GtqRA015025: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 09:56:52 splunk3 sendmail[15257]: n37GuqsT015257: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:57:35 splunk3 sendmail[15401]: n37GvVD6015401: from=<uokuotni_1950@GOTLINGERIE.COM>, size=2017, class=0, nrcpts=1, msgid=<200904071657.n37GvVD6015401@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=119.17.81-79.rev.gaoland.net [79.81.17.119]
Apr  7 09:57:36 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54606 
Apr  7 09:57:36 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 09:57:36 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 09:57:36 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 09:57:36 splunk3 spamd[26356]: spamd: processing message <200904071657.n37GvVD6015401@splunk3.splunkit.com> for spamme:501 
Apr  7 09:57:38 splunk3 spamd[26356]: spamd: identified spam (22.4/5.0) for spamme:501 in 2.3 seconds, 2444 bytes. 
Apr  7 09:57:38 splunk3 spamd[26356]: spamd: result: Y 22 - BAYES_99,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,URIBL_SBL,URI_NOVOWEL scantime=2.3,size=2444,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54606,mid=<200904071657.n37GvVD6015401@splunk3.splunkit.com>,bayes=0.999106205570109,autolearn=spam 
Apr  7 09:57:38 splunk3 sendmail[15423]: n37GvVD6015401: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:03, mailer=local, pri=32346, dsn=2.0.0, stat=Sent
Apr  7 09:57:38 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 09:57:52 splunk3 sendmail[15513]: n37GvqOb015513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:58:52 splunk3 sendmail[15748]: n37GwqR3015748: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 09:59:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 09:59:52 splunk3 sendmail[15991]: n37GxqnE015991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:00:04 splunk3 sendmail[16099]: n37H04gB016099: from=root, size=291, class=0, nrcpts=1, msgid=<200904071700.n37H04gB016099@splunk3.splunkit.com>, relay=root@localhost
Apr  7 10:00:04 splunk3 sendmail[16103]: n37H04Bx016103: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071700.n37H04gB016099@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 10:00:04 splunk3 sendmail[16099]: n37H04gB016099: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37H04Bx016103 Message accepted for delivery)
Apr  7 10:00:06 splunk3 sendmail[16104]: n37H04Bx016103: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 10:00:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:00:18 splunk3 sendmail[16176]: n37H0ISg016176: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071700.n37H0ISg016176@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 10:00:18 splunk3 sendmail[16178]: n37H0ISg016176: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 10:00:18 splunk3 sendmail[16178]: n37H0ISg016176: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 10:00:18 splunk3 sendmail[16178]: n37H0ISg016176: n37H0ISg016178: postmaster notify: User unknown
Apr  7 10:00:20 splunk3 sendmail[16178]: n37H0ISg016178: to=root, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 10:00:29 splunk3 sendmail[16232]: n37H0TwO016232: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071700.n37H0TJw016882@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:00:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54650 
Apr  7 10:00:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:00:29 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 10:00:29 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 10:00:29 splunk3 sendmail[16233]: n37H0TwO016232: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:00:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:00:52 splunk3 sendmail[16333]: n37H0qAq016333: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:01:09 splunk3 sendmail[16364]: n37H11kX016364: from=root, size=443, class=0, nrcpts=1, msgid=<200904071701.n37H11kX016364@splunk3.splunkit.com>, relay=root@localhost
Apr  7 10:01:09 splunk3 sendmail[16403]: n37H19Sq016403: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071701.n37H11kX016364@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 10:01:09 splunk3 sendmail[16364]: n37H11kX016364: to=root, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37H19Sq016403 Message accepted for delivery)
Apr  7 10:01:11 splunk3 sendmail[16404]: n37H19Sq016403: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 10:01:52 splunk3 sendmail[16585]: n37H1qC9016585: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:02:52 splunk3 sendmail[16823]: n37H2qIY016823: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:03:52 splunk3 sendmail[17059]: n37H3qBm017059: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:04:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:04:52 splunk3 sendmail[17300]: n37H4qhG017300: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:05:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:05:30 splunk3 sendmail[17456]: n37H5UpT017456: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071705.n37H5TFx017585@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:05:30 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54706 
Apr  7 10:05:30 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:05:30 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 10:05:30 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 10:05:30 splunk3 sendmail[17457]: n37H5UpT017456: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:05:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:05:52 splunk3 sendmail[17557]: n37H5qwu017557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:06:52 splunk3 sendmail[17790]: n37H6qOt017790: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:07:52 splunk3 sendmail[18030]: n37H7q8L018030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:08:52 splunk3 sendmail[18271]: n37H8qYW018271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:09:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:09:52 splunk3 sendmail[18515]: n37H9qYx018515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:10:00 splunk3 sendmail[18534]: n37HA0eE018534: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071710.n37HA0M2018100@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:10:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54750 
Apr  7 10:10:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:10:00 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 10:10:00 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 10:10:00 splunk3 sendmail[18535]: n37HA0eE018534: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:10:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:10:03 splunk3 sendmail[18656]: n37HA3mW018656: from=root, size=292, class=0, nrcpts=1, msgid=<200904071710.n37HA3mW018656@splunk3.splunkit.com>, relay=root@localhost
Apr  7 10:10:03 splunk3 sendmail[18661]: n37HA3lJ018661: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071710.n37HA3mW018656@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 10:10:03 splunk3 sendmail[18656]: n37HA3mW018656: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37HA3lJ018661 Message accepted for delivery)
Apr  7 10:10:04 splunk3 sendmail[18662]: n37HA3lJ018661: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 10:10:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:10:52 splunk3 sendmail[18875]: n37HAqo5018875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 10:11:52 splunk3 sendmail[19117]: n37HBq0v019117: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:12:52 splunk3 sendmail[19353]: n37HCqpO019353: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:13:52 splunk3 sendmail[19588]: n37HDqM6019588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:14:33 splunk3 sendmail[19744]: n37HEWBp019744: from=<3-InbSRQKBqcNVVNSLHSLYaZ-UVYLWSfNVVNSL.JVTZWHTTLZWSbURPa.JVT@alerts.bounces.google.com>, size=5306, class=0, nrcpts=1, msgid=<00163630f1df02ef8d0466fa26a1@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  7 10:14:33 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54803 
Apr  7 10:14:33 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:14:33 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:14:33 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:14:33 splunk3 spamd[26356]: spamd: processing message <00163630f1df02ef8d0466fa26a1@google.com> for spamme:501 
Apr  7 10:14:35 splunk3 spamd[26356]: spamd: clean message (-2.3/5.0) for spamme:501 in 2.4 seconds, 5740 bytes. 
Apr  7 10:14:35 splunk3 spamd[26356]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.4,size=5740,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54803,mid=<00163630f1df02ef8d0466fa26a1@google.com>,bayes=0,autolearn=ham 
Apr  7 10:14:35 splunk3 sendmail[19745]: n37HEWBp019744: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35521, dsn=2.0.0, stat=Sent
Apr  7 10:14:35 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:14:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:14:52 splunk3 sendmail[19834]: n37HEqUg019834: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:15:02 splunk3 sendmail[19865]: n37HF2BQ019865: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071715.n37HF08X018884@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:15:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54809 
Apr  7 10:15:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:15:02 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:15:02 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:15:02 splunk3 spamd[26356]: spamd: processing message <200904071715.n37HF08X018884@virt2.int.splunk.com> for spamme:501 
Apr  7 10:15:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 10:15:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54809,mid=<200904071715.n37HF08X018884@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:15:04 splunk3 sendmail[19878]: n37HF2BQ019865: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:15:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:15:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:15:52 splunk3 sendmail[20092]: n37HFqk5020092: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:16:52 splunk3 sendmail[20328]: n37HGqvq020328: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:17:53 splunk3 sendmail[20566]: n37HHrpl020566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:18:53 splunk3 sendmail[20802]: n37HIrxB020802: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:19:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:19:53 splunk3 sendmail[21046]: n37HJr8L021046: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:20:04 splunk3 sendmail[21091]: n37HK4Io021091: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071720.n37HK2Z5019558@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:20:04 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54864 
Apr  7 10:20:04 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:20:04 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:20:04 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:20:04 splunk3 spamd[26356]: spamd: processing message <200904071720.n37HK2Z5019558@virt2.int.splunk.com> for spamme:501 
Apr  7 10:20:06 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.0 seconds, 1308 bytes. 
Apr  7 10:20:06 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.0,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54864,mid=<200904071720.n37HK2Z5019558@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:20:06 splunk3 sendmail[21092]: n37HK4Io021091: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:20:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:20:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:20:53 splunk3 sendmail[21304]: n37HKrYH021304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:21:53 splunk3 sendmail[21542]: n37HLrKK021542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:22:53 splunk3 sendmail[21779]: n37HMrXO021779: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:23:53 splunk3 sendmail[22024]: n37HNrWf022024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:24:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:24:53 splunk3 sendmail[22261]: n37HOrH5022261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:25:05 splunk3 sendmail[22304]: n37HP52G022304: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071725.n37HP4rA020164@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:25:05 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54920 
Apr  7 10:25:05 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:25:05 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:25:05 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:25:05 splunk3 spamd[26356]: spamd: processing message <200904071725.n37HP4rA020164@virt2.int.splunk.com> for spamme:501 
Apr  7 10:25:07 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 10:25:07 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54920,mid=<200904071725.n37HP4rA020164@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:25:07 splunk3 sendmail[22305]: n37HP52G022304: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:25:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:25:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:25:53 splunk3 sendmail[22520]: n37HPrUg022520: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 10:26:53 splunk3 sendmail[22757]: n37HQrLV022757: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:27:53 splunk3 sendmail[22995]: n37HRrxu022995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:28:53 splunk3 sendmail[23229]: n37HSrxo023229: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:29:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:29:53 splunk3 sendmail[23474]: n37HTrD0023474: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:30:05 splunk3 sendmail[23519]: n37HU5wq023519: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071730.n37HU5XN020780@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:30:05 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 54977 
Apr  7 10:30:05 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:30:05 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:30:05 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:30:05 splunk3 spamd[26356]: spamd: processing message <200904071730.n37HU5XN020780@virt2.int.splunk.com> for spamme:501 
Apr  7 10:30:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  7 10:30:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54977,mid=<200904071730.n37HU5XN020780@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:30:09 splunk3 sendmail[23520]: n37HU5wq023519: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:30:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:30:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:30:53 splunk3 sendmail[23734]: n37HUrAb023734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:31:53 splunk3 sendmail[23969]: n37HVr7E023969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:32:53 splunk3 sendmail[24207]: n37HWrJG024207: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:33:53 splunk3 sendmail[24447]: n37HXrlS024447: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:34:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:34:53 splunk3 sendmail[24685]: n37HYr6Z024685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:35:06 splunk3 sendmail[24731]: n37HZ5LY024731: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071735.n37HZ5Or021527@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:35:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55032 
Apr  7 10:35:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:35:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:35:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:35:06 splunk3 spamd[26356]: spamd: processing message <200904071735.n37HZ5Or021527@virt2.int.splunk.com> for spamme:501 
Apr  7 10:35:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 10:35:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55032,mid=<200904071735.n37HZ5Or021527@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:35:08 splunk3 sendmail[24732]: n37HZ5LY024731: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:35:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:35:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:35:53 splunk3 sendmail[24942]: n37HZrYH024942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:36:53 splunk3 sendmail[25178]: n37Harhp025178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:37:53 splunk3 sendmail[25418]: n37Hbrhe025418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:38:53 splunk3 sendmail[25656]: n37Hcrk8025656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:39:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:39:53 splunk3 sendmail[25901]: n37HdrEX025901: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:40:06 splunk3 sendmail[25946]: n37He6ew025946: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071740.n37He6gx022161@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:40:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55088 
Apr  7 10:40:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:40:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:40:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:40:06 splunk3 spamd[26356]: spamd: processing message <200904071740.n37He6gx022161@virt2.int.splunk.com> for spamme:501 
Apr  7 10:40:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 10:40:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55088,mid=<200904071740.n37He6gx022161@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:40:08 splunk3 sendmail[25947]: n37He6ew025946: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:40:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:40:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:40:53 splunk3 sendmail[26160]: n37HerI5026160: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 10:41:53 splunk3 sendmail[26402]: n37HfrwI026402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:42:53 splunk3 sendmail[26636]: n37HgrWj026636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:43:53 splunk3 sendmail[26876]: n37HhrHG026876: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:44:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:44:53 splunk3 sendmail[27116]: n37Hir6d027116: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:45:07 splunk3 sendmail[27175]: n37Hj7bS027175: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071745.n37Hj7X1022776@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:45:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55144 
Apr  7 10:45:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:45:07 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:45:07 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:45:07 splunk3 spamd[26356]: spamd: processing message <200904071745.n37Hj7X1022776@virt2.int.splunk.com> for spamme:501 
Apr  7 10:45:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 10:45:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55144,mid=<200904071745.n37Hj7X1022776@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:45:09 splunk3 sendmail[27176]: n37Hj7bS027175: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:45:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:45:53 splunk3 sendmail[27370]: n37HjrbQ027370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:46:53 splunk3 sendmail[27604]: n37HkrCq027604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:47:53 splunk3 sendmail[27843]: n37HlrAq027843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:48:53 splunk3 sendmail[28078]: n37Hmrtx028078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:49:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:49:53 splunk3 sendmail[28319]: n37HnrTv028319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:50:07 splunk3 sendmail[28384]: n37Ho7D9028384: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071750.n37Ho7sS023392@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:50:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55200 
Apr  7 10:50:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:50:07 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:50:07 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:50:07 splunk3 spamd[26356]: spamd: processing message <200904071750.n37Ho7sS023392@virt2.int.splunk.com> for spamme:501 
Apr  7 10:50:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 10:50:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55200,mid=<200904071750.n37Ho7sS023392@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:50:09 splunk3 sendmail[28385]: n37Ho7D9028384: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:50:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:50:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:50:53 splunk3 sendmail[28580]: n37HorQg028580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:51:53 splunk3 sendmail[28820]: n37HprbK028820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:52:53 splunk3 sendmail[29054]: n37HqrD5029054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:53:53 splunk3 sendmail[29298]: n37HrrCO029298: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:54:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:54:53 splunk3 sendmail[29539]: n37HsroK029539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:55:08 splunk3 sendmail[29597]: n37Ht8vo029597: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071755.n37Ht8pJ024033@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 10:55:08 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55255 
Apr  7 10:55:08 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 10:55:08 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 10:55:08 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 10:55:08 splunk3 spamd[26356]: spamd: processing message <200904071755.n37Ht8pJ024033@virt2.int.splunk.com> for spamme:501 
Apr  7 10:55:10 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 10:55:10 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55255,mid=<200904071755.n37Ht8pJ024033@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 10:55:10 splunk3 sendmail[29598]: n37Ht8vo029597: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 10:55:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 10:55:11 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 10:55:53 splunk3 sendmail[29796]: n37HtrN2029796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 10:56:53 splunk3 sendmail[30030]: n37HurvY030030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:57:10 splunk3 sendmail[24330]: n37HY1jb024330: [189.216.178.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:57:53 splunk3 sendmail[30271]: n37HvrH6030271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:58:53 splunk3 sendmail[30506]: n37HwrsV030506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 10:59:44 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 10:59:53 splunk3 sendmail[30747]: n37HxrUs030747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:00:04 splunk3 sendmail[30853]: n37I04PS030853: from=root, size=291, class=0, nrcpts=1, msgid=<200904071800.n37I04PS030853@splunk3.splunkit.com>, relay=root@localhost
Apr  7 11:00:05 splunk3 sendmail[30857]: n37I049Y030857: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071800.n37I04PS030853@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 11:00:05 splunk3 sendmail[30853]: n37I04PS030853: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37I049Y030857 Message accepted for delivery)
Apr  7 11:00:06 splunk3 sendmail[30858]: n37I049Y030857: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 11:00:09 splunk3 sendmail[30881]: n37I09G5030881: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071800.n37I094m024672@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:00:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55313 
Apr  7 11:00:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:00:09 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 11:00:09 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 11:00:09 splunk3 sendmail[30882]: n37I09G5030881: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:00:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:00:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:00:24 splunk3 sendmail[30960]: n37I0O5B030960: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071800.n37I0O5B030960@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 11:00:24 splunk3 sendmail[30962]: n37I0O5B030960: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 11:00:24 splunk3 sendmail[30962]: n37I0O5B030960: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 11:00:24 splunk3 sendmail[30962]: n37I0O5B030960: n37I0O5B030962: postmaster notify: User unknown
Apr  7 11:00:25 splunk3 sendmail[30962]: n37I0O5B030962: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 11:00:53 splunk3 sendmail[31092]: n37I0rrP031092: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:01:10 splunk3 sendmail[31122]: n37I11Y1031122: from=root, size=443, class=0, nrcpts=1, msgid=<200904071801.n37I11Y1031122@splunk3.splunkit.com>, relay=root@localhost
Apr  7 11:01:10 splunk3 sendmail[31161]: n37I1Ajb031161: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071801.n37I11Y1031122@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 11:01:10 splunk3 sendmail[31122]: n37I11Y1031122: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37I1Ajb031161 Message accepted for delivery)
Apr  7 11:01:13 splunk3 sendmail[31162]: n37I1Ajb031161: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 11:01:53 splunk3 sendmail[31343]: n37I1rbC031343: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:02:53 splunk3 sendmail[31577]: n37I2rrp031577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:03:53 splunk3 sendmail[31813]: n37I3rCS031813: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:04:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:04:53 splunk3 sendmail[32052]: n37I4rtH032052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:05:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:05:11 splunk3 sendmail[32117]: n37I5Bq9032117: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071805.n37I5AEq025353@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:05:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55377 
Apr  7 11:05:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:05:11 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 11:05:11 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 11:05:11 splunk3 sendmail[32118]: n37I5Bq9032117: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:05:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:05:53 splunk3 sendmail[32309]: n37I5rjD032309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:06:53 splunk3 sendmail[32540]: n37I6rCY032540: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:07:53 splunk3 sendmail[313]: n37I7rie000313: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:08:53 splunk3 sendmail[554]: n37I8rMf000554: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:09:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:09:53 splunk3 sendmail[794]: n37I9rZq000794: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:10:02 splunk3 sendmail[932]: n37IA2N1000932: from=root, size=292, class=0, nrcpts=1, msgid=<200904071810.n37IA2N1000932@splunk3.splunkit.com>, relay=root@localhost
Apr  7 11:10:02 splunk3 sendmail[937]: n37IA2hO000937: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071810.n37IA2N1000932@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 11:10:02 splunk3 sendmail[932]: n37IA2N1000932: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37IA2hO000937 Message accepted for delivery)
Apr  7 11:10:03 splunk3 sendmail[938]: n37IA2hO000937: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 11:10:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:10:11 splunk3 sendmail[981]: n37IABJQ000981: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071810.n37IABRs025967@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:10:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55433 
Apr  7 11:10:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:10:11 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:10:11 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:10:11 splunk3 spamd[26356]: spamd: processing message <200904071810.n37IABRs025967@virt2.int.splunk.com> for spamme:501 
Apr  7 11:10:13 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 11:10:13 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55433,mid=<200904071810.n37IABRs025967@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:10:13 splunk3 sendmail[982]: n37IABJQ000981: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:10:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:10:53 splunk3 sendmail[1159]: n37IArVp001159: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 11:11:53 splunk3 sendmail[1402]: n37IBrDL001402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:12:53 splunk3 sendmail[1639]: n37ICrIR001639: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:13:53 splunk3 sendmail[1877]: n37IDriP001877: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:14:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:14:53 splunk3 sendmail[2120]: n37IEraX002120: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:15:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:15:12 splunk3 sendmail[2202]: n37IFBHO002202: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071815.n37IFBKq026749@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:15:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55490 
Apr  7 11:15:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:15:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:15:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:15:12 splunk3 spamd[26356]: spamd: processing message <200904071815.n37IFBKq026749@virt2.int.splunk.com> for spamme:501 
Apr  7 11:15:14 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 11:15:14 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55490,mid=<200904071815.n37IFBKq026749@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:15:14 splunk3 sendmail[2203]: n37IFBHO002202: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:15:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:15:53 splunk3 sendmail[2378]: n37IFruo002378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:16:53 splunk3 sendmail[2614]: n37IGrQs002614: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:17:53 splunk3 sendmail[2866]: n37IHrFE002866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:18:53 splunk3 sendmail[3112]: n37IIr5i003112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:19:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:19:53 splunk3 sendmail[3356]: n37IJrAK003356: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:20:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:20:12 splunk3 sendmail[3439]: n37IKCWL003439: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071820.n37IKC4Y027387@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:20:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55545 
Apr  7 11:20:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:20:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:20:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:20:12 splunk3 spamd[26356]: spamd: processing message <200904071820.n37IKC4Y027387@virt2.int.splunk.com> for spamme:501 
Apr  7 11:20:14 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 11:20:14 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55545,mid=<200904071820.n37IKC4Y027387@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:20:14 splunk3 sendmail[3440]: n37IKCWL003439: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:20:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:20:53 splunk3 sendmail[3635]: n37IKr0F003635: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:21:53 splunk3 sendmail[3881]: n37ILrfF003881: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:22:53 splunk3 sendmail[4131]: n37IMrft004131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:23:53 splunk3 sendmail[4388]: n37INr2C004388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:24:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:24:53 splunk3 sendmail[4629]: n37IOrWI004629: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:25:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:25:12 splunk3 sendmail[4711]: n37IPCLC004711: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071825.n37IPCjr027996@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:25:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55601 
Apr  7 11:25:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:25:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:25:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:25:12 splunk3 spamd[26356]: spamd: processing message <200904071825.n37IPCjr027996@virt2.int.splunk.com> for spamme:501 
Apr  7 11:25:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 11:25:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55601,mid=<200904071825.n37IPCjr027996@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:25:15 splunk3 sendmail[4712]: n37IPCLC004711: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:25:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:25:53 splunk3 sendmail[4891]: n37IPrXf004891: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 11:26:53 splunk3 sendmail[5172]: n37IQr9U005172: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:27:53 splunk3 sendmail[5414]: n37IRrF3005414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:28:53 splunk3 sendmail[5649]: n37ISrk9005649: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:29:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:29:53 splunk3 sendmail[5895]: n37ITr4m005895: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:30:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:30:13 splunk3 sendmail[5979]: n37IUDr4005979: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071830.n37IUDYM028617@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:30:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55657 
Apr  7 11:30:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:30:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:30:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:30:13 splunk3 spamd[26356]: spamd: processing message <200904071830.n37IUDYM028617@virt2.int.splunk.com> for spamme:501 
Apr  7 11:30:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 11:30:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55657,mid=<200904071830.n37IUDYM028617@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:30:15 splunk3 sendmail[5980]: n37IUDr4005979: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:30:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:30:53 splunk3 sendmail[6150]: n37IUrHF006150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:31:53 splunk3 sendmail[6391]: n37IVr3E006391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:32:53 splunk3 sendmail[6629]: n37IWrNb006629: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:33:53 splunk3 sendmail[6867]: n37IXrPm006867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:34:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:34:53 splunk3 sendmail[7104]: n37IYrd6007104: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:35:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:35:14 splunk3 sendmail[7187]: n37IZE71007187: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071835.n37IZDpY029366@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:35:14 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55713 
Apr  7 11:35:14 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:35:14 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:35:14 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:35:14 splunk3 spamd[26356]: spamd: processing message <200904071835.n37IZDpY029366@virt2.int.splunk.com> for spamme:501 
Apr  7 11:35:16 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 11:35:16 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55713,mid=<200904071835.n37IZDpY029366@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:35:16 splunk3 sendmail[7188]: n37IZE71007187: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:35:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:35:53 splunk3 sendmail[7361]: n37IZrjE007361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:36:53 splunk3 sendmail[7606]: n37Iarun007606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:37:53 splunk3 sendmail[7843]: n37Ibr6F007843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:38:53 splunk3 sendmail[8083]: n37Icr3f008083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:39:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:39:53 splunk3 sendmail[8328]: n37IdrfF008328: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:40:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:40:15 splunk3 sendmail[8412]: n37IeFgm008412: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071840.n37IeEYk029998@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:40:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55769 
Apr  7 11:40:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:40:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:40:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:40:15 splunk3 spamd[26356]: spamd: processing message <200904071840.n37IeEYk029998@virt2.int.splunk.com> for spamme:501 
Apr  7 11:40:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 11:40:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55769,mid=<200904071840.n37IeEYk029998@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:40:17 splunk3 sendmail[8413]: n37IeFgm008412: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:40:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:40:53 splunk3 sendmail[8587]: n37IerL6008587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 11:41:53 splunk3 sendmail[8826]: n37Ifrc5008826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:42:53 splunk3 sendmail[9062]: n37IgrtY009062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:43:53 splunk3 sendmail[9302]: n37IhraK009302: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:44:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:44:53 splunk3 sendmail[9541]: n37Iirhn009541: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:45:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:45:15 splunk3 sendmail[9626]: n37IjF5t009626: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071845.n37IjFia030611@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:45:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55825 
Apr  7 11:45:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:45:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:45:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:45:15 splunk3 spamd[26356]: spamd: processing message <200904071845.n37IjFia030611@virt2.int.splunk.com> for spamme:501 
Apr  7 11:45:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 11:45:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55825,mid=<200904071845.n37IjFia030611@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:45:17 splunk3 sendmail[9627]: n37IjF5t009626: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:45:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:45:53 splunk3 sendmail[9797]: n37IjrsX009797: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:46:53 splunk3 sendmail[10033]: n37IkrTu010033: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:47:53 splunk3 sendmail[10273]: n37IlrX2010273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:48:53 splunk3 sendmail[10507]: n37ImrMK010507: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:49:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:49:53 splunk3 sendmail[10751]: n37InrW8010751: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:50:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:50:16 splunk3 sendmail[10852]: n37IoGpC010852: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071850.n37IoFPY031222@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:50:16 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55881 
Apr  7 11:50:16 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:50:16 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:50:16 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:50:16 splunk3 spamd[26356]: spamd: processing message <200904071850.n37IoFPY031222@virt2.int.splunk.com> for spamme:501 
Apr  7 11:50:18 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 11:50:18 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55881,mid=<200904071850.n37IoFPY031222@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:50:18 splunk3 sendmail[10853]: n37IoGpC010852: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:50:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:50:53 splunk3 sendmail[11012]: n37IorhX011012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:51:53 splunk3 sendmail[11249]: n37Iprpf011249: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:52:53 splunk3 sendmail[11484]: n37IqrkZ011484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:53:53 splunk3 sendmail[11730]: n37IrriS011730: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:54:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:54:53 splunk3 sendmail[11967]: n37Isrbp011967: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:55:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 11:55:16 splunk3 sendmail[12067]: n37ItGbF012067: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071855.n37ItG7S031833@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 11:55:16 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55936 
Apr  7 11:55:16 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 11:55:16 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 11:55:16 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 11:55:17 splunk3 spamd[26356]: spamd: processing message <200904071855.n37ItG7S031833@virt2.int.splunk.com> for spamme:501 
Apr  7 11:55:19 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 11:55:19 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=55936,mid=<200904071855.n37ItG7S031833@virt2.int.splunk.com>,bayes=0.114537367337723,autolearn=no 
Apr  7 11:55:19 splunk3 sendmail[12068]: n37ItGbF012067: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 11:55:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 11:55:53 splunk3 sendmail[12223]: n37ItrNP012223: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 11:56:53 splunk3 sendmail[12460]: n37Iurt6012460: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:57:53 splunk3 sendmail[12701]: n37IvrQL012701: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:58:53 splunk3 sendmail[12934]: n37Iwrl2012934: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 11:59:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 11:59:54 splunk3 sendmail[13178]: n37IxrKs013178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:00:04 splunk3 sendmail[13310]: n37J047K013310: from=root, size=291, class=0, nrcpts=1, msgid=<200904071900.n37J047K013310@splunk3.splunkit.com>, relay=root@localhost
Apr  7 12:00:04 splunk3 sendmail[13316]: n37J045R013316: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904071900.n37J047K013310@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 12:00:04 splunk3 sendmail[13310]: n37J047K013310: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37J045R013316 Message accepted for delivery)
Apr  7 12:00:05 splunk3 sendmail[13318]: n37J045R013316: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 12:00:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:00:17 splunk3 sendmail[13388]: n37J0Hs3013388: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904071900.n37J0HUh032469@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:00:17 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 55994 
Apr  7 12:00:17 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:00:17 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 12:00:17 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 12:00:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:00:17 splunk3 sendmail[13389]: n37J0Hs3013388: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 12:00:30 splunk3 sendmail[13448]: n37J0Uq1013448: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904071900.n37J0Uq1013448@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 12:00:30 splunk3 sendmail[13450]: n37J0Uq1013448: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 12:00:30 splunk3 sendmail[13450]: n37J0Uq1013448: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 12:00:30 splunk3 sendmail[13450]: n37J0Uq1013448: n37J0Uq1013450: postmaster notify: User unknown
Apr  7 12:00:31 splunk3 sendmail[13450]: n37J0Uq1013450: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 12:00:54 splunk3 sendmail[13561]: n37J0s2G013561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:01:13 splunk3 sendmail[13611]: n37J11m5013611: from=root, size=443, class=0, nrcpts=1, msgid=<200904071901.n37J11m5013611@splunk3.splunkit.com>, relay=root@localhost
Apr  7 12:01:13 splunk3 sendmail[13649]: n37J1DkA013649: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904071901.n37J11m5013611@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 12:01:13 splunk3 sendmail[13611]: n37J11m5013611: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37J1DkA013649 Message accepted for delivery)
Apr  7 12:01:14 splunk3 sendmail[13650]: n37J1DkA013649: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 12:01:54 splunk3 sendmail[13812]: n37J1stg013812: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:02:54 splunk3 sendmail[14049]: n37J2sTN014049: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:03:54 splunk3 sendmail[14287]: n37J3sSx014287: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:04:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:04:54 splunk3 sendmail[14528]: n37J4sGm014528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:05:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:05:17 splunk3 sendmail[14640]: n37J5H7S014640: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904071905.n37J5HQq000689@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:05:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56065 
Apr  7 12:05:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:05:18 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 12:05:18 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 12:05:18 splunk3 sendmail[14641]: n37J5H7S014640: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  7 12:05:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:05:54 splunk3 sendmail[14783]: n37J5sOX014783: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:06:54 splunk3 sendmail[15017]: n37J6sd1015017: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:07:54 splunk3 sendmail[15258]: n37J7sb9015258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:08:54 splunk3 sendmail[15506]: n37J8sGK015506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:09:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:09:54 splunk3 sendmail[15746]: n37J9sJQ015746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:10:02 splunk3 sendmail[15895]: n37JA2wY015895: from=root, size=292, class=0, nrcpts=1, msgid=<200904071910.n37JA2wY015895@splunk3.splunkit.com>, relay=root@localhost
Apr  7 12:10:02 splunk3 sendmail[15900]: n37JA275015900: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904071910.n37JA2wY015895@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 12:10:02 splunk3 sendmail[15895]: n37JA2wY015895: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37JA275015900 Message accepted for delivery)
Apr  7 12:10:03 splunk3 sendmail[15901]: n37JA275015900: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 12:10:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:10:18 splunk3 sendmail[15965]: n37JAIZE015965: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071910.n37JAImV001313@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:10:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56122 
Apr  7 12:10:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:10:18 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:10:18 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:10:18 splunk3 spamd[26356]: spamd: processing message <200904071910.n37JAImV001313@virt2.int.splunk.com> for spamme:501 
Apr  7 12:10:20 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 12:10:20 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56122,mid=<200904071910.n37JAImV001313@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:10:20 splunk3 sendmail[15966]: n37JAIZE015965: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:10:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:10:54 splunk3 sendmail[16111]: n37JAsfl016111: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 12:11:54 splunk3 sendmail[16354]: n37JBsP5016354: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:12:54 splunk3 sendmail[16591]: n37JCsCJ016591: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:13:54 splunk3 sendmail[16826]: n37JDsBC016826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:14:43 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:14:54 splunk3 sendmail[17068]: n37JEsGl017068: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:15:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:15:18 splunk3 sendmail[17179]: n37JFIws017179: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071915.n37JFI4O002131@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:15:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56178 
Apr  7 12:15:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:15:18 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:15:18 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:15:18 splunk3 spamd[26356]: spamd: processing message <200904071915.n37JFI4O002131@virt2.int.splunk.com> for spamme:501 
Apr  7 12:15:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.3 seconds, 1305 bytes. 
Apr  7 12:15:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56178,mid=<200904071915.n37JFI4O002131@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:15:23 splunk3 sendmail[17180]: n37JFIws017179: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:05, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:15:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:15:54 splunk3 sendmail[17323]: n37JFsfW017323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:16:54 splunk3 sendmail[17557]: n37JGssc017557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:17:54 splunk3 sendmail[17798]: n37JHsa9017798: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:18:54 splunk3 sendmail[18034]: n37JIs4v018034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:19:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:19:54 splunk3 sendmail[18279]: n37JJsZa018279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:20:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:20:19 splunk3 sendmail[18393]: n37JKJ2U018393: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071920.n37JKIKH002772@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:20:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56234 
Apr  7 12:20:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:20:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:20:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:20:19 splunk3 spamd[26356]: spamd: processing message <200904071920.n37JKIKH002772@virt2.int.splunk.com> for spamme:501 
Apr  7 12:20:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 12:20:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56234,mid=<200904071920.n37JKIKH002772@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:20:21 splunk3 sendmail[18394]: n37JKJ2U018393: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:20:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:20:54 splunk3 sendmail[18535]: n37JKspx018535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:21:54 splunk3 sendmail[18775]: n37JLsgM018775: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:22:54 splunk3 sendmail[19010]: n37JMsrn019010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:23:54 splunk3 sendmail[19252]: n37JNsVt019252: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:24:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:24:54 splunk3 sendmail[19491]: n37JOsYN019491: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:25:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:25:19 splunk3 sendmail[19605]: n37JPJfv019605: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071925.n37JPJxS003379@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:25:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56289 
Apr  7 12:25:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:25:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:25:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:25:19 splunk3 spamd[26356]: spamd: processing message <200904071925.n37JPJxS003379@virt2.int.splunk.com> for spamme:501 
Apr  7 12:25:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 12:25:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56289,mid=<200904071925.n37JPJxS003379@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:25:21 splunk3 sendmail[19606]: n37JPJfv019605: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:25:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:25:54 splunk3 sendmail[19749]: n37JPsI5019749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 12:26:54 splunk3 sendmail[19986]: n37JQsFw019986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:27:54 splunk3 sendmail[20222]: n37JRsBL020222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:28:54 splunk3 sendmail[20456]: n37JSsWu020456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:29:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:29:54 splunk3 sendmail[20699]: n37JTsIc020699: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:30:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:30:20 splunk3 sendmail[20813]: n37JUK4f020813: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071930.n37JUKv0004000@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:30:20 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56346 
Apr  7 12:30:20 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:30:20 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:30:20 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:30:20 splunk3 spamd[26356]: spamd: processing message <200904071930.n37JUKv0004000@virt2.int.splunk.com> for spamme:501 
Apr  7 12:30:22 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1305 bytes. 
Apr  7 12:30:22 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56346,mid=<200904071930.n37JUKv0004000@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:30:22 splunk3 sendmail[20818]: n37JUK4f020813: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:30:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:30:54 splunk3 sendmail[20958]: n37JUsvd020958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:31:54 splunk3 sendmail[21197]: n37JVsfp021197: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:32:54 splunk3 sendmail[21435]: n37JWsjY021435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:33:54 splunk3 sendmail[21672]: n37JXsH6021672: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:34:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:34:54 splunk3 sendmail[21911]: n37JYsmu021911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:35:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:35:21 splunk3 sendmail[22049]: n37JZL6f022049: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071935.n37JZKeF004748@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:35:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56402 
Apr  7 12:35:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:35:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:35:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:35:21 splunk3 spamd[26356]: spamd: processing message <200904071935.n37JZKeF004748@virt2.int.splunk.com> for spamme:501 
Apr  7 12:35:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 12:35:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56402,mid=<200904071935.n37JZKeF004748@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:35:23 splunk3 sendmail[22050]: n37JZL6f022049: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:35:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:35:54 splunk3 sendmail[22171]: n37JZsij022171: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:36:54 splunk3 sendmail[22405]: n37JasE2022405: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:37:54 splunk3 sendmail[22644]: n37JbsJ0022644: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:38:54 splunk3 sendmail[22884]: n37Jcstv022884: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:39:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:39:54 splunk3 sendmail[23129]: n37JdsUn023129: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:40:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:40:21 splunk3 sendmail[23264]: n37JeL3k023264: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071940.n37JeL1J005384@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:40:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56457 
Apr  7 12:40:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:40:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:40:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:40:21 splunk3 spamd[26356]: spamd: processing message <200904071940.n37JeL1J005384@virt2.int.splunk.com> for spamme:501 
Apr  7 12:40:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 12:40:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56457,mid=<200904071940.n37JeL1J005384@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:40:23 splunk3 sendmail[23265]: n37JeL3k023264: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:40:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:40:54 splunk3 sendmail[23388]: n37JesNL023388: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 12:41:54 splunk3 sendmail[23625]: n37JfsBJ023625: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:42:54 splunk3 sendmail[23862]: n37JgsPl023862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:43:54 splunk3 sendmail[24099]: n37JhsSJ024099: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:44:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:44:54 splunk3 sendmail[24338]: n37JisWl024338: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:45:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:45:21 splunk3 sendmail[24472]: n37JjLSH024472: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071945.n37JjLJ2005994@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:45:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56514 
Apr  7 12:45:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:45:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:45:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:45:21 splunk3 spamd[26356]: spamd: processing message <200904071945.n37JjLJ2005994@virt2.int.splunk.com> for spamme:501 
Apr  7 12:45:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 12:45:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56514,mid=<200904071945.n37JjLJ2005994@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:45:23 splunk3 sendmail[24473]: n37JjLSH024472: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:45:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:45:54 splunk3 sendmail[24595]: n37Jjs6A024595: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:46:54 splunk3 sendmail[24832]: n37Jks11024832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:47:54 splunk3 sendmail[25073]: n37Jls7w025073: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:48:54 splunk3 sendmail[25304]: n37Jmsc5025304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:49:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:49:54 splunk3 sendmail[25549]: n37JnsZP025549: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:50:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:50:22 splunk3 sendmail[25689]: n37JoMnt025689: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071950.n37JoMmn006614@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:50:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56569 
Apr  7 12:50:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:50:22 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:50:22 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:50:22 splunk3 spamd[26356]: spamd: processing message <200904071950.n37JoMmn006614@virt2.int.splunk.com> for spamme:501 
Apr  7 12:50:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  7 12:50:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56569,mid=<200904071950.n37JoMmn006614@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:50:24 splunk3 sendmail[25690]: n37JoMnt025689: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:50:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:50:54 splunk3 sendmail[25809]: n37Josg3025809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:51:54 splunk3 sendmail[26047]: n37JpsbF026047: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:52:54 splunk3 sendmail[26283]: n37Jqsl8026283: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:53:54 splunk3 sendmail[26529]: n37Jrs0p026529: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:54:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:54:54 splunk3 sendmail[26767]: n37Jsstr026767: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:55:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 12:55:23 splunk3 sendmail[26903]: n37JtNpo026903: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904071955.n37JtMMH007214@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 12:55:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56625 
Apr  7 12:55:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 12:55:23 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 12:55:23 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 12:55:23 splunk3 spamd[26356]: spamd: processing message <200904071955.n37JtMMH007214@virt2.int.splunk.com> for spamme:501 
Apr  7 12:55:25 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 12:55:25 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56625,mid=<200904071955.n37JtMMH007214@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 12:55:25 splunk3 sendmail[26904]: n37JtNpo026903: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 12:55:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 12:55:54 splunk3 sendmail[27023]: n37JtsU5027023: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 12:56:54 splunk3 sendmail[27258]: n37JusrX027258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:57:54 splunk3 sendmail[27498]: n37JvsXf027498: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:58:54 splunk3 sendmail[27732]: n37JwsFe027732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 12:59:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 12:59:54 splunk3 sendmail[27976]: n37JxsuV027976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:00:04 splunk3 sendmail[28081]: n37K04Up028081: from=root, size=291, class=0, nrcpts=1, msgid=<200904072000.n37K04Up028081@splunk3.splunkit.com>, relay=root@localhost
Apr  7 13:00:04 splunk3 sendmail[28085]: n37K04Mb028085: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904072000.n37K04Up028081@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 13:00:04 splunk3 sendmail[28081]: n37K04Up028081: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37K04Mb028085 Message accepted for delivery)
Apr  7 13:00:05 splunk3 sendmail[28086]: n37K04Mb028085: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 13:00:06 splunk3 sendmail[28119]: n37K068D028119: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904072000.n37K068D028119@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 13:00:06 splunk3 sendmail[28121]: n37K068D028119: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 13:00:06 splunk3 sendmail[28121]: n37K068D028119: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 13:00:06 splunk3 sendmail[28121]: n37K068D028119: n37K068D028121: postmaster notify: User unknown
Apr  7 13:00:08 splunk3 sendmail[28121]: n37K068D028121: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 13:00:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:00:24 splunk3 sendmail[28199]: n37K0OR8028199: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072000.n37K0OCD007870@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:00:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56689 
Apr  7 13:00:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:00:24 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 13:00:24 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 13:00:24 splunk3 sendmail[28200]: n37K0OR8028199: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 13:00:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:00:54 splunk3 sendmail[28321]: n37K0sMV028321: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:01:12 splunk3 sendmail[28365]: n37K11xV028365: from=root, size=443, class=0, nrcpts=1, msgid=<200904072001.n37K11xV028365@splunk3.splunkit.com>, relay=root@localhost
Apr  7 13:01:12 splunk3 sendmail[28409]: n37K1CD5028409: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904072001.n37K11xV028365@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 13:01:12 splunk3 sendmail[28365]: n37K11xV028365: to=root, ctladdr=root (0/0), delay=00:00:11, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37K1CD5028409 Message accepted for delivery)
Apr  7 13:01:14 splunk3 sendmail[28410]: n37K1CD5028409: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 13:01:54 splunk3 sendmail[28570]: n37K1s8v028570: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:02:54 splunk3 sendmail[28806]: n37K2sdC028806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:03:54 splunk3 sendmail[29045]: n37K3sGp029045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:04:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:04:54 splunk3 sendmail[29286]: n37K4sWI029286: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:05:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:05:26 splunk3 sendmail[29441]: n37K5QaN029441: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072005.n37K5P84008549@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:05:26 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56746 
Apr  7 13:05:26 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:05:26 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 13:05:26 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 13:05:26 splunk3 sendmail[29442]: n37K5QaN029441: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 13:05:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:05:53 splunk3 sendmail[29541]: n37K5pgc029541: from=<spamme@splunkit.com>, size=654, class=0, nrcpts=1, msgid=<200904072005.n37K5pgc029541@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=[213.167.15.195]
Apr  7 13:05:53 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56751 
Apr  7 13:05:53 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:05:53 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 13:05:53 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 13:05:53 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:05:53 splunk3 sendmail[29543]: n37K5pgc029541: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30939, dsn=2.0.0, stat=Sent
Apr  7 13:05:54 splunk3 sendmail[29547]: n37K5s0b029547: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:06:54 splunk3 sendmail[29782]: n37K6s9A029782: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:07:54 splunk3 sendmail[30023]: n37K7sul030023: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:08:54 splunk3 sendmail[30261]: n37K8s6m030261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:09:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:09:54 splunk3 sendmail[30504]: n37K9sAC030504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:10:02 splunk3 sendmail[30641]: n37KA2nU030641: from=root, size=292, class=0, nrcpts=1, msgid=<200904072010.n37KA2nU030641@splunk3.splunkit.com>, relay=root@localhost
Apr  7 13:10:02 splunk3 sendmail[30646]: n37KA24j030646: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904072010.n37KA2nU030641@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 13:10:02 splunk3 sendmail[30641]: n37KA2nU030641: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37KA24j030646 Message accepted for delivery)
Apr  7 13:10:03 splunk3 sendmail[30647]: n37KA24j030646: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 13:10:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:10:27 splunk3 sendmail[30763]: n37KARUj030763: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072010.n37KARX2009164@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:10:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56804 
Apr  7 13:10:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:10:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:10:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:10:27 splunk3 spamd[26356]: spamd: processing message <200904072010.n37KARX2009164@virt2.int.splunk.com> for spamme:501 
Apr  7 13:10:29 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  7 13:10:29 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56804,mid=<200904072010.n37KARX2009164@virt2.int.splunk.com>,bayes=0.171853219144027,autolearn=no 
Apr  7 13:10:29 splunk3 sendmail[30764]: n37KARUj030763: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 13:10:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:10:54 splunk3 sendmail[30868]: n37KAsVT030868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:11:13 splunk3 sendmail[30950]: n37KBCeW030950: from=<3YLPbSRQKBjkbjjbgZVgZmon-ijmZkgtbjjbgZ.XjhnkVhhZnkgpifdo.Xjh@alerts.bounces.google.com>, size=5959, class=0, nrcpts=1, msgid=<000e0cd4872ed65b030466fc9df9@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.160]
Apr  7 13:11:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56813 
Apr  7 13:11:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:11:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:11:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:11:13 splunk3 spamd[26356]: spamd: processing message <000e0cd4872ed65b030466fc9df9@google.com> for spamme:501 
Apr  7 13:11:15 splunk3 spamd[26356]: spamd: clean message (-2.2/5.0) for spamme:501 in 2.1 seconds, 6388 bytes. 
Apr  7 13:11:15 splunk3 spamd[26356]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.1,size=6388,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56813,mid=<000e0cd4872ed65b030466fc9df9@google.com>,bayes=0,autolearn=ham 
Apr  7 13:11:15 splunk3 sendmail[30951]: n37KBCeW030950: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=36169, dsn=2.0.0, stat=Sent
Apr  7 13:11:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 13:11:54 splunk3 sendmail[31115]: n37KBswe031115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:12:54 splunk3 sendmail[31350]: n37KCs8i031350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:13:54 splunk3 sendmail[31588]: n37KDsDX031588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:14:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:14:54 splunk3 sendmail[31828]: n37KEsxW031828: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:15:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:15:28 splunk3 sendmail[31979]: n37KFR4b031979: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072015.n37KFRf4009968@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:15:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56861 
Apr  7 13:15:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:15:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:15:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:15:28 splunk3 spamd[26356]: spamd: processing message <200904072015.n37KFRf4009968@virt2.int.splunk.com> for spamme:501 
Apr  7 13:15:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 13:15:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56861,mid=<200904072015.n37KFRf4009968@virt2.int.splunk.com>,bayes=0.171879105043978,autolearn=no 
Apr  7 13:15:30 splunk3 sendmail[31980]: n37KFR4b031979: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 13:15:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:15:54 splunk3 sendmail[32082]: n37KFs5N032082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:16:54 splunk3 sendmail[32314]: n37KGsTb032314: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:17:54 splunk3 sendmail[32555]: n37KHsi2032555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:18:54 splunk3 sendmail[322]: n37KIsd4000322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:19:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:19:54 splunk3 sendmail[563]: n37KJsV9000563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:20:10 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:20:28 splunk3 sendmail[719]: n37KKSQP000719: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072020.n37KKSf5010581@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:20:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56917 
Apr  7 13:20:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:20:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:20:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:20:28 splunk3 spamd[26356]: spamd: processing message <200904072020.n37KKSf5010581@virt2.int.splunk.com> for spamme:501 
Apr  7 13:20:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  7 13:20:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56917,mid=<200904072020.n37KKSf5010581@virt2.int.splunk.com>,bayes=0.114559315401909,autolearn=no 
Apr  7 13:20:30 splunk3 sendmail[720]: n37KKSQP000719: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:20:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:20:54 splunk3 sendmail[823]: n37KKslX000823: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:21:54 splunk3 sendmail[1063]: n37KLsdM001063: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:22:54 splunk3 sendmail[1299]: n37KMsrX001299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:23:54 splunk3 sendmail[1542]: n37KNstv001542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:24:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:24:54 splunk3 sendmail[1783]: n37KOsqR001783: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:25:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:25:28 splunk3 sendmail[1938]: n37KPS2U001938: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072025.n37KPSRU011208@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:25:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 56972 
Apr  7 13:25:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:25:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:25:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:25:28 splunk3 spamd[26356]: spamd: processing message <200904072025.n37KPSRU011208@virt2.int.splunk.com> for spamme:501 
Apr  7 13:25:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 13:25:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56972,mid=<200904072025.n37KPSRU011208@virt2.int.splunk.com>,bayes=0.114559315401909,autolearn=no 
Apr  7 13:25:30 splunk3 sendmail[1939]: n37KPS2U001938: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:25:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:25:54 splunk3 sendmail[2042]: n37KPsZ9002042: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 13:26:54 splunk3 sendmail[2278]: n37KQstA002278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:27:54 splunk3 sendmail[2518]: n37KRsYn002518: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:28:54 splunk3 sendmail[2768]: n37KSsBX002768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:29:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:29:54 splunk3 sendmail[3020]: n37KTsNe003020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:30:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:30:29 splunk3 sendmail[3180]: n37KUTLI003180: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072030.n37KUSIG011804@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:30:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57029 
Apr  7 13:30:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:30:29 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:30:29 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:30:29 splunk3 spamd[26356]: spamd: processing message <200904072030.n37KUSIG011804@virt2.int.splunk.com> for spamme:501 
Apr  7 13:30:31 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 13:30:31 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57029,mid=<200904072030.n37KUSIG011804@virt2.int.splunk.com>,bayes=0.114559315401909,autolearn=no 
Apr  7 13:30:31 splunk3 sendmail[3181]: n37KUTLI003180: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:30:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:30:54 splunk3 sendmail[3282]: n37KUs6Z003282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:31:54 splunk3 sendmail[3521]: n37KVsKR003521: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:32:02 splunk3 sendmail[20878]: n37JUehM020878: SYSERR(root): collect: read timeout on connection from a231-230.adsl.paltel.net, from=<staceyn@zdnetasia.com>
Apr  7 13:32:02 splunk3 sendmail[20878]: n37JUehM020878: from=<staceyn@zdnetasia.com>, size=974, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=a231-230.adsl.paltel.net [213.6.231.230]
Apr  7 13:32:54 splunk3 sendmail[3786]: n37KWsS6003786: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:33:54 splunk3 sendmail[4049]: n37KXs2d004049: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:34:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:34:54 splunk3 sendmail[4300]: n37KYsB4004300: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:35:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:35:29 splunk3 sendmail[4446]: n37KZTwq004446: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072035.n37KZTVk012570@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:35:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57084 
Apr  7 13:35:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:35:29 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:35:29 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:35:29 splunk3 spamd[26356]: spamd: processing message <200904072035.n37KZTVk012570@virt2.int.splunk.com> for spamme:501 
Apr  7 13:35:32 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 13:35:32 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57084,mid=<200904072035.n37KZTVk012570@virt2.int.splunk.com>,bayes=0.114559315401909,autolearn=no 
Apr  7 13:35:32 splunk3 sendmail[4447]: n37KZTwq004446: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:35:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:35:54 splunk3 sendmail[4568]: n37KZsY8004568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:36:54 splunk3 sendmail[4802]: n37KasbT004802: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:37:54 splunk3 sendmail[5052]: n37KbsvW005052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:38:54 splunk3 sendmail[5329]: n37KcsSi005329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:39:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:39:54 splunk3 sendmail[5577]: n37Kdsp2005577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:40:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:40:29 splunk3 sendmail[5718]: n37KeTgu005718: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072040.n37KeTgM013180@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:40:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57140 
Apr  7 13:40:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:40:29 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:40:29 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:40:29 splunk3 spamd[26356]: spamd: processing message <200904072040.n37KeTgM013180@virt2.int.splunk.com> for spamme:501 
Apr  7 13:40:31 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 13:40:31 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57140,mid=<200904072040.n37KeTgM013180@virt2.int.splunk.com>,bayes=0.114559315401909,autolearn=no 
Apr  7 13:40:31 splunk3 sendmail[5735]: n37KeTgu005718: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:40:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:40:41 splunk3 sendmail[5760]: n37KecJE005760: from=<carmine1970@studiosoto.com>, size=3030, class=0, nrcpts=1, msgid=<200904072040.n37KecJE005760@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=cpc3-ches1-0-0-cust172.lutn.cable.ntl.com [81.99.176.173]
Apr  7 13:40:41 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57142 
Apr  7 13:40:41 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:40:41 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:40:41 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:40:41 splunk3 spamd[26356]: spamd: processing message <200904072040.n37KecJE005760@splunk3.splunkit.com> for spamme:501 
Apr  7 13:40:43 splunk3 spamd[26356]: spamd: identified spam (19.1/5.0) for spamme:501 in 1.8 seconds, 3477 bytes. 
Apr  7 13:40:43 splunk3 spamd[26356]: spamd: result: Y 19 - BAYES_95,HELO_DYNAMIC_HCC,HTML_IMAGE_ONLY_32,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_SBL scantime=1.8,size=3477,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57142,mid=<200904072040.n37KecJE005760@splunk3.splunkit.com>,bayes=0.985310868930649,autolearn=spam 
Apr  7 13:40:43 splunk3 sendmail[5778]: n37KecJE005760: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33386, dsn=2.0.0, stat=Sent
Apr  7 13:40:43 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:40:54 splunk3 sendmail[5841]: n37KesuP005841: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 13:41:54 splunk3 sendmail[6082]: n37KfsCY006082: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:42:54 splunk3 sendmail[6319]: n37Kgs3G006319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:43:54 splunk3 sendmail[6556]: n37KhsLL006556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:44:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:44:54 splunk3 sendmail[6796]: n37KisTZ006796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:45:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:45:30 splunk3 sendmail[6951]: n37KjUTg006951: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072045.n37KjTkA013819@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:45:30 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57198 
Apr  7 13:45:30 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:45:30 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:45:30 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:45:30 splunk3 spamd[26356]: spamd: processing message <200904072045.n37KjTkA013819@virt2.int.splunk.com> for spamme:501 
Apr  7 13:45:32 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 13:45:32 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57198,mid=<200904072045.n37KjTkA013819@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 13:45:32 splunk3 sendmail[6952]: n37KjUTg006951: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:45:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:45:54 splunk3 sendmail[7054]: n37Kjssk007054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:46:54 splunk3 sendmail[7288]: n37Kks8w007288: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:47:54 splunk3 sendmail[7531]: n37Kls97007531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:48:54 splunk3 sendmail[7770]: n37Kmsoh007770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:49:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:49:54 splunk3 sendmail[8013]: n37KnslH008013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:50:00 splunk3 sendmail[8030]: n37Ko0Bc008030: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072050.n37Ko0qc014335@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:50:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57241 
Apr  7 13:50:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:50:00 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:50:00 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:50:00 splunk3 spamd[26356]: spamd: processing message <200904072050.n37Ko0qc014335@virt2.int.splunk.com> for spamme:501 
Apr  7 13:50:02 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 13:50:02 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57241,mid=<200904072050.n37Ko0qc014335@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 13:50:02 splunk3 sendmail[8031]: n37Ko0Bc008030: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:50:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:50:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:50:54 splunk3 sendmail[8271]: n37KosBj008271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:51:54 splunk3 sendmail[8509]: n37KpsgS008509: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:52:54 splunk3 sendmail[8745]: n37KqsWJ008745: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:53:54 splunk3 sendmail[8989]: n37Krs9A008989: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:54:42 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:54:54 splunk3 sendmail[9228]: n37Kssq0009228: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:55:00 splunk3 sendmail[9253]: n37Kt0rb009253: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072055.n37Kt0ku014942@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 13:55:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57297 
Apr  7 13:55:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 13:55:00 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 13:55:00 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 13:55:00 splunk3 spamd[26356]: spamd: processing message <200904072055.n37Kt0ku014942@virt2.int.splunk.com> for spamme:501 
Apr  7 13:55:02 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 13:55:02 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57297,mid=<200904072055.n37Kt0ku014942@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 13:55:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 13:55:02 splunk3 sendmail[9254]: n37Kt0rb009253: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 13:55:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 13:55:54 splunk3 sendmail[9484]: n37KtsFj009484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 13:56:54 splunk3 sendmail[9722]: n37KuswK009722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:57:54 splunk3 sendmail[9961]: n37Kvs7a009961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:58:54 splunk3 sendmail[10195]: n37KwsIP010195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 13:59:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 13:59:54 splunk3 sendmail[10442]: n37Kxs9O010442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:00:01 splunk3 sendmail[10519]: n37L01qK010519: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072100.n37L01W3015568@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:00:01 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57353 
Apr  7 14:00:01 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:00:01 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 14:00:01 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 14:00:01 splunk3 sendmail[10520]: n37L01qK010519: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:00:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:00:04 splunk3 sendmail[10536]: n37L04S8010536: from=root, size=291, class=0, nrcpts=1, msgid=<200904072100.n37L04S8010536@splunk3.splunkit.com>, relay=root@localhost
Apr  7 14:00:04 splunk3 sendmail[10552]: n37L04cP010552: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904072100.n37L04S8010536@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 14:00:04 splunk3 sendmail[10536]: n37L04S8010536: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37L04cP010552 Message accepted for delivery)
Apr  7 14:00:05 splunk3 sendmail[10557]: n37L04cP010552: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 14:00:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:00:12 splunk3 sendmail[10595]: n37L0CWj010595: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904072100.n37L0CWj010595@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 14:00:12 splunk3 sendmail[10597]: n37L0CWj010595: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 14:00:12 splunk3 sendmail[10597]: n37L0CWj010595: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 14:00:12 splunk3 sendmail[10597]: n37L0CWj010595: n37L0CWj010597: postmaster notify: User unknown
Apr  7 14:00:13 splunk3 sendmail[10597]: n37L0CWj010597: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 14:00:54 splunk3 sendmail[10784]: n37L0sZi010784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:01:13 splunk3 sendmail[10812]: n37L11Cd010812: from=root, size=443, class=0, nrcpts=1, msgid=<200904072101.n37L11Cd010812@splunk3.splunkit.com>, relay=root@localhost
Apr  7 14:01:13 splunk3 sendmail[10856]: n37L1Dr2010856: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904072101.n37L11Cd010812@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 14:01:13 splunk3 sendmail[10812]: n37L11Cd010812: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37L1Dr2010856 Message accepted for delivery)
Apr  7 14:01:14 splunk3 sendmail[10857]: n37L1Dr2010856: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 14:01:54 splunk3 sendmail[11034]: n37L1sNl011034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:02:54 splunk3 sendmail[11271]: n37L2sIf011271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:03:46 splunk3 sendmail[11451]: n37L3hCG011451: from=<tequilera2@hotmail.com>, size=1005, class=0, nrcpts=1, msgid=<01c9b7d5$1a10de80$4065f558@tequilera2>, proto=ESMTP, daemon=MTA, relay=[88.245.101.64]
Apr  7 14:03:46 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57406 
Apr  7 14:03:46 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:03:46 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 14:03:46 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 14:03:46 splunk3 sendmail[11470]: n37L3hCG011451: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31186, dsn=2.0.0, stat=Sent
Apr  7 14:03:46 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:03:54 splunk3 sendmail[11514]: n37L3s64011514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:04:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:04:54 splunk3 sendmail[11751]: n37L4sH7011751: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:05:02 splunk3 sendmail[11775]: n37L52FW011775: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072105.n37L51R0016267@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:05:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57419 
Apr  7 14:05:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:05:02 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 14:05:02 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 14:05:02 splunk3 sendmail[11776]: n37L52FW011775: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:05:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:05:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:05:54 splunk3 sendmail[12007]: n37L5sDH012007: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:06:55 splunk3 sendmail[12243]: n37L6skg012243: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:07:55 splunk3 sendmail[12481]: n37L7tV6012481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:08:55 splunk3 sendmail[12722]: n37L8tru012722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:09:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:09:55 splunk3 sendmail[12966]: n37L9tfW012966: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:10:02 splunk3 sendmail[13082]: n37LA2Q6013082: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072110.n37LA2OM016919@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:10:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57474 
Apr  7 14:10:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:10:02 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:10:02 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:10:02 splunk3 spamd[26356]: spamd: processing message <200904072110.n37LA2OM016919@virt2.int.splunk.com> for spamme:501 
Apr  7 14:10:02 splunk3 sendmail[13091]: n37LA2dJ013091: from=root, size=292, class=0, nrcpts=1, msgid=<200904072110.n37LA2dJ013091@splunk3.splunkit.com>, relay=root@localhost
Apr  7 14:10:02 splunk3 sendmail[13096]: n37LA2UV013096: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904072110.n37LA2dJ013091@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 14:10:02 splunk3 sendmail[13091]: n37LA2dJ013091: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37LA2UV013096 Message accepted for delivery)
Apr  7 14:10:03 splunk3 sendmail[13097]: n37LA2UV013096: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 14:10:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 14:10:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57474,mid=<200904072110.n37LA2OM016919@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:10:04 splunk3 sendmail[13083]: n37LA2Q6013082: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:10:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:10:12 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:10:55 splunk3 sendmail[13370]: n37LAtSo013370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 14:11:55 splunk3 sendmail[13609]: n37LBtNa013609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:12:55 splunk3 sendmail[13844]: n37LCtS8013844: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:13:55 splunk3 sendmail[14084]: n37LDtvA014084: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:14:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:14:55 splunk3 sendmail[14324]: n37LEttt014324: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:15:02 splunk3 sendmail[14347]: n37LF2bI014347: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072115.n37LF2qg017707@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:15:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57532 
Apr  7 14:15:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:15:02 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:15:02 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:15:02 splunk3 spamd[26356]: spamd: processing message <200904072115.n37LF2qg017707@virt2.int.splunk.com> for spamme:501 
Apr  7 14:15:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  7 14:15:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57532,mid=<200904072115.n37LF2qg017707@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:15:04 splunk3 sendmail[14348]: n37LF2bI014347: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:15:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:15:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:15:55 splunk3 sendmail[14580]: n37LFtnA014580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:16:55 splunk3 sendmail[14816]: n37LGtZO014816: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:17:55 splunk3 sendmail[15058]: n37LHtcu015058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:18:55 splunk3 sendmail[15291]: n37LItXM015291: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:19:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:19:55 splunk3 sendmail[15544]: n37LJth0015544: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:20:03 splunk3 sendmail[15573]: n37LK2hD015573: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072120.n37LK2vS018336@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:20:03 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57588 
Apr  7 14:20:03 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:20:03 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:20:03 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:20:03 splunk3 spamd[26356]: spamd: processing message <200904072120.n37LK2vS018336@virt2.int.splunk.com> for spamme:501 
Apr  7 14:20:05 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 14:20:05 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57588,mid=<200904072120.n37LK2vS018336@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:20:05 splunk3 sendmail[15574]: n37LK2hD015573: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:20:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:20:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:20:55 splunk3 sendmail[15804]: n37LKtgl015804: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:21:55 splunk3 sendmail[16041]: n37LLtZK016041: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:22:55 splunk3 sendmail[16276]: n37LMtLc016276: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:23:55 splunk3 sendmail[16518]: n37LNt1O016518: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:24:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:24:55 splunk3 sendmail[16758]: n37LOtB5016758: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:25:03 splunk3 sendmail[16781]: n37LP30W016781: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072125.n37LP3Zm018945@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:25:03 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57643 
Apr  7 14:25:03 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:25:03 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:25:03 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:25:03 splunk3 spamd[26356]: spamd: processing message <200904072125.n37LP3Zm018945@virt2.int.splunk.com> for spamme:501 
Apr  7 14:25:05 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 14:25:05 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57643,mid=<200904072125.n37LP3Zm018945@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:25:05 splunk3 sendmail[16783]: n37LP30W016781: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:25:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:25:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:25:55 splunk3 sendmail[17013]: n37LPtB4017013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 14:26:55 splunk3 sendmail[17250]: n37LQtFc017250: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:27:55 splunk3 sendmail[17490]: n37LRtCm017490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:28:55 splunk3 sendmail[17725]: n37LSt30017725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:29:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:29:55 splunk3 sendmail[17968]: n37LTtWj017968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:30:03 splunk3 sendmail[17996]: n37LU3ED017996: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072130.n37LU30A019565@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:30:03 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57700 
Apr  7 14:30:03 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:30:03 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:30:03 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:30:03 splunk3 spamd[26356]: spamd: processing message <200904072130.n37LU30A019565@virt2.int.splunk.com> for spamme:501 
Apr  7 14:30:05 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 14:30:05 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57700,mid=<200904072130.n37LU30A019565@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:30:05 splunk3 sendmail[17997]: n37LU3ED017996: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:30:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:30:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:30:55 splunk3 sendmail[18227]: n37LUtGI018227: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:31:55 splunk3 sendmail[18467]: n37LVt5J018467: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:32:55 splunk3 sendmail[18702]: n37LWtVB018702: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:33:55 splunk3 sendmail[18940]: n37LXtu6018940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:34:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:34:55 splunk3 sendmail[19181]: n37LYtkq019181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:35:04 splunk3 sendmail[19224]: n37LZ4vH019224: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072135.n37LZ4SB020314@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:35:04 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57755 
Apr  7 14:35:04 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:35:04 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:35:04 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:35:04 splunk3 spamd[26356]: spamd: processing message <200904072135.n37LZ4SB020314@virt2.int.splunk.com> for spamme:501 
Apr  7 14:35:06 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 14:35:06 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57755,mid=<200904072135.n37LZ4SB020314@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:35:06 splunk3 sendmail[19225]: n37LZ4vH019224: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:35:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:35:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:35:55 splunk3 sendmail[19437]: n37LZtQb019437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:36:55 splunk3 sendmail[19668]: n37Lat1Y019668: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:37:55 splunk3 sendmail[19908]: n37LbtKr019908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:38:55 splunk3 sendmail[20149]: n37Lctsk020149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:39:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:39:55 splunk3 sendmail[20391]: n37Ldtwi020391: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:40:04 splunk3 sendmail[20433]: n37Le4Gm020433: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072140.n37Le42f020948@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:40:04 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57811 
Apr  7 14:40:04 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:40:04 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:40:04 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:40:04 splunk3 spamd[26356]: spamd: processing message <200904072140.n37Le42f020948@virt2.int.splunk.com> for spamme:501 
Apr  7 14:40:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  7 14:40:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57811,mid=<200904072140.n37Le42f020948@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:40:08 splunk3 sendmail[20434]: n37Le4Gm020433: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:40:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:40:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:40:55 splunk3 sendmail[20649]: n37LetHu020649: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 14:41:55 splunk3 sendmail[20890]: n37LftXk020890: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:42:07 splunk3 sendmail[20912]: n37Lg6c5020912: from=<purchas20@aim.com>, size=2318, class=0, nrcpts=1, msgid=<20090407183312.9D9D350B503@smtp.benet.ru>, proto=ESMTP, daemon=MTA, relay=ns2.benet.ru [83.167.4.66]
Apr  7 14:42:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57838 
Apr  7 14:42:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:42:07 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:42:07 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:42:07 splunk3 spamd[26356]: spamd: processing message <20090407183312.9D9D350B503@smtp.benet.ru> for spamme:501 
Apr  7 14:42:08 splunk3 spamd[26356]: spamd: identified spam (17.9/5.0) for spamme:501 in 1.3 seconds, 2587 bytes. 
Apr  7 14:42:08 splunk3 spamd[26356]: spamd: result: Y 17 - ADVANCE_FEE_1,ADVANCE_FEE_2,ADVANCE_FEE_3,ADVANCE_FEE_4,BAYES_99,FORGED_MUA_OUTLOOK,FORGED_RCVD_HELO,NO_REAL_NAME,UNDISC_RECIPS scantime=1.3,size=2587,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57838,mid=<20090407183312.9D9D350B503@smtp.benet.ru>,bayes=0.996308901660303,autolearn=no 
Apr  7 14:42:08 splunk3 sendmail[20929]: n37Lg6c5020912: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32506, dsn=2.0.0, stat=Sent
Apr  7 14:42:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:42:55 splunk3 sendmail[21130]: n37Lgtuq021130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:43:55 splunk3 sendmail[21368]: n37Lht79021368: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:44:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:44:55 splunk3 sendmail[21610]: n37LitL5021610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:45:05 splunk3 sendmail[21652]: n37Lj5e5021652: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072145.n37Lj5mf021565@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:45:05 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57868 
Apr  7 14:45:05 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:45:05 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:45:05 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:45:05 splunk3 spamd[26356]: spamd: processing message <200904072145.n37Lj5mf021565@virt2.int.splunk.com> for spamme:501 
Apr  7 14:45:07 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 14:45:07 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57868,mid=<200904072145.n37Lj5mf021565@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:45:07 splunk3 sendmail[21653]: n37Lj5e5021652: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:45:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:45:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:45:55 splunk3 sendmail[21868]: n37LjtZm021868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:46:55 splunk3 sendmail[22102]: n37LktgI022102: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:47:55 splunk3 sendmail[22342]: n37Lltla022342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:48:55 splunk3 sendmail[22579]: n37LmtN4022579: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:49:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:49:55 splunk3 sendmail[22822]: n37LntrN022822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:50:06 splunk3 sendmail[22869]: n37Lo5m8022869: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072150.n37Lo5Wa022175@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:50:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57924 
Apr  7 14:50:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:50:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:50:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:50:06 splunk3 spamd[26356]: spamd: processing message <200904072150.n37Lo5Wa022175@virt2.int.splunk.com> for spamme:501 
Apr  7 14:50:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 14:50:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57924,mid=<200904072150.n37Lo5Wa022175@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:50:08 splunk3 sendmail[22870]: n37Lo5m8022869: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:50:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:50:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:50:55 splunk3 sendmail[23081]: n37LotY8023081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:51:55 splunk3 sendmail[23320]: n37Lptsr023320: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:52:55 splunk3 sendmail[23555]: n37Lqt0v023555: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:53:55 splunk3 sendmail[23797]: n37Lrtb9023797: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:54:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:54:55 splunk3 sendmail[24035]: n37LstRc024035: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:55:06 splunk3 sendmail[24077]: n37Lt612024077: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072155.n37Lt68o022783@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 14:55:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57979 
Apr  7 14:55:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 14:55:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 14:55:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 14:55:06 splunk3 spamd[26356]: spamd: processing message <200904072155.n37Lt68o022783@virt2.int.splunk.com> for spamme:501 
Apr  7 14:55:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 14:55:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57979,mid=<200904072155.n37Lt68o022783@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 14:55:09 splunk3 sendmail[24078]: n37Lt612024077: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 14:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 14:55:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 14:55:55 splunk3 sendmail[24292]: n37LttdJ024292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 14:56:55 splunk3 sendmail[24528]: n37LutWv024528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:57:55 splunk3 sendmail[24765]: n37LvtWD024765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:58:55 splunk3 sendmail[25002]: n37LwtZP025002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 14:59:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 14:59:55 splunk3 sendmail[25248]: n37Lxt5f025248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:00:04 splunk3 sendmail[25350]: n37M048m025350: from=root, size=291, class=0, nrcpts=1, msgid=<200904072200.n37M048m025350@splunk3.splunkit.com>, relay=root@localhost
Apr  7 15:00:04 splunk3 sendmail[25354]: n37M04TV025354: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904072200.n37M048m025350@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 15:00:04 splunk3 sendmail[25350]: n37M048m025350: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37M04TV025354 Message accepted for delivery)
Apr  7 15:00:05 splunk3 sendmail[25355]: n37M04TV025354: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 15:00:06 splunk3 sendmail[25360]: n37M0622025360: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072200.n37M06Y2023428@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:00:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58037 
Apr  7 15:00:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:00:06 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 15:00:06 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 15:00:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:00:06 splunk3 sendmail[25362]: n37M0622025360: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:00:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:00:18 splunk3 sendmail[25419]: n37M0I7F025419: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904072200.n37M0I7F025419@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 15:00:18 splunk3 sendmail[25421]: n37M0I7F025419: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 15:00:18 splunk3 sendmail[25421]: n37M0I7F025419: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 15:00:18 splunk3 sendmail[25421]: n37M0I7F025419: n37M0I7F025421: postmaster notify: User unknown
Apr  7 15:00:19 splunk3 sendmail[25421]: n37M0I7F025421: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 15:00:55 splunk3 sendmail[25592]: n37M0taG025592: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:01:15 splunk3 sendmail[25618]: n37M11NU025618: from=root, size=443, class=0, nrcpts=1, msgid=<200904072201.n37M11NU025618@splunk3.splunkit.com>, relay=root@localhost
Apr  7 15:01:15 splunk3 sendmail[25675]: n37M1Fge025675: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904072201.n37M11NU025618@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 15:01:15 splunk3 sendmail[25618]: n37M11NU025618: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37M1Fge025675 Message accepted for delivery)
Apr  7 15:01:16 splunk3 sendmail[25676]: n37M1Fge025675: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 15:01:55 splunk3 sendmail[25840]: n37M1tpp025840: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:02:55 splunk3 sendmail[26078]: n37M2t0b026078: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:03:00 splunk3 sendmail[26059]: n37M2scv026059: from=<spamme@smoothwall.org>, size=5919, class=0, nrcpts=1, msgid=<20090408120300.3988.qmail@ppp-58-8-225-71.revip2.asianet.co.th>, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=ppp-58-8-225-71.revip2.asianet.co.th [58.8.225.71]
Apr  7 15:03:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58080 
Apr  7 15:03:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:03:00 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 15:03:00 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 15:03:00 splunk3 sendmail[26102]: n37M2scv026059: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=36194, dsn=2.0.0, stat=Sent
Apr  7 15:03:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:03:55 splunk3 sendmail[26321]: n37M3tBU026321: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:04:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:04:55 splunk3 sendmail[26560]: n37M4tH2026560: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:05:07 splunk3 sendmail[26608]: n37M57vT026608: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072205.n37M56Ta024137@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:05:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58101 
Apr  7 15:05:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:05:07 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 15:05:07 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 15:05:07 splunk3 sendmail[26609]: n37M57vT026608: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:05:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:05:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:05:55 splunk3 sendmail[26818]: n37M5t4V026818: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:06:55 splunk3 sendmail[27053]: n37M6tc7027053: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:07:55 splunk3 sendmail[27289]: n37M7tNR027289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:08:55 splunk3 sendmail[27529]: n37M8tQB027529: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:09:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:09:55 splunk3 sendmail[27773]: n37M9tKP027773: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:10:02 splunk3 sendmail[27894]: n37MA2KX027894: from=root, size=292, class=0, nrcpts=1, msgid=<200904072210.n37MA2KX027894@splunk3.splunkit.com>, relay=root@localhost
Apr  7 15:10:02 splunk3 sendmail[27899]: n37MA2B3027899: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904072210.n37MA2KX027894@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 15:10:02 splunk3 sendmail[27894]: n37MA2KX027894: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37MA2B3027899 Message accepted for delivery)
Apr  7 15:10:03 splunk3 sendmail[27900]: n37MA2B3027899: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 15:10:07 splunk3 sendmail[27920]: n37MA7nF027920: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072210.n37MA7n6024750@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:10:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58158 
Apr  7 15:10:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:10:07 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:10:07 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:10:07 splunk3 spamd[26356]: spamd: processing message <200904072210.n37MA7n6024750@virt2.int.splunk.com> for spamme:501 
Apr  7 15:10:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 15:10:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58158,mid=<200904072210.n37MA7n6024750@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 15:10:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:10:09 splunk3 sendmail[27921]: n37MA7nF027920: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:10:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:10:55 splunk3 sendmail[28136]: n37MAtxe028136: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 15:11:55 splunk3 sendmail[28375]: n37MBtj3028375: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:12:55 splunk3 sendmail[28610]: n37MCtNO028610: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:13:55 splunk3 sendmail[28855]: n37MDtsX028855: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:14:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:14:55 splunk3 sendmail[29097]: n37MEtVq029097: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:15:08 splunk3 sendmail[29137]: n37MF8kP029137: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072215.n37MF8LD025535@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:15:08 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58215 
Apr  7 15:15:08 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:15:08 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:15:08 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:15:08 splunk3 spamd[26356]: spamd: processing message <200904072215.n37MF8LD025535@virt2.int.splunk.com> for spamme:501 
Apr  7 15:15:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:15:10 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 15:15:10 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58215,mid=<200904072215.n37MF8LD025535@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 15:15:10 splunk3 sendmail[29138]: n37MF8kP029137: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:15:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:15:55 splunk3 sendmail[29351]: n37MFt83029351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:16:55 splunk3 sendmail[29586]: n37MGtWs029586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:17:55 splunk3 sendmail[29826]: n37MHtPi029826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:18:55 splunk3 sendmail[30060]: n37MItQr030060: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:19:41 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:19:55 splunk3 sendmail[30305]: n37MJt58030305: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:20:08 splunk3 sendmail[30367]: n37MK819030367: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072220.n37MK8YV026164@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:20:08 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58270 
Apr  7 15:20:08 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:20:08 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:20:08 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:20:08 splunk3 spamd[26356]: spamd: processing message <200904072220.n37MK8YV026164@virt2.int.splunk.com> for spamme:501 
Apr  7 15:20:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:20:10 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 15:20:10 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58270,mid=<200904072220.n37MK8YV026164@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 15:20:10 splunk3 sendmail[30368]: n37MK819030367: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:20:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:20:55 splunk3 sendmail[30566]: n37MKtIQ030566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:21:55 splunk3 sendmail[30806]: n37MLtKV030806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:22:55 splunk3 sendmail[31037]: n37MMtn3031037: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:23:55 splunk3 sendmail[31282]: n37MNtPg031282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:24:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:24:55 splunk3 sendmail[31522]: n37MOtul031522: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:25:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:25:09 splunk3 sendmail[31582]: n37MP9Vi031582: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072225.n37MP8bt026769@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:25:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58326 
Apr  7 15:25:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:25:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:25:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:25:09 splunk3 spamd[26356]: spamd: processing message <200904072225.n37MP8bt026769@virt2.int.splunk.com> for spamme:501 
Apr  7 15:25:11 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 15:25:11 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58326,mid=<200904072225.n37MP8bt026769@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 15:25:11 splunk3 sendmail[31585]: n37MP9Vi031582: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:25:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:25:55 splunk3 sendmail[31777]: n37MPt3P031777: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 15:26:55 splunk3 sendmail[32015]: n37MQtLa032015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:27:55 splunk3 sendmail[32254]: n37MRtID032254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:28:55 splunk3 sendmail[32490]: n37MSt0l032490: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:29:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:29:55 splunk3 sendmail[32732]: n37MTtcc032732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:30:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:30:09 splunk3 sendmail[329]: n37MU91Y000329: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072230.n37MU9hU027394@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:30:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58382 
Apr  7 15:30:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:30:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:30:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:30:09 splunk3 spamd[26356]: spamd: processing message <200904072230.n37MU9hU027394@virt2.int.splunk.com> for spamme:501 
Apr  7 15:30:11 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 15:30:11 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58382,mid=<200904072230.n37MU9hU027394@virt2.int.splunk.com>,bayes=0.114551826624574,autolearn=no 
Apr  7 15:30:11 splunk3 sendmail[330]: n37MU91Y000329: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:30:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:30:51 splunk3 sendmail[505]: n37MUppA000505: from=<3GtTbSRQKBhQ08805yu5yBDC-78By95I08805y.w86C9u66yC95E742D.w86@alerts.bounces.google.com>, size=2507, class=0, nrcpts=1, msgid=<0016369fa25136ca0d0466fe9163@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.189]
Apr  7 15:30:51 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58396 
Apr  7 15:30:51 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:30:51 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:30:51 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:30:51 splunk3 spamd[26356]: spamd: processing message <0016369fa25136ca0d0466fe9163@google.com> for spamme:501 
Apr  7 15:30:53 splunk3 spamd[26356]: spamd: clean message (-2.4/5.0) for spamme:501 in 2.3 seconds, 2937 bytes. 
Apr  7 15:30:53 splunk3 spamd[26356]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.3,size=2937,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58396,mid=<0016369fa25136ca0d0466fe9163@google.com>,bayes=1.11022302462516e-16,autolearn=ham 
Apr  7 15:30:53 splunk3 sendmail[506]: n37MUppA000505: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32718, dsn=2.0.0, stat=Sent
Apr  7 15:30:53 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:30:55 splunk3 sendmail[529]: n37MUt2c000529: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:31:55 splunk3 sendmail[767]: n37MVtP1000767: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:32:55 splunk3 sendmail[1066]: n37MWtHL001066: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:33:55 splunk3 sendmail[1318]: n37MXt8t001318: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:34:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:34:55 splunk3 sendmail[1561]: n37MYta4001561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:35:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:35:09 splunk3 sendmail[1623]: n37MZ9qT001623: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072235.n37MZ9Wa028137@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:35:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58439 
Apr  7 15:35:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:35:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:35:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:35:09 splunk3 spamd[26356]: spamd: processing message <200904072235.n37MZ9Wa028137@virt2.int.splunk.com> for spamme:501 
Apr  7 15:35:11 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.8 seconds, 1308 bytes. 
Apr  7 15:35:11 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58439,mid=<200904072235.n37MZ9Wa028137@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 15:35:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:35:11 splunk3 sendmail[1624]: n37MZ9qT001623: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:35:55 splunk3 sendmail[1818]: n37MZtsS001818: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:36:55 splunk3 sendmail[2086]: n37Mat70002086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:37:55 splunk3 sendmail[2325]: n37MbtFr002325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:38:55 splunk3 sendmail[2566]: n37Mctn1002566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:39:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:39:55 splunk3 sendmail[2822]: n37Mdtcq002822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:40:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:40:09 splunk3 sendmail[2892]: n37Me92I002892: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072240.n37Me9Vp028770@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:40:10 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58494 
Apr  7 15:40:10 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:40:10 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:40:10 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:40:10 splunk3 spamd[26356]: spamd: processing message <200904072240.n37Me9Vp028770@virt2.int.splunk.com> for spamme:501 
Apr  7 15:40:12 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  7 15:40:12 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58494,mid=<200904072240.n37Me9Vp028770@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 15:40:12 splunk3 sendmail[2893]: n37Me92I002892: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:40:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:40:55 splunk3 sendmail[3092]: n37Metgv003092: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 15:41:55 splunk3 sendmail[3336]: n37MftBl003336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:42:55 splunk3 sendmail[3588]: n37MgtDs003588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:43:55 splunk3 sendmail[3837]: n37Mht9o003837: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:44:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:44:55 splunk3 sendmail[4090]: n37Mit2l004090: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:45:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:45:10 splunk3 sendmail[4156]: n37MjAF3004156: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072245.n37MjAGW029380@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:45:10 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58551 
Apr  7 15:45:10 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:45:10 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:45:10 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:45:10 splunk3 spamd[26356]: spamd: processing message <200904072245.n37MjAGW029380@virt2.int.splunk.com> for spamme:501 
Apr  7 15:45:12 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 15:45:12 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58551,mid=<200904072245.n37MjAGW029380@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 15:45:12 splunk3 sendmail[4157]: n37MjAF3004156: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:45:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:45:55 splunk3 sendmail[4364]: n37MjtSG004364: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:46:55 splunk3 sendmail[4597]: n37MktNI004597: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:47:55 splunk3 sendmail[4838]: n37Mlt46004838: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:48:55 splunk3 sendmail[5086]: n37Mmtdo005086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:49:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:49:55 splunk3 sendmail[5370]: n37Mnt5v005370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:50:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:50:11 splunk3 sendmail[5434]: n37MoBLg005434: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072250.n37MoADe029991@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:50:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58606 
Apr  7 15:50:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:50:11 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:50:11 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:50:11 splunk3 spamd[26356]: spamd: processing message <200904072250.n37MoADe029991@virt2.int.splunk.com> for spamme:501 
Apr  7 15:50:13 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 15:50:13 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58606,mid=<200904072250.n37MoADe029991@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 15:50:13 splunk3 sendmail[5435]: n37MoBLg005434: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:50:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:50:55 splunk3 sendmail[5627]: n37MotT8005627: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:51:55 splunk3 sendmail[5866]: n37MptDQ005866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:52:55 splunk3 sendmail[6100]: n37Mqtdt006100: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:53:55 splunk3 sendmail[6344]: n37MrtTt006344: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:54:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:54:55 splunk3 sendmail[6584]: n37Mstq4006584: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:55:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 15:55:11 splunk3 sendmail[6649]: n37MtBfU006649: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072255.n37MtBCv030602@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 15:55:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58662 
Apr  7 15:55:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 15:55:11 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 15:55:11 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 15:55:11 splunk3 spamd[26356]: spamd: processing message <200904072255.n37MtBCv030602@virt2.int.splunk.com> for spamme:501 
Apr  7 15:55:13 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 15:55:13 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58662,mid=<200904072255.n37MtBCv030602@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 15:55:13 splunk3 sendmail[6651]: n37MtBfU006649: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 15:55:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 15:55:55 splunk3 sendmail[6842]: n37MttL6006842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 15:56:55 splunk3 sendmail[7079]: n37MuteY007079: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:57:55 splunk3 sendmail[7315]: n37Mvt6V007315: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:58:55 splunk3 sendmail[7557]: n37MwtOJ007557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 15:59:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 15:59:55 splunk3 sendmail[7802]: n37MxtnU007802: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:00:04 splunk3 sendmail[7907]: n37N04YT007907: from=root, size=291, class=0, nrcpts=1, msgid=<200904072300.n37N04YT007907@splunk3.splunkit.com>, relay=root@localhost
Apr  7 16:00:04 splunk3 sendmail[7911]: n37N04SS007911: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904072300.n37N04YT007907@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 16:00:04 splunk3 sendmail[7907]: n37N04YT007907: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37N04SS007911 Message accepted for delivery)
Apr  7 16:00:05 splunk3 sendmail[7912]: n37N04SS007911: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 16:00:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:00:12 splunk3 sendmail[7938]: n37N0BGm007938: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072300.n37N0BTs031237@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:00:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58719 
Apr  7 16:00:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:00:12 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 16:00:12 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 16:00:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:00:12 splunk3 sendmail[7939]: n37N0BGm007938: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 16:00:23 splunk3 sendmail[8013]: n37N0Nhw008013: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904072300.n37N0Nhw008013@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 16:00:23 splunk3 sendmail[8015]: n37N0Nhw008013: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 16:00:23 splunk3 sendmail[8015]: n37N0Nhw008013: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 16:00:23 splunk3 sendmail[8015]: n37N0Nhw008013: n37N0Nhw008015: postmaster notify: User unknown
Apr  7 16:00:25 splunk3 sendmail[8015]: n37N0Nhw008015: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 16:00:55 splunk3 sendmail[8144]: n37N0tZS008144: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:01:10 splunk3 sendmail[8173]: n37N11CV008173: from=root, size=443, class=0, nrcpts=1, msgid=<200904072301.n37N11CV008173@splunk3.splunkit.com>, relay=root@localhost
Apr  7 16:01:11 splunk3 sendmail[8213]: n37N1AIX008213: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904072301.n37N11CV008173@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 16:01:11 splunk3 sendmail[8173]: n37N11CV008173: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37N1AIX008213 Message accepted for delivery)
Apr  7 16:01:12 splunk3 sendmail[8214]: n37N1AIX008213: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 16:01:55 splunk3 sendmail[8396]: n37N1tIp008396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:02:55 splunk3 sendmail[8633]: n37N2t0C008633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:03:55 splunk3 sendmail[8872]: n37N3t6h008872: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:04:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:04:55 splunk3 sendmail[9108]: n37N4tle009108: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:05:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:05:12 splunk3 sendmail[9173]: n37N5CBx009173: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072305.n37N5CVu031923@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:05:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58783 
Apr  7 16:05:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:05:12 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 16:05:12 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 16:05:12 splunk3 sendmail[9174]: n37N5CBx009173: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 16:05:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:05:55 splunk3 sendmail[9365]: n37N5tKb009365: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:06:55 splunk3 sendmail[9600]: n37N6thM009600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:07:55 splunk3 sendmail[9839]: n37N7tEk009839: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:08:55 splunk3 sendmail[10080]: n37N8tZe010080: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:09:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:09:55 splunk3 sendmail[10325]: n37N9tvV010325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:10:02 splunk3 sendmail[10443]: n37NA2qF010443: from=root, size=292, class=0, nrcpts=1, msgid=<200904072310.n37NA2qF010443@splunk3.splunkit.com>, relay=root@localhost
Apr  7 16:10:02 splunk3 sendmail[10448]: n37NA2Nu010448: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904072310.n37NA2qF010443@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 16:10:02 splunk3 sendmail[10443]: n37NA2qF010443: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n37NA2Nu010448 Message accepted for delivery)
Apr  7 16:10:03 splunk3 sendmail[10449]: n37NA2Nu010448: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 16:10:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:10:12 splunk3 sendmail[10509]: n37NACPd010509: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904072310.n37NACUZ032529@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:10:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58839 
Apr  7 16:10:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:10:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:10:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:10:12 splunk3 spamd[26356]: spamd: processing message <200904072310.n37NACUZ032529@virt2.int.splunk.com> for spamme:501 
Apr  7 16:10:14 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 16:10:14 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58839,mid=<200904072310.n37NACUZ032529@virt2.int.splunk.com>,bayes=0.114584047915654,autolearn=no 
Apr  7 16:10:14 splunk3 sendmail[10510]: n37NACPd010509: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 16:10:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:10:55 splunk3 sendmail[10690]: n37NAtbL010690: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 16:11:55 splunk3 sendmail[10928]: n37NBtFk010928: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:12:56 splunk3 sendmail[11163]: n37NCulL011163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:13:56 splunk3 sendmail[11401]: n37NDuqL011401: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:14:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:14:56 splunk3 sendmail[11639]: n37NEuTC011639: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:15:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:15:13 splunk3 sendmail[11720]: n37NFDD9011720: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904072315.n37NFCCG000851@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:15:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58896 
Apr  7 16:15:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:15:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:15:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:15:13 splunk3 spamd[26356]: spamd: processing message <200904072315.n37NFCCG000851@virt2.int.splunk.com> for spamme:501 
Apr  7 16:15:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1302 bytes. 
Apr  7 16:15:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58896,mid=<200904072315.n37NFCCG000851@virt2.int.splunk.com>,bayes=0.0679647527254437,autolearn=no 
Apr  7 16:15:15 splunk3 sendmail[11721]: n37NFDD9011720: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  7 16:15:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:15:56 splunk3 sendmail[11896]: n37NFu89011896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:16:56 splunk3 sendmail[12130]: n37NGu78012130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:17:56 splunk3 sendmail[12369]: n37NHusd012369: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:18:56 splunk3 sendmail[12601]: n37NIuTF012601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:19:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:19:56 splunk3 sendmail[12845]: n37NJulh012845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:20:09 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:20:13 splunk3 sendmail[12929]: n37NKDl2012929: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072320.n37NKD3x001497@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:20:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58951 
Apr  7 16:20:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:20:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:20:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:20:13 splunk3 spamd[26356]: spamd: processing message <200904072320.n37NKD3x001497@virt2.int.splunk.com> for spamme:501 
Apr  7 16:20:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  7 16:20:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58951,mid=<200904072320.n37NKD3x001497@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:20:15 splunk3 sendmail[12930]: n37NKDl2012929: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:20:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:20:56 splunk3 sendmail[13105]: n37NKudQ013105: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:21:56 splunk3 sendmail[13382]: n37NLuN5013382: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:22:56 splunk3 sendmail[13617]: n37NMu1M013617: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:23:56 splunk3 sendmail[13863]: n37NNuuF013863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:24:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:24:56 splunk3 sendmail[14103]: n37NOuqt014103: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:25:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:25:14 splunk3 sendmail[14181]: n37NPEMg014181: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072325.n37NPDND002137@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:25:14 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59007 
Apr  7 16:25:14 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:25:14 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:25:14 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:25:14 splunk3 spamd[26356]: spamd: processing message <200904072325.n37NPDND002137@virt2.int.splunk.com> for spamme:501 
Apr  7 16:25:16 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  7 16:25:16 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59007,mid=<200904072325.n37NPDND002137@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:25:16 splunk3 sendmail[14182]: n37NPEMg014181: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:25:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:25:56 splunk3 sendmail[14357]: n37NPuEm014357: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 16:26:56 splunk3 sendmail[14593]: n37NQuvc014593: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:27:56 splunk3 sendmail[14832]: n37NRuMt014832: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:28:56 splunk3 sendmail[15068]: n37NSu7O015068: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:29:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:29:56 splunk3 sendmail[15312]: n37NTujJ015312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:30:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:30:14 splunk3 sendmail[15396]: n37NUEKk015396: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072330.n37NUEj4002754@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:30:14 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59064 
Apr  7 16:30:14 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:30:14 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:30:14 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:30:14 splunk3 spamd[26356]: spamd: processing message <200904072330.n37NUEj4002754@virt2.int.splunk.com> for spamme:501 
Apr  7 16:30:16 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 16:30:16 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59064,mid=<200904072330.n37NUEj4002754@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:30:16 splunk3 sendmail[15397]: n37NUEKk015396: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:30:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:30:56 splunk3 sendmail[15583]: n37NUuS1015583: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:31:56 splunk3 sendmail[15822]: n37NVuEX015822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:32:56 splunk3 sendmail[16054]: n37NWuZX016054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:33:56 splunk3 sendmail[16292]: n37NXunY016292: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:34:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:34:56 splunk3 sendmail[16531]: n37NYuC4016531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:35:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:35:14 splunk3 sendmail[16614]: n37NZEjL016614: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072335.n37NZELs003510@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:35:14 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59119 
Apr  7 16:35:14 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:35:14 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:35:14 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:35:14 splunk3 spamd[26356]: spamd: processing message <200904072335.n37NZELs003510@virt2.int.splunk.com> for spamme:501 
Apr  7 16:35:16 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  7 16:35:16 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59119,mid=<200904072335.n37NZELs003510@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:35:16 splunk3 sendmail[16615]: n37NZEjL016614: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:35:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:35:56 splunk3 sendmail[16789]: n37NZuFD016789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:36:56 splunk3 sendmail[17024]: n37NauZI017024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:37:56 splunk3 sendmail[17265]: n37Nbukx017265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:38:56 splunk3 sendmail[17506]: n37Ncu2Y017506: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:39:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:39:56 splunk3 sendmail[17747]: n37NduRd017747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:40:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:40:15 splunk3 sendmail[17831]: n37NeFGB017831: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072340.n37NeFa5004142@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:40:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59175 
Apr  7 16:40:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:40:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:40:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:40:15 splunk3 spamd[26356]: spamd: processing message <200904072340.n37NeFa5004142@virt2.int.splunk.com> for spamme:501 
Apr  7 16:40:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  7 16:40:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59175,mid=<200904072340.n37NeFa5004142@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:40:17 splunk3 sendmail[17832]: n37NeFGB017831: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:40:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:40:56 splunk3 sendmail[18006]: n37Neu1Z018006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 16:41:56 splunk3 sendmail[18246]: n37NfuZm018246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:42:56 splunk3 sendmail[18481]: n37NguNK018481: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:43:56 splunk3 sendmail[18721]: n37Nhug6018721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:44:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:44:56 splunk3 sendmail[18963]: n37Niuot018963: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:45:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:45:15 splunk3 sendmail[19045]: n37NjFut019045: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072345.n37NjFtJ004747@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:45:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59231 
Apr  7 16:45:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:45:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:45:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:45:15 splunk3 spamd[26356]: spamd: processing message <200904072345.n37NjFtJ004747@virt2.int.splunk.com> for spamme:501 
Apr  7 16:45:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  7 16:45:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59231,mid=<200904072345.n37NjFtJ004747@virt2.int.splunk.com>,bayes=0.17190806967673,autolearn=no 
Apr  7 16:45:17 splunk3 sendmail[19046]: n37NjFut019045: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:45:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:45:56 splunk3 sendmail[19220]: n37NjuF1019220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:46:50 splunk3 sendmail[19432]: n37NknUM019432: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=218-160-114-227.dynamic.hinet.net [218.160.114.227], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  7 16:46:56 splunk3 sendmail[19453]: n37NkuK0019453: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:47:56 splunk3 sendmail[19691]: n37NluGN019691: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:48:43 splunk3 sendmail[19866]: n37NmeCT019866: from=<spamme@splunkit.com>, size=654, class=0, nrcpts=1, msgid=<200904072348.n37NmeCT019866@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=pool-173-66-79-8.washdc.fios.verizon.net [173.66.79.8]
Apr  7 16:48:43 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59272 
Apr  7 16:48:43 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:48:43 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:48:43 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:48:43 splunk3 spamd[26356]: spamd: processing message <200904072348.n37NmeCT019866@splunk3.splunkit.com> for spamme:501 
Apr  7 16:48:45 splunk3 spamd[26356]: spamd: identified spam (25.1/5.0) for spamme:501 in 2.6 seconds, 1082 bytes. 
Apr  7 16:48:45 splunk3 spamd[26356]: spamd: result: Y 25 - AWL,BAYES_80,HELO_DYNAMIC_IPADDR,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=2.6,size=1082,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59272,mid=<200904072348.n37NmeCT019866@splunk3.splunkit.com>,bayes=0.803805418574246,autolearn=spam 
Apr  7 16:48:45 splunk3 sendmail[19884]: n37NmeCT019866: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31006, dsn=2.0.0, stat=Sent
Apr  7 16:48:45 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:48:56 splunk3 sendmail[19931]: n37Nmuwl019931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:49:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:49:56 splunk3 sendmail[20174]: n37NnuOw020174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:50:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:50:16 splunk3 sendmail[20259]: n37NoGD9020259: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072350.n37NoFEa005368@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:50:16 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59288 
Apr  7 16:50:16 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:50:16 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:50:16 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:50:16 splunk3 spamd[26356]: spamd: processing message <200904072350.n37NoFEa005368@virt2.int.splunk.com> for spamme:501 
Apr  7 16:50:18 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 16:50:18 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59288,mid=<200904072350.n37NoFEa005368@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 16:50:18 splunk3 sendmail[20260]: n37NoGD9020259: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:50:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:50:56 splunk3 sendmail[20434]: n37NouuP020434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:51:56 splunk3 sendmail[20673]: n37NpuXj020673: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:52:56 splunk3 sendmail[20909]: n37NquKX020909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:53:56 splunk3 sendmail[21151]: n37NruRa021151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:54:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:54:56 splunk3 sendmail[21390]: n37NsusV021390: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:55:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 16:55:16 splunk3 sendmail[21472]: n37NtGmZ021472: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904072355.n37NtGJP005973@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 16:55:16 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59343 
Apr  7 16:55:16 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 16:55:16 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 16:55:16 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 16:55:16 splunk3 spamd[26356]: spamd: processing message <200904072355.n37NtGJP005973@virt2.int.splunk.com> for spamme:501 
Apr  7 16:55:18 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 16:55:18 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59343,mid=<200904072355.n37NtGJP005973@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 16:55:18 splunk3 sendmail[21473]: n37NtGmZ021472: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 16:55:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 16:55:56 splunk3 sendmail[21647]: n37NtugA021647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 16:56:56 splunk3 sendmail[21883]: n37NuuFu021883: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:57:56 splunk3 sendmail[22124]: n37Nvuc9022124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:58:56 splunk3 sendmail[22361]: n37NwusE022361: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 16:59:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 16:59:56 splunk3 sendmail[22607]: n37Nxu1I022607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:00:00 splunk3 sendmail[22636]: n38000dE022636: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080000.n38000dE022636@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 17:00:00 splunk3 sendmail[22638]: n38000dE022636: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 17:00:00 splunk3 sendmail[22638]: n38000dE022636: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 17:00:00 splunk3 sendmail[22638]: n38000dE022636: n38000dE022638: postmaster notify: User unknown
Apr  7 17:00:01 splunk3 sendmail[22638]: n38000dE022638: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 17:00:04 splunk3 sendmail[22734]: n38004d2022734: from=root, size=291, class=0, nrcpts=1, msgid=<200904080000.n38004d2022734@splunk3.splunkit.com>, relay=root@localhost
Apr  7 17:00:04 splunk3 sendmail[22738]: n38004FO022738: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080000.n38004d2022734@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 17:00:04 splunk3 sendmail[22734]: n38004d2022734: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38004FO022738 Message accepted for delivery)
Apr  7 17:00:05 splunk3 sendmail[22739]: n38004FO022738: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 17:00:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:00:17 splunk3 sendmail[22809]: n3800HmH022809: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080000.n3800GV7006610@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:00:17 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59416 
Apr  7 17:00:17 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:00:17 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 17:00:17 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 17:00:17 splunk3 sendmail[22810]: n3800HmH022809: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:00:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:00:56 splunk3 sendmail[22947]: n3800uRe022947: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:01:09 splunk3 sendmail[22981]: n38011sT022981: from=root, size=443, class=0, nrcpts=1, msgid=<200904080001.n38011sT022981@splunk3.splunkit.com>, relay=root@localhost
Apr  7 17:01:10 splunk3 sendmail[23017]: n38019h4023017: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080001.n38011sT022981@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 17:01:10 splunk3 sendmail[22981]: n38011sT022981: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38019h4023017 Message accepted for delivery)
Apr  7 17:01:11 splunk3 sendmail[23018]: n38019h4023017: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 17:01:56 splunk3 sendmail[23197]: n3801uoL023197: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:02:56 splunk3 sendmail[23433]: n3802uTG023433: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:03:56 splunk3 sendmail[23673]: n3803u4i023673: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:04:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:04:56 splunk3 sendmail[23912]: n3804uxX023912: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:05:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:05:17 splunk3 sendmail[24028]: n3805HBM024028: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080005.n3805HEk007290@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:05:17 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59472 
Apr  7 17:05:17 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:05:17 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 17:05:17 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 17:05:17 splunk3 sendmail[24029]: n3805HBM024028: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:05:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:05:56 splunk3 sendmail[24170]: n3805ute024170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:06:56 splunk3 sendmail[24405]: n3806uuS024405: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:07:56 splunk3 sendmail[24639]: n3807uQN024639: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:08:56 splunk3 sendmail[24879]: n3808uBs024879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:09:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:09:56 splunk3 sendmail[25124]: n3809u2K025124: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:10:02 splunk3 sendmail[25271]: n380A2UQ025271: from=root, size=292, class=0, nrcpts=1, msgid=<200904080010.n380A2UQ025271@splunk3.splunkit.com>, relay=root@localhost
Apr  7 17:10:02 splunk3 sendmail[25276]: n380A2Sd025276: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080010.n380A2UQ025271@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 17:10:02 splunk3 sendmail[25271]: n380A2UQ025271: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n380A2Sd025276 Message accepted for delivery)
Apr  7 17:10:03 splunk3 sendmail[25277]: n380A2Sd025276: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 17:10:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:10:18 splunk3 sendmail[25345]: n380AIAF025345: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080010.n380AIlb007906@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:10:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59529 
Apr  7 17:10:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:10:18 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:10:18 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:10:18 splunk3 spamd[26356]: spamd: processing message <200904080010.n380AIlb007906@virt2.int.splunk.com> for spamme:501 
Apr  7 17:10:20 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 17:10:20 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59529,mid=<200904080010.n380AIlb007906@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 17:10:20 splunk3 sendmail[25346]: n380AIAF025345: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:10:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:10:56 splunk3 sendmail[25488]: n380Aukx025488: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 17:11:56 splunk3 sendmail[25727]: n380Burb025727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:12:56 splunk3 sendmail[25964]: n380CuNO025964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:13:56 splunk3 sendmail[26203]: n380DuhO026203: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:14:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:14:56 splunk3 sendmail[26443]: n380EuRM026443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:15:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:15:19 splunk3 sendmail[26559]: n380FJhw026559: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080015.n380FIJe008692@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:15:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59585 
Apr  7 17:15:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:15:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:15:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:15:19 splunk3 spamd[26356]: spamd: processing message <200904080015.n380FIJe008692@virt2.int.splunk.com> for spamme:501 
Apr  7 17:15:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  7 17:15:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59585,mid=<200904080015.n380FIJe008692@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 17:15:21 splunk3 sendmail[26560]: n380FJhw026559: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:15:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:15:56 splunk3 sendmail[26700]: n380Fuur026700: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:16:56 splunk3 sendmail[26935]: n380GuLr026935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:17:56 splunk3 sendmail[27174]: n380HuIP027174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:18:56 splunk3 sendmail[27410]: n380Iud3027410: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:19:40 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:19:56 splunk3 sendmail[27655]: n380JuNg027655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:20:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:20:19 splunk3 sendmail[27773]: n380KJgQ027773: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080020.n380KJ3S009329@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:20:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59641 
Apr  7 17:20:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:20:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:20:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:20:19 splunk3 spamd[26356]: spamd: processing message <200904080020.n380KJ3S009329@virt2.int.splunk.com> for spamme:501 
Apr  7 17:20:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 17:20:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59641,mid=<200904080020.n380KJ3S009329@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 17:20:21 splunk3 sendmail[27774]: n380KJgQ027773: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:20:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:20:56 splunk3 sendmail[27914]: n380KuJ9027914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:21:56 splunk3 sendmail[28151]: n380LuP0028151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:22:56 splunk3 sendmail[28386]: n380MuLe028386: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:23:56 splunk3 sendmail[28629]: n380NuYY028629: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:24:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:24:56 splunk3 sendmail[28866]: n380Oux9028866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:25:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:25:20 splunk3 sendmail[28983]: n380PKnK028983: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080025.n380PK65009932@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:25:20 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59697 
Apr  7 17:25:20 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:25:20 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:25:20 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:25:20 splunk3 spamd[26356]: spamd: processing message <200904080025.n380PK65009932@virt2.int.splunk.com> for spamme:501 
Apr  7 17:25:22 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  7 17:25:22 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59697,mid=<200904080025.n380PK65009932@virt2.int.splunk.com>,bayes=0.171899234520005,autolearn=no 
Apr  7 17:25:22 splunk3 sendmail[28984]: n380PKnK028983: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 17:25:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:25:56 splunk3 sendmail[29123]: n380Pu3U029123: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 17:26:56 splunk3 sendmail[29363]: n380QuZM029363: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:27:56 splunk3 sendmail[29601]: n380RuIa029601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:28:56 splunk3 sendmail[29835]: n380Su8E029835: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:29:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:29:56 splunk3 sendmail[30080]: n380TuYt030080: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:30:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:30:20 splunk3 sendmail[30197]: n380UKFp030197: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080030.n380UKSV010559@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:30:20 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59753 
Apr  7 17:30:20 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:30:20 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:30:20 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:30:20 splunk3 spamd[26356]: spamd: processing message <200904080030.n380UKSV010559@virt2.int.splunk.com> for spamme:501 
Apr  7 17:30:22 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 17:30:22 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59753,mid=<200904080030.n380UKSV010559@virt2.int.splunk.com>,bayes=0.114576558613606,autolearn=no 
Apr  7 17:30:22 splunk3 sendmail[30198]: n380UKFp030197: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:30:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:30:56 splunk3 sendmail[30340]: n380Uunk030340: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:31:56 splunk3 sendmail[30578]: n380VuHF030578: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:32:56 splunk3 sendmail[30814]: n380WugE030814: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:33:56 splunk3 sendmail[31056]: n380XulW031056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:34:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:34:56 splunk3 sendmail[31295]: n380YuJZ031295: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:35:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:35:21 splunk3 sendmail[31413]: n380ZKAr031413: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080035.n380ZKNM011299@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:35:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59809 
Apr  7 17:35:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:35:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:35:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:35:21 splunk3 spamd[26356]: spamd: processing message <200904080035.n380ZKNM011299@virt2.int.splunk.com> for spamme:501 
Apr  7 17:35:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 17:35:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59809,mid=<200904080035.n380ZKNM011299@virt2.int.splunk.com>,bayes=0.114576558613606,autolearn=no 
Apr  7 17:35:23 splunk3 sendmail[31414]: n380ZKAr031413: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:35:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:35:56 splunk3 sendmail[31551]: n380Zuvl031551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:36:56 splunk3 sendmail[31786]: n380au6Y031786: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:37:56 splunk3 sendmail[32030]: n380buoM032030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:38:56 splunk3 sendmail[32281]: n380cuLC032281: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:39:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:39:56 splunk3 sendmail[32525]: n380duZp032525: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:40:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:40:21 splunk3 sendmail[32628]: n380eL3a032628: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080040.n380eLLX011945@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:40:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59864 
Apr  7 17:40:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:40:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:40:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:40:21 splunk3 spamd[26356]: spamd: processing message <200904080040.n380eLLX011945@virt2.int.splunk.com> for spamme:501 
Apr  7 17:40:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 17:40:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59864,mid=<200904080040.n380eLLX011945@virt2.int.splunk.com>,bayes=0.114576558613606,autolearn=no 
Apr  7 17:40:23 splunk3 sendmail[32630]: n380eL3a032628: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:40:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:40:56 splunk3 sendmail[317]: n380eup2000317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 17:41:56 splunk3 sendmail[556]: n380fuIa000556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:42:06 splunk3 sendmail[579]: n380g6BM000579: from=<33fLbSRQKBvUdlldibXiboqp-klobmivdlldib.ZljpmXjjbpmirkhfq.Zlj@alerts.bounces.google.com>, size=8210, class=0, nrcpts=1, msgid=<00163691fefc9b05f10467006666@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.188]
Apr  7 17:42:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59883 
Apr  7 17:42:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:42:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:42:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:42:06 splunk3 spamd[26356]: spamd: processing message <00163691fefc9b05f10467006666@google.com> for spamme:501 
Apr  7 17:42:09 splunk3 spamd[26356]: spamd: clean message (-2.3/5.0) for spamme:501 in 2.3 seconds, 8640 bytes. 
Apr  7 17:42:09 splunk3 spamd[26356]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=2.3,size=8640,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59883,mid=<00163691fefc9b05f10467006666@google.com>,bayes=0,autolearn=ham 
Apr  7 17:42:09 splunk3 sendmail[580]: n380g6BM000579: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=38421, dsn=2.0.0, stat=Sent
Apr  7 17:42:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:42:56 splunk3 sendmail[795]: n380gu9R000795: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:43:56 splunk3 sendmail[1033]: n380huvd001033: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:44:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:44:56 splunk3 sendmail[1274]: n380iuZ4001274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:45:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:45:22 splunk3 sendmail[1390]: n380jMbj001390: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080045.n380jLHb012561@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:45:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59922 
Apr  7 17:45:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:45:22 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:45:22 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:45:22 splunk3 spamd[26356]: spamd: processing message <200904080045.n380jLHb012561@virt2.int.splunk.com> for spamme:501 
Apr  7 17:45:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 17:45:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59922,mid=<200904080045.n380jLHb012561@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 17:45:24 splunk3 sendmail[1391]: n380jMbj001390: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:45:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:45:56 splunk3 sendmail[1530]: n380ju2e001530: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:46:50 splunk3 sendmail[19432]: n37NknUM019432: timeout waiting for input from 218-160-114-227.dynamic.hinet.net during server cmd read
Apr  7 17:46:50 splunk3 sendmail[19432]: n37NknUM019432: lost input channel from 218-160-114-227.dynamic.hinet.net [218.160.114.227] to MTA after rcpt
Apr  7 17:46:50 splunk3 sendmail[19432]: n37NknUM019432: from=<0407pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=218-160-114-227.dynamic.hinet.net [218.160.114.227]
Apr  7 17:46:56 splunk3 sendmail[1766]: n380kuju001766: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:47:56 splunk3 sendmail[2010]: n380luxP002010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:48:56 splunk3 sendmail[2245]: n380muN6002245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:49:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:49:56 splunk3 sendmail[2487]: n380nuj5002487: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:50:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:50:22 splunk3 sendmail[2614]: n380oMmj002614: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080050.n380oMUR013180@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:50:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59977 
Apr  7 17:50:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:50:22 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:50:22 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:50:22 splunk3 spamd[26356]: spamd: processing message <200904080050.n380oMUR013180@virt2.int.splunk.com> for spamme:501 
Apr  7 17:50:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 17:50:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59977,mid=<200904080050.n380oMUR013180@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 17:50:24 splunk3 sendmail[2615]: n380oMmj002614: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:50:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:50:56 splunk3 sendmail[2761]: n380ouQa002761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:51:56 splunk3 sendmail[3006]: n380puKS003006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:52:56 splunk3 sendmail[3246]: n380qurE003246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:53:56 splunk3 sendmail[3491]: n380ruKh003491: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:54:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:54:56 splunk3 sendmail[3761]: n380sufF003761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:55:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 17:55:22 splunk3 sendmail[3878]: n380tM95003878: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080055.n380tMu4013786@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 17:55:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60033 
Apr  7 17:55:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 17:55:23 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 17:55:23 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 17:55:23 splunk3 spamd[26356]: spamd: processing message <200904080055.n380tMu4013786@virt2.int.splunk.com> for spamme:501 
Apr  7 17:55:25 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 17:55:25 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60033,mid=<200904080055.n380tMu4013786@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 17:55:25 splunk3 sendmail[3879]: n380tM95003878: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 17:55:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 17:55:56 splunk3 sendmail[4025]: n380tuAT004025: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 17:56:56 splunk3 sendmail[4270]: n380uuwV004270: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:57:56 splunk3 sendmail[4518]: n380vubB004518: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:58:56 splunk3 sendmail[4756]: n380wuw2004756: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 17:59:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 17:59:56 splunk3 sendmail[5010]: n380xu3w005010: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:00:04 splunk3 sendmail[5097]: n38104YC005097: from=root, size=291, class=0, nrcpts=1, msgid=<200904080100.n38104YC005097@splunk3.splunkit.com>, relay=root@localhost
Apr  7 18:00:04 splunk3 sendmail[5101]: n38104Xv005101: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080100.n38104YC005097@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 18:00:04 splunk3 sendmail[5097]: n38104YC005097: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38104Xv005101 Message accepted for delivery)
Apr  7 18:00:05 splunk3 sendmail[5102]: n38104Xv005101: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 18:00:07 splunk3 sendmail[5172]: n38107tn005172: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904080100.n38107tn005172@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 18:00:07 splunk3 sendmail[5174]: n38107tn005172: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 18:00:07 splunk3 sendmail[5174]: n38107tn005172: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 18:00:07 splunk3 sendmail[5174]: n38107tn005172: n38107tn005174: postmaster notify: User unknown
Apr  7 18:00:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:00:08 splunk3 sendmail[5174]: n38107tn005174: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 18:00:23 splunk3 sendmail[5249]: n3810NuP005249: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080100.n3810NfO014430@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:00:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60097 
Apr  7 18:00:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:00:23 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 18:00:23 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 18:00:23 splunk3 sendmail[5250]: n3810NuP005249: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:00:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:00:57 splunk3 sendmail[5393]: n3810vOJ005393: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:01:12 splunk3 sendmail[5406]: n381116n005406: from=root, size=443, class=0, nrcpts=1, msgid=<200904080101.n381116n005406@splunk3.splunkit.com>, relay=root@localhost
Apr  7 18:01:13 splunk3 sendmail[5467]: n3811C2r005467: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080101.n381116n005406@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 18:01:13 splunk3 sendmail[5406]: n381116n005406: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3811C2r005467 Message accepted for delivery)
Apr  7 18:01:14 splunk3 sendmail[5468]: n3811C2r005467: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 18:01:57 splunk3 sendmail[5645]: n3811vWG005645: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:02:57 splunk3 sendmail[5880]: n3812vDm005880: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:03:57 splunk3 sendmail[6118]: n3813vrt006118: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:04:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:04:57 splunk3 sendmail[6357]: n3814vai006357: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:05:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:05:23 splunk3 sendmail[6478]: n3815NPA006478: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080105.n3815NDw015110@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:05:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60154 
Apr  7 18:05:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:05:24 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 18:05:24 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 18:05:24 splunk3 sendmail[6479]: n3815NPA006478: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:05:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:05:57 splunk3 sendmail[6616]: n3815vnE006616: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:06:57 splunk3 sendmail[6851]: n3816vKF006851: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:07:57 splunk3 sendmail[7090]: n3817v0E007090: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:08:57 splunk3 sendmail[7332]: n3818vQx007332: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:09:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:09:57 splunk3 sendmail[7584]: n3819vMt007584: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:10:02 splunk3 sendmail[7702]: n381A2V7007702: from=root, size=292, class=0, nrcpts=1, msgid=<200904080110.n381A2V7007702@splunk3.splunkit.com>, relay=root@localhost
Apr  7 18:10:02 splunk3 sendmail[7707]: n381A2kA007707: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080110.n381A2V7007702@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 18:10:02 splunk3 sendmail[7702]: n381A2V7007702: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n381A2kA007707 Message accepted for delivery)
Apr  7 18:10:03 splunk3 sendmail[7708]: n381A2kA007707: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 18:10:08 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:10:24 splunk3 sendmail[7807]: n381AOQO007807: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080110.n381AOSe015723@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:10:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60210 
Apr  7 18:10:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:10:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:10:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:10:24 splunk3 spamd[26356]: spamd: processing message <200904080110.n381AOSe015723@virt2.int.splunk.com> for spamme:501 
Apr  7 18:10:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 18:10:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60210,mid=<200904080110.n381AOSe015723@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:10:26 splunk3 sendmail[7808]: n381AOQO007807: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:10:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:10:57 splunk3 sendmail[7945]: n381Avk2007945: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 18:11:57 splunk3 sendmail[8184]: n381BvH7008184: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:12:57 splunk3 sendmail[8419]: n381Cv12008419: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:13:57 splunk3 sendmail[8658]: n381DvwU008658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:14:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:14:57 splunk3 sendmail[8899]: n381EvNR008899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:15:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:15:25 splunk3 sendmail[9016]: n381FPsG009016: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080115.n381FODF016499@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:15:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60267 
Apr  7 18:15:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:15:25 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:15:25 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:15:25 splunk3 spamd[26356]: spamd: processing message <200904080115.n381FODF016499@virt2.int.splunk.com> for spamme:501 
Apr  7 18:15:27 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  7 18:15:27 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60267,mid=<200904080115.n381FODF016499@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:15:27 splunk3 sendmail[9017]: n381FPsG009016: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:15:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:15:42 splunk3 sendmail[9079]: n381FeJD009079: from=<charnees_1964@Curium.nl>, size=2102, class=0, nrcpts=1, msgid=<200904080115.n381FeJD009079@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=86-104-231-98.dcn.ro [86.104.231.98] (may be forged)
Apr  7 18:15:42 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60270 
Apr  7 18:15:42 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:15:42 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:15:42 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:15:42 splunk3 spamd[26356]: spamd: processing message <200904080115.n381FeJD009079@splunk3.splunkit.com> for spamme:501 
Apr  7 18:15:44 splunk3 spamd[26356]: spamd: identified spam (18.2/5.0) for spamme:501 in 1.5 seconds, 2518 bytes. 
Apr  7 18:15:44 splunk3 spamd[26356]: spamd: result: Y 18 - BAYES_99,FORGED_RCVD_HELO,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_JP_SURBL,URIBL_SBL scantime=1.5,size=2518,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60270,mid=<200904080115.n381FeJD009079@splunk3.splunkit.com>,bayes=0.999446855598048,autolearn=no 
Apr  7 18:15:44 splunk3 sendmail[9098]: n381FeJD009079: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=32432, dsn=2.0.0, stat=Sent
Apr  7 18:15:44 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:15:57 splunk3 sendmail[9163]: n381Fv4h009163: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:16:57 splunk3 sendmail[9396]: n381GvnD009396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:17:57 splunk3 sendmail[9634]: n381HvTh009634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:18:57 splunk3 sendmail[9869]: n381Iv3E009869: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:19:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:19:57 splunk3 sendmail[10114]: n381JvCG010114: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:20:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:20:25 splunk3 sendmail[10237]: n381KPDb010237: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080120.n381KPGM017138@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:20:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60324 
Apr  7 18:20:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:20:25 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:20:25 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:20:25 splunk3 spamd[26356]: spamd: processing message <200904080120.n381KPGM017138@virt2.int.splunk.com> for spamme:501 
Apr  7 18:20:27 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 18:20:27 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60324,mid=<200904080120.n381KPGM017138@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:20:27 splunk3 sendmail[10238]: n381KPDb010237: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:20:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:20:57 splunk3 sendmail[10387]: n381Kvr4010387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:21:57 splunk3 sendmail[10626]: n381LvkD010626: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:22:57 splunk3 sendmail[10862]: n381Mv9Q010862: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:23:57 splunk3 sendmail[11106]: n381NvnT011106: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:24:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:24:57 splunk3 sendmail[11348]: n381OvuP011348: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:25:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:25:25 splunk3 sendmail[11465]: n381PPwC011465: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080125.n381PPSD017741@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:25:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60379 
Apr  7 18:25:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:25:25 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:25:25 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:25:25 splunk3 spamd[26356]: spamd: processing message <200904080125.n381PPSD017741@virt2.int.splunk.com> for spamme:501 
Apr  7 18:25:27 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  7 18:25:27 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60379,mid=<200904080125.n381PPSD017741@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:25:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:25:27 splunk3 sendmail[11466]: n381PPwC011465: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:25:57 splunk3 sendmail[11600]: n381Pv7b011600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 18:26:57 splunk3 sendmail[11842]: n381QvAD011842: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:27:57 splunk3 sendmail[12076]: n381Rvq7012076: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:28:57 splunk3 sendmail[12314]: n381SviL012314: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:29:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:29:57 splunk3 sendmail[12556]: n381TvZN012556: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:30:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:30:26 splunk3 sendmail[12692]: n381UQfM012692: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080130.n381UQC4018369@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:30:26 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60436 
Apr  7 18:30:26 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:30:26 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:30:26 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:30:26 splunk3 spamd[26356]: spamd: processing message <200904080130.n381UQC4018369@virt2.int.splunk.com> for spamme:501 
Apr  7 18:30:28 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 18:30:28 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60436,mid=<200904080130.n381UQC4018369@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:30:28 splunk3 sendmail[12693]: n381UQfM012692: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:30:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:30:57 splunk3 sendmail[12818]: n381Uv4a012818: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:31:57 splunk3 sendmail[13051]: n381VvZb013051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:32:57 splunk3 sendmail[13319]: n381Wv8L013319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:33:57 splunk3 sendmail[13565]: n381XvRW013565: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:34:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:34:57 splunk3 sendmail[13809]: n381Yv7d013809: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:35:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:35:27 splunk3 sendmail[13941]: n381ZRKc013941: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080135.n381ZRkH019111@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:35:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60491 
Apr  7 18:35:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:35:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:35:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:35:27 splunk3 spamd[26356]: spamd: processing message <200904080135.n381ZRkH019111@virt2.int.splunk.com> for spamme:501 
Apr  7 18:35:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 18:35:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60491,mid=<200904080135.n381ZRkH019111@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:35:30 splunk3 sendmail[13942]: n381ZRKc013941: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:35:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:35:57 splunk3 sendmail[14062]: n381ZvxQ014062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:36:57 splunk3 sendmail[14302]: n381avOk014302: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:37:57 splunk3 sendmail[14537]: n381bvLe014537: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:38:57 splunk3 sendmail[14780]: n381cvhm014780: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:39:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:39:57 splunk3 sendmail[15018]: n381dvmE015018: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:40:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:40:27 splunk3 sendmail[15159]: n381eR1m015159: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080140.n381eR09019749@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:40:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60547 
Apr  7 18:40:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:40:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:40:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:40:27 splunk3 spamd[26356]: spamd: processing message <200904080140.n381eR09019749@virt2.int.splunk.com> for spamme:501 
Apr  7 18:40:31 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 3.4 seconds, 1308 bytes. 
Apr  7 18:40:31 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=3.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60547,mid=<200904080140.n381eR09019749@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:40:31 splunk3 sendmail[15160]: n381eR1m015159: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:40:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:40:57 splunk3 sendmail[15282]: n381ev32015282: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 18:41:57 splunk3 sendmail[15529]: n381fvcn015529: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:42:57 splunk3 sendmail[15768]: n381gvar015768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:43:57 splunk3 sendmail[16005]: n381hvIb016005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:44:39 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:44:57 splunk3 sendmail[16250]: n381ivg3016250: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:45:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:45:28 splunk3 sendmail[16379]: n381jSn9016379: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080145.n381jRgd020388@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:45:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60603 
Apr  7 18:45:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:45:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:45:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:45:28 splunk3 spamd[26356]: spamd: processing message <200904080145.n381jRgd020388@virt2.int.splunk.com> for spamme:501 
Apr  7 18:45:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 18:45:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60603,mid=<200904080145.n381jRgd020388@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:45:30 splunk3 sendmail[16380]: n381jSn9016379: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:45:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:45:57 splunk3 sendmail[16501]: n381jvWE016501: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:46:57 splunk3 sendmail[16736]: n381kvZ7016736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:47:57 splunk3 sendmail[16971]: n381lvZN016971: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:48:57 splunk3 sendmail[17210]: n381mvRW017210: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:49:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:49:57 splunk3 sendmail[17450]: n381nvAT017450: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:50:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:50:28 splunk3 sendmail[17586]: n381oSHe017586: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080150.n381oSiP020978@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:50:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60659 
Apr  7 18:50:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:50:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:50:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:50:28 splunk3 spamd[26356]: spamd: processing message <200904080150.n381oSiP020978@virt2.int.splunk.com> for spamme:501 
Apr  7 18:50:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  7 18:50:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60659,mid=<200904080150.n381oSiP020978@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:50:30 splunk3 sendmail[17587]: n381oSHe017586: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:50:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:50:57 splunk3 sendmail[17715]: n381ovPi017715: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:51:57 splunk3 sendmail[17948]: n381pvI6017948: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:52:57 splunk3 sendmail[18186]: n381qvRr018186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:53:57 splunk3 sendmail[18426]: n381rv3i018426: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:54:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:54:57 splunk3 sendmail[18671]: n381sv2S018671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:55:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 18:55:28 splunk3 sendmail[18804]: n381tS3G018804: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080155.n381tSo0021606@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 18:55:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60714 
Apr  7 18:55:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 18:55:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 18:55:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 18:55:28 splunk3 spamd[26356]: spamd: processing message <200904080155.n381tSo0021606@virt2.int.splunk.com> for spamme:501 
Apr  7 18:55:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 18:55:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60714,mid=<200904080155.n381tSo0021606@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 18:55:30 splunk3 sendmail[18805]: n381tS3G018804: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 18:55:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 18:55:57 splunk3 sendmail[18923]: n381tvUw018923: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 18:56:57 splunk3 sendmail[19164]: n381uv74019164: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:57:57 splunk3 sendmail[19400]: n381vvOj019400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:58:57 splunk3 sendmail[19640]: n381wvdJ019640: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 18:59:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 18:59:57 splunk3 sendmail[19879]: n381xvKS019879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:00:04 splunk3 sendmail[19968]: n38204TY019968: from=root, size=291, class=0, nrcpts=1, msgid=<200904080200.n38204TY019968@splunk3.splunkit.com>, relay=root@localhost
Apr  7 19:00:04 splunk3 sendmail[19972]: n38204WO019972: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080200.n38204TY019968@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 19:00:04 splunk3 sendmail[19968]: n38204TY019968: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38204WO019972 Message accepted for delivery)
Apr  7 19:00:05 splunk3 sendmail[19973]: n38204WO019972: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 19:00:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:00:12 splunk3 sendmail[20027]: n3820Cjn020027: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080200.n3820Cjn020027@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 19:00:12 splunk3 sendmail[20029]: n3820Cjn020027: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 19:00:12 splunk3 sendmail[20029]: n3820Cjn020027: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 19:00:12 splunk3 sendmail[20029]: n3820Cjn020027: n3820Cjn020029: postmaster notify: User unknown
Apr  7 19:00:14 splunk3 sendmail[20029]: n3820Cjn020029: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 19:00:29 splunk3 sendmail[20103]: n3820T5k020103: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080200.n3820Tpi022224@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:00:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60779 
Apr  7 19:00:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:00:29 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 19:00:29 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 19:00:29 splunk3 sendmail[20104]: n3820T5k020103: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:00:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:00:57 splunk3 sendmail[20224]: n3820vh2020224: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:01:02 splunk3 sendmail[20249]: n3821187020249: from=root, size=443, class=0, nrcpts=1, msgid=<200904080201.n3821187020249@splunk3.splunkit.com>, relay=root@localhost
Apr  7 19:01:02 splunk3 sendmail[20251]: n382127T020251: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080201.n3821187020249@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 19:01:02 splunk3 sendmail[20249]: n3821187020249: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n382127T020251 Message accepted for delivery)
Apr  7 19:01:04 splunk3 sendmail[20252]: n382127T020251: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 19:01:57 splunk3 sendmail[20471]: n3821vnZ020471: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:02:57 splunk3 sendmail[20709]: n3822vVG020709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:03:57 splunk3 sendmail[20945]: n3823vt9020945: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:04:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:04:57 splunk3 sendmail[21189]: n3824vcT021189: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:05:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:05:30 splunk3 sendmail[21320]: n3825TA5021320: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080205.n3825TFM022934@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:05:30 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60835 
Apr  7 19:05:30 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:05:30 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 19:05:30 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 19:05:30 splunk3 sendmail[21321]: n3825TA5021320: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:05:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:05:57 splunk3 sendmail[21439]: n3825vW2021439: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:06:57 splunk3 sendmail[21678]: n3826vv6021678: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:07:57 splunk3 sendmail[21912]: n3827vc0021912: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:08:57 splunk3 sendmail[22158]: n3828vLC022158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:09:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:09:57 splunk3 sendmail[22398]: n3829vFC022398: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:10:00 splunk3 sendmail[22400]: n382A0x0022400: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080210.n382A0Bt023449@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:10:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60879 
Apr  7 19:10:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:10:00 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 19:10:00 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 19:10:00 splunk3 sendmail[22401]: n382A0x0022400: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:10:00 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:10:02 splunk3 sendmail[22521]: n382A2Gv022521: from=root, size=292, class=0, nrcpts=1, msgid=<200904080210.n382A2Gv022521@splunk3.splunkit.com>, relay=root@localhost
Apr  7 19:10:02 splunk3 sendmail[22526]: n382A2gR022526: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080210.n382A2Gv022521@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 19:10:02 splunk3 sendmail[22521]: n382A2Gv022521: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n382A2gR022526 Message accepted for delivery)
Apr  7 19:10:04 splunk3 sendmail[22527]: n382A2gR022526: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 19:10:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:10:57 splunk3 sendmail[22765]: n382AvSa022765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 19:11:57 splunk3 sendmail[23002]: n382Bv9T023002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:12:57 splunk3 sendmail[23239]: n382Cv07023239: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:13:57 splunk3 sendmail[23474]: n382DveD023474: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:14:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:14:57 splunk3 sendmail[23719]: n382EvRZ023719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:15:01 splunk3 sendmail[23738]: n382F1S0023738: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080215.n382F0Df024267@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:15:01 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60937 
Apr  7 19:15:01 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:15:01 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:15:01 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:15:01 splunk3 spamd[26356]: spamd: processing message <200904080215.n382F0Df024267@virt2.int.splunk.com> for spamme:501 
Apr  7 19:15:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 19:15:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60937,mid=<200904080215.n382F0Df024267@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:15:04 splunk3 sendmail[23739]: n382F1S0023738: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:15:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:15:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:15:57 splunk3 sendmail[23973]: n382Fvhv023973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:16:57 splunk3 sendmail[24212]: n382GvU3024212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:17:57 splunk3 sendmail[24447]: n382HvH8024447: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:18:57 splunk3 sendmail[24686]: n382IvEt024686: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:19:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:19:57 splunk3 sendmail[24923]: n382JvN0024923: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:20:01 splunk3 sendmail[24950]: n382K1Rj024950: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080220.n382K1Af024937@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:20:01 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 60992 
Apr  7 19:20:01 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:20:01 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:20:01 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:20:01 splunk3 spamd[26356]: spamd: processing message <200904080220.n382K1Af024937@virt2.int.splunk.com> for spamme:501 
Apr  7 19:20:03 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 19:20:03 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60992,mid=<200904080220.n382K1Af024937@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:20:03 splunk3 sendmail[24951]: n382K1Rj024950: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:20:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:20:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:20:57 splunk3 sendmail[25186]: n382Kve6025186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:21:57 splunk3 sendmail[25421]: n382LvhS025421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:22:57 splunk3 sendmail[25661]: n382Mv09025661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:23:57 splunk3 sendmail[25901]: n382NvBm025901: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:24:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:24:57 splunk3 sendmail[26145]: n382OvnF026145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:25:02 splunk3 sendmail[26164]: n382P2hB026164: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080225.n382P2QV025548@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:25:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32817 
Apr  7 19:25:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:25:02 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:25:02 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:25:02 splunk3 spamd[26356]: spamd: processing message <200904080225.n382P2QV025548@virt2.int.splunk.com> for spamme:501 
Apr  7 19:25:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 19:25:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32817,mid=<200904080225.n382P2QV025548@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:25:04 splunk3 sendmail[26165]: n382P2hB026164: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:25:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:25:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:25:57 splunk3 sendmail[26400]: n382PvJH026400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 19:26:57 splunk3 sendmail[26638]: n382QvOg026638: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:27:57 splunk3 sendmail[26873]: n382Rv0K026873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:28:57 splunk3 sendmail[27113]: n382Sv0J027113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:29:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:29:57 splunk3 sendmail[27355]: n382Tv3B027355: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:30:02 splunk3 sendmail[27379]: n382U2uH027379: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080230.n382U2X7026170@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:30:02 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32874 
Apr  7 19:30:02 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:30:02 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:30:02 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:30:02 splunk3 spamd[26356]: spamd: processing message <200904080230.n382U2X7026170@virt2.int.splunk.com> for spamme:501 
Apr  7 19:30:04 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 19:30:04 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32874,mid=<200904080230.n382U2X7026170@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:30:04 splunk3 sendmail[27380]: n382U2uH027379: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:30:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:30:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:30:57 splunk3 sendmail[27616]: n382UvWL027616: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:31:57 splunk3 sendmail[27850]: n382Vvk9027850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:32:57 splunk3 sendmail[28089]: n382WvKA028089: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:33:57 splunk3 sendmail[28323]: n382XvdP028323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:34:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:34:57 splunk3 sendmail[28566]: n382Yv1L028566: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:35:03 splunk3 sendmail[28589]: n382Z3JA028589: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080235.n382Z3fm026915@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:35:03 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32929 
Apr  7 19:35:03 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:35:03 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:35:03 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:35:03 splunk3 spamd[26356]: spamd: processing message <200904080235.n382Z3fm026915@virt2.int.splunk.com> for spamme:501 
Apr  7 19:35:05 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 19:35:05 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32929,mid=<200904080235.n382Z3fm026915@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:35:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:35:05 splunk3 sendmail[28590]: n382Z3JA028589: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:35:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:35:57 splunk3 sendmail[28819]: n382ZvLq028819: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:36:57 splunk3 sendmail[29058]: n382avFn029058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:37:57 splunk3 sendmail[29293]: n382bvEV029293: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:38:57 splunk3 sendmail[29538]: n382cv7p029538: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:39:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:39:57 splunk3 sendmail[29778]: n382dvu2029778: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:40:03 splunk3 sendmail[29804]: n382e3g6029804: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080240.n382e3fI027549@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:40:03 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 32985 
Apr  7 19:40:03 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:40:03 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:40:03 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:40:03 splunk3 spamd[26356]: spamd: processing message <200904080240.n382e3fI027549@virt2.int.splunk.com> for spamme:501 
Apr  7 19:40:05 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 19:40:05 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=32985,mid=<200904080240.n382e3fI027549@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:40:05 splunk3 sendmail[29805]: n382e3g6029804: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:40:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:40:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:40:57 splunk3 sendmail[30038]: n382evZp030038: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 19:41:57 splunk3 sendmail[30275]: n382fvPp030275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:42:57 splunk3 sendmail[30514]: n382gvw2030514: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:43:57 splunk3 sendmail[30750]: n382hvcp030750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:44:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:44:57 splunk3 sendmail[30996]: n382ivQc030996: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:45:06 splunk3 sendmail[31031]: n382j6L2031031: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080245.n382j36a028163@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:45:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33041 
Apr  7 19:45:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:45:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:45:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:45:06 splunk3 spamd[26356]: spamd: processing message <200904080245.n382j36a028163@virt2.int.splunk.com> for spamme:501 
Apr  7 19:45:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:45:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 19:45:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33041,mid=<200904080245.n382j36a028163@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:45:08 splunk3 sendmail[31032]: n382j6L2031031: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:45:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:45:57 splunk3 sendmail[31248]: n382jv6a031248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:46:57 splunk3 sendmail[31487]: n382kvqb031487: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:47:57 splunk3 sendmail[31721]: n382lvoM031721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:48:57 splunk3 sendmail[31958]: n382mvqb031958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:49:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:49:57 splunk3 sendmail[32199]: n382nv4P032199: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:50:06 splunk3 sendmail[32245]: n382o6PT032245: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080250.n382o61T028777@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:50:06 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33097 
Apr  7 19:50:06 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:50:06 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:50:06 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:50:06 splunk3 spamd[26356]: spamd: processing message <200904080250.n382o61T028777@virt2.int.splunk.com> for spamme:501 
Apr  7 19:50:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:50:08 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 19:50:08 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33097,mid=<200904080250.n382o61T028777@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:50:08 splunk3 sendmail[32246]: n382o6PT032245: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:50:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:50:57 splunk3 sendmail[32461]: n382ovLf032461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:51:57 splunk3 sendmail[32694]: n382pv9Y032694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:52:57 splunk3 sendmail[465]: n382qvoB000465: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:53:57 splunk3 sendmail[706]: n382rv7r000706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:54:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:54:57 splunk3 sendmail[948]: n382sv9r000948: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:55:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 19:55:07 splunk3 sendmail[986]: n382t7rM000986: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080255.n382t7Uc029388@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 19:55:07 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33152 
Apr  7 19:55:07 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 19:55:07 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 19:55:07 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 19:55:07 splunk3 spamd[26356]: spamd: processing message <200904080255.n382t7Uc029388@virt2.int.splunk.com> for spamme:501 
Apr  7 19:55:09 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1308 bytes. 
Apr  7 19:55:09 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33152,mid=<200904080255.n382t7Uc029388@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 19:55:09 splunk3 sendmail[989]: n382t7rM000986: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 19:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 19:55:57 splunk3 sendmail[1200]: n382tv4A001200: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 19:56:57 splunk3 sendmail[1442]: n382uvgF001442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:57:57 splunk3 sendmail[1679]: n382vvPN001679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:58:57 splunk3 sendmail[1918]: n382wvOK001918: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 19:59:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 19:59:57 splunk3 sendmail[2161]: n382xv7W002161: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:00:04 splunk3 sendmail[2249]: n383044u002249: from=root, size=291, class=0, nrcpts=1, msgid=<200904080300.n383044u002249@splunk3.splunkit.com>, relay=root@localhost
Apr  7 20:00:04 splunk3 sendmail[2252]: n38304Qi002252: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080300.n383044u002249@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 20:00:04 splunk3 sendmail[2249]: n383044u002249: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38304Qi002252 Message accepted for delivery)
Apr  7 20:00:06 splunk3 sendmail[2253]: n38304Qi002252: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 20:00:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:00:08 splunk3 sendmail[2277]: n38308TM002277: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080300.n38307wX030023@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:00:08 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33210 
Apr  7 20:00:08 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:00:08 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 20:00:08 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 20:00:08 splunk3 sendmail[2278]: n38308TM002277: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 20:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:00:18 splunk3 sendmail[2336]: n3830ITP002336: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904080300.n3830ITP002336@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 20:00:18 splunk3 sendmail[2338]: n3830ITP002336: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 20:00:18 splunk3 sendmail[2338]: n3830ITP002336: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  7 20:00:18 splunk3 sendmail[2338]: n3830ITP002336: n3830ITP002338: postmaster notify: User unknown
Apr  7 20:00:19 splunk3 sendmail[2338]: n3830ITP002338: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  7 20:00:57 splunk3 sendmail[2508]: n3830vSQ002508: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:01:04 splunk3 sendmail[2532]: n38311l2002532: from=root, size=443, class=0, nrcpts=1, msgid=<200904080301.n38311l2002532@splunk3.splunkit.com>, relay=root@localhost
Apr  7 20:01:04 splunk3 sendmail[2537]: n38314hr002537: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080301.n38311l2002532@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 20:01:04 splunk3 sendmail[2532]: n38311l2002532: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38314hr002537 Message accepted for delivery)
Apr  7 20:01:06 splunk3 sendmail[2538]: n38314hr002537: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 20:01:57 splunk3 sendmail[2768]: n3831vbG002768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:02:57 splunk3 sendmail[3015]: n3832vOS003015: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:03:57 splunk3 sendmail[3255]: n3833vQ0003255: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:04:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:04:57 splunk3 sendmail[3501]: n3834vx0003501: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:05:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:05:08 splunk3 sendmail[3546]: n38358aC003546: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080305.n38358U0030706@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:05:08 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33274 
Apr  7 20:05:08 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:05:08 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 20:05:08 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 20:05:08 splunk3 sendmail[3550]: n38358aC003546: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 20:05:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:05:57 splunk3 sendmail[3781]: n3835v9s003781: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:06:36 splunk3 sendmail[3940]: n3836ZNh003940: from=<3uxTcSRQKBvUdlldibXiboqp-klobmivdlldib.ZljpmXjjbpmirkhfq.Zlj@alerts.bounces.google.com>, size=4410, class=0, nrcpts=1, msgid=<0016361645a557ef570467026b42@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.164]
Apr  7 20:06:36 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33296 
Apr  7 20:06:36 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:06:36 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 20:06:36 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 20:06:36 splunk3 sendmail[3941]: n3836ZNh003940: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=34620, dsn=2.0.0, stat=Sent
Apr  7 20:06:36 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:06:57 splunk3 sendmail[4034]: n3836vmg004034: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:07:58 splunk3 sendmail[4279]: n3837vGm004279: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:08:58 splunk3 sendmail[4532]: n3838wUK004532: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:09:38 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:09:58 splunk3 sendmail[4772]: n3839wfJ004772: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:10:03 splunk3 sendmail[4901]: n383A3og004901: from=root, size=292, class=0, nrcpts=1, msgid=<200904080310.n383A3og004901@splunk3.splunkit.com>, relay=root@localhost
Apr  7 20:10:03 splunk3 sendmail[4906]: n383A37A004906: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080310.n383A3og004901@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 20:10:03 splunk3 sendmail[4901]: n383A3og004901: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n383A37A004906 Message accepted for delivery)
Apr  7 20:10:04 splunk3 sendmail[4907]: n383A37A004906: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 20:10:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:10:09 splunk3 sendmail[4932]: n383A98n004932: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080310.n383A9dq031322@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:10:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33331 
Apr  7 20:10:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:10:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:10:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:10:09 splunk3 spamd[26356]: spamd: processing message <200904080310.n383A9dq031322@virt2.int.splunk.com> for spamme:501 
Apr  7 20:10:11 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 20:10:11 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33331,mid=<200904080310.n383A9dq031322@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 20:10:11 splunk3 sendmail[4933]: n383A98n004932: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 20:10:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:10:58 splunk3 sendmail[5188]: n383AwVa005188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 20:11:58 splunk3 sendmail[5429]: n383BwIW005429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:12:58 splunk3 sendmail[5666]: n383CwGM005666: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:13:58 splunk3 sendmail[5902]: n383DwfB005902: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:14:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:14:58 splunk3 sendmail[6147]: n383EwsZ006147: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:15:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:15:09 splunk3 sendmail[6187]: n383F9OF006187: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080315.n383F9K6032109@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:15:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33388 
Apr  7 20:15:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:15:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:15:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:15:09 splunk3 spamd[26356]: spamd: processing message <200904080315.n383F9K6032109@virt2.int.splunk.com> for spamme:501 
Apr  7 20:15:11 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 20:15:11 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33388,mid=<200904080315.n383F9K6032109@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 20:15:11 splunk3 sendmail[6188]: n383F9OF006187: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 20:15:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:15:58 splunk3 sendmail[6398]: n383Fwp4006398: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:16:58 splunk3 sendmail[6636]: n383GwXo006636: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:17:58 splunk3 sendmail[6873]: n383HwEI006873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:18:58 splunk3 sendmail[7112]: n383IwJB007112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:19:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:19:58 splunk3 sendmail[7352]: n383JwxD007352: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:20:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:20:09 splunk3 sendmail[7416]: n383K9cc007416: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080320.n383K9XT032741@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:20:09 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33443 
Apr  7 20:20:09 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:20:09 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:20:09 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:20:09 splunk3 spamd[26356]: spamd: processing message <200904080320.n383K9XT032741@virt2.int.splunk.com> for spamme:501 
Apr  7 20:20:12 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  7 20:20:12 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33443,mid=<200904080320.n383K9XT032741@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 20:20:12 splunk3 sendmail[7417]: n383K9cc007416: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 20:20:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:20:58 splunk3 sendmail[7624]: n383KwQi007624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:21:58 splunk3 sendmail[7860]: n383LwPw007860: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:22:58 splunk3 sendmail[8097]: n383Mw81008097: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:23:58 splunk3 sendmail[8335]: n383Nwg1008335: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:24:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:24:58 splunk3 sendmail[8580]: n383OweG008580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:25:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:25:10 splunk3 sendmail[8637]: n383PAbk008637: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904080325.n383PAAJ000886@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:25:10 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33499 
Apr  7 20:25:10 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:25:10 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:25:10 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:25:10 splunk3 spamd[26356]: spamd: processing message <200904080325.n383PAAJ000886@virt2.int.splunk.com> for spamme:501 
Apr  7 20:25:12 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1302 bytes. 
Apr  7 20:25:12 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33499,mid=<200904080325.n383PAAJ000886@virt2.int.splunk.com>,bayes=0.0679812227107612,autolearn=no 
Apr  7 20:25:12 splunk3 sendmail[8638]: n383PAbk008637: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  7 20:25:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:25:58 splunk3 sendmail[8833]: n383Pw59008833: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 20:26:58 splunk3 sendmail[9074]: n383Qw4i009074: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:27:58 splunk3 sendmail[9309]: n383Rwnc009309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:28:58 splunk3 sendmail[9550]: n383Swo1009550: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:29:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:29:58 splunk3 sendmail[9789]: n383TwQm009789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:30:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:30:11 splunk3 sendmail[9854]: n383UBxW009854: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080330.n383UA23001526@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:30:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33555 
Apr  7 20:30:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:30:11 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:30:11 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:30:11 splunk3 spamd[26356]: spamd: processing message <200904080330.n383UA23001526@virt2.int.splunk.com> for spamme:501 
Apr  7 20:30:13 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1305 bytes. 
Apr  7 20:30:13 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33555,mid=<200904080330.n383UA23001526@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:30:13 splunk3 sendmail[9855]: n383UBxW009854: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:30:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:30:58 splunk3 sendmail[10051]: n383UwDj010051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:31:58 splunk3 sendmail[10287]: n383VwFV010287: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:32:58 splunk3 sendmail[10528]: n383WwGK010528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:33:58 splunk3 sendmail[10762]: n383XwTv010762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:34:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:34:58 splunk3 sendmail[11005]: n383Ywuo011005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:35:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:35:11 splunk3 sendmail[11063]: n383ZB9N011063: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080335.n383ZB0j002291@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:35:11 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33611 
Apr  7 20:35:11 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:35:11 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:35:11 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:35:11 splunk3 spamd[26356]: spamd: processing message <200904080335.n383ZB0j002291@virt2.int.splunk.com> for spamme:501 
Apr  7 20:35:13 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 20:35:13 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33611,mid=<200904080335.n383ZB0j002291@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:35:13 splunk3 sendmail[11064]: n383ZB9N011063: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:35:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:35:58 splunk3 sendmail[11260]: n383ZwOc011260: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:36:58 splunk3 sendmail[11497]: n383awEJ011497: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:37:58 splunk3 sendmail[11731]: n383bwDl011731: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:38:58 splunk3 sendmail[11976]: n383cwf1011976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:39:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:39:58 splunk3 sendmail[12217]: n383dwtU012217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:40:07 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:40:12 splunk3 sendmail[12281]: n383eC8M012281: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080340.n383eBA9002923@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:40:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33666 
Apr  7 20:40:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:40:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:40:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:40:12 splunk3 spamd[26356]: spamd: processing message <200904080340.n383eBA9002923@virt2.int.splunk.com> for spamme:501 
Apr  7 20:40:14 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  7 20:40:14 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33666,mid=<200904080340.n383eBA9002923@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:40:15 splunk3 sendmail[12282]: n383eC8M012281: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:40:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:40:58 splunk3 sendmail[12478]: n383ew5G012478: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 20:41:58 splunk3 sendmail[12712]: n383fwWQ012712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:42:58 splunk3 sendmail[12952]: n383gwgC012952: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:43:58 splunk3 sendmail[13186]: n383hwJY013186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:44:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:44:58 splunk3 sendmail[13470]: n383iwpc013470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:45:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:45:12 splunk3 sendmail[13531]: n383jCfQ013531: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080345.n383jCUh003541@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:45:12 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33723 
Apr  7 20:45:12 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:45:12 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:45:12 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:45:12 splunk3 spamd[26356]: spamd: processing message <200904080345.n383jCUh003541@virt2.int.splunk.com> for spamme:501 
Apr  7 20:45:14 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  7 20:45:14 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33723,mid=<200904080345.n383jCUh003541@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:45:14 splunk3 sendmail[13532]: n383jCfQ013531: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:45:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:45:58 splunk3 sendmail[13725]: n383jwi5013725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:46:58 splunk3 sendmail[13964]: n383kw4E013964: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:47:58 splunk3 sendmail[14199]: n383lwrG014199: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:48:58 splunk3 sendmail[14437]: n383mwbw014437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:49:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:49:58 splunk3 sendmail[14679]: n383nwW7014679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:50:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:50:13 splunk3 sendmail[14743]: n383oDXW014743: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080350.n383oDE0004157@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:50:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33779 
Apr  7 20:50:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:50:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:50:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:50:13 splunk3 spamd[26356]: spamd: processing message <200904080350.n383oDE0004157@virt2.int.splunk.com> for spamme:501 
Apr  7 20:50:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  7 20:50:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33779,mid=<200904080350.n383oDE0004157@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:50:15 splunk3 sendmail[14744]: n383oDXW014743: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:50:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:50:58 splunk3 sendmail[14941]: n383owFi014941: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:51:58 splunk3 sendmail[15175]: n383pwN8015175: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:52:58 splunk3 sendmail[15416]: n383qwO8015416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:53:58 splunk3 sendmail[15665]: n383rw5N015665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:54:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:54:58 splunk3 sendmail[15908]: n383swDA015908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:55:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 20:55:13 splunk3 sendmail[15968]: n383tDov015968: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080355.n383tDQW004765@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 20:55:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33834 
Apr  7 20:55:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 20:55:13 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 20:55:13 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 20:55:13 splunk3 spamd[26356]: spamd: processing message <200904080355.n383tDQW004765@virt2.int.splunk.com> for spamme:501 
Apr  7 20:55:15 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  7 20:55:15 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33834,mid=<200904080355.n383tDQW004765@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 20:55:15 splunk3 sendmail[15969]: n383tDov015968: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 20:55:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 20:55:58 splunk3 sendmail[16160]: n383twol016160: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 20:56:58 splunk3 sendmail[16400]: n383uwCl016400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:57:58 splunk3 sendmail[16633]: n383vwqK016633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:58:58 splunk3 sendmail[16870]: n383ww78016870: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 20:59:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 20:59:58 splunk3 sendmail[17112]: n383xwgi017112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:00:04 splunk3 sendmail[17215]: n384048G017215: from=root, size=291, class=0, nrcpts=1, msgid=<200904080400.n384048G017215@splunk3.splunkit.com>, relay=root@localhost
Apr  7 21:00:05 splunk3 sendmail[17219]: n38404Z2017219: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080400.n384048G017215@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 21:00:05 splunk3 sendmail[17215]: n384048G017215: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38404Z2017219 Message accepted for delivery)
Apr  7 21:00:06 splunk3 sendmail[17220]: n38404Z2017219: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 21:00:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:00:13 splunk3 sendmail[17247]: n3840D2N017247: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080400.n3840Dim005407@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:00:13 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33892 
Apr  7 21:00:13 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:00:13 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 21:00:13 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 21:00:13 splunk3 sendmail[17248]: n3840D2N017247: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:00:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:00:23 splunk3 sendmail[17303]: n3840N7M017303: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080400.n3840N7M017303@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 21:00:24 splunk3 sendmail[17305]: n3840N7M017303: to=<mark@splunk.com>, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 21:00:24 splunk3 sendmail[17305]: n3840N7M017303: to=<splunk@localhost>, delay=00:00:01, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 21:00:24 splunk3 sendmail[17305]: n3840N7M017303: n3840O7M017305: postmaster notify: User unknown
Apr  7 21:00:25 splunk3 sendmail[17305]: n3840O7M017305: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 21:00:58 splunk3 sendmail[17459]: n3840wnL017459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:01:13 splunk3 sendmail[17482]: n38411Of017482: from=root, size=443, class=0, nrcpts=1, msgid=<200904080401.n38411Of017482@splunk3.splunkit.com>, relay=root@localhost
Apr  7 21:01:13 splunk3 sendmail[17522]: n3841D22017522: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080401.n38411Of017482@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 21:01:13 splunk3 sendmail[17482]: n38411Of017482: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3841D22017522 Message accepted for delivery)
Apr  7 21:01:14 splunk3 sendmail[17523]: n3841D22017522: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 21:01:58 splunk3 sendmail[17706]: n3841wYF017706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:02:58 splunk3 sendmail[17946]: n3842wip017946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:03:58 splunk3 sendmail[18182]: n3843wAO018182: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:04:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:04:58 splunk3 sendmail[18426]: n3844wdW018426: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:05:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:05:14 splunk3 sendmail[18506]: n3845EHI018506: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080405.n3845EBv006089@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:05:14 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33955 
Apr  7 21:05:14 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:05:14 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 21:05:14 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 21:05:14 splunk3 sendmail[18507]: n3845EHI018506: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:05:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:05:58 splunk3 sendmail[18677]: n3845wcT018677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:06:58 splunk3 sendmail[18917]: n3846wiw018917: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:07:19 splunk3 sendmail[18996]: n3847Ism018996: from=<39iLcSRQKBj8hpphmfbmfsut-opsfqmzhpphmf.dpntqbnnftqmvolju.dpn@alerts.bounces.google.com>, size=2512, class=0, nrcpts=1, msgid=<00151750ec4c7d7782046703448d@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  7 21:07:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33982 
Apr  7 21:07:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:07:19 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 21:07:19 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 21:07:19 splunk3 sendmail[18997]: n3847Ism018996: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=32727, dsn=2.0.0, stat=Sent
Apr  7 21:07:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:07:58 splunk3 sendmail[19157]: n3847wJt019157: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:08:58 splunk3 sendmail[19400]: n3848wT3019400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:09:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:09:58 splunk3 sendmail[19641]: n3849wis019641: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:10:02 splunk3 sendmail[19758]: n384A2o8019758: from=root, size=292, class=0, nrcpts=1, msgid=<200904080410.n384A2o8019758@splunk3.splunkit.com>, relay=root@localhost
Apr  7 21:10:02 splunk3 sendmail[19763]: n384A2x3019763: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080410.n384A2o8019758@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 21:10:02 splunk3 sendmail[19758]: n384A2o8019758: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n384A2x3019763 Message accepted for delivery)
Apr  7 21:10:03 splunk3 sendmail[19764]: n384A2x3019763: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 21:10:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:10:15 splunk3 sendmail[19831]: n384AF71019831: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080410.n384AEwf006698@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:10:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34013 
Apr  7 21:10:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:10:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:10:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:10:15 splunk3 spamd[26356]: spamd: processing message <200904080410.n384AEwf006698@virt2.int.splunk.com> for spamme:501 
Apr  7 21:10:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  7 21:10:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34013,mid=<200904080410.n384AEwf006698@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 21:10:17 splunk3 sendmail[19832]: n384AF71019831: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:10:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:10:58 splunk3 sendmail[20009]: n384Aw2r020009: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 21:11:58 splunk3 sendmail[20245]: n384BwWZ020245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:12:58 splunk3 sendmail[20482]: n384Cw8c020482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:13:58 splunk3 sendmail[20723]: n384DwQ1020723: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:14:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:14:58 splunk3 sendmail[20967]: n384EwgZ020967: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:15:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:15:15 splunk3 sendmail[21046]: n384FFE1021046: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080415.n384FFiw007487@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:15:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34069 
Apr  7 21:15:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:15:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:15:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:15:15 splunk3 spamd[26356]: spamd: processing message <200904080415.n384FFiw007487@virt2.int.splunk.com> for spamme:501 
Apr  7 21:15:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 21:15:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34069,mid=<200904080415.n384FFiw007487@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 21:15:17 splunk3 sendmail[21047]: n384FFE1021046: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:15:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:15:58 splunk3 sendmail[21218]: n384FwP3021218: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:16:58 splunk3 sendmail[21456]: n384GwXW021456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:17:58 splunk3 sendmail[21692]: n384Hw4m021692: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:18:58 splunk3 sendmail[21930]: n384Iwbo021930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:19:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:19:58 splunk3 sendmail[22170]: n384JwBi022170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:20:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:20:15 splunk3 sendmail[22258]: n384KFvm022258: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080420.n384KFeS008115@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:20:15 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34125 
Apr  7 21:20:15 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:20:15 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:20:15 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:20:15 splunk3 spamd[26356]: spamd: processing message <200904080420.n384KFeS008115@virt2.int.splunk.com> for spamme:501 
Apr  7 21:20:17 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  7 21:20:17 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34125,mid=<200904080420.n384KFeS008115@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 21:20:17 splunk3 sendmail[22259]: n384KFvm022258: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:20:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:20:58 splunk3 sendmail[22435]: n384Kw6Q022435: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:21:58 splunk3 sendmail[22671]: n384Lwkl022671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:22:58 splunk3 sendmail[22909]: n384Mwk3022909: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:23:58 splunk3 sendmail[23149]: n384Nwxf023149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:24:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:24:58 splunk3 sendmail[23395]: n384Owa8023395: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:25:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:25:16 splunk3 sendmail[23475]: n384PGm5023475: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080425.n384PGh6008724@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:25:16 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34180 
Apr  7 21:25:16 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:25:16 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:25:16 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:25:16 splunk3 spamd[26356]: spamd: processing message <200904080425.n384PGh6008724@virt2.int.splunk.com> for spamme:501 
Apr  7 21:25:18 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  7 21:25:18 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34180,mid=<200904080425.n384PGh6008724@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 21:25:18 splunk3 sendmail[23476]: n384PGm5023475: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:25:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:25:58 splunk3 sendmail[23647]: n384PwXu023647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 21:26:58 splunk3 sendmail[23886]: n384Qw6q023886: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:27:58 splunk3 sendmail[24122]: n384RwiM024122: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:28:58 splunk3 sendmail[24359]: n384SwDS024359: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:29:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:29:58 splunk3 sendmail[24598]: n384TwA2024598: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:30:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:30:17 splunk3 sendmail[24685]: n384UHMp024685: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080430.n384UGKo009345@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:30:17 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34237 
Apr  7 21:30:17 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:30:17 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:30:17 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:30:17 splunk3 spamd[26356]: spamd: processing message <200904080430.n384UGKo009345@virt2.int.splunk.com> for spamme:501 
Apr  7 21:30:19 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  7 21:30:19 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34237,mid=<200904080430.n384UGKo009345@virt2.int.splunk.com>,bayes=0.171937030053625,autolearn=no 
Apr  7 21:30:19 splunk3 sendmail[24686]: n384UHMp024685: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  7 21:30:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:30:58 splunk3 sendmail[24861]: n384UwiJ024861: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:31:58 splunk3 sendmail[25096]: n384Vw4o025096: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:32:58 splunk3 sendmail[25335]: n384Wwgk025335: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:33:58 splunk3 sendmail[25567]: n384XwDM025567: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:34:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:34:58 splunk3 sendmail[25812]: n384YwZa025812: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:35:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:35:17 splunk3 sendmail[25894]: n384ZHfn025894: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080435.n384ZHI5010099@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:35:17 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34292 
Apr  7 21:35:17 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:35:17 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:35:17 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:35:17 splunk3 spamd[26356]: spamd: processing message <200904080435.n384ZHI5010099@virt2.int.splunk.com> for spamme:501 
Apr  7 21:35:19 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 21:35:19 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34292,mid=<200904080435.n384ZHI5010099@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 21:35:19 splunk3 sendmail[25895]: n384ZHfn025894: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 21:35:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:35:58 splunk3 sendmail[26066]: n384Zw6G026066: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:36:58 splunk3 sendmail[26304]: n384awcT026304: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:37:58 splunk3 sendmail[26540]: n384bw0G026540: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:38:58 splunk3 sendmail[26785]: n384cwEs026785: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:39:37 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:39:58 splunk3 sendmail[27025]: n384dwoM027025: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:40:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:40:18 splunk3 sendmail[27110]: n384eIgp027110: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080440.n384eHiK010727@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:40:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34348 
Apr  7 21:40:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:40:18 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:40:18 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:40:18 splunk3 spamd[26356]: spamd: processing message <200904080440.n384eHiK010727@virt2.int.splunk.com> for spamme:501 
Apr  7 21:40:20 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  7 21:40:20 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34348,mid=<200904080440.n384eHiK010727@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 21:40:20 splunk3 sendmail[27111]: n384eIgp027110: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 21:40:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:40:58 splunk3 sendmail[27286]: n384ewSt027286: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 21:41:58 splunk3 sendmail[27524]: n384fwFQ027524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:42:58 splunk3 sendmail[27762]: n384gw2G027762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:43:58 splunk3 sendmail[27995]: n384hwJZ027995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:44:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:44:58 splunk3 sendmail[28238]: n384iwd8028238: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:45:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:45:18 splunk3 sendmail[28320]: n384jIE0028320: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080445.n384jIWj011341@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:45:18 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34405 
Apr  7 21:45:18 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:45:18 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:45:18 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:45:18 splunk3 spamd[26356]: spamd: processing message <200904080445.n384jIWj011341@virt2.int.splunk.com> for spamme:501 
Apr  7 21:45:20 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 21:45:20 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34405,mid=<200904080445.n384jIWj011341@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 21:45:20 splunk3 sendmail[28321]: n384jIE0028320: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 21:45:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:45:58 splunk3 sendmail[28492]: n384jwHO028492: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:46:58 splunk3 sendmail[28728]: n384kwjZ028728: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:47:58 splunk3 sendmail[28962]: n384lw0l028962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:48:58 splunk3 sendmail[29201]: n384mwV8029201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:49:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:49:58 splunk3 sendmail[29440]: n384nwMm029440: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:50:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:50:18 splunk3 sendmail[29528]: n384oIbP029528: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080450.n384oIVk011959@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:50:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34460 
Apr  7 21:50:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:50:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:50:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:50:19 splunk3 spamd[26356]: spamd: processing message <200904080450.n384oIVk011959@virt2.int.splunk.com> for spamme:501 
Apr  7 21:50:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 21:50:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34460,mid=<200904080450.n384oIVk011959@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 21:50:21 splunk3 sendmail[29543]: n384oIbP029528: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 21:50:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:50:58 splunk3 sendmail[29703]: n384ow54029703: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:51:58 splunk3 sendmail[29937]: n384pwTe029937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:52:58 splunk3 sendmail[30177]: n384qwLl030177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:53:58 splunk3 sendmail[30415]: n384rw4P030415: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:54:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:54:58 splunk3 sendmail[30659]: n384swdg030659: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:55:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 21:55:19 splunk3 sendmail[30758]: n384tJic030758: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080455.n384tJt1012564@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 21:55:19 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34516 
Apr  7 21:55:19 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 21:55:19 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 21:55:19 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 21:55:19 splunk3 spamd[26356]: spamd: processing message <200904080455.n384tJt1012564@virt2.int.splunk.com> for spamme:501 
Apr  7 21:55:21 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  7 21:55:21 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34516,mid=<200904080455.n384tJt1012564@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 21:55:21 splunk3 sendmail[30759]: n384tJic030758: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 21:55:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 21:55:58 splunk3 sendmail[30913]: n384twmi030913: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 21:56:58 splunk3 sendmail[31170]: n384uwUO031170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:57:58 splunk3 sendmail[31404]: n384vwDG031404: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:58:58 splunk3 sendmail[31642]: n384wwlw031642: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 21:59:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 21:59:58 splunk3 sendmail[31885]: n384xwpq031885: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:00:04 splunk3 sendmail[31970]: n38504rj031970: from=root, size=291, class=0, nrcpts=1, msgid=<200904080500.n38504rj031970@splunk3.splunkit.com>, relay=root@localhost
Apr  7 22:00:04 splunk3 sendmail[31974]: n38504ev031974: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080500.n38504rj031970@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 22:00:04 splunk3 sendmail[31970]: n38504rj031970: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38504ev031974 Message accepted for delivery)
Apr  7 22:00:05 splunk3 sendmail[31975]: n38504ev031974: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 22:00:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:00:20 splunk3 sendmail[32043]: n3850KsE032043: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080500.n3850Kj9013207@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:00:20 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34573 
Apr  7 22:00:20 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:00:20 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 22:00:20 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 22:00:20 splunk3 sendmail[32044]: n3850KsE032043: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:00:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:00:29 splunk3 sendmail[32096]: n3850TGD032096: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080500.n3850TGD032096@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 22:00:29 splunk3 sendmail[32098]: n3850TGD032096: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 22:00:29 splunk3 sendmail[32098]: n3850TGD032096: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 22:00:29 splunk3 sendmail[32098]: n3850TGD032096: n3850TGD032098: postmaster notify: User unknown
Apr  7 22:00:30 splunk3 sendmail[32098]: n3850TGD032098: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 22:00:58 splunk3 sendmail[32230]: n3850wfD032230: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:01:13 splunk3 sendmail[32239]: n38511Rg032239: from=root, size=443, class=0, nrcpts=1, msgid=<200904080501.n38511Rg032239@splunk3.splunkit.com>, relay=root@localhost
Apr  7 22:01:13 splunk3 sendmail[32278]: n3851D98032278: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080501.n38511Rg032239@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 22:01:13 splunk3 sendmail[32239]: n38511Rg032239: to=root, ctladdr=root (0/0), delay=00:00:12, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3851D98032278 Message accepted for delivery)
Apr  7 22:01:14 splunk3 sendmail[32279]: n3851D98032278: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 22:01:58 splunk3 sendmail[32477]: n3851wqR032477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:02:58 splunk3 sendmail[32718]: n3852w9u032718: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:03:58 splunk3 sendmail[487]: n3853wc3000487: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:04:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:04:58 splunk3 sendmail[730]: n3854w7r000730: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:05:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:05:21 splunk3 sendmail[814]: n3855LCC000814: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080505.n3855Koj013884@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:05:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34637 
Apr  7 22:05:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:05:21 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 22:05:21 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 22:05:21 splunk3 sendmail[815]: n3855LCC000814: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:05:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:05:58 splunk3 sendmail[982]: n3855whV000982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:06:59 splunk3 sendmail[1222]: n3856wWs001222: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:07:59 splunk3 sendmail[1456]: n3857xC5001456: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:08:59 splunk3 sendmail[1700]: n3858x0t001700: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:09:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:09:59 splunk3 sendmail[1943]: n3859x4L001943: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:10:02 splunk3 sendmail[2057]: n385A29A002057: from=root, size=292, class=0, nrcpts=1, msgid=<200904080510.n385A29A002057@splunk3.splunkit.com>, relay=root@localhost
Apr  7 22:10:02 splunk3 sendmail[2062]: n385A2wi002062: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080510.n385A29A002057@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 22:10:02 splunk3 sendmail[2057]: n385A29A002057: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n385A2wi002062 Message accepted for delivery)
Apr  7 22:10:04 splunk3 sendmail[2063]: n385A2wi002062: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 22:10:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:10:21 splunk3 sendmail[2149]: n385ALoE002149: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080510.n385ALao014496@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:10:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34701 
Apr  7 22:10:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:10:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:10:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:10:21 splunk3 spamd[26356]: spamd: processing message <200904080510.n385ALao014496@virt2.int.splunk.com> for spamme:501 
Apr  7 22:10:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 22:10:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34701,mid=<200904080510.n385ALao014496@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:10:23 splunk3 sendmail[2150]: n385ALoE002149: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:10:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:10:59 splunk3 sendmail[2312]: n385AxZT002312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 22:11:39 splunk3 sendmail[29095]: n384mU3R029095: 118-165-74-116.dynamic.hinet.net [118.165.74.116] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:11:59 splunk3 sendmail[2549]: n385BxLW002549: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:12:59 splunk3 sendmail[2800]: n385CxDV002800: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:13:36 splunk3 sendmail[2942]: n385DZQP002942: from=<3fzLcSRQKBtc9HH9E73E7KML-GHK7IER9HH9E7.5HFLI3FF7LIENGDBM.5HF@alerts.bounces.google.com>, size=3510, class=0, nrcpts=1, msgid=<0016e644cc6886290f04670431ee@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.190]
Apr  7 22:13:36 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34734 
Apr  7 22:13:36 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:13:36 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:13:36 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:13:36 splunk3 spamd[26356]: spamd: processing message <0016e644cc6886290f04670431ee@google.com> for spamme:501 
Apr  7 22:13:38 splunk3 spamd[26356]: spamd: clean message (-1.4/5.0) for spamme:501 in 2.5 seconds, 3940 bytes. 
Apr  7 22:13:38 splunk3 spamd[26356]: spamd: result: . -1 - AWL,BAYES_00,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY scantime=2.5,size=3940,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34734,mid=<0016e644cc6886290f04670431ee@google.com>,bayes=5.55111512312578e-17,autolearn=no 
Apr  7 22:13:38 splunk3 sendmail[2946]: n385DZQP002942: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33721, dsn=2.0.0, stat=Sent
Apr  7 22:13:38 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:13:59 splunk3 sendmail[3053]: n385Dxb4003053: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:14:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:14:59 splunk3 sendmail[3299]: n385ExZI003299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:15:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:15:21 splunk3 sendmail[3397]: n385FLGg003397: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080515.n385FLQR015275@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:15:21 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34759 
Apr  7 22:15:21 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:15:21 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:15:21 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:15:21 splunk3 spamd[26356]: spamd: processing message <200904080515.n385FLQR015275@virt2.int.splunk.com> for spamme:501 
Apr  7 22:15:23 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 22:15:23 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34759,mid=<200904080515.n385FLQR015275@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:15:23 splunk3 sendmail[3398]: n385FLGg003397: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:15:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:15:59 splunk3 sendmail[3557]: n385Fx2c003557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:16:59 splunk3 sendmail[3820]: n385Gx5m003820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:17:59 splunk3 sendmail[4067]: n385Hx5Q004067: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:18:59 splunk3 sendmail[4323]: n385IxIs004323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:19:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:19:59 splunk3 sendmail[4562]: n385Jx4u004562: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:20:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:20:22 splunk3 sendmail[4666]: n385KMrP004666: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080520.n385KLhD015911@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:20:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34814 
Apr  7 22:20:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:20:22 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:20:22 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:20:22 splunk3 spamd[26356]: spamd: processing message <200904080520.n385KLhD015911@virt2.int.splunk.com> for spamme:501 
Apr  7 22:20:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 22:20:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34814,mid=<200904080520.n385KLhD015911@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:20:24 splunk3 sendmail[4667]: n385KMrP004666: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:20:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:20:59 splunk3 sendmail[4827]: n385KxAk004827: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:21:59 splunk3 sendmail[5069]: n385Lxjr005069: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:22:59 splunk3 sendmail[5341]: n385Mxld005341: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:23:59 splunk3 sendmail[5586]: n385NxCp005586: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:24:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:24:59 splunk3 sendmail[5831]: n385OxCw005831: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:25:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:25:22 splunk3 sendmail[5928]: n385PMge005928: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080525.n385PMOB016512@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:25:22 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34870 
Apr  7 22:25:22 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:25:22 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:25:22 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:25:22 splunk3 spamd[26356]: spamd: processing message <200904080525.n385PMOB016512@virt2.int.splunk.com> for spamme:501 
Apr  7 22:25:24 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  7 22:25:24 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34870,mid=<200904080525.n385PMOB016512@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:25:24 splunk3 sendmail[5929]: n385PMge005928: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:25:59 splunk3 sendmail[6083]: n385Px5J006083: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 22:26:59 splunk3 sendmail[6323]: n385Qx8l006323: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:27:59 splunk3 sendmail[6559]: n385Rx6Z006559: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:28:59 splunk3 sendmail[6796]: n385Sxx4006796: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:29:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:29:59 splunk3 sendmail[7037]: n385TxKx007037: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:30:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:30:23 splunk3 sendmail[7141]: n385UNo6007141: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080530.n385UNgv017132@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:30:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34926 
Apr  7 22:30:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:30:23 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:30:23 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:30:23 splunk3 spamd[26356]: spamd: processing message <200904080530.n385UNgv017132@virt2.int.splunk.com> for spamme:501 
Apr  7 22:30:25 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 22:30:25 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34926,mid=<200904080530.n385UNgv017132@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:30:25 splunk3 sendmail[7142]: n385UNo6007141: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:30:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:30:59 splunk3 sendmail[7301]: n385UxVw007301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:31:59 splunk3 sendmail[7540]: n385VxIu007540: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:32:59 splunk3 sendmail[7785]: n385Wxp1007785: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:33:59 splunk3 sendmail[8018]: n385XxMB008018: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:34:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:34:59 splunk3 sendmail[8262]: n385YxHf008262: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:35:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:35:23 splunk3 sendmail[8375]: n385ZNR8008375: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080535.n385ZNfk017878@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:35:23 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 34982 
Apr  7 22:35:23 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:35:23 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:35:23 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:35:23 splunk3 spamd[26356]: spamd: processing message <200904080535.n385ZNfk017878@virt2.int.splunk.com> for spamme:501 
Apr  7 22:35:25 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 22:35:25 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=34982,mid=<200904080535.n385ZNfk017878@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:35:25 splunk3 sendmail[8376]: n385ZNR8008375: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:35:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:35:59 splunk3 sendmail[8513]: n385ZxhW008513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:36:59 splunk3 sendmail[8750]: n385axP5008750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:37:59 splunk3 sendmail[8986]: n385bxed008986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:38:59 splunk3 sendmail[9228]: n385cx9w009228: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:39:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:39:59 splunk3 sendmail[9466]: n385dx2A009466: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:40:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:40:24 splunk3 sendmail[9585]: n385eO1o009585: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080540.n385eNe3018522@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:40:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35038 
Apr  7 22:40:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:40:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:40:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:40:24 splunk3 spamd[26356]: spamd: processing message <200904080540.n385eNe3018522@virt2.int.splunk.com> for spamme:501 
Apr  7 22:40:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  7 22:40:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35038,mid=<200904080540.n385eNe3018522@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:40:26 splunk3 sendmail[9586]: n385eO1o009585: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:40:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:40:59 splunk3 sendmail[9727]: n385exQe009727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 22:41:59 splunk3 sendmail[9965]: n385fxoe009965: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:42:59 splunk3 sendmail[10205]: n385gxrU010205: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:43:59 splunk3 sendmail[10438]: n385hxHx010438: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:44:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:44:59 splunk3 sendmail[10685]: n385ix9Z010685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:45:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:45:24 splunk3 sendmail[10797]: n385jOwR010797: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080545.n385jOMn019130@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:45:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35094 
Apr  7 22:45:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:45:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:45:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:45:24 splunk3 spamd[26356]: spamd: processing message <200904080545.n385jOMn019130@virt2.int.splunk.com> for spamme:501 
Apr  7 22:45:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 22:45:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35094,mid=<200904080545.n385jOMn019130@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:45:26 splunk3 sendmail[10798]: n385jOwR010797: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:45:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:45:59 splunk3 sendmail[10938]: n385jxBO010938: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:46:59 splunk3 sendmail[11176]: n385kx6D011176: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:47:59 splunk3 sendmail[11412]: n385lxUC011412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:48:59 splunk3 sendmail[11651]: n385mxit011651: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:49:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:49:59 splunk3 sendmail[11893]: n385nxJ5011893: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:50:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:50:24 splunk3 sendmail[12011]: n385oOT3012011: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080550.n385oO1r019744@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:50:24 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35150 
Apr  7 22:50:24 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:50:24 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:50:24 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:50:24 splunk3 spamd[26356]: spamd: processing message <200904080550.n385oO1r019744@virt2.int.splunk.com> for spamme:501 
Apr  7 22:50:26 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  7 22:50:26 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35150,mid=<200904080550.n385oO1r019744@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:50:26 splunk3 sendmail[12012]: n385oOT3012011: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:50:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:50:59 splunk3 sendmail[12153]: n385oxRZ012153: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:51:59 splunk3 sendmail[12389]: n385pxAG012389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:52:59 splunk3 sendmail[12628]: n385qxbo012628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:53:59 splunk3 sendmail[12865]: n385rxK3012865: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:54:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:54:59 splunk3 sendmail[13108]: n385sx9K013108: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:55:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 22:55:25 splunk3 sendmail[13222]: n385tPif013222: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080555.n385tODW020353@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 22:55:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35205 
Apr  7 22:55:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:55:25 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:55:25 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:55:25 splunk3 spamd[26356]: spamd: processing message <200904080555.n385tODW020353@virt2.int.splunk.com> for spamme:501 
Apr  7 22:55:29 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.2 seconds, 1308 bytes. 
Apr  7 22:55:29 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35205,mid=<200904080555.n385tODW020353@virt2.int.splunk.com>,bayes=0.11460877822621,autolearn=no 
Apr  7 22:55:29 splunk3 sendmail[13224]: n385tPif013222: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 22:55:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:55:59 splunk3 sendmail[13400]: n385txA9013400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 22:56:59 splunk3 sendmail[13639]: n385uxRB013639: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:57:50 splunk3 sendmail[13820]: n385vl3c013820: from=<spamme@splunkit.com>, size=585, class=0, nrcpts=1, msgid=<200904080557.n385vl3c013820@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=121-74-179-94.pool.ukrtel.net [94.179.74.121]
Apr  7 22:57:50 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35229 
Apr  7 22:57:50 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 22:57:50 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 22:57:50 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 22:57:50 splunk3 spamd[26356]: spamd: processing message <200904080557.n385vl3c013820@splunk3.splunkit.com> for spamme:501 
Apr  7 22:57:52 splunk3 spamd[26356]: spamd: identified spam (23.8/5.0) for spamme:501 in 1.7 seconds, 993 bytes. 
Apr  7 22:57:52 splunk3 spamd[26356]: spamd: result: Y 23 - AWL,BAYES_99,HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL scantime=1.7,size=993,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35229,mid=<200904080557.n385vl3c013820@splunk3.splunkit.com>,bayes=0.99775983965714,autolearn=spam 
Apr  7 22:57:52 splunk3 sendmail[13839]: n385vl3c013820: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=30917, dsn=2.0.0, stat=Sent
Apr  7 22:57:52 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 22:57:59 splunk3 sendmail[13879]: n385vxl3013879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:58:59 splunk3 sendmail[14120]: n385wxZE014120: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 22:59:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 22:59:59 splunk3 sendmail[14362]: n385xx7B014362: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:00:04 splunk3 sendmail[14447]: n38604DR014447: from=root, size=291, class=0, nrcpts=1, msgid=<200904080600.n38604DR014447@splunk3.splunkit.com>, relay=root@localhost
Apr  7 23:00:04 splunk3 sendmail[14458]: n38604EB014458: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080600.n38604DR014447@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 23:00:04 splunk3 sendmail[14447]: n38604DR014447: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38604EB014458 Message accepted for delivery)
Apr  7 23:00:05 splunk3 sendmail[14469]: n38604Il014469: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080600.n38604Il014469@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 23:00:05 splunk3 sendmail[14471]: n38604Il014469: to=<mark@splunk.com>, delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  7 23:00:05 splunk3 sendmail[14471]: n38604Il014469: to=<splunk@localhost>, delay=00:00:01, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  7 23:00:05 splunk3 sendmail[14471]: n38604Il014469: n38605Il014471: postmaster notify: User unknown
Apr  7 23:00:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:00:06 splunk3 sendmail[14463]: n38604EB014458: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  7 23:00:14 splunk3 sendmail[14471]: n38605Il014471: to=root, delay=00:00:09, xdelay=00:00:09, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  7 23:00:25 splunk3 sendmail[14566]: n3860PWG014566: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080600.n3860PJ0020996@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:00:25 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35271 
Apr  7 23:00:25 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:00:25 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 23:00:25 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 23:00:25 splunk3 sendmail[14567]: n3860PWG014566: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:00:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:00:59 splunk3 sendmail[14709]: n3860xeg014709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:01:06 splunk3 sendmail[14718]: n38611Zd014718: from=root, size=443, class=0, nrcpts=1, msgid=<200904080601.n38611Zd014718@splunk3.splunkit.com>, relay=root@localhost
Apr  7 23:01:06 splunk3 sendmail[14740]: n38616Sj014740: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080601.n38611Zd014718@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 23:01:06 splunk3 sendmail[14718]: n38611Zd014718: to=root, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38616Sj014740 Message accepted for delivery)
Apr  7 23:01:08 splunk3 sendmail[14741]: n38616Sj014740: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  7 23:01:59 splunk3 sendmail[14956]: n3861xKI014956: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:02:59 splunk3 sendmail[15197]: n3862xSO015197: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:03:59 splunk3 sendmail[15430]: n3863xfH015430: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:04:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:04:59 splunk3 sendmail[15685]: n3864xAx015685: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:05:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:05:27 splunk3 sendmail[15802]: n3865QLt015802: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080605.n3865Q3u021681@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:05:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35327 
Apr  7 23:05:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:05:27 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 23:05:27 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 23:05:27 splunk3 sendmail[15803]: n3865QLt015802: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:05:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:05:59 splunk3 sendmail[15940]: n3865xKY015940: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:06:35 splunk3 sendmail[15920]: n3865txG015920: from=<shiahn_ws@deleteddomains.com>, size=5723, class=0, nrcpts=1, msgid=<4d24019dbbb7$ee930144$079c75ab@deleteddomains.com>, proto=ESMTP, daemon=MTA, relay=ABTS-TN-dynamic-207.183.164.122.airtelbroadband.in [122.164.183.207] (may be forged)
Apr  7 23:06:35 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35339 
Apr  7 23:06:35 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:06:35 splunk3 spamd[26356]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  7 23:06:35 splunk3 spamd[26356]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  7 23:06:35 splunk3 sendmail[16077]: n3865txG015920: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:00, mailer=local, pri=36010, dsn=2.0.0, stat=Sent
Apr  7 23:06:35 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:06:59 splunk3 sendmail[16181]: n3866x6E016181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:07:59 splunk3 sendmail[16414]: n3867xuW016414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:08:59 splunk3 sendmail[16656]: n3868xCd016656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:09:36 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:09:59 splunk3 sendmail[16897]: n3869xaQ016897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:10:03 splunk3 sendmail[16998]: n386A3IX016998: from=root, size=292, class=0, nrcpts=1, msgid=<200904080610.n386A3IX016998@splunk3.splunkit.com>, relay=root@localhost
Apr  7 23:10:03 splunk3 sendmail[17007]: n386A3fS017007: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080610.n386A3IX016998@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  7 23:10:03 splunk3 sendmail[16998]: n386A3IX016998: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n386A3fS017007 Message accepted for delivery)
Apr  7 23:10:04 splunk3 sendmail[17020]: n386A3fS017007: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  7 23:10:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:10:27 splunk3 sendmail[17121]: n386ARHa017121: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080610.n386AREH022301@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:10:27 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35385 
Apr  7 23:10:27 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:10:27 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:10:27 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:10:27 splunk3 spamd[26356]: spamd: processing message <200904080610.n386AREH022301@virt2.int.splunk.com> for spamme:501 
Apr  7 23:10:29 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 23:10:29 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35385,mid=<200904080610.n386AREH022301@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:10:29 splunk3 sendmail[17122]: n386ARHa017121: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:10:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:10:59 splunk3 sendmail[17261]: n386AxpL017261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 23:11:59 splunk3 sendmail[17497]: n386Bxst017497: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:12:59 splunk3 sendmail[17734]: n386CxRq017734: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:13:59 splunk3 sendmail[17969]: n386DxTB017969: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:14:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:14:59 splunk3 sendmail[18214]: n386ExEw018214: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:15:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:15:28 splunk3 sendmail[18344]: n386FSN5018344: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080615.n386FSTA023111@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:15:28 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35441 
Apr  7 23:15:28 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:15:28 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:15:28 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:15:28 splunk3 spamd[26356]: spamd: processing message <200904080615.n386FSTA023111@virt2.int.splunk.com> for spamme:501 
Apr  7 23:15:30 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 23:15:30 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35441,mid=<200904080615.n386FSTA023111@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:15:30 splunk3 sendmail[18345]: n386FSN5018344: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:15:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:15:59 splunk3 sendmail[18467]: n386FxDr018467: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:16:59 splunk3 sendmail[18706]: n386GxB0018706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:17:59 splunk3 sendmail[18941]: n386HxoG018941: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:18:59 splunk3 sendmail[19178]: n386Ix3N019178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:19:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:19:59 splunk3 sendmail[19419]: n386Jxw3019419: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:20:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:20:28 splunk3 sendmail[19559]: n386KSPU019559: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080620.n386KSKV023748@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:20:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35497 
Apr  7 23:20:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:20:29 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:20:29 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:20:29 splunk3 spamd[26356]: spamd: processing message <200904080620.n386KSKV023748@virt2.int.splunk.com> for spamme:501 
Apr  7 23:20:31 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 23:20:31 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35497,mid=<200904080620.n386KSKV023748@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:20:31 splunk3 sendmail[19560]: n386KSPU019559: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:20:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:20:59 splunk3 sendmail[19684]: n386KxAY019684: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:21:59 splunk3 sendmail[19918]: n386Lxw6019918: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:22:59 splunk3 sendmail[20158]: n386MxU9020158: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:23:59 splunk3 sendmail[20399]: n386NxSg020399: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:24:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:24:59 splunk3 sendmail[20643]: n386Oxcm020643: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:25:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:25:29 splunk3 sendmail[20775]: n386PTws020775: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080625.n386PTE9024378@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:25:29 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35553 
Apr  7 23:25:29 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:25:29 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:25:29 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:25:29 splunk3 spamd[26356]: spamd: processing message <200904080625.n386PTE9024378@virt2.int.splunk.com> for spamme:501 
Apr  7 23:25:31 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 23:25:31 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35553,mid=<200904080625.n386PTE9024378@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:25:31 splunk3 sendmail[20776]: n386PTws020775: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:25:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:25:59 splunk3 sendmail[20895]: n386Pxn1020895: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 23:26:59 splunk3 sendmail[21135]: n386Qxr5021135: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:27:59 splunk3 sendmail[21370]: n386RxeC021370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:28:59 splunk3 sendmail[21607]: n386Sx00021607: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:29:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:29:59 splunk3 sendmail[21849]: n386TxF0021849: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:30:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:30:30 splunk3 sendmail[21987]: n386UTdS021987: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080630.n386UTtg024978@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:30:30 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35609 
Apr  7 23:30:30 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:30:30 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:30:30 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:30:30 splunk3 spamd[26356]: spamd: processing message <200904080630.n386UTtg024978@virt2.int.splunk.com> for spamme:501 
Apr  7 23:30:32 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 23:30:32 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35609,mid=<200904080630.n386UTtg024978@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:30:32 splunk3 sendmail[21988]: n386UTdS021987: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:30:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:30:59 splunk3 sendmail[22113]: n386Ux6Q022113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:31:59 splunk3 sendmail[22347]: n386VxLE022347: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:32:59 splunk3 sendmail[22585]: n386Wxa1022585: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:33:59 splunk3 sendmail[22820]: n386XxJ5022820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:34:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:34:59 splunk3 sendmail[23065]: n386YxhW023065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:35:00 splunk3 sendmail[23066]: n386Z03L023066: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080635.n386Z05K025651@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:35:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35653 
Apr  7 23:35:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:35:00 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:35:00 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:35:00 splunk3 spamd[26356]: spamd: processing message <200904080635.n386Z05K025651@virt2.int.splunk.com> for spamme:501 
Apr  7 23:35:02 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  7 23:35:02 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35653,mid=<200904080635.n386Z05K025651@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:35:02 splunk3 sendmail[23067]: n386Z03L023066: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:35:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:35:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:35:59 splunk3 sendmail[23318]: n386Zxag023318: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:36:59 splunk3 sendmail[23557]: n386axYs023557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:37:59 splunk3 sendmail[23792]: n386bxi8023792: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:38:59 splunk3 sendmail[24036]: n386cxnv024036: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:39:14 splunk3 sendmail[24017]: n386cvoR024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:15 splunk3 sendmail[24017]: n386cvoR024017: from=<qlkorq@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:15 splunk3 sendmail[24017]: n386cvoS024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:18 splunk3 sendmail[24017]: n386cvoS024017: from=<qlkorq@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:18 splunk3 sendmail[24017]: n386cvoT024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:34 splunk3 sendmail[24017]: n386cvoT024017: from=<nhhfo@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:34 splunk3 sendmail[24017]: n386cvoU024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:34 splunk3 sendmail[24017]: n386cvoU024017: from=<nhhfo@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:34 splunk3 sendmail[24017]: n386cvoV024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoV024017: from=<xym@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoW024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoW024017: from=<xym@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoX024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoX024017: from=<thciyy@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:37 splunk3 sendmail[24017]: n386cvoY024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:38 splunk3 sendmail[24017]: n386cvoY024017: from=<thciyy@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:38 splunk3 sendmail[24017]: n386cvoZ024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:38 splunk3 sendmail[24017]: n386cvoZ024017: from=<fdgotc@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:38 splunk3 sendmail[24017]: n386cvoa024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:44 splunk3 sendmail[24017]: n386cvoa024017: from=<fdgotc@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:44 splunk3 sendmail[24017]: n386cvob024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:44 splunk3 sendmail[24017]: n386cvob024017: from=<issct@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:44 splunk3 sendmail[24017]: n386cvoc024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:45 splunk3 sendmail[24017]: n386cvoc024017: from=<issct@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:45 splunk3 sendmail[24017]: n386cvod024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:48 splunk3 sendmail[24017]: n386cvod024017: from=<hfsbgd@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:48 splunk3 sendmail[24017]: n386cvoe024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:49 splunk3 sendmail[24017]: n386cvoe024017: from=<hfsbgd@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:39:49 splunk3 sendmail[24017]: n386cvof024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:39:59 splunk3 sendmail[24275]: n386dxix024275: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:40:00 splunk3 sendmail[24277]: n386e0DV024277: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080640.n386e0Bw026266@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:40:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35708 
Apr  7 23:40:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:40:00 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:40:00 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:40:00 splunk3 spamd[26356]: spamd: processing message <200904080640.n386e0Bw026266@virt2.int.splunk.com> for spamme:501 
Apr  7 23:40:02 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  7 23:40:02 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35708,mid=<200904080640.n386e0Bw026266@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:40:02 splunk3 sendmail[24278]: n386e0DV024277: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:40:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:40:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvof024017: from=<jca@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvog024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvog024017: from=<jca@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvoh024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvoh024017: from=<sec@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvoi024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvoi024017: from=<sec@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:23 splunk3 sendmail[24017]: n386cvoj024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvoj024017: from=<hte@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvok024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvok024017: from=<hte@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvol024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvol024017: from=<drlsvf@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvom024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvom024017: from=<drlsvf@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvon024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvon024017: from=<jrnjjg@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:27 splunk3 sendmail[24017]: n386cvoo024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvoo024017: from=<jrnjjg@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvop024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvop024017: from=<cxstw@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvoq024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvoq024017: from=<cxstw@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvor024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvor024017: from=<rdu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:28 splunk3 sendmail[24017]: n386cvos024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvos024017: from=<rdu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvot024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvot024017: from=<qajgu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvou024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvou024017: from=<qajgu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvov024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvov024017: from=<qsup@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvow024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvow024017: from=<qsup@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvox024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvox024017: from=<jhsfn@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:51 splunk3 sendmail[24017]: n386cvp0024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp0024017: from=<jhsfn@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp1024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp1024017: from=<ergsgf@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp2024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp2024017: from=<ergsgf@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp3024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp3024017: from=<qjuts@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp4024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp4024017: from=<qjuts@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:52 splunk3 sendmail[24017]: n386cvp5024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp5024017: from=<kvjxcs@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp6024017: ruleset=check_rcpt, arg1=<jurye45@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <jurye45@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp6024017: from=<kvjxcs@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp7024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp7024017: from=<gekn@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp8024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp8024017: from=<gekn@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp9024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvp9024017: from=<ugmrd@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:54 splunk3 sendmail[24017]: n386cvpA024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpA024017: from=<ugmrd@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpB024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpB024017: from=<xgtfys@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpC024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpC024017: from=<xgtfys@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpD024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpD024017: from=<cwet@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpE024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpE024017: from=<cwet@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpF024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpF024017: from=<fwm@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:56 splunk3 sendmail[24017]: n386cvpG024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpG024017: from=<fwm@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpH024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpH024017: from=<ferqo@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpI024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpI024017: from=<ferqo@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpJ024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpJ024017: from=<rwmu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpK024017: ruleset=check_rcpt, arg1=<dfudxf@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <dfudxf@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpK024017: from=<rwmu@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpL024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpL024017: from=<qtv@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:58 splunk3 sendmail[24017]: n386cvpM024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpM024017: from=<qtv@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpN024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpN024017: from=<cmgt@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpO024017: ruleset=check_rcpt, arg1=<cbfgvbg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <cbfgvbg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpO024017: from=<cmgt@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpP024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpP024017: from=<wpqhan@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpQ024017: ruleset=check_rcpt, arg1=<xghsfg@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <xghsfg@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24539]: n386extx024539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpQ024017: from=<wpqhan@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  7 23:40:59 splunk3 sendmail[24017]: n386cvpR024017: ruleset=check_rcpt, arg1=<kdgfsfz@163.com>, relay=[60.190.144.78], reject=550 5.7.1 <kdgfsfz@163.com>... Relaying denied. IP name lookup failed [60.190.144.78]
Apr  7 23:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 23:41:59 splunk3 sendmail[24775]: n386fxnd024775: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:42:59 splunk3 sendmail[25013]: n386gxr5025013: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:43:59 splunk3 sendmail[25248]: n386hxs2025248: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:44:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:44:59 splunk3 sendmail[25494]: n386ixFA025494: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:45:00 splunk3 sendmail[25495]: n386j0nV025495: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080645.n386j0sN026896@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:45:00 splunk3 spamd[26356]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35765 
Apr  7 23:45:00 splunk3 spamd[26356]: spamd: setuid to spamme succeeded 
Apr  7 23:45:00 splunk3 spamd[26356]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:45:00 splunk3 spamd[26356]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:45:00 splunk3 spamd[26356]: spamd: processing message <200904080645.n386j0sN026896@virt2.int.splunk.com> for spamme:501 
Apr  7 23:45:02 splunk3 spamd[26356]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 23:45:02 splunk3 spamd[26356]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35765,mid=<200904080645.n386j0sN026896@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:45:02 splunk3 spamd[3033]: prefork: child states: BI 
Apr  7 23:45:02 splunk3 sendmail[25496]: n386j0nV025495: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:45:02 splunk3 spamd[3033]: spamd: handled cleanup of child pid 26356 due to SIGCHLD 
Apr  7 23:45:02 splunk3 spamd[3033]: spamd: server successfully spawned child process, pid 25517 
Apr  7 23:45:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:45:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:45:59 splunk3 sendmail[25744]: n386jxc0025744: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:46:59 splunk3 sendmail[25982]: n386kxVB025982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:47:59 splunk3 sendmail[26219]: n386lxIE026219: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:48:59 splunk3 sendmail[26458]: n386mx2e026458: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:49:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:49:59 splunk3 sendmail[26698]: n386nxU6026698: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:50:01 splunk3 sendmail[26700]: n386o17F026700: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080650.n386o0aA027512@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:50:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35820 
Apr  7 23:50:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  7 23:50:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:50:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:50:01 splunk3 spamd[25517]: spamd: processing message <200904080650.n386o0aA027512@virt2.int.splunk.com> for spamme:501 
Apr  7 23:50:03 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  7 23:50:03 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35820,mid=<200904080650.n386o0aA027512@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:50:03 splunk3 sendmail[26701]: n386o17F026700: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:50:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:50:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:50:59 splunk3 sendmail[26961]: n386oxtj026961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:51:59 splunk3 sendmail[27197]: n386pxuA027197: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:52:59 splunk3 sendmail[27434]: n386qxr7027434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:53:59 splunk3 sendmail[27681]: n386rxAj027681: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:54:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:54:59 splunk3 sendmail[27927]: n386sxLU027927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:55:01 splunk3 sendmail[27928]: n386t1jP027928: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080655.n386t1qR028122@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  7 23:55:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35876 
Apr  7 23:55:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  7 23:55:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  7 23:55:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  7 23:55:01 splunk3 spamd[25517]: spamd: processing message <200904080655.n386t1qR028122@virt2.int.splunk.com> for spamme:501 
Apr  7 23:55:03 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  7 23:55:03 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=35876,mid=<200904080655.n386t1qR028122@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  7 23:55:03 splunk3 sendmail[27929]: n386t1jP027928: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  7 23:55:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  7 23:55:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  7 23:55:59 splunk3 sendmail[28180]: n386txHp028180: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  7 23:56:59 splunk3 sendmail[28420]: n386uxhN028420: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:57:59 splunk3 sendmail[28654]: n386vx4U028654: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:58:59 splunk3 sendmail[28892]: n386wxlG028892: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  7 23:59:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  7 23:59:59 splunk3 sendmail[29133]: n386xxWa029133: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:00:01 splunk3 sendmail[29191]: n38701R4029191: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080700.n38701NL028788@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:00:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35932 
Apr  8 00:00:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:00:01 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 00:00:01 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 00:00:01 splunk3 sendmail[29192]: n38701R4029191: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:00:01 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:00:03 splunk3 sendmail[29223]: n38703Qh029223: from=root, size=291, class=0, nrcpts=1, msgid=<200904080700.n38703Qh029223@splunk3.splunkit.com>, relay=root@localhost
Apr  8 00:00:03 splunk3 sendmail[29227]: n3870382029227: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080700.n38703Qh029223@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 00:00:03 splunk3 sendmail[29223]: n38703Qh029223: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3870382029227 Message accepted for delivery)
Apr  8 00:00:04 splunk3 sendmail[29228]: n3870382029227: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 00:00:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:00:10 splunk3 sendmail[29267]: n3870AGj029267: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080700.n3870AGj029267@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 00:00:10 splunk3 sendmail[29269]: n3870AGj029267: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 00:00:10 splunk3 sendmail[29269]: n3870AGj029267: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 00:00:10 splunk3 sendmail[29269]: n3870AGj029267: n3870AGj029269: postmaster notify: User unknown
Apr  8 00:00:12 splunk3 sendmail[29269]: n3870AGj029269: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 00:00:59 splunk3 sendmail[29478]: n3870xHV029478: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:01:14 splunk3 sendmail[29485]: n38711is029485: from=root, size=443, class=0, nrcpts=1, msgid=<200904080701.n38711is029485@splunk3.splunkit.com>, relay=root@localhost
Apr  8 00:01:14 splunk3 sendmail[29551]: n3871Evx029551: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080701.n38711is029485@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 00:01:14 splunk3 sendmail[29485]: n38711is029485: to=root, ctladdr=root (0/0), delay=00:00:13, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3871Evx029551 Message accepted for delivery)
Apr  8 00:01:15 splunk3 sendmail[29552]: n3871Evx029551: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 00:01:55 splunk3 sendmail[29709]: n3871s1i029709: from=<34kvcSRQKBlQ2AA270w70DFE-9AD0B7K2AA270.yA8EBw880EB7G964F.yA8@alerts.bounces.google.com>, size=6470, class=0, nrcpts=1, msgid=<001636164ad1e59b51046705b404@google.com>, proto=ESMTP, daemon=MTA, relay=mail-gx0-f232.google.com [209.85.217.232]
Apr  8 00:01:55 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35967 
Apr  8 00:01:55 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:01:55 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 00:01:55 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 00:01:55 splunk3 sendmail[29711]: n3871s1i029709: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=36685, dsn=2.0.0, stat=Sent
Apr  8 00:01:55 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:01:59 splunk3 sendmail[29732]: n3871xGs029732: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:02:59 splunk3 sendmail[29973]: n3872xlg029973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:03:59 splunk3 sendmail[30207]: n3873xhZ030207: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:04:02 splunk3 sendmail[24515]: n386erng024515: [60.190.144.78] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:04:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:04:59 splunk3 sendmail[30451]: n3874x6Y030451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:05:02 splunk3 sendmail[30454]: n38752el030454: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080705.n38751gq029488@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:05:02 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 35998 
Apr  8 00:05:02 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:05:02 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 00:05:02 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 00:05:02 splunk3 sendmail[30458]: n38752el030454: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:05:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:05:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:05:59 splunk3 sendmail[30705]: n3875xNT030705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:06:59 splunk3 sendmail[30942]: n3876x7a030942: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:07:59 splunk3 sendmail[31177]: n3877xUJ031177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:08:59 splunk3 sendmail[31422]: n3878x1T031422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:09:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:09:59 splunk3 sendmail[31663]: n3879xcl031663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:10:02 splunk3 sendmail[31777]: n387A2YP031777: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080710.n387A2AW030102@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:10:02 splunk3 sendmail[31781]: n387A2X6031781: from=root, size=292, class=0, nrcpts=1, msgid=<200904080710.n387A2X6031781@splunk3.splunkit.com>, relay=root@localhost
Apr  8 00:10:02 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36055 
Apr  8 00:10:02 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:10:02 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:10:02 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:10:02 splunk3 spamd[25517]: spamd: processing message <200904080710.n387A2AW030102@virt2.int.splunk.com> for spamme:501 
Apr  8 00:10:03 splunk3 sendmail[31787]: n387A249031787: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080710.n387A2X6031781@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 00:10:03 splunk3 sendmail[31781]: n387A2X6031781: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n387A249031787 Message accepted for delivery)
Apr  8 00:10:04 splunk3 sendmail[31792]: n387A249031787: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 00:10:04 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  8 00:10:04 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36055,mid=<200904080710.n387A2AW030102@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  8 00:10:04 splunk3 sendmail[31786]: n387A2YP031777: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:10:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:10:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:10:59 splunk3 sendmail[32029]: n387Ax8r032029: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 00:11:59 splunk3 sendmail[32265]: n387Bxfe032265: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:12:59 splunk3 sendmail[32503]: n387Cxxt032503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:14:00 splunk3 sendmail[32736]: n387Dxot032736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:14:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:15:00 splunk3 sendmail[513]: n387F0Kd000513: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:15:03 splunk3 sendmail[532]: n387F3uW000532: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080715.n387F2rY030887@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:15:03 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36111 
Apr  8 00:15:03 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:15:03 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:15:03 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:15:03 splunk3 spamd[25517]: spamd: processing message <200904080715.n387F2rY030887@virt2.int.splunk.com> for spamme:501 
Apr  8 00:15:03 splunk3 sendmail[539]: n387F3CQ000539: from=<3907cSRQKBmwQYYQVOKVObdc-XYbOZViQYYQVO.MYWcZKWWOcZVeXUSd.MYW@alerts.bounces.google.com>, size=2881, class=0, nrcpts=1, msgid=<000e0cd402acea9e9e046705e3d0@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.163]
Apr  8 00:15:05 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 00:15:05 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36111,mid=<200904080715.n387F2rY030887@virt2.int.splunk.com>,bayes=0.114601288399793,autolearn=no 
Apr  8 00:15:05 splunk3 sendmail[533]: n387F3uW000532: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:15:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:15:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:15:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36113 
Apr  8 00:15:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:15:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:15:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:15:11 splunk3 spamd[25517]: spamd: processing message <000e0cd402acea9e9e046705e3d0@google.com> for spamme:501 
Apr  8 00:15:13 splunk3 spamd[25517]: spamd: clean message (-2.2/5.0) for spamme:501 in 1.6 seconds, 3310 bytes. 
Apr  8 00:15:13 splunk3 spamd[25517]: spamd: result: . -2 - AWL,BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.6,size=3310,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36113,mid=<000e0cd402acea9e9e046705e3d0@google.com>,bayes=0,autolearn=ham 
Apr  8 00:15:13 splunk3 sendmail[540]: n387F3CQ000539: to=<spamme@splunkit.com>, delay=00:00:10, xdelay=00:00:10, mailer=local, pri=33091, dsn=2.0.0, stat=Sent
Apr  8 00:15:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:16:00 splunk3 sendmail[771]: n387G064000771: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:17:00 splunk3 sendmail[1009]: n387H0EO001009: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:18:00 splunk3 sendmail[1243]: n387I0tn001243: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:19:00 splunk3 sendmail[1480]: n387J0uQ001480: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:19:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:20:00 splunk3 sendmail[1722]: n387K01e001722: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:20:03 splunk3 sendmail[1748]: n387K3EI001748: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080720.n387K3Fc031523@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:20:03 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36168 
Apr  8 00:20:03 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:20:03 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:20:03 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:20:03 splunk3 spamd[25517]: spamd: processing message <200904080720.n387K3Fc031523@virt2.int.splunk.com> for spamme:501 
Apr  8 00:20:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:20:05 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 00:20:05 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36168,mid=<200904080720.n387K3Fc031523@virt2.int.splunk.com>,bayes=0.114633506333299,autolearn=no 
Apr  8 00:20:05 splunk3 sendmail[1749]: n387K3EI001748: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:20:05 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:21:00 splunk3 sendmail[1987]: n387L0NV001987: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:22:00 splunk3 sendmail[2221]: n387M09g002221: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:23:00 splunk3 sendmail[2461]: n387N0V3002461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:24:00 splunk3 sendmail[2709]: n387O0Qs002709: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:24:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:25:00 splunk3 sendmail[2963]: n387P0rX002963: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:25:04 splunk3 sendmail[2983]: n387P4Id002983: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080725.n387P4SA032137@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:25:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36223 
Apr  8 00:25:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:25:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:25:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:25:04 splunk3 spamd[25517]: spamd: processing message <200904080725.n387P4SA032137@virt2.int.splunk.com> for spamme:501 
Apr  8 00:25:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:25:06 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.0 seconds, 1308 bytes. 
Apr  8 00:25:06 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.0,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36223,mid=<200904080725.n387P4SA032137@virt2.int.splunk.com>,bayes=0.114633506333299,autolearn=no 
Apr  8 00:25:06 splunk3 sendmail[2985]: n387P4Id002983: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:25:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:26:00 splunk3 sendmail[3224]: n387Q0hm003224: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 00:27:00 splunk3 sendmail[3465]: n387R0fF003465: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:28:00 splunk3 sendmail[3727]: n387S02E003727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:29:00 splunk3 sendmail[3967]: n387T0oM003967: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:29:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:30:00 splunk3 sendmail[4227]: n387U07t004227: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:30:04 splunk3 sendmail[4251]: n387U4Ph004251: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080730.n387U4mZ032759@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:30:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36280 
Apr  8 00:30:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:30:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:30:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:30:04 splunk3 spamd[25517]: spamd: processing message <200904080730.n387U4mZ032759@virt2.int.splunk.com> for spamme:501 
Apr  8 00:30:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:30:06 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 00:30:06 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36280,mid=<200904080730.n387U4mZ032759@virt2.int.splunk.com>,bayes=0.114633506333299,autolearn=no 
Apr  8 00:30:06 splunk3 sendmail[4252]: n387U4Ph004251: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 00:30:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:31:00 splunk3 sendmail[4502]: n387V0vw004502: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:32:00 splunk3 sendmail[4737]: n387W0O6004737: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:33:00 splunk3 sendmail[4987]: n387X0RC004987: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:33:39 splunk3 sendmail[5051]: n387XHak005051: from=<trentu@wolf-howl.com>, size=5726, class=0, nrcpts=1, msgid=<d8d9019dba0e$05b4c682$4d0c6d5f@wolf-howl.com>, proto=ESMTP, daemon=MTA, relay=93-47-144-189.ip113.fastwebnet.it [93.47.144.189]
Apr  8 00:33:39 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36322 
Apr  8 00:33:39 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:33:39 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:33:39 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:33:39 splunk3 spamd[25517]: spamd: processing message <d8d9019dba0e$05b4c682$4d0c6d5f@wolf-howl.com> for spamme:501 
Apr  8 00:33:41 splunk3 spamd[25517]: spamd: identified spam (27.9/5.0) for spamme:501 in 2.3 seconds, 6054 bytes. 
Apr  8 00:33:41 splunk3 spamd[25517]: spamd: result: Y 27 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,SUBJECT_EXCESS_BASE64,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.3,size=6054,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36322,mid=<d8d9019dba0e$05b4c682$4d0c6d5f@wolf-howl.com>,bayes=1,autolearn=spam 
Apr  8 00:33:41 splunk3 sendmail[5181]: n387XHak005051: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35961, dsn=2.0.0, stat=Sent
Apr  8 00:33:41 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:34:00 splunk3 sendmail[5264]: n387Y0wV005264: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:34:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:35:00 splunk3 sendmail[5511]: n387Z0VL005511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:35:05 splunk3 sendmail[5532]: n387Z5VV005532: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080735.n387Z40l001044@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:35:05 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36336 
Apr  8 00:35:05 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:35:05 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:35:05 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:35:05 splunk3 spamd[25517]: spamd: processing message <200904080735.n387Z40l001044@virt2.int.splunk.com> for spamme:501 
Apr  8 00:35:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:35:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 00:35:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36336,mid=<200904080735.n387Z40l001044@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 00:35:07 splunk3 sendmail[5533]: n387Z5VV005532: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 00:35:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:36:00 splunk3 sendmail[5765]: n387a0Q3005765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:37:00 splunk3 sendmail[6005]: n387b0H8006005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:38:00 splunk3 sendmail[6240]: n387c0MR006240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:39:00 splunk3 sendmail[6483]: n387d0WY006483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:39:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:40:00 splunk3 sendmail[6723]: n387e0Df006723: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:40:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:40:05 splunk3 sendmail[6752]: n387e5Kj006752: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080740.n387e5Iu001711@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:40:05 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36392 
Apr  8 00:40:05 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:40:05 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:40:05 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:40:05 splunk3 spamd[25517]: spamd: processing message <200904080740.n387e5Iu001711@virt2.int.splunk.com> for spamme:501 
Apr  8 00:40:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  8 00:40:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36392,mid=<200904080740.n387e5Iu001711@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 00:40:07 splunk3 sendmail[6753]: n387e5Kj006752: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 00:40:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:40:59 splunk3 sendmail[24017]: n386cvpR024017: timeout waiting for input from [60.190.144.78] during server cmd read
Apr  8 00:40:59 splunk3 sendmail[24017]: n386cvpR024017: lost input channel from [60.190.144.78] to MTA after data
Apr  8 00:40:59 splunk3 sendmail[24017]: n386cvpR024017: from=<mrt@64.127.105.55>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[60.190.144.78]
Apr  8 00:41:00 splunk3 sendmail[6986]: n387f0cc006986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 00:42:00 splunk3 sendmail[7223]: n387g0S5007223: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:43:00 splunk3 sendmail[7461]: n387h02Q007461: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:44:00 splunk3 sendmail[7706]: n387i0Z4007706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:44:35 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:45:00 splunk3 sendmail[7952]: n387j0Fb007952: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:45:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:45:06 splunk3 sendmail[7973]: n387j6Gi007973: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080745.n387j6BH002334@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:45:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36448 
Apr  8 00:45:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:45:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:45:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:45:06 splunk3 spamd[25517]: spamd: processing message <200904080745.n387j6BH002334@virt2.int.splunk.com> for spamme:501 
Apr  8 00:45:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  8 00:45:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36448,mid=<200904080745.n387j6BH002334@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 00:45:08 splunk3 sendmail[7974]: n387j6Gi007973: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 00:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:46:00 splunk3 sendmail[8204]: n387k0iR008204: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:47:00 splunk3 sendmail[8440]: n387l0BB008440: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:48:00 splunk3 sendmail[8677]: n387m0Xd008677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:49:00 splunk3 sendmail[8914]: n387n0vD008914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:49:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:50:00 splunk3 sendmail[9154]: n387o0oa009154: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:50:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:50:06 splunk3 sendmail[9201]: n387o6qI009201: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080750.n387o6D6002942@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:50:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36504 
Apr  8 00:50:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:50:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:50:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:50:06 splunk3 spamd[25517]: spamd: processing message <200904080750.n387o6D6002942@virt2.int.splunk.com> for spamme:501 
Apr  8 00:50:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  8 00:50:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36504,mid=<200904080750.n387o6D6002942@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 00:50:08 splunk3 sendmail[9202]: n387o6qI009201: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 00:50:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:51:00 splunk3 sendmail[9419]: n387p0Qs009419: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:52:00 splunk3 sendmail[9653]: n387q0Vq009653: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:53:00 splunk3 sendmail[9890]: n387r0sW009890: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:54:00 splunk3 sendmail[10131]: n387s038010131: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:54:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 00:55:00 splunk3 sendmail[10376]: n387t0Pd010376: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:55:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 00:55:07 splunk3 sendmail[10415]: n387t767010415: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080755.n387t729003550@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 00:55:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36560 
Apr  8 00:55:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 00:55:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 00:55:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 00:55:07 splunk3 spamd[25517]: spamd: processing message <200904080755.n387t729003550@virt2.int.splunk.com> for spamme:501 
Apr  8 00:55:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  8 00:55:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36560,mid=<200904080755.n387t729003550@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 00:55:09 splunk3 sendmail[10416]: n387t767010415: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 00:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 00:56:00 splunk3 sendmail[10628]: n387u0kx010628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 00:57:00 splunk3 sendmail[10867]: n387v0nj010867: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:58:00 splunk3 sendmail[11103]: n387w0JB011103: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:59:00 splunk3 sendmail[11342]: n387x0Nj011342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 00:59:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:00:00 splunk3 sendmail[11583]: n38800Y8011583: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:00:04 splunk3 sendmail[11669]: n38804ud011669: from=root, size=291, class=0, nrcpts=1, msgid=<200904080800.n38804ud011669@splunk3.splunkit.com>, relay=root@localhost
Apr  8 01:00:04 splunk3 sendmail[11673]: n38804aP011673: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080800.n38804ud011669@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 01:00:04 splunk3 sendmail[11669]: n38804ud011669: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38804aP011673 Message accepted for delivery)
Apr  8 01:00:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:00:06 splunk3 sendmail[11674]: n38804aP011673: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 01:00:08 splunk3 sendmail[11698]: n38808f8011698: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080800.n38807ZS004189@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:00:08 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36617 
Apr  8 01:00:08 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:00:08 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 01:00:08 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 01:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:00:08 splunk3 sendmail[11699]: n38808f8011698: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:00:17 splunk3 sendmail[11756]: n3880H0B011756: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080800.n3880H0B011756@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 01:00:17 splunk3 sendmail[11758]: n3880H0B011756: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 01:00:17 splunk3 sendmail[11758]: n3880H0B011756: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 01:00:17 splunk3 sendmail[11758]: n3880H0B011756: n3880H0B011758: postmaster notify: User unknown
Apr  8 01:00:18 splunk3 sendmail[11758]: n3880H0B011758: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 01:01:00 splunk3 sendmail[11930]: n38810rX011930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:01:03 splunk3 sendmail[11952]: n38812aj011952: from=root, size=443, class=0, nrcpts=1, msgid=<200904080801.n38812aj011952@splunk3.splunkit.com>, relay=root@localhost
Apr  8 01:01:03 splunk3 sendmail[11956]: n38813nR011956: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080801.n38812aj011952@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 01:01:03 splunk3 sendmail[11952]: n38812aj011952: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38813nR011956 Message accepted for delivery)
Apr  8 01:01:05 splunk3 sendmail[11957]: n38813nR011956: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 01:02:00 splunk3 sendmail[12177]: n38820Wj012177: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:03:00 splunk3 sendmail[12416]: n388307E012416: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:04:00 splunk3 sendmail[12649]: n38840u4012649: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:04:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:05:00 splunk3 sendmail[12895]: n38850vF012895: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:05:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:05:08 splunk3 sendmail[12936]: n38858LB012936: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080805.n38858u3004871@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:05:08 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36681 
Apr  8 01:05:08 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:05:08 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 01:05:08 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 01:05:08 splunk3 sendmail[12937]: n38858LB012936: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:05:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:06:00 splunk3 sendmail[13147]: n38860wV013147: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:07:00 splunk3 sendmail[13422]: n38870IB013422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:08:00 splunk3 sendmail[13655]: n38880Me013655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:09:00 splunk3 sendmail[13898]: n3889017013898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:09:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:10:00 splunk3 sendmail[14137]: n388A02d014137: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:10:03 splunk3 sendmail[14255]: n388A3Ss014255: from=root, size=292, class=0, nrcpts=1, msgid=<200904080810.n388A3Ss014255@splunk3.splunkit.com>, relay=root@localhost
Apr  8 01:10:03 splunk3 sendmail[14260]: n388A3Jh014260: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080810.n388A3Ss014255@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 01:10:03 splunk3 sendmail[14255]: n388A3Ss014255: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n388A3Jh014260 Message accepted for delivery)
Apr  8 01:10:04 splunk3 sendmail[14261]: n388A3Jh014260: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 01:10:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:10:09 splunk3 sendmail[14288]: n388A8Yl014288: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080810.n388A8hu005480@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:10:09 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36737 
Apr  8 01:10:09 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:10:09 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:10:09 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:10:09 splunk3 spamd[25517]: spamd: processing message <200904080810.n388A8hu005480@virt2.int.splunk.com> for spamme:501 
Apr  8 01:10:11 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  8 01:10:11 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36737,mid=<200904080810.n388A8hu005480@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:10:11 splunk3 sendmail[14289]: n388A8Yl014288: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:10:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:11:00 splunk3 sendmail[14505]: n388B0ji014505: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 01:12:00 splunk3 sendmail[14744]: n388C0AK014744: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:13:00 splunk3 sendmail[14983]: n388D0R5014983: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:14:00 splunk3 sendmail[15216]: n388E0Cc015216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:14:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:15:00 splunk3 sendmail[15472]: n388F0S4015472: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:15:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:15:09 splunk3 sendmail[15512]: n388F97U015512: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080815.n388F9FV006263@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:15:09 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36794 
Apr  8 01:15:09 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:15:09 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:15:09 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:15:09 splunk3 spamd[25517]: spamd: processing message <200904080815.n388F9FV006263@virt2.int.splunk.com> for spamme:501 
Apr  8 01:15:11 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1305 bytes. 
Apr  8 01:15:11 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36794,mid=<200904080815.n388F9FV006263@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:15:11 splunk3 sendmail[15513]: n388F97U015512: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:15:11 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:16:00 splunk3 sendmail[15724]: n388G0Fl015724: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:17:00 splunk3 sendmail[15962]: n388H0rh015962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:18:00 splunk3 sendmail[16198]: n388I0xT016198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:18:14 splunk3 sendmail[16260]: n388ID2k016260: from=<3xV3cSRQKBkkrzzrwplwp243-yz2p0w9rzzrwp.nzx30lxxp30w5yvt4.nzx@alerts.bounces.google.com>, size=4269, class=0, nrcpts=1, msgid=<0016e644cf8cd92a1e046706c5a0@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.186]
Apr  8 01:18:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36830 
Apr  8 01:18:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:18:14 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:18:14 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:18:14 splunk3 spamd[25517]: spamd: processing message <0016e644cf8cd92a1e046706c5a0@google.com> for spamme:501 
Apr  8 01:18:16 splunk3 spamd[25517]: spamd: clean message (-1.5/5.0) for spamme:501 in 1.7 seconds, 4699 bytes. 
Apr  8 01:18:16 splunk3 spamd[25517]: spamd: result: . -1 - AWL,BAYES_00,HTML_IMAGE_ONLY_28,HTML_MESSAGE,MIME_HTML_ONLY scantime=1.7,size=4699,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36830,mid=<0016e644cf8cd92a1e046706c5a0@google.com>,bayes=5.55111512312578e-17,autolearn=no 
Apr  8 01:18:16 splunk3 sendmail[16261]: n388ID2k016260: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=34480, dsn=2.0.0, stat=Sent
Apr  8 01:18:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:19:00 splunk3 sendmail[16442]: n388J0TK016442: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:19:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:20:00 splunk3 sendmail[16684]: n388K0If016684: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:20:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:20:09 splunk3 sendmail[16729]: n388K9CN016729: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080820.n388K94i006895@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:20:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36850 
Apr  8 01:20:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:20:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:20:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:20:10 splunk3 spamd[25517]: spamd: processing message <200904080820.n388K94i006895@virt2.int.splunk.com> for spamme:501 
Apr  8 01:20:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 01:20:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36850,mid=<200904080820.n388K94i006895@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:20:12 splunk3 sendmail[16730]: n388K9CN016729: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:20:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:21:00 splunk3 sendmail[16946]: n388L03S016946: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:22:00 splunk3 sendmail[17180]: n388M0t6017180: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:23:00 splunk3 sendmail[17418]: n388N0dN017418: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:24:00 splunk3 sendmail[17656]: n388O0nV017656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:24:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:25:00 splunk3 sendmail[17900]: n388P0YV017900: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:25:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:25:10 splunk3 sendmail[17940]: n388PASp017940: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080825.n388PAVf007505@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:25:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36906 
Apr  8 01:25:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:25:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:25:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:25:10 splunk3 spamd[25517]: spamd: processing message <200904080825.n388PAVf007505@virt2.int.splunk.com> for spamme:501 
Apr  8 01:25:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  8 01:25:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36906,mid=<200904080825.n388PAVf007505@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:25:12 splunk3 sendmail[17941]: n388PASp017940: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:25:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:26:00 splunk3 sendmail[18152]: n388Q088018152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 01:27:00 splunk3 sendmail[18394]: n388R0Rc018394: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:28:00 splunk3 sendmail[18628]: n388S0Al018628: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:29:00 splunk3 sendmail[18866]: n388T05N018866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:29:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:30:00 splunk3 sendmail[19107]: n388U0mn019107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:30:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:30:10 splunk3 sendmail[19156]: n388UA9I019156: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080830.n388UAEt008127@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:30:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36962 
Apr  8 01:30:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:30:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:30:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:30:10 splunk3 spamd[25517]: spamd: processing message <200904080830.n388UAEt008127@virt2.int.splunk.com> for spamme:501 
Apr  8 01:30:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  8 01:30:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36962,mid=<200904080830.n388UAEt008127@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:30:12 splunk3 sendmail[19157]: n388UA9I019156: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:30:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:31:00 splunk3 sendmail[19370]: n388V0NY019370: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:32:00 splunk3 sendmail[19605]: n388W0vM019605: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:33:00 splunk3 sendmail[19845]: n388X0uI019845: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:34:00 splunk3 sendmail[20081]: n388Y0C5020081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:34:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:35:00 splunk3 sendmail[20325]: n388Z0H5020325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:35:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:35:11 splunk3 sendmail[20365]: n388ZAV5020365: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080835.n388ZANi008879@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:35:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37018 
Apr  8 01:35:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:35:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:35:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:35:11 splunk3 spamd[25517]: spamd: processing message <200904080835.n388ZANi008879@virt2.int.splunk.com> for spamme:501 
Apr  8 01:35:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  8 01:35:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37018,mid=<200904080835.n388ZANi008879@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:35:13 splunk3 sendmail[20366]: n388ZAV5020365: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:35:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:36:00 splunk3 sendmail[20578]: n388a0vo020578: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:37:00 splunk3 sendmail[20815]: n388b0DH020815: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:38:00 splunk3 sendmail[21048]: n388c0i2021048: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:39:00 splunk3 sendmail[21291]: n388d0uK021291: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:39:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:40:00 splunk3 sendmail[21531]: n388e0RD021531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:40:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:40:11 splunk3 sendmail[21586]: n388eBbO021586: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904080840.n388eBLT009510@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:40:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37073 
Apr  8 01:40:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:40:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:40:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:40:11 splunk3 spamd[25517]: spamd: processing message <200904080840.n388eBLT009510@virt2.int.splunk.com> for spamme:501 
Apr  8 01:40:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  8 01:40:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37073,mid=<200904080840.n388eBLT009510@virt2.int.splunk.com>,bayes=0.171960633835199,autolearn=no 
Apr  8 01:40:13 splunk3 sendmail[21598]: n388eBbO021586: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 01:40:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:41:00 splunk3 sendmail[21794]: n388f0C7021794: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 01:42:00 splunk3 sendmail[22030]: n388g0Ku022030: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:43:00 splunk3 sendmail[22268]: n388h0as022268: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:44:00 splunk3 sendmail[22502]: n388i00j022502: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:44:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:45:00 splunk3 sendmail[22746]: n388j0oG022746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:45:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:45:11 splunk3 sendmail[22810]: n388jBfR022810: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080845.n388jBF4010128@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:45:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37130 
Apr  8 01:45:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:45:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:45:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:45:11 splunk3 spamd[25517]: spamd: processing message <200904080845.n388jBF4010128@virt2.int.splunk.com> for spamme:501 
Apr  8 01:45:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 01:45:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37130,mid=<200904080845.n388jBF4010128@virt2.int.splunk.com>,bayes=0.114629019473676,autolearn=no 
Apr  8 01:45:13 splunk3 sendmail[22812]: n388jBfR022810: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 01:45:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:46:00 splunk3 sendmail[23000]: n388k0x0023000: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:47:00 splunk3 sendmail[23240]: n388l0da023240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:48:00 splunk3 sendmail[23477]: n388m0MP023477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:49:00 splunk3 sendmail[23715]: n388n0cO023715: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:49:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:50:00 splunk3 sendmail[23955]: n388o0Ex023955: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:50:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:50:12 splunk3 sendmail[24023]: n388oBuu024023: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080850.n388oBqs010742@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:50:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37185 
Apr  8 01:50:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:50:12 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:50:12 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:50:12 splunk3 spamd[25517]: spamd: processing message <200904080850.n388oBqs010742@virt2.int.splunk.com> for spamme:501 
Apr  8 01:50:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  8 01:50:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37185,mid=<200904080850.n388oBqs010742@virt2.int.splunk.com>,bayes=0.114629019473676,autolearn=no 
Apr  8 01:50:14 splunk3 sendmail[24024]: n388oBuu024023: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 01:50:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:51:00 splunk3 sendmail[24218]: n388p0r7024218: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:52:00 splunk3 sendmail[24451]: n388q0N7024451: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:53:00 splunk3 sendmail[24689]: n388r0OY024689: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:54:00 splunk3 sendmail[24927]: n388s03s024927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:54:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 01:55:00 splunk3 sendmail[25172]: n388t0EM025172: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:55:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 01:55:12 splunk3 sendmail[25232]: n388tCxG025232: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080855.n388tCRq011349@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 01:55:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37241 
Apr  8 01:55:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:55:12 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:55:12 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:55:12 splunk3 spamd[25517]: spamd: processing message <200904080855.n388tCRq011349@virt2.int.splunk.com> for spamme:501 
Apr  8 01:55:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 01:55:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37241,mid=<200904080855.n388tCRq011349@virt2.int.splunk.com>,bayes=0.114629019473676,autolearn=no 
Apr  8 01:55:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:55:14 splunk3 sendmail[25233]: n388tCxG025232: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 01:56:00 splunk3 sendmail[25422]: n388u0x5025422: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 01:57:00 splunk3 sendmail[25661]: n388v0Nn025661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:58:00 splunk3 sendmail[25894]: n388w0uc025894: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:59:00 splunk3 sendmail[26132]: n388x0Zs026132: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 01:59:01 splunk3 sendmail[26048]: n388wetN026048: from=<tianp@armkb.com>, size=5705, class=0, nrcpts=1, msgid=<1e47019dbd3e$cbae0eb5$1784b10a@armkb.com>, proto=ESMTP, daemon=MTA, relay=spb.indusoft.ru [217.170.86.122]
Apr  8 01:59:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37286 
Apr  8 01:59:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 01:59:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 01:59:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 01:59:01 splunk3 spamd[25517]: spamd: processing message <1e47019dbd3e$cbae0eb5$1784b10a@armkb.com> for spamme:501 
Apr  8 01:59:03 splunk3 spamd[25517]: spamd: identified spam (39.8/5.0) for spamme:501 in 1.8 seconds, 5988 bytes. 
Apr  8 01:59:03 splunk3 spamd[25517]: spamd: result: Y 39 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.8,size=5988,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37286,mid=<1e47019dbd3e$cbae0eb5$1784b10a@armkb.com>,bayes=1,autolearn=spam 
Apr  8 01:59:03 splunk3 sendmail[26149]: n388wetN026048: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=35905, dsn=2.0.0, stat=Sent
Apr  8 01:59:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 01:59:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:00:00 splunk3 sendmail[26377]: n38900xZ026377: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:00:03 splunk3 sendmail[26459]: n38903Zj026459: from=root, size=291, class=0, nrcpts=1, msgid=<200904080900.n38903Zj026459@splunk3.splunkit.com>, relay=root@localhost
Apr  8 02:00:03 splunk3 sendmail[26463]: n38903QS026463: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904080900.n38903Zj026459@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 02:00:03 splunk3 sendmail[26459]: n38903Zj026459: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38903QS026463 Message accepted for delivery)
Apr  8 02:00:04 splunk3 sendmail[26464]: n38903QS026463: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 02:00:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:00:12 splunk3 sendmail[26515]: n3890CJa026515: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080900.n3890CF6011986@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:00:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37299 
Apr  8 02:00:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:00:12 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 02:00:12 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 02:00:12 splunk3 sendmail[26516]: n3890CJa026515: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:00:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:00:22 splunk3 sendmail[26567]: n3890Mwj026567: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904080900.n3890Mwj026567@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 02:00:22 splunk3 sendmail[26569]: n3890Mwj026567: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 02:00:22 splunk3 sendmail[26569]: n3890Mwj026567: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 02:00:22 splunk3 sendmail[26569]: n3890Mwj026567: n3890Mwj026569: postmaster notify: User unknown
Apr  8 02:00:24 splunk3 sendmail[26569]: n3890Mwj026569: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 02:01:00 splunk3 sendmail[26725]: n38910uM026725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:01:12 splunk3 sendmail[26747]: n389118o026747: from=root, size=443, class=0, nrcpts=1, msgid=<200904080901.n389118o026747@splunk3.splunkit.com>, relay=root@localhost
Apr  8 02:01:12 splunk3 sendmail[26790]: n3891C1n026790: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904080901.n389118o026747@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 02:01:12 splunk3 sendmail[26747]: n389118o026747: to=root, ctladdr=root (0/0), delay=00:00:11, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n3891C1n026790 Message accepted for delivery)
Apr  8 02:01:13 splunk3 sendmail[26791]: n3891C1n026790: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 02:02:00 splunk3 sendmail[26973]: n38920Pw026973: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:03:00 splunk3 sendmail[27216]: n38930Jd027216: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:04:00 splunk3 sendmail[27462]: n38940xm027462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:04:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:05:00 splunk3 sendmail[27706]: n38950kt027706: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:05:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:05:13 splunk3 sendmail[27755]: n3895DuX027755: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080905.n3895CYS012672@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:05:13 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37363 
Apr  8 02:05:13 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:05:13 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 02:05:13 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 02:05:13 splunk3 sendmail[27756]: n3895DuX027755: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:05:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:06:00 splunk3 sendmail[27959]: n389600Y027959: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:07:00 splunk3 sendmail[28198]: n38970N3028198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:08:01 splunk3 sendmail[28434]: n38981Nq028434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:09:01 splunk3 sendmail[28676]: n38991xY028676: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:09:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:10:01 splunk3 sendmail[28916]: n389A1mW028916: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:10:02 splunk3 sendmail[29017]: n389A2mU029017: from=root, size=292, class=0, nrcpts=1, msgid=<200904080910.n389A2mU029017@splunk3.splunkit.com>, relay=root@localhost
Apr  8 02:10:02 splunk3 sendmail[29022]: n389A2kH029022: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904080910.n389A2mU029017@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 02:10:02 splunk3 sendmail[29017]: n389A2mU029017: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n389A2kH029022 Message accepted for delivery)
Apr  8 02:10:03 splunk3 sendmail[29023]: n389A2kH029022: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 02:10:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:10:13 splunk3 sendmail[29070]: n389ADbw029070: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080910.n389ADXC013288@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:10:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37420 
Apr  8 02:10:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:10:14 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:10:14 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:10:14 splunk3 spamd[25517]: spamd: processing message <200904080910.n389ADXC013288@virt2.int.splunk.com> for spamme:501 
Apr  8 02:10:16 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 02:10:16 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37420,mid=<200904080910.n389ADXC013288@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:10:16 splunk3 sendmail[29071]: n389ADbw029070: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:10:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:11:01 splunk3 sendmail[29283]: n389B13V029283: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 02:12:01 splunk3 sendmail[29519]: n389C1hD029519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:13:01 splunk3 sendmail[29757]: n389D1V5029757: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:14:01 splunk3 sendmail[29991]: n389E1CV029991: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:14:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:15:01 splunk3 sendmail[30236]: n389F17m030236: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:15:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:15:14 splunk3 sendmail[30284]: n389FEKq030284: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080915.n389FER4014074@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:15:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37476 
Apr  8 02:15:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:15:14 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:15:14 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:15:14 splunk3 spamd[25517]: spamd: processing message <200904080915.n389FER4014074@virt2.int.splunk.com> for spamme:501 
Apr  8 02:15:17 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 02:15:17 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37476,mid=<200904080915.n389FER4014074@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:15:17 splunk3 sendmail[30285]: n389FEKq030284: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:15:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:16:01 splunk3 sendmail[30489]: n389G1Qr030489: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:17:01 splunk3 sendmail[30728]: n389H1qu030728: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:18:01 splunk3 sendmail[30963]: n389I1Jv030963: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:19:01 splunk3 sendmail[31201]: n389J1aY031201: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:19:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:20:01 splunk3 sendmail[31441]: n389K1nY031441: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:20:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:20:14 splunk3 sendmail[31496]: n389KEFK031496: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080920.n389KEEh014706@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:20:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37532 
Apr  8 02:20:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:20:14 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:20:14 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:20:14 splunk3 spamd[25517]: spamd: processing message <200904080920.n389KEEh014706@virt2.int.splunk.com> for spamme:501 
Apr  8 02:20:16 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  8 02:20:16 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37532,mid=<200904080920.n389KEEh014706@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:20:16 splunk3 sendmail[31497]: n389KEFK031496: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:20:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:21:01 splunk3 sendmail[31705]: n389L1wL031705: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:22:01 splunk3 sendmail[31941]: n389M1Z1031941: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:23:01 splunk3 sendmail[32181]: n389N1Re032181: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:23:34 splunk3 sendmail[32286]: n389NT3n032286: dsl-201-127-162-246-dyn.prod-infinitum.com.mx [201.127.162.246] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:24:01 splunk3 sendmail[32425]: n389O1jb032425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:24:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:25:01 splunk3 sendmail[32669]: n389P1TX032669: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:25:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:25:15 splunk3 sendmail[32714]: n389PF5R032714: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080925.n389PEtE015311@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:25:15 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37587 
Apr  8 02:25:15 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:25:15 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:25:15 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:25:15 splunk3 spamd[25517]: spamd: processing message <200904080925.n389PEtE015311@virt2.int.splunk.com> for spamme:501 
Apr  8 02:25:17 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1308 bytes. 
Apr  8 02:25:17 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37587,mid=<200904080925.n389PEtE015311@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:25:18 splunk3 sendmail[32715]: n389PF5R032714: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:25:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:26:01 splunk3 sendmail[455]: n389Q1IO000455: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 02:27:01 splunk3 sendmail[696]: n389R1Bw000696: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:28:01 splunk3 sendmail[930]: n389S161000930: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:29:01 splunk3 sendmail[1169]: n389T1RJ001169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:29:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:30:01 splunk3 sendmail[1409]: n389U1Zo001409: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:30:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:30:15 splunk3 sendmail[1463]: n389UFpR001463: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080930.n389UFJV015936@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:30:15 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37644 
Apr  8 02:30:15 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:30:15 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:30:15 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:30:15 splunk3 spamd[25517]: spamd: processing message <200904080930.n389UFJV015936@virt2.int.splunk.com> for spamme:501 
Apr  8 02:30:18 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 02:30:18 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37644,mid=<200904080930.n389UFJV015936@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:30:18 splunk3 sendmail[1464]: n389UFpR001463: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:30:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:31:01 splunk3 sendmail[1674]: n389V1Fp001674: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:32:01 splunk3 sendmail[1908]: n389W1M7001908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:33:01 splunk3 sendmail[2149]: n389X1FI002149: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:34:01 splunk3 sendmail[2383]: n389Y15F002383: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:34:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:35:01 splunk3 sendmail[2631]: n389Z1pD002631: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:35:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:35:15 splunk3 sendmail[2701]: n389ZFWF002701: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080935.n389ZFNv016686@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:35:15 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37699 
Apr  8 02:35:15 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:35:15 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:35:15 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:35:15 splunk3 spamd[25517]: spamd: processing message <200904080935.n389ZFNv016686@virt2.int.splunk.com> for spamme:501 
Apr  8 02:35:17 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  8 02:35:17 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37699,mid=<200904080935.n389ZFNv016686@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:35:17 splunk3 sendmail[2702]: n389ZFWF002701: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:35:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:36:01 splunk3 sendmail[2899]: n389a1Hk002899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:37:01 splunk3 sendmail[3146]: n389b1ir003146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:38:01 splunk3 sendmail[3383]: n389c1r7003383: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:39:01 splunk3 sendmail[3647]: n389d1UV003647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:39:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:40:01 splunk3 sendmail[3904]: n389e1bn003904: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:40:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:40:16 splunk3 sendmail[3968]: n389eGD4003968: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080940.n389eGc7017316@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:40:16 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37755 
Apr  8 02:40:16 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:40:16 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:40:16 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:40:16 splunk3 spamd[25517]: spamd: processing message <200904080940.n389eGc7017316@virt2.int.splunk.com> for spamme:501 
Apr  8 02:40:18 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 02:40:18 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37755,mid=<200904080940.n389eGc7017316@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:40:18 splunk3 sendmail[3969]: n389eGD4003968: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:40:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:41:01 splunk3 sendmail[4175]: n389f176004175: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 02:42:01 splunk3 sendmail[4425]: n389g1DF004425: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:43:01 splunk3 sendmail[4663]: n389h1SO004663: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:44:01 splunk3 sendmail[4904]: n389i1pJ004904: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:44:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:45:01 splunk3 sendmail[5186]: n389j1mG005186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:45:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:45:16 splunk3 sendmail[5248]: n389jGu4005248: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080945.n389jGFt017928@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:45:16 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37811 
Apr  8 02:45:16 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:45:16 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:45:16 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:45:16 splunk3 spamd[25517]: spamd: processing message <200904080945.n389jGFt017928@virt2.int.splunk.com> for spamme:501 
Apr  8 02:45:18 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 02:45:18 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37811,mid=<200904080945.n389jGFt017928@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:45:18 splunk3 sendmail[5249]: n389jGu4005248: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:45:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:46:01 splunk3 sendmail[5443]: n389k1t8005443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:47:01 splunk3 sendmail[5680]: n389l17t005680: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:47:03 splunk3 sendmail[32388]: n389Ns5c032388: dsl-201-127-162-246-dyn.prod-infinitum.com.mx [201.127.162.246] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:48:01 splunk3 sendmail[5914]: n389m15x005914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:49:01 splunk3 sendmail[6151]: n389n10l006151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:49:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:50:01 splunk3 sendmail[6397]: n389o1rW006397: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:50:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:50:16 splunk3 sendmail[6463]: n389oGLO006463: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080950.n389oGHV018545@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:50:16 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37867 
Apr  8 02:50:16 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:50:16 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:50:16 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:50:16 splunk3 spamd[25517]: spamd: processing message <200904080950.n389oGHV018545@virt2.int.splunk.com> for spamme:501 
Apr  8 02:50:18 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  8 02:50:18 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37867,mid=<200904080950.n389oGHV018545@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:50:18 splunk3 sendmail[6464]: n389oGLO006463: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:50:18 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:51:01 splunk3 sendmail[6656]: n389p16E006656: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:52:01 splunk3 sendmail[6890]: n389q1Bu006890: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:53:01 splunk3 sendmail[7128]: n389r1XN007128: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:53:35 splunk3 sendmail[7252]: n389rYw7007252: ruleset=check_rcpt, arg1=<sseenndd1201@yahoo.com.hk>, relay=118-165-88-84.dynamic.hinet.net [118.165.88.84], reject=550 5.7.1 <sseenndd1201@yahoo.com.hk>... Relaying denied
Apr  8 02:54:01 splunk3 sendmail[7367]: n389s1dF007367: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:54:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 02:55:01 splunk3 sendmail[7620]: n389t19D007620: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:55:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 02:55:17 splunk3 sendmail[7685]: n389tHnY007685: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904080955.n389tGdb019155@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 02:55:17 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37922 
Apr  8 02:55:17 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 02:55:17 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 02:55:17 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 02:55:17 splunk3 spamd[25517]: spamd: processing message <200904080955.n389tGdb019155@virt2.int.splunk.com> for spamme:501 
Apr  8 02:55:19 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  8 02:55:19 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37922,mid=<200904080955.n389tGdb019155@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 02:55:19 splunk3 sendmail[7686]: n389tHnY007685: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 02:55:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 02:56:01 splunk3 sendmail[7873]: n389u1ex007873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 02:57:01 splunk3 sendmail[8115]: n389v1HD008115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:58:01 splunk3 sendmail[8350]: n389w14q008350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:59:01 splunk3 sendmail[8588]: n389x1kE008588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 02:59:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:00:01 splunk3 sendmail[8829]: n38A018Q008829: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:00:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:00:04 splunk3 sendmail[8901]: n38A04Tn008901: from=root, size=291, class=0, nrcpts=1, msgid=<200904081000.n38A04Tn008901@splunk3.splunkit.com>, relay=root@localhost
Apr  8 03:00:04 splunk3 sendmail[8905]: n38A04b8008905: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081000.n38A04Tn008901@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 03:00:04 splunk3 sendmail[8901]: n38A04Tn008901: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38A04b8008905 Message accepted for delivery)
Apr  8 03:00:05 splunk3 sendmail[8906]: n38A04b8008905: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 03:00:17 splunk3 sendmail[8968]: n38A0Hnq008968: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081000.n38A0Hi6019793@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:00:17 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37980 
Apr  8 03:00:17 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:00:17 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 03:00:17 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 03:00:17 splunk3 sendmail[8969]: n38A0Hnq008968: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:00:17 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:00:28 splunk3 sendmail[9023]: n38A0SrJ009023: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904081000.n38A0SrJ009023@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 03:00:28 splunk3 sendmail[9025]: n38A0SrJ009023: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 03:00:28 splunk3 sendmail[9025]: n38A0SrJ009023: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  8 03:00:28 splunk3 sendmail[9025]: n38A0SrJ009023: n38A0SrJ009025: postmaster notify: User unknown
Apr  8 03:00:30 splunk3 sendmail[9025]: n38A0SrJ009025: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  8 03:01:01 splunk3 sendmail[9174]: n38A11UF009174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:01:09 splunk3 sendmail[9181]: n38A11v0009181: from=root, size=443, class=0, nrcpts=1, msgid=<200904081001.n38A11v0009181@splunk3.splunkit.com>, relay=root@localhost
Apr  8 03:01:09 splunk3 sendmail[9204]: n38A19KN009204: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081001.n38A11v0009181@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 03:01:09 splunk3 sendmail[9181]: n38A11v0009181: to=root, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38A19KN009204 Message accepted for delivery)
Apr  8 03:01:13 splunk3 sendmail[9205]: n38A19KN009204: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:04, xdelay=00:00:04, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 03:02:01 splunk3 sendmail[9421]: n38A21V8009421: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:03:01 splunk3 sendmail[9661]: n38A31hK009661: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:04:01 splunk3 sendmail[9896]: n38A41DL009896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:04:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:05:01 splunk3 sendmail[10140]: n38A51iN010140: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:05:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:05:20 splunk3 sendmail[10207]: n38A5Kva010207: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081005.n38A5H66020476@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:05:20 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38044 
Apr  8 03:05:20 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:05:20 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 03:05:20 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 03:05:20 splunk3 sendmail[10208]: n38A5Kva010207: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:05:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:06:01 splunk3 sendmail[10395]: n38A614e010395: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:07:01 splunk3 sendmail[10633]: n38A71IV010633: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:08:01 splunk3 sendmail[10866]: n38A81dX010866: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:09:01 splunk3 sendmail[11110]: n38A91xn011110: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:09:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:10:01 splunk3 sendmail[11350]: n38AA1QQ011350: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:10:02 splunk3 sendmail[11450]: n38AA23b011450: from=root, size=292, class=0, nrcpts=1, msgid=<200904081010.n38AA23b011450@splunk3.splunkit.com>, relay=root@localhost
Apr  8 03:10:02 splunk3 sendmail[11455]: n38AA2VO011455: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081010.n38AA23b011450@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 03:10:02 splunk3 sendmail[11450]: n38AA23b011450: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38AA2VO011455 Message accepted for delivery)
Apr  8 03:10:04 splunk3 sendmail[11456]: n38AA2VO011455: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 03:10:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:10:20 splunk3 sendmail[11543]: n38AAK0a011543: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081010.n38AAKQG021091@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:10:20 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38100 
Apr  8 03:10:20 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:10:20 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:10:20 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:10:20 splunk3 spamd[25517]: spamd: processing message <200904081010.n38AAKQG021091@virt2.int.splunk.com> for spamme:501 
Apr  8 03:10:24 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  8 03:10:24 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38100,mid=<200904081010.n38AAKQG021091@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:10:24 splunk3 sendmail[11544]: n38AAK0a011543: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:10:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:11:01 splunk3 sendmail[11719]: n38AB15o011719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 03:12:01 splunk3 sendmail[11956]: n38AC1qm011956: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:13:01 splunk3 sendmail[12195]: n38AD1qg012195: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:14:01 splunk3 sendmail[12432]: n38AE1Hk012432: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:14:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:15:01 splunk3 sendmail[12688]: n38AF1QB012688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:15:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:15:21 splunk3 sendmail[12769]: n38AFLon012769: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081015.n38AFKms021874@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:15:21 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38165 
Apr  8 03:15:21 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:15:21 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:15:21 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:15:21 splunk3 spamd[25517]: spamd: processing message <200904081015.n38AFKms021874@virt2.int.splunk.com> for spamme:501 
Apr  8 03:15:23 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  8 03:15:23 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38165,mid=<200904081015.n38AFKms021874@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:15:23 splunk3 sendmail[12770]: n38AFLon012769: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:15:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:16:01 splunk3 sendmail[12932]: n38AG1v2012932: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:17:01 splunk3 sendmail[13169]: n38AH1ZP013169: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:18:01 splunk3 sendmail[13443]: n38AI1eN013443: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:19:01 splunk3 sendmail[13683]: n38AJ1c1013683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:19:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:20:01 splunk3 sendmail[13938]: n38AK1qc013938: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:20:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:20:22 splunk3 sendmail[14023]: n38AKMV8014023: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081020.n38AKLHO022509@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:20:22 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38220 
Apr  8 03:20:22 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:20:22 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:20:22 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:20:22 splunk3 spamd[25517]: spamd: processing message <200904081020.n38AKLHO022509@virt2.int.splunk.com> for spamme:501 
Apr  8 03:20:24 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 03:20:24 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38220,mid=<200904081020.n38AKLHO022509@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:20:24 splunk3 sendmail[14024]: n38AKMV8014023: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:20:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:21:01 splunk3 sendmail[14186]: n38AL1A7014186: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:22:01 splunk3 sendmail[14419]: n38AM1ku014419: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:23:01 splunk3 sendmail[14658]: n38AN18G014658: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:23:47 splunk3 sendmail[32348]: n389NfXk032348: timeout waiting for input from dsl-201-127-162-246-dyn.prod-infinitum.com.mx during server cmd read
Apr  8 03:23:47 splunk3 sendmail[32348]: n389NfXk032348: dsl-201-127-162-246-dyn.prod-infinitum.com.mx [201.127.162.246] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:23:47 splunk3 sendmail[32367]: n389NlO2032367: timeout waiting for input from dsl-201-127-162-246-dyn.prod-infinitum.com.mx during server cmd read
Apr  8 03:23:47 splunk3 sendmail[32367]: n389NlO2032367: dsl-201-127-162-246-dyn.prod-infinitum.com.mx [201.127.162.246] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:24:01 splunk3 sendmail[14898]: n38AO1xx014898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:24:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:25:01 splunk3 sendmail[15151]: n38AP1eF015151: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:25:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:25:22 splunk3 sendmail[15236]: n38APMON015236: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081025.n38APMdM023112@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:25:22 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38276 
Apr  8 03:25:22 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:25:22 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:25:22 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:25:22 splunk3 spamd[25517]: spamd: processing message <200904081025.n38APMdM023112@virt2.int.splunk.com> for spamme:501 
Apr  8 03:25:24 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  8 03:25:24 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38276,mid=<200904081025.n38APMdM023112@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:25:24 splunk3 sendmail[15237]: n38APMON015236: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:25:24 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:26:01 splunk3 sendmail[15396]: n38AQ16E015396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 03:27:01 splunk3 sendmail[15648]: n38AR1vF015648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:28:01 splunk3 sendmail[15882]: n38AS1rZ015882: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:29:01 splunk3 sendmail[16119]: n38AT1Ja016119: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:29:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:30:01 splunk3 sendmail[16374]: n38AU1RU016374: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:30:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:30:23 splunk3 sendmail[16455]: n38AUNpC016455: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081030.n38AUMp3023764@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:30:23 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38332 
Apr  8 03:30:23 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:30:23 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:30:23 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:30:23 splunk3 spamd[25517]: spamd: processing message <200904081030.n38AUMp3023764@virt2.int.splunk.com> for spamme:501 
Apr  8 03:30:25 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 03:30:25 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38332,mid=<200904081030.n38AUMp3023764@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:30:25 splunk3 sendmail[16456]: n38AUNpC016455: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:30:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:31:01 splunk3 sendmail[16621]: n38AV1A8016621: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:32:01 splunk3 sendmail[16857]: n38AW1k1016857: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:33:01 splunk3 sendmail[17093]: n38AX1Uj017093: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:34:01 splunk3 sendmail[17325]: n38AY1tn017325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:34:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:35:01 splunk3 sendmail[17568]: n38AZ1wK017568: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:35:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:35:23 splunk3 sendmail[17666]: n38AZNm1017666: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081035.n38AZNci024511@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:35:23 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38388 
Apr  8 03:35:23 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:35:23 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:35:23 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:35:23 splunk3 spamd[25517]: spamd: processing message <200904081035.n38AZNci024511@virt2.int.splunk.com> for spamme:501 
Apr  8 03:35:25 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  8 03:35:25 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38388,mid=<200904081035.n38AZNci024511@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:35:25 splunk3 sendmail[17667]: n38AZNm1017666: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:35:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:36:01 splunk3 sendmail[17821]: n38Aa1gH017821: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:37:01 splunk3 sendmail[18059]: n38Ab14A018059: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:38:01 splunk3 sendmail[18294]: n38Ac1en018294: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:39:01 splunk3 sendmail[18538]: n38Ad1Yx018538: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:39:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:40:01 splunk3 sendmail[18784]: n38Ae1Lv018784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:40:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:40:24 splunk3 sendmail[18882]: n38AeOqr018882: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081040.n38AeNLH025147@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:40:24 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38444 
Apr  8 03:40:24 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:40:24 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:40:24 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:40:24 splunk3 spamd[25517]: spamd: processing message <200904081040.n38AeNLH025147@virt2.int.splunk.com> for spamme:501 
Apr  8 03:40:26 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 03:40:26 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38444,mid=<200904081040.n38AeNLH025147@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:40:26 splunk3 sendmail[18883]: n38AeOqr018882: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:40:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:41:01 splunk3 sendmail[19042]: n38Af1Be019042: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 03:42:01 splunk3 sendmail[19278]: n38Ag14p019278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:43:01 splunk3 sendmail[19515]: n38Ah1SI019515: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:44:01 splunk3 sendmail[19749]: n38Ai1q4019749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:44:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:45:01 splunk3 sendmail[19994]: n38Aj1Si019994: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:45:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:45:24 splunk3 sendmail[20090]: n38AjO6m020090: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081045.n38AjOKp025754@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:45:24 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38500 
Apr  8 03:45:24 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:45:24 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:45:24 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:45:24 splunk3 spamd[25517]: spamd: processing message <200904081045.n38AjOKp025754@virt2.int.splunk.com> for spamme:501 
Apr  8 03:45:26 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 03:45:26 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38500,mid=<200904081045.n38AjOKp025754@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:45:26 splunk3 sendmail[20091]: n38AjO6m020090: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:45:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:46:01 splunk3 sendmail[20246]: n38Ak194020246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:47:01 splunk3 sendmail[20483]: n38Al1cp020483: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:48:01 splunk3 sendmail[20717]: n38Am1da020717: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:49:01 splunk3 sendmail[20953]: n38An1HK020953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:49:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:50:01 splunk3 sendmail[21198]: n38Ao1co021198: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:50:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:50:25 splunk3 sendmail[21312]: n38AoP5h021312: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081050.n38AoPe8026369@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:50:25 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38556 
Apr  8 03:50:25 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:50:25 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:50:25 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:50:25 splunk3 spamd[25517]: spamd: processing message <200904081050.n38AoPe8026369@virt2.int.splunk.com> for spamme:501 
Apr  8 03:50:27 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 03:50:27 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38556,mid=<200904081050.n38AoPe8026369@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:50:27 splunk3 sendmail[21313]: n38AoP5h021312: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:50:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:51:01 splunk3 sendmail[21455]: n38Ap1fh021455: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:52:01 splunk3 sendmail[21690]: n38Aq1Uu021690: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:53:01 splunk3 sendmail[21927]: n38Ar12w021927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:53:35 splunk3 sendmail[7252]: n389rYw7007252: timeout waiting for input from 118-165-88-84.dynamic.hinet.net during server cmd read
Apr  8 03:53:35 splunk3 sendmail[7252]: n389rYw7007252: lost input channel from 118-165-88-84.dynamic.hinet.net [118.165.88.84] to MTA after rcpt
Apr  8 03:53:35 splunk3 sendmail[7252]: n389rYw7007252: from=<ln6u5f3s2k5@yahoo.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-165-88-84.dynamic.hinet.net [118.165.88.84]
Apr  8 03:54:01 splunk3 sendmail[22168]: n38As1ZJ022168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:54:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 03:55:01 splunk3 sendmail[22412]: n38At1oW022412: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:55:04 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 03:55:26 splunk3 sendmail[22526]: n38AtQUS022526: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081055.n38AtPBr026977@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 03:55:26 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38611 
Apr  8 03:55:26 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 03:55:26 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 03:55:26 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 03:55:26 splunk3 spamd[25517]: spamd: processing message <200904081055.n38AtPBr026977@virt2.int.splunk.com> for spamme:501 
Apr  8 03:55:28 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 03:55:28 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38611,mid=<200904081055.n38AtPBr026977@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 03:55:28 splunk3 sendmail[22527]: n38AtQUS022526: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 03:55:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 03:56:01 splunk3 sendmail[22665]: n38Au1CN022665: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 03:57:01 splunk3 sendmail[22904]: n38Av1kX022904: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:58:01 splunk3 sendmail[23140]: n38Aw12L023140: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:59:01 splunk3 sendmail[23379]: n38Ax1T0023379: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 03:59:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:00:01 splunk3 sendmail[23675]: n38B01gM023675: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:00:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:00:04 splunk3 sendmail[23695]: n38B04kX023695: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904081100.n38B04kX023695@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 04:00:04 splunk3 sendmail[23697]: n38B04kX023695: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 04:00:04 splunk3 sendmail[23697]: n38B04kX023695: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 04:00:04 splunk3 sendmail[23697]: n38B04kX023695: n38B04kX023697: postmaster notify: User unknown
Apr  8 04:00:04 splunk3 sendmail[23734]: n38B04rl023734: from=root, size=291, class=0, nrcpts=1, msgid=<200904081100.n38B04rl023734@splunk3.splunkit.com>, relay=root@localhost
Apr  8 04:00:04 splunk3 sendmail[23739]: n38B04H1023739: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081100.n38B04rl023734@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 04:00:04 splunk3 sendmail[23734]: n38B04rl023734: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38B04H1023739 Message accepted for delivery)
Apr  8 04:00:05 splunk3 sendmail[23697]: n38B04kX023697: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 04:00:14 splunk3 sendmail[23740]: n38B04H1023739: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:10, xdelay=00:00:10, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 04:00:26 splunk3 sendmail[23824]: n38B0QOe023824: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081100.n38B0QcO027614@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:00:26 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38676 
Apr  8 04:00:26 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:00:26 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 04:00:26 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 04:00:26 splunk3 sendmail[23825]: n38B0QOe023824: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:00:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:01:01 splunk3 sendmail[23968]: n38B11oi023968: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:01:03 splunk3 sendmail[23975]: n38B12A9023975: from=root, size=443, class=0, nrcpts=1, msgid=<200904081101.n38B12A9023975@splunk3.splunkit.com>, relay=root@localhost
Apr  8 04:01:03 splunk3 sendmail[23978]: n38B13hg023978: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081101.n38B12A9023975@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 04:01:03 splunk3 sendmail[23975]: n38B12A9023975: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38B13hg023978 Message accepted for delivery)
Apr  8 04:01:05 splunk3 sendmail[23979]: n38B13hg023978: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 04:02:01 splunk3 sendmail[24271]: n38B21jV024271: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:02:04 splunk3 sendmail[24555]: n38B24IF024555: from=root, size=2365, class=0, nrcpts=1, msgid=<200904081102.n38B24IF024555@splunk3.splunkit.com>, relay=root@localhost
Apr  8 04:02:04 splunk3 sendmail[24561]: n38B24wX024561: from=<root@splunk3.splunkit.com>, size=2665, class=0, nrcpts=1, msgid=<200904081102.n38B24IF024555@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 04:02:04 splunk3 sendmail[24555]: n38B24IF024555: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32365, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38B24wX024561 Message accepted for delivery)
Apr  8 04:02:06 splunk3 sendmail[24574]: n38B24wX024561: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32898, dsn=2.0.0, stat=Sent
Apr  8 04:03:01 splunk3 sendmail[24937]: n38B31aZ024937: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:04:01 splunk3 sendmail[25170]: n38B41vC025170: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:04:34 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:05:01 splunk3 sendmail[25414]: n38B513O025414: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:05:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:05:27 splunk3 sendmail[25530]: n38B5Qoj025530: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081105.n38B5Qxr028799@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:05:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38733 
Apr  8 04:05:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:05:27 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 04:05:27 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 04:05:27 splunk3 sendmail[25531]: n38B5Qoj025530: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:05:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:06:01 splunk3 sendmail[25668]: n38B61Z8025668: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:07:01 splunk3 sendmail[25908]: n38B71I0025908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:08:01 splunk3 sendmail[26141]: n38B81hP026141: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:09:01 splunk3 sendmail[26384]: n38B91iC026384: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:09:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:10:02 splunk3 sendmail[26719]: n38BA2up026719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:10:02 splunk3 sendmail[26724]: n38BA21e026724: from=root, size=292, class=0, nrcpts=1, msgid=<200904081110.n38BA21e026724@splunk3.splunkit.com>, relay=root@localhost
Apr  8 04:10:02 splunk3 sendmail[26729]: n38BA2N1026729: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081110.n38BA21e026724@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 04:10:02 splunk3 sendmail[26724]: n38BA21e026724: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38BA2N1026729 Message accepted for delivery)
Apr  8 04:10:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:10:04 splunk3 sendmail[26730]: n38BA2N1026729: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 04:10:27 splunk3 sendmail[26861]: n38BARlO026861: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081110.n38BARu0029414@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:10:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38790 
Apr  8 04:10:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:10:27 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:10:27 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:10:27 splunk3 spamd[25517]: spamd: processing message <200904081110.n38BARu0029414@virt2.int.splunk.com> for spamme:501 
Apr  8 04:10:29 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  8 04:10:29 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38790,mid=<200904081110.n38BARu0029414@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 04:10:29 splunk3 sendmail[26862]: n38BARlO026861: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:10:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:11:02 splunk3 sendmail[27002]: n38BB2LX027002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 04:12:02 splunk3 sendmail[27237]: n38BC2Si027237: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:13:02 splunk3 sendmail[27477]: n38BD2Ex027477: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:14:02 splunk3 sendmail[27713]: n38BE2qT027713: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:14:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:15:02 splunk3 sendmail[27957]: n38BF2HY027957: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:15:06 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:15:27 splunk3 sendmail[28070]: n38BFRaA028070: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081115.n38BFREO030221@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:15:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38846 
Apr  8 04:15:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:15:27 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:15:27 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:15:27 splunk3 spamd[25517]: spamd: processing message <200904081115.n38BFREO030221@virt2.int.splunk.com> for spamme:501 
Apr  8 04:15:29 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  8 04:15:29 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38846,mid=<200904081115.n38BFREO030221@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 04:15:29 splunk3 sendmail[28071]: n38BFRaA028070: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:15:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:16:02 splunk3 sendmail[28211]: n38BG2Ss028211: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:17:02 splunk3 sendmail[28449]: n38BH2Xs028449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:18:02 splunk3 sendmail[28683]: n38BI2mX028683: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:19:02 splunk3 sendmail[28921]: n38BJ2FR028921: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:19:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:20:02 splunk3 sendmail[29168]: n38BK2M8029168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:20:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:20:28 splunk3 sendmail[29282]: n38BKSHX029282: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081120.n38BKRDc030834@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:20:28 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38902 
Apr  8 04:20:28 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:20:28 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:20:28 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:20:28 splunk3 spamd[25517]: spamd: processing message <200904081120.n38BKRDc030834@virt2.int.splunk.com> for spamme:501 
Apr  8 04:20:30 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  8 04:20:30 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38902,mid=<200904081120.n38BKRDc030834@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 04:20:30 splunk3 sendmail[29283]: n38BKSHX029282: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:20:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:21:02 splunk3 sendmail[29429]: n38BL2hf029429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:22:02 splunk3 sendmail[29662]: n38BM28f029662: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:23:02 splunk3 sendmail[29899]: n38BN2KQ029899: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:24:02 splunk3 sendmail[30137]: n38BO2sD030137: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:24:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:25:02 splunk3 sendmail[30379]: n38BP2xP030379: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:25:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:25:28 splunk3 sendmail[30497]: n38BPSo1030497: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081125.n38BPSuw031468@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:25:28 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 38958 
Apr  8 04:25:28 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:25:28 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:25:28 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:25:28 splunk3 spamd[25517]: spamd: processing message <200904081125.n38BPSuw031468@virt2.int.splunk.com> for spamme:501 
Apr  8 04:25:30 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  8 04:25:30 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=38958,mid=<200904081125.n38BPSuw031468@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 04:25:30 splunk3 sendmail[30498]: n38BPSo1030497: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:25:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:26:02 splunk3 sendmail[30632]: n38BQ2Pb030632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 04:27:02 splunk3 sendmail[30875]: n38BR2vw030875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:28:02 splunk3 sendmail[31111]: n38BS2Qa031111: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:29:02 splunk3 sendmail[31349]: n38BT2Mn031349: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:29:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:30:02 splunk3 sendmail[31596]: n38BU2lE031596: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:30:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:30:29 splunk3 sendmail[31711]: n38BUT3E031711: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081130.n38BUSYi032062@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:30:29 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39015 
Apr  8 04:30:29 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:30:29 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:30:29 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:30:29 splunk3 spamd[25517]: spamd: processing message <200904081130.n38BUSYi032062@virt2.int.splunk.com> for spamme:501 
Apr  8 04:30:31 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 04:30:31 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39015,mid=<200904081130.n38BUSYi032062@virt2.int.splunk.com>,bayes=0.114624532975882,autolearn=no 
Apr  8 04:30:31 splunk3 sendmail[31712]: n38BUT3E031711: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 04:30:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:31:02 splunk3 sendmail[31853]: n38BV2hn031853: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:32:02 splunk3 sendmail[32086]: n38BW25E032086: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:33:02 splunk3 sendmail[32325]: n38BX2kd032325: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:34:02 splunk3 sendmail[32561]: n38BY2S1032561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:34:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:35:02 splunk3 sendmail[339]: n38BZ2lv000339: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:35:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:35:29 splunk3 sendmail[468]: n38BZTtX000468: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904081135.n38BZTko000367@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:35:29 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39071 
Apr  8 04:35:29 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:35:29 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:35:29 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:35:29 splunk3 spamd[25517]: spamd: processing message <200904081135.n38BZTko000367@virt2.int.splunk.com> for spamme:501 
Apr  8 04:35:31 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1302 bytes. 
Apr  8 04:35:31 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39071,mid=<200904081135.n38BZTko000367@virt2.int.splunk.com>,bayes=0.0679935881897998,autolearn=no 
Apr  8 04:35:31 splunk3 sendmail[469]: n38BZTtX000468: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  8 04:35:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:36:02 splunk3 sendmail[593]: n38Ba21H000593: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:37:02 splunk3 sendmail[833]: n38Bb2tM000833: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:38:02 splunk3 sendmail[1065]: n38Bc2A9001065: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:39:02 splunk3 sendmail[1307]: n38Bd2GG001307: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:39:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:40:02 splunk3 sendmail[1551]: n38Be2lq001551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:40:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:40:30 splunk3 sendmail[1688]: n38BeURi001688: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904081140.n38BeUO2000980@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:40:30 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39126 
Apr  8 04:40:30 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:40:30 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:40:30 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:40:30 splunk3 spamd[25517]: spamd: processing message <200904081140.n38BeUO2000980@virt2.int.splunk.com> for spamme:501 
Apr  8 04:40:32 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1302 bytes. 
Apr  8 04:40:32 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39126,mid=<200904081140.n38BeUO2000980@virt2.int.splunk.com>,bayes=0.0679935881897998,autolearn=no 
Apr  8 04:40:32 splunk3 sendmail[1689]: n38BeURi001688: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  8 04:40:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:41:02 splunk3 sendmail[1811]: n38Bf2qR001811: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 04:42:02 splunk3 sendmail[2052]: n38Bg22c002052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:43:02 splunk3 sendmail[2291]: n38Bh21c002291: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:44:02 splunk3 sendmail[2526]: n38Bi2Qq002526: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:44:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:45:01 splunk3 sendmail[2784]: n38Bj13v002784: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081145.n38Bj0nS001539@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:45:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39171 
Apr  8 04:45:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:45:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:45:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:45:01 splunk3 spamd[25517]: spamd: processing message <200904081145.n38Bj0nS001539@virt2.int.splunk.com> for spamme:501 
Apr  8 04:45:02 splunk3 sendmail[2790]: n38Bj2Nk002790: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:45:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:45:03 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 04:45:03 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39171,mid=<200904081145.n38Bj0nS001539@virt2.int.splunk.com>,bayes=0.171955281864462,autolearn=no 
Apr  8 04:45:03 splunk3 sendmail[2785]: n38Bj13v002784: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 04:45:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:46:02 splunk3 sendmail[3045]: n38Bk2UI003045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:47:02 splunk3 sendmail[3287]: n38Bl2lc003287: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:48:02 splunk3 sendmail[3524]: n38Bm2WS003524: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:49:02 splunk3 sendmail[3793]: n38Bn2oi003793: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:49:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:50:01 splunk3 sendmail[4042]: n38Bo1Ri004042: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081150.n38Bo1Rv002211@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:50:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39227 
Apr  8 04:50:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:50:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:50:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:50:01 splunk3 spamd[25517]: spamd: processing message <200904081150.n38Bo1Rv002211@virt2.int.splunk.com> for spamme:501 
Apr  8 04:50:02 splunk3 sendmail[4056]: n38Bo2Hj004056: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:50:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:50:03 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  8 04:50:03 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39227,mid=<200904081150.n38Bo1Rv002211@virt2.int.splunk.com>,bayes=0.171955281864462,autolearn=no 
Apr  8 04:50:03 splunk3 sendmail[4044]: n38Bo1Ri004042: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 04:50:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:51:02 splunk3 sendmail[4329]: n38Bp2ej004329: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:52:02 splunk3 sendmail[4563]: n38Bq2rL004563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:53:02 splunk3 sendmail[4800]: n38Br21a004800: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:54:02 splunk3 sendmail[5051]: n38Bs2rE005051: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:54:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 04:55:02 splunk3 sendmail[5330]: n38Bt222005330: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081155.n38Bt1TQ002816@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 04:55:02 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39282 
Apr  8 04:55:02 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:55:02 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:55:02 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:55:02 splunk3 spamd[25517]: spamd: processing message <200904081155.n38Bt1TQ002816@virt2.int.splunk.com> for spamme:501 
Apr  8 04:55:02 splunk3 sendmail[5336]: n38Bt2mo005336: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:55:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 04:55:04 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  8 04:55:04 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39282,mid=<200904081155.n38Bt1TQ002816@virt2.int.splunk.com>,bayes=0.171955281864462,autolearn=no 
Apr  8 04:55:04 splunk3 sendmail[5331]: n38Bt222005330: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 04:55:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:56:02 splunk3 sendmail[5587]: n38Bu2uS005587: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 04:57:02 splunk3 sendmail[5826]: n38Bv2jp005826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:58:02 splunk3 sendmail[6062]: n38Bw2Sx006062: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:58:27 splunk3 sendmail[6043]: n38Bw0dv006043: from=<symultn@justdropped.com>, size=5719, class=0, nrcpts=1, msgid=<ffde019dba15$6e0863d3$70c30358@justdropped.com>, proto=ESMTP, daemon=MTA, relay=bhe201062186231.res-com.wayinternet.com.br [201.62.186.231]
Apr  8 04:58:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39324 
Apr  8 04:58:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:58:27 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:58:27 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:58:27 splunk3 spamd[25517]: spamd: processing message <ffde019dba15$6e0863d3$70c30358@justdropped.com> for spamme:501 
Apr  8 04:58:30 splunk3 spamd[25517]: spamd: identified spam (39.3/5.0) for spamme:501 in 2.7 seconds, 6072 bytes. 
Apr  8 04:58:30 splunk3 spamd[25517]: spamd: result: Y 39 - BAYES_99,DATE_IN_FUTURE_96_XX,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=2.7,size=6072,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39324,mid=<ffde019dba15$6e0863d3$70c30358@justdropped.com>,bayes=1,autolearn=spam 
Apr  8 04:58:30 splunk3 sendmail[6163]: n38Bw0dv006043: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:03, mailer=local, pri=35973, dsn=2.0.0, stat=Sent
Apr  8 04:58:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:58:39 splunk3 sendmail[6203]: n38Bwcxi006203: from=<3bpHcSRQKBiYIQQINGCNGTVU-PQTGRNaIQQING.EQOURCOOGURNWPMKV.EQO@alerts.bounces.google.com>, size=5077, class=0, nrcpts=1, msgid=<0016369fa2511b9efb046709daad@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.184]
Apr  8 04:58:39 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39326 
Apr  8 04:58:39 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 04:58:39 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 04:58:39 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 04:58:39 splunk3 spamd[25517]: spamd: processing message <0016369fa2511b9efb046709daad@google.com> for spamme:501 
Apr  8 04:58:42 splunk3 spamd[25517]: spamd: clean message (-2.3/5.0) for spamme:501 in 3.1 seconds, 5507 bytes. 
Apr  8 04:58:42 splunk3 spamd[25517]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=3.1,size=5507,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39326,mid=<0016369fa2511b9efb046709daad@google.com>,bayes=0,autolearn=ham 
Apr  8 04:58:42 splunk3 sendmail[6227]: n38Bwcxi006203: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:03, mailer=local, pri=35288, dsn=2.0.0, stat=Sent
Apr  8 04:58:42 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 04:59:02 splunk3 sendmail[6312]: n38Bx2Dk006312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 04:59:29 splunk3 sendmail[6414]: n38BxSOW006414: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=61-231-65-253.dynamic.hinet.net [61.231.65.253], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  8 04:59:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:00:02 splunk3 sendmail[6606]: n38C0211006606: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:00:03 splunk3 sendmail[6612]: n38C0399006612: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081200.n38C02DP003455@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:00:03 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39341 
Apr  8 05:00:03 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:00:03 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 05:00:03 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 05:00:03 splunk3 sendmail[6613]: n38C0399006612: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:00:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:00:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:00:04 splunk3 sendmail[6647]: n38C046e006647: from=root, size=291, class=0, nrcpts=1, msgid=<200904081200.n38C046e006647@splunk3.splunkit.com>, relay=root@localhost
Apr  8 05:00:04 splunk3 sendmail[6651]: n38C04Yg006651: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081200.n38C046e006647@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 05:00:04 splunk3 sendmail[6647]: n38C046e006647: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38C04Yg006651 Message accepted for delivery)
Apr  8 05:00:06 splunk3 sendmail[6652]: n38C04Yg006651: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 05:00:09 splunk3 sendmail[6690]: n38C0939006690: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904081200.n38C0939006690@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 05:00:09 splunk3 sendmail[6692]: n38C0939006690: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 05:00:09 splunk3 sendmail[6692]: n38C0939006690: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  8 05:00:09 splunk3 sendmail[6692]: n38C0939006690: n38C0939006692: postmaster notify: User unknown
Apr  8 05:00:11 splunk3 sendmail[6692]: n38C0939006692: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  8 05:01:02 splunk3 sendmail[6908]: n38C12v1006908: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:01:10 splunk3 sendmail[6905]: n38C11TW006905: from=root, size=443, class=0, nrcpts=1, msgid=<200904081201.n38C11TW006905@splunk3.splunkit.com>, relay=root@localhost
Apr  8 05:01:10 splunk3 sendmail[6954]: n38C1AmI006954: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081201.n38C11TW006905@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 05:01:10 splunk3 sendmail[6905]: n38C11TW006905: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38C1AmI006954 Message accepted for delivery)
Apr  8 05:01:11 splunk3 sendmail[6955]: n38C1AmI006954: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 05:02:02 splunk3 sendmail[7148]: n38C22ta007148: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:03:02 splunk3 sendmail[7389]: n38C32jV007389: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:04:02 splunk3 sendmail[7632]: n38C42Zm007632: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:04:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:05:02 splunk3 sendmail[7875]: n38C52MT007875: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:05:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:05:04 splunk3 sendmail[7895]: n38C53nS007895: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081205.n38C53pu004136@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:05:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39405 
Apr  8 05:05:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:05:04 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 05:05:04 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 05:05:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:05:04 splunk3 sendmail[7897]: n38C53nS007895: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:06:02 splunk3 sendmail[8128]: n38C62jR008128: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:07:02 splunk3 sendmail[8364]: n38C72ql008364: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:08:02 splunk3 sendmail[8600]: n38C82Mw008600: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:09:02 splunk3 sendmail[8843]: n38C923l008843: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:09:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:10:02 splunk3 sendmail[9178]: n38CA2TN009178: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:10:02 splunk3 sendmail[9182]: n38CA2dC009182: from=root, size=292, class=0, nrcpts=1, msgid=<200904081210.n38CA2dC009182@splunk3.splunkit.com>, relay=root@localhost
Apr  8 05:10:02 splunk3 sendmail[9187]: n38CA2og009187: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081210.n38CA2dC009182@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 05:10:02 splunk3 sendmail[9182]: n38CA2dC009182: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38CA2og009187 Message accepted for delivery)
Apr  8 05:10:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:10:04 splunk3 sendmail[9188]: n38CA2og009187: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 05:10:04 splunk3 sendmail[9211]: n38CA4LW009211: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081210.n38CA4VD004748@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:10:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39462 
Apr  8 05:10:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:10:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:10:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:10:04 splunk3 spamd[25517]: spamd: processing message <200904081210.n38CA4VD004748@virt2.int.splunk.com> for spamme:501 
Apr  8 05:10:06 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  8 05:10:06 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39462,mid=<200904081210.n38CA4VD004748@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:10:06 splunk3 sendmail[9212]: n38CA4LW009211: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:10:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:11:02 splunk3 sendmail[9450]: n38CB2u1009450: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 05:12:02 splunk3 sendmail[9688]: n38CC2Tt009688: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:13:02 splunk3 sendmail[9926]: n38CD2N8009926: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:14:02 splunk3 sendmail[10159]: n38CE2nF010159: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:14:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:15:02 splunk3 sendmail[10403]: n38CF2Vv010403: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:15:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:15:04 splunk3 sendmail[10424]: n38CF4vp010424: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081215.n38CF4Gm005530@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:15:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39518 
Apr  8 05:15:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:15:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:15:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:15:04 splunk3 spamd[25517]: spamd: processing message <200904081215.n38CF4Gm005530@virt2.int.splunk.com> for spamme:501 
Apr  8 05:15:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1305 bytes. 
Apr  8 05:15:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39518,mid=<200904081215.n38CF4Gm005530@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:15:07 splunk3 sendmail[10425]: n38CF4vp010424: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:15:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:16:02 splunk3 sendmail[10657]: n38CG2jh010657: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:17:02 splunk3 sendmail[10898]: n38CH2Hm010898: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:17:10 splunk3 sendmail[10936]: n38CH9Ne010936: from=<spamme@splunkit.com>, size=3052, class=0, nrcpts=1, msgid=<200904081217.n38CH9Ne010936@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=c9251b09.virtua.com.br [201.37.27.9] (may be forged)
Apr  8 05:17:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39545 
Apr  8 05:17:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:17:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:17:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:17:10 splunk3 spamd[25517]: spamd: processing message <200904081217.n38CH9Ne010936@splunk3.splunkit.com> for spamme:501 
Apr  8 05:17:12 splunk3 spamd[25517]: spamd: identified spam (15.1/5.0) for spamme:501 in 1.8 seconds, 3461 bytes. 
Apr  8 05:17:12 splunk3 spamd[25517]: spamd: result: Y 15 - AWL,BAYES_80,HTML_IMAGE_ONLY_32,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,URIBL_SBL,URI_NOVOWEL scantime=1.8,size=3461,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39545,mid=<200904081217.n38CH9Ne010936@splunk3.splunkit.com>,bayes=0.928933821915233,autolearn=no 
Apr  8 05:17:12 splunk3 sendmail[10938]: n38CH9Ne010936: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33384, dsn=2.0.0, stat=Sent
Apr  8 05:17:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:18:02 splunk3 sendmail[11139]: n38CI20Y011139: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:19:02 splunk3 sendmail[11378]: n38CJ2HW011378: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:19:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:20:02 splunk3 sendmail[11623]: n38CK2bQ011623: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:20:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:20:05 splunk3 sendmail[11645]: n38CK5P7011645: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081220.n38CK5VX006166@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:20:05 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39575 
Apr  8 05:20:05 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:20:05 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:20:05 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:20:05 splunk3 spamd[25517]: spamd: processing message <200904081220.n38CK5VX006166@virt2.int.splunk.com> for spamme:501 
Apr  8 05:20:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1305 bytes. 
Apr  8 05:20:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39575,mid=<200904081220.n38CK5VX006166@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:20:07 splunk3 sendmail[11646]: n38CK5P7011645: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:20:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:21:02 splunk3 sendmail[11879]: n38CL24P011879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:22:02 splunk3 sendmail[12113]: n38CM2kZ012113: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:23:02 splunk3 sendmail[12353]: n38CN2jf012353: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:24:02 splunk3 sendmail[12594]: n38CO27Z012594: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:24:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:25:02 splunk3 sendmail[12838]: n38CP2TS012838: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:25:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:25:06 splunk3 sendmail[12860]: n38CP6Xx012860: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081225.n38CP6FJ006772@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:25:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39631 
Apr  8 05:25:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:25:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:25:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:25:06 splunk3 spamd[25517]: spamd: processing message <200904081225.n38CP6FJ006772@virt2.int.splunk.com> for spamme:501 
Apr  8 05:25:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  8 05:25:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39631,mid=<200904081225.n38CP6FJ006772@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:25:08 splunk3 sendmail[12861]: n38CP6Xx012860: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:25:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:26:02 splunk3 sendmail[13092]: n38CQ2n3013092: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 05:27:02 splunk3 sendmail[13372]: n38CR2Ex013372: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:28:02 splunk3 sendmail[13604]: n38CS2td013604: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:29:02 splunk3 sendmail[13839]: n38CT2BW013839: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:29:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:30:02 splunk3 sendmail[14087]: n38CU2oJ014087: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:30:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:30:06 splunk3 sendmail[14108]: n38CU6f6014108: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081230.n38CU68k007386@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:30:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39687 
Apr  8 05:30:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:30:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:30:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:30:06 splunk3 spamd[25517]: spamd: processing message <200904081230.n38CU68k007386@virt2.int.splunk.com> for spamme:501 
Apr  8 05:30:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  8 05:30:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39687,mid=<200904081230.n38CU68k007386@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:30:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:30:08 splunk3 sendmail[14109]: n38CU6f6014108: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:31:02 splunk3 sendmail[14346]: n38CV2oB014346: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:32:02 splunk3 sendmail[14580]: n38CW2DI014580: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:33:02 splunk3 sendmail[14820]: n38CX2ir014820: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:34:02 splunk3 sendmail[15054]: n38CY25R015054: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:34:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:35:02 splunk3 sendmail[15299]: n38CZ26Q015299: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:35:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:35:07 splunk3 sendmail[15324]: n38CZ61S015324: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081235.n38CZ6vn008134@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:35:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39743 
Apr  8 05:35:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:35:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:35:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:35:07 splunk3 spamd[25517]: spamd: processing message <200904081235.n38CZ6vn008134@virt2.int.splunk.com> for spamme:501 
Apr  8 05:35:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 05:35:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39743,mid=<200904081235.n38CZ6vn008134@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:35:09 splunk3 sendmail[15325]: n38CZ61S015324: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:35:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:36:02 splunk3 sendmail[15563]: n38Ca2Jm015563: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:37:02 splunk3 sendmail[15803]: n38Cb2FQ015803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:37:07 splunk3 sendmail[15820]: n38Cb6oh015820: from=<infobarrmarcusandesq@yahoo.co.uk>, size=1780, class=0, nrcpts=1, msgid=<200904081237.n38Cb6oh015820@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=m045.home.net.pl [62.129.253.45]
Apr  8 05:37:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39769 
Apr  8 05:37:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:37:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:37:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:37:07 splunk3 spamd[25517]: spamd: processing message <200904081237.n38Cb6oh015820@splunk3.splunkit.com> for spamme:501 
Apr  8 05:37:08 splunk3 spamd[25517]: spamd: identified spam (13.6/5.0) for spamme:501 in 1.2 seconds, 2151 bytes. 
Apr  8 05:37:08 splunk3 spamd[25517]: spamd: result: Y 13 - BAYES_95,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FORGED_MUA_OUTLOOK,MILLION_USD,MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID,PLING_PLING,SUBJ_ALL_CAPS,TO_CC_NONE scantime=1.2,size=2151,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39769,mid=<200904081237.n38Cb6oh015820@splunk3.splunkit.com>,bayes=0.989721585027408,autolearn=no 
Apr  8 05:37:08 splunk3 sendmail[15822]: n38Cb6oh015820: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=32042, dsn=2.0.0, stat=Sent
Apr  8 05:37:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:38:02 splunk3 sendmail[16045]: n38Cc2pj016045: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:39:02 splunk3 sendmail[16288]: n38Cd2x9016288: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:39:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:40:02 splunk3 sendmail[16534]: n38Ce2MI016534: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:40:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:40:07 splunk3 sendmail[16557]: n38Ce7tQ016557: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081240.n38Ce74D008770@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:40:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39799 
Apr  8 05:40:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:40:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:40:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:40:07 splunk3 spamd[25517]: spamd: processing message <200904081240.n38Ce74D008770@virt2.int.splunk.com> for spamme:501 
Apr  8 05:40:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  8 05:40:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39799,mid=<200904081240.n38Ce74D008770@virt2.int.splunk.com>,bayes=0.171987716419877,autolearn=no 
Apr  8 05:40:09 splunk3 sendmail[16558]: n38Ce7tQ016557: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:40:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:41:02 splunk3 sendmail[16791]: n38Cf2Mn016791: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 05:42:02 splunk3 sendmail[17026]: n38Cg2Mq017026: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:42:46 splunk3 sendmail[17186]: n38CgfCw017186: from=<myaxekv@borderlands.com.au>, size=3216, class=0, nrcpts=1, msgid=<000d01c9b847$8975b030$6400a8c0@myaxekv>, proto=ESMTP, daemon=MTA, relay=67-41-229-77.slkc.qwest.net [67.41.229.77]
Apr  8 05:42:46 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39833 
Apr  8 05:42:46 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:42:46 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:42:46 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:42:46 splunk3 spamd[25517]: spamd: processing message <000d01c9b847$8975b030$6400a8c0@myaxekv> for spamme:501 
Apr  8 05:42:48 splunk3 spamd[25517]: spamd: identified spam (28.8/5.0) for spamme:501 in 2.3 seconds, 3533 bytes. 
Apr  8 05:42:48 splunk3 spamd[25517]: spamd: result: Y 28 - BAYES_99,DNS_FROM_RFC_BOGUSMX,HELO_DYNAMIC_IPADDR2,HTML_40_50,HTML_MESSAGE,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,UNPARSEABLE_RELAY,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SURBL scantime=2.3,size=3533,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39833,mid=<000d01c9b847$8975b030$6400a8c0@myaxekv>,bayes=0.999999999999903,autolearn=spam 
Apr  8 05:42:48 splunk3 sendmail[17206]: n38CgfCw017186: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33437, dsn=2.0.0, stat=Sent
Apr  8 05:42:48 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:43:02 splunk3 sendmail[17270]: n38Ch2k8017270: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:44:02 splunk3 sendmail[17504]: n38Ci2Xp017504: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:44:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:45:02 splunk3 sendmail[17750]: n38Cj23G017750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:45:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:45:07 splunk3 sendmail[17770]: n38Cj7IZ017770: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081245.n38Cj7C2009383@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:45:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39857 
Apr  8 05:45:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:45:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:45:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:45:07 splunk3 spamd[25517]: spamd: processing message <200904081245.n38Cj7C2009383@virt2.int.splunk.com> for spamme:501 
Apr  8 05:45:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1305 bytes. 
Apr  8 05:45:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39857,mid=<200904081245.n38Cj7C2009383@virt2.int.splunk.com>,bayes=0.17199401218693,autolearn=no 
Apr  8 05:45:09 splunk3 sendmail[17771]: n38Cj7IZ017770: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:46:02 splunk3 sendmail[18003]: n38Ck2JW018003: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:47:02 splunk3 sendmail[18240]: n38Cl2Ap018240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:48:02 splunk3 sendmail[18475]: n38Cm2m4018475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:49:02 splunk3 sendmail[18712]: n38Cn2dN018712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:49:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:50:02 splunk3 sendmail[18958]: n38Co2xs018958: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:50:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:50:08 splunk3 sendmail[19003]: n38Co8mt019003: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081250.n38Co8N3010000@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:50:08 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39912 
Apr  8 05:50:08 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:50:08 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:50:08 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:50:08 splunk3 spamd[25517]: spamd: processing message <200904081250.n38Co8N3010000@virt2.int.splunk.com> for spamme:501 
Apr  8 05:50:10 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1305 bytes. 
Apr  8 05:50:10 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39912,mid=<200904081250.n38Co8N3010000@virt2.int.splunk.com>,bayes=0.17199401218693,autolearn=no 
Apr  8 05:50:10 splunk3 sendmail[19004]: n38Co8mt019003: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 05:50:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:51:02 splunk3 sendmail[19217]: n38Cp2Z3019217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:52:02 splunk3 sendmail[19454]: n38Cq2vJ019454: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:53:02 splunk3 sendmail[19691]: n38Cr2dF019691: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:54:02 splunk3 sendmail[19932]: n38Cs2G9019932: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:54:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 05:55:02 splunk3 sendmail[20176]: n38Ct2XM020176: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:55:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 05:55:08 splunk3 sendmail[20218]: n38Ct8cP020218: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081255.n38Ct8f9010612@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 05:55:08 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39968 
Apr  8 05:55:08 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 05:55:08 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 05:55:08 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 05:55:08 splunk3 spamd[25517]: spamd: processing message <200904081255.n38Ct8f9010612@virt2.int.splunk.com> for spamme:501 
Apr  8 05:55:10 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  8 05:55:10 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39968,mid=<200904081255.n38Ct8f9010612@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 05:55:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 05:55:10 splunk3 sendmail[20219]: n38Ct8cP020218: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 05:56:02 splunk3 sendmail[20429]: n38Cu2kt020429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 05:57:02 splunk3 sendmail[20669]: n38Cv2cn020669: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:57:46 splunk3 sendmail[15197]: n38CYbnq015197: 114-44-42-30.dynamic.hinet.net [114.44.42.30] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:58:02 splunk3 sendmail[20904]: n38Cw2SH020904: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:59:02 splunk3 sendmail[21144]: n38Cx2dD021144: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 05:59:29 splunk3 sendmail[6414]: n38BxSOW006414: timeout waiting for input from 61-231-65-253.dynamic.hinet.net during server cmd read
Apr  8 05:59:29 splunk3 sendmail[6414]: n38BxSOW006414: lost input channel from 61-231-65-253.dynamic.hinet.net [61.231.65.253] to MTA after rcpt
Apr  8 05:59:29 splunk3 sendmail[6414]: n38BxSOW006414: from=<0407pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=61-231-65-253.dynamic.hinet.net [61.231.65.253]
Apr  8 05:59:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:00:02 splunk3 sendmail[21440]: n38D02eH021440: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:00:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:00:04 splunk3 sendmail[21472]: n38D04aZ021472: from=root, size=291, class=0, nrcpts=1, msgid=<200904081300.n38D04aZ021472@splunk3.splunkit.com>, relay=root@localhost
Apr  8 06:00:04 splunk3 sendmail[21476]: n38D04Xv021476: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081300.n38D04aZ021472@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 06:00:04 splunk3 sendmail[21472]: n38D04aZ021472: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38D04Xv021476 Message accepted for delivery)
Apr  8 06:00:06 splunk3 sendmail[21477]: n38D04Xv021476: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 06:00:09 splunk3 sendmail[21502]: n38D09sd021502: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081300.n38D09ol011253@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:00:09 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40025 
Apr  8 06:00:09 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:00:09 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 06:00:09 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 06:00:09 splunk3 sendmail[21503]: n38D09sd021502: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:00:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:00:16 splunk3 sendmail[21539]: n38D0GGq021539: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904081300.n38D0GGq021539@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 06:00:16 splunk3 sendmail[21541]: n38D0GGq021539: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 06:00:16 splunk3 sendmail[21541]: n38D0GGq021539: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 06:00:16 splunk3 sendmail[21541]: n38D0GGq021539: n38D0GGq021541: postmaster notify: User unknown
Apr  8 06:00:18 splunk3 sendmail[21541]: n38D0GGq021541: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 06:01:02 splunk3 sendmail[21740]: n38D12Ph021740: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:01:11 splunk3 sendmail[21738]: n38D115g021738: from=root, size=443, class=0, nrcpts=1, msgid=<200904081301.n38D115g021738@splunk3.splunkit.com>, relay=root@localhost
Apr  8 06:01:11 splunk3 sendmail[21780]: n38D1Bdf021780: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081301.n38D115g021738@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 06:01:11 splunk3 sendmail[21738]: n38D115g021738: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38D1Bdf021780 Message accepted for delivery)
Apr  8 06:01:12 splunk3 sendmail[21781]: n38D1Bdf021780: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 06:02:02 splunk3 sendmail[21978]: n38D22dA021978: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:03:02 splunk3 sendmail[22217]: n38D32L9022217: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:04:02 splunk3 sendmail[22450]: n38D42mM022450: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:04:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:05:02 splunk3 sendmail[22694]: n38D52lt022694: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:05:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:05:10 splunk3 sendmail[22739]: n38D5AJx022739: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081305.n38D59UC011940@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:05:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40089 
Apr  8 06:05:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:05:10 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 06:05:10 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 06:05:10 splunk3 sendmail[22740]: n38D5AJx022739: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:05:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:06:03 splunk3 sendmail[22949]: n38D63YU022949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:07:03 splunk3 sendmail[23200]: n38D73Lk023200: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:08:03 splunk3 sendmail[23436]: n38D83NF023436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:09:03 splunk3 sendmail[23679]: n38D93r6023679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:09:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:10:02 splunk3 sendmail[24002]: n38DA2bM024002: from=root, size=292, class=0, nrcpts=1, msgid=<200904081310.n38DA2bM024002@splunk3.splunkit.com>, relay=root@localhost
Apr  8 06:10:02 splunk3 sendmail[24007]: n38DA2RB024007: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081310.n38DA2bM024002@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 06:10:02 splunk3 sendmail[24002]: n38DA2bM024002: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38DA2RB024007 Message accepted for delivery)
Apr  8 06:10:03 splunk3 sendmail[24028]: n38DA3Jw024028: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:10:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:10:04 splunk3 sendmail[24008]: n38DA2RB024007: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 06:10:10 splunk3 sendmail[24056]: n38DAAR2024056: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081310.n38DAAlq012549@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:10:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40145 
Apr  8 06:10:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:10:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:10:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:10:10 splunk3 spamd[25517]: spamd: processing message <200904081310.n38DAAlq012549@virt2.int.splunk.com> for spamme:501 
Apr  8 06:10:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  8 06:10:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40145,mid=<200904081310.n38DAAlq012549@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:10:12 splunk3 sendmail[24057]: n38DAAR2024056: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:11:03 splunk3 sendmail[24288]: n38DB36Y024288: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 06:12:03 splunk3 sendmail[24525]: n38DC3Jr024525: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:13:03 splunk3 sendmail[24765]: n38DD3Fv024765: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:14:03 splunk3 sendmail[24998]: n38DE3RT024998: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:14:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:15:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:15:03 splunk3 sendmail[25246]: n38DF334025246: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:15:10 splunk3 sendmail[25271]: n38DFAf4025271: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081315.n38DFAUt013336@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:15:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40202 
Apr  8 06:15:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:15:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:15:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:15:10 splunk3 spamd[25517]: spamd: processing message <200904081315.n38DFAUt013336@virt2.int.splunk.com> for spamme:501 
Apr  8 06:15:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 06:15:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40202,mid=<200904081315.n38DFAUt013336@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:15:12 splunk3 sendmail[25272]: n38DFAf4025271: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:15:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:16:03 splunk3 sendmail[25497]: n38DG3TV025497: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:17:03 splunk3 sendmail[25735]: n38DH3aQ025735: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:18:03 splunk3 sendmail[25970]: n38DI35L025970: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:19:03 splunk3 sendmail[26208]: n38DJ3GQ026208: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:19:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:20:03 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:20:03 splunk3 sendmail[26457]: n38DK3FG026457: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:20:11 splunk3 sendmail[26481]: n38DKBXd026481: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081320.n38DKAg5013967@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:20:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40257 
Apr  8 06:20:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:20:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:20:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:20:11 splunk3 spamd[25517]: spamd: processing message <200904081320.n38DKAg5013967@virt2.int.splunk.com> for spamme:501 
Apr  8 06:20:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 06:20:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40257,mid=<200904081320.n38DKAg5013967@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:20:13 splunk3 sendmail[26482]: n38DKBXd026481: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:20:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:21:03 splunk3 sendmail[26712]: n38DL3td026712: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:21:29 splunk3 sendmail[26794]: n38DLOfP026794: from=<spamme@splunkit.com>, size=583, class=0, nrcpts=1, msgid=<200904081321.n38DLOfP026794@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=customer-static-254-141.iplannetworks.net [200.69.254.141] (may be forged)
Apr  8 06:21:29 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40278 
Apr  8 06:21:29 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:21:29 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:21:29 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:21:29 splunk3 spamd[25517]: spamd: processing message <200904081321.n38DLOfP026794@splunk3.splunkit.com> for spamme:501 
Apr  8 06:21:31 splunk3 spamd[25517]: spamd: identified spam (22.5/5.0) for spamme:501 in 1.6 seconds, 1001 bytes. 
Apr  8 06:21:31 splunk3 spamd[25517]: spamd: result: Y 22 - AWL,BAYES_99,FORGED_RCVD_HELO,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=1.6,size=1001,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40278,mid=<200904081321.n38DLOfP026794@splunk3.splunkit.com>,bayes=0.999991522997094,autolearn=no 
Apr  8 06:21:31 splunk3 sendmail[26814]: n38DLOfP026794: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:04, xdelay=00:00:02, mailer=local, pri=30925, dsn=2.0.0, stat=Sent
Apr  8 06:21:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:22:03 splunk3 sendmail[26953]: n38DM3rS026953: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:23:03 splunk3 sendmail[27190]: n38DN3aA027190: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:24:03 splunk3 sendmail[27429]: n38DO3wI027429: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:24:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:25:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:25:03 splunk3 sendmail[27674]: n38DP3JB027674: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:25:11 splunk3 sendmail[27702]: n38DPBFp027702: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081325.n38DPBQH014571@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:25:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40314 
Apr  8 06:25:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:25:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:25:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:25:11 splunk3 spamd[25517]: spamd: processing message <200904081325.n38DPBQH014571@virt2.int.splunk.com> for spamme:501 
Apr  8 06:25:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  8 06:25:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40314,mid=<200904081325.n38DPBQH014571@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:25:13 splunk3 sendmail[27703]: n38DPBFp027702: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:25:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:26:03 splunk3 sendmail[27926]: n38DQ3bS027926: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 06:27:03 splunk3 sendmail[28168]: n38DR3QC028168: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:28:03 splunk3 sendmail[28402]: n38DS3o6028402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:29:03 splunk3 sendmail[28642]: n38DT3BF028642: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:29:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:30:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:30:03 splunk3 sendmail[28891]: n38DU3kC028891: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:30:12 splunk3 sendmail[28917]: n38DUCAS028917: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081330.n38DUBBo015194@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:30:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40371 
Apr  8 06:30:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:30:12 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:30:12 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:30:12 splunk3 spamd[25517]: spamd: processing message <200904081330.n38DUBBo015194@virt2.int.splunk.com> for spamme:501 
Apr  8 06:30:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.9 seconds, 1308 bytes. 
Apr  8 06:30:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.9,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40371,mid=<200904081330.n38DUBBo015194@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:30:14 splunk3 sendmail[28918]: n38DUCAS028917: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:30:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:31:03 splunk3 sendmail[29146]: n38DV3Is029146: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:32:03 splunk3 sendmail[29379]: n38DW3tJ029379: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:33:03 splunk3 sendmail[29618]: n38DX3nQ029618: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:34:03 splunk3 sendmail[29854]: n38DY3k5029854: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:34:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:35:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:35:03 splunk3 sendmail[30099]: n38DZ3FI030099: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:35:12 splunk3 sendmail[30125]: n38DZCGS030125: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081335.n38DZC3Y015945@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:35:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40426 
Apr  8 06:35:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:35:12 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:35:12 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:35:12 splunk3 spamd[25517]: spamd: processing message <200904081335.n38DZC3Y015945@virt2.int.splunk.com> for spamme:501 
Apr  8 06:35:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 06:35:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40426,mid=<200904081335.n38DZC3Y015945@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:35:15 splunk3 sendmail[30126]: n38DZCGS030125: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:35:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:36:03 splunk3 sendmail[30351]: n38Da3cV030351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:37:03 splunk3 sendmail[30588]: n38Db3L3030588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:38:03 splunk3 sendmail[30822]: n38Dc3II030822: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:39:03 splunk3 sendmail[31064]: n38Dd3pr031064: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:39:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:40:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:40:03 splunk3 sendmail[31312]: n38De3O7031312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:40:12 splunk3 sendmail[31347]: n38DeCjE031347: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081340.n38DeCC2016576@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:40:12 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40482 
Apr  8 06:40:12 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:40:12 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:40:12 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:40:12 splunk3 spamd[25517]: spamd: processing message <200904081340.n38DeCC2016576@virt2.int.splunk.com> for spamme:501 
Apr  8 06:40:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 06:40:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40482,mid=<200904081340.n38DeCC2016576@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:40:14 splunk3 sendmail[31357]: n38DeCjE031347: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:40:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:41:03 splunk3 sendmail[31569]: n38Df3LO031569: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 06:42:03 splunk3 sendmail[31805]: n38Dg30X031805: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:43:03 splunk3 sendmail[32044]: n38Dh3oa032044: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:44:03 splunk3 sendmail[32278]: n38Di3bo032278: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:44:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:45:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:45:03 splunk3 sendmail[32526]: n38Dj31f032526: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:45:13 splunk3 sendmail[32568]: n38DjDA7032568: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081345.n38DjDrg017194@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:45:13 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40538 
Apr  8 06:45:13 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:45:13 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:45:13 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:45:13 splunk3 spamd[25517]: spamd: processing message <200904081345.n38DjDrg017194@virt2.int.splunk.com> for spamme:501 
Apr  8 06:45:15 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 06:45:15 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40538,mid=<200904081345.n38DjDrg017194@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:45:15 splunk3 sendmail[32569]: n38DjDA7032568: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:45:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:46:03 splunk3 sendmail[309]: n38Dk3JL000309: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:47:03 splunk3 sendmail[548]: n38Dl3h7000548: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:48:03 splunk3 sendmail[784]: n38Dm33Z000784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:49:03 splunk3 sendmail[1023]: n38Dn3tV001023: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:49:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:50:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:50:03 splunk3 sendmail[1273]: n38Do3fP001273: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:50:13 splunk3 sendmail[1314]: n38DoDMl001314: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081350.n38DoD3o017808@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:50:13 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40594 
Apr  8 06:50:13 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:50:13 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:50:13 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:50:13 splunk3 spamd[25517]: spamd: processing message <200904081350.n38DoD3o017808@virt2.int.splunk.com> for spamme:501 
Apr  8 06:50:15 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  8 06:50:15 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40594,mid=<200904081350.n38DoD3o017808@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:50:15 splunk3 sendmail[1315]: n38DoDMl001314: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:50:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:51:03 splunk3 sendmail[1528]: n38Dp3vF001528: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:52:03 splunk3 sendmail[1762]: n38Dq34j001762: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:53:03 splunk3 sendmail[2001]: n38Dr3Yp002001: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:54:03 splunk3 sendmail[2240]: n38Ds3lL002240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:54:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 06:55:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 06:55:03 splunk3 sendmail[2486]: n38Dt3G1002486: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:55:14 splunk3 sendmail[2530]: n38DtD6t002530: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081355.n38DtDPe018415@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 06:55:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40649 
Apr  8 06:55:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 06:55:14 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 06:55:14 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 06:55:14 splunk3 spamd[25517]: spamd: processing message <200904081355.n38DtDPe018415@virt2.int.splunk.com> for spamme:501 
Apr  8 06:55:16 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 06:55:16 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40649,mid=<200904081355.n38DtDPe018415@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 06:55:16 splunk3 sendmail[2531]: n38DtD6t002530: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 06:55:16 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 06:56:03 splunk3 sendmail[2745]: n38Du3vn002745: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 06:57:03 splunk3 sendmail[2999]: n38Dv3Yt002999: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:58:03 splunk3 sendmail[3240]: n38Dw32F003240: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:59:03 splunk3 sendmail[3478]: n38Dx3lG003478: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 06:59:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:00:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:00:03 splunk3 sendmail[3806]: n38E036q003806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:00:04 splunk3 sendmail[3817]: n38E04nG003817: from=root, size=291, class=0, nrcpts=1, msgid=<200904081400.n38E04nG003817@splunk3.splunkit.com>, relay=root@localhost
Apr  8 07:00:04 splunk3 sendmail[3821]: n38E043P003821: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081400.n38E04nG003817@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 07:00:04 splunk3 sendmail[3817]: n38E04nG003817: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38E043P003821 Message accepted for delivery)
Apr  8 07:00:05 splunk3 sendmail[3822]: n38E043P003821: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 07:00:15 splunk3 sendmail[3868]: n38E0Fna003868: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081400.n38E0Eoe019057@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:00:15 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40707 
Apr  8 07:00:15 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:00:15 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 07:00:15 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 07:00:15 splunk3 sendmail[3869]: n38E0Fna003868: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:00:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:00:22 splunk3 sendmail[3906]: n38E0MjN003906: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904081400.n38E0MjN003906@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 07:00:22 splunk3 sendmail[3908]: n38E0MjN003906: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 07:00:22 splunk3 sendmail[3908]: n38E0MjN003906: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  8 07:00:22 splunk3 sendmail[3908]: n38E0MjN003906: n38E0MjN003908: postmaster notify: User unknown
Apr  8 07:00:23 splunk3 sendmail[3908]: n38E0MjN003908: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  8 07:01:03 splunk3 sendmail[4116]: n38E13OS004116: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:01:09 splunk3 sendmail[4094]: n38E11Wa004094: from=root, size=443, class=0, nrcpts=1, msgid=<200904081401.n38E11Wa004094@splunk3.splunkit.com>, relay=root@localhost
Apr  8 07:01:09 splunk3 sendmail[4143]: n38E197s004143: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081401.n38E11Wa004094@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 07:01:09 splunk3 sendmail[4094]: n38E11Wa004094: to=root, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38E197s004143 Message accepted for delivery)
Apr  8 07:01:11 splunk3 sendmail[4144]: n38E197s004143: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 07:02:03 splunk3 sendmail[4373]: n38E23bG004373: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:03:03 splunk3 sendmail[4615]: n38E33YR004615: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:04:03 splunk3 sendmail[4850]: n38E43r9004850: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:04:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:05:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:05:03 splunk3 sendmail[5107]: n38E53iW005107: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:05:15 splunk3 sendmail[5186]: n38E5FZ0005186: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081405.n38E5FcZ019738@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:05:15 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40770 
Apr  8 07:05:15 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:05:15 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 07:05:15 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 07:05:15 splunk3 sendmail[5187]: n38E5FZ0005186: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:05:15 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:06:03 splunk3 sendmail[5396]: n38E63Tb005396: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:07:03 splunk3 sendmail[5634]: n38E738E005634: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:08:03 splunk3 sendmail[5868]: n38E83MY005868: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:09:03 splunk3 sendmail[6111]: n38E93di006111: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:09:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:10:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:10:03 splunk3 sendmail[6450]: n38EA3gl006450: from=root, size=292, class=0, nrcpts=1, msgid=<200904081410.n38EA3gl006450@splunk3.splunkit.com>, relay=root@localhost
Apr  8 07:10:03 splunk3 sendmail[6455]: n38EA3RZ006455: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081410.n38EA3gl006450@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 07:10:03 splunk3 sendmail[6450]: n38EA3gl006450: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38EA3RZ006455 Message accepted for delivery)
Apr  8 07:10:03 splunk3 sendmail[6462]: n38EA35f006462: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:10:04 splunk3 sendmail[6456]: n38EA3RZ006455: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 07:10:16 splunk3 sendmail[6504]: n38EAGhJ006504: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081410.n38EAGwN020348@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:10:16 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40827 
Apr  8 07:10:16 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:10:16 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:10:16 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:10:16 splunk3 spamd[25517]: spamd: processing message <200904081410.n38EAGwN020348@virt2.int.splunk.com> for spamme:501 
Apr  8 07:10:19 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 07:10:19 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40827,mid=<200904081410.n38EAGwN020348@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 07:10:19 splunk3 sendmail[6505]: n38EAGhJ006504: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:10:19 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:11:03 splunk3 sendmail[6719]: n38EB3N7006719: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 07:12:03 splunk3 sendmail[6954]: n38EC3Ww006954: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:13:03 splunk3 sendmail[7191]: n38ED3pw007191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:14:03 splunk3 sendmail[7426]: n38EE3KM007426: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:14:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:15:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:15:03 splunk3 sendmail[7684]: n38EF3NZ007684: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:15:16 splunk3 sendmail[7728]: n38EFGQo007728: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081415.n38EFG0Z021132@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:15:16 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40883 
Apr  8 07:15:16 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:15:16 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:15:16 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:15:16 splunk3 spamd[25517]: spamd: processing message <200904081415.n38EFG0Z021132@virt2.int.splunk.com> for spamme:501 
Apr  8 07:15:20 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  8 07:15:20 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40883,mid=<200904081415.n38EFG0Z021132@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 07:15:20 splunk3 sendmail[7729]: n38EFGQo007728: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:15:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:16:03 splunk3 sendmail[7935]: n38EG3rZ007935: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:17:03 splunk3 sendmail[8174]: n38EH3da008174: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:18:03 splunk3 sendmail[8410]: n38EI3Xj008410: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:19:03 splunk3 sendmail[8648]: n38EJ3bG008648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:19:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:20:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:20:03 splunk3 sendmail[8896]: n38EK30N008896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:20:17 splunk3 sendmail[8956]: n38EKHa0008956: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081420.n38EKGDt021766@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:20:17 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40939 
Apr  8 07:20:17 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:20:17 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:20:17 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:20:17 splunk3 spamd[25517]: spamd: processing message <200904081420.n38EKGDt021766@virt2.int.splunk.com> for spamme:501 
Apr  8 07:20:19 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.8 seconds, 1308 bytes. 
Apr  8 07:20:19 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.8,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40939,mid=<200904081420.n38EKGDt021766@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 07:20:20 splunk3 sendmail[8957]: n38EKHa0008956: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:20:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:21:03 splunk3 sendmail[9152]: n38EL3OW009152: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:22:03 splunk3 sendmail[9387]: n38EM3r7009387: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:23:03 splunk3 sendmail[9625]: n38EN3PH009625: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:24:03 splunk3 sendmail[9863]: n38EO301009863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:24:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:25:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:25:03 splunk3 sendmail[10110]: n38EP3ON010110: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:25:17 splunk3 sendmail[10167]: n38EPHnj010167: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081425.n38EPHCC022376@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:25:17 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 40995 
Apr  8 07:25:17 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:25:17 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:25:17 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:25:17 splunk3 spamd[25517]: spamd: processing message <200904081425.n38EPHCC022376@virt2.int.splunk.com> for spamme:501 
Apr  8 07:25:21 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.1 seconds, 1308 bytes. 
Apr  8 07:25:21 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.1,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=40995,mid=<200904081425.n38EPHCC022376@virt2.int.splunk.com>,bayes=0.114653241964198,autolearn=no 
Apr  8 07:25:21 splunk3 sendmail[10168]: n38EPHnj010167: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:25:21 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:26:03 splunk3 sendmail[10363]: n38EQ37t010363: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 07:27:03 splunk3 sendmail[10601]: n38ER3lV010601: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:28:03 splunk3 sendmail[10836]: n38ES3ku010836: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:29:03 splunk3 sendmail[11075]: n38ET3W4011075: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:29:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:29:54 splunk3 sendmail[10783]: n38ERrOC010783: from=<ting4trieu@aol.com>, size=3741, class=0, nrcpts=1, msgid=<8f2b019dc2c5$2de44701$a2fa08a3@aol.com>, proto=ESMTP, daemon=MTA, relay=dsl-tn-dynamic-170.225.164.122.airtelbroadband.in [122.164.225.170] (may be forged)
Apr  8 07:29:54 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41048 
Apr  8 07:29:54 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:29:54 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:29:54 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:29:54 splunk3 spamd[25517]: spamd: processing message <8f2b019dc2c5$2de44701$a2fa08a3@aol.com> for spamme:501 
Apr  8 07:29:57 splunk3 spamd[25517]: spamd: identified spam (20.0/5.0) for spamme:501 in 2.5 seconds, 4115 bytes. 
Apr  8 07:29:57 splunk3 spamd[25517]: spamd: result: Y 19 - BAYES_99,DATE_IN_FUTURE_96_XX,HELO_DYNAMIC_DHCP,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=2.5,size=4115,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41048,mid=<8f2b019dc2c5$2de44701$a2fa08a3@aol.com>,bayes=1,autolearn=spam 
Apr  8 07:29:57 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:29:57 splunk3 sendmail[11281]: n38ERrOC010783: to=<spamme@splunkit.com>, delay=00:00:08, xdelay=00:00:03, mailer=local, pri=34026, dsn=2.0.0, stat=Sent
Apr  8 07:30:03 splunk3 sendmail[11326]: n38EU3GX011326: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:30:05 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:30:17 splunk3 sendmail[11390]: n38EUHeI011390: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081430.n38EUHU1022993@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:30:18 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41052 
Apr  8 07:30:18 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:30:18 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:30:18 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:30:18 splunk3 spamd[25517]: spamd: processing message <200904081430.n38EUHU1022993@virt2.int.splunk.com> for spamme:501 
Apr  8 07:30:20 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 07:30:20 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41052,mid=<200904081430.n38EUHU1022993@virt2.int.splunk.com>,bayes=0.114648755522827,autolearn=no 
Apr  8 07:30:20 splunk3 sendmail[11391]: n38EUHeI011390: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:30:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:30:21 splunk3 sendmail[11396]: n38EULrV011396: from=<3_bTcSRQKBtgAIIAF84F8LNM-HIL8JFSAIIAF8.6IGMJ4GG8MJFOHECN.6IG@alerts.bounces.google.com>, size=7411, class=0, nrcpts=1, msgid=<0016361e7bdcac707a04670bf818@google.com>, proto=ESMTP, daemon=MTA, relay=yw-out-1516.google.com [74.125.46.162]
Apr  8 07:30:21 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41054 
Apr  8 07:30:21 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:30:21 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:30:21 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:30:21 splunk3 spamd[25517]: spamd: processing message <0016361e7bdcac707a04670bf818@google.com> for spamme:501 
Apr  8 07:30:26 splunk3 spamd[25517]: spamd: clean message (-2.2/5.0) for spamme:501 in 4.8 seconds, 7840 bytes. 
Apr  8 07:30:26 splunk3 spamd[25517]: spamd: result: . -2 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY scantime=4.8,size=7840,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41054,mid=<0016361e7bdcac707a04670bf818@google.com>,bayes=0,autolearn=ham 
Apr  8 07:30:26 splunk3 sendmail[11398]: n38EULrV011396: to=<spamme@splunkit.com>, delay=00:00:05, xdelay=00:00:05, mailer=local, pri=37621, dsn=2.0.0, stat=Sent
Apr  8 07:30:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:31:03 splunk3 sendmail[11590]: n38EV3g9011590: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:32:03 splunk3 sendmail[11826]: n38EW37s011826: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:33:00 splunk3 sendmail[11258]: n38ETnj5011258: from=<shepherd3toufic@armkb.com>, size=3752, class=0, nrcpts=1, msgid=<3b05019dc514$c5f44089$6304c18a@armkb.com>, proto=ESMTP, daemon=MTA, relay=85.subnet125-162-19.speedy.telkom.net.id [125.162.19.85] (may be forged)
Apr  8 07:33:00 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41086 
Apr  8 07:33:00 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:33:00 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:33:00 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:33:00 splunk3 spamd[25517]: spamd: processing message <3b05019dc514$c5f44089$6304c18a@armkb.com> for spamme:501 
Apr  8 07:33:02 splunk3 spamd[25517]: spamd: identified spam (16.1/5.0) for spamme:501 in 1.3 seconds, 4120 bytes. 
Apr  8 07:33:02 splunk3 spamd[25517]: spamd: result: Y 16 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,HELO_DYNAMIC_SPLIT_IP,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,SUBJ_ALL_CAPS scantime=1.3,size=4120,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41086,mid=<3b05019dc514$c5f44089$6304c18a@armkb.com>,bayes=1,autolearn=no 
Apr  8 07:33:02 splunk3 sendmail[12046]: n38ETnj5011258: to=<spamme@splunkit.com>, delay=00:00:08, xdelay=00:00:02, mailer=local, pri=34017, dsn=2.0.0, stat=Sent
Apr  8 07:33:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:33:03 splunk3 sendmail[12070]: n38EX3j4012070: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:34:03 splunk3 sendmail[12303]: n38EY3PT012303: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:34:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:35:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:35:03 splunk3 sendmail[12550]: n38EZ3Gr012550: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:35:18 splunk3 sendmail[12611]: n38EZII2012611: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081435.n38EZIDC023769@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:35:18 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41110 
Apr  8 07:35:18 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:35:18 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:35:18 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:35:18 splunk3 spamd[25517]: spamd: processing message <200904081435.n38EZIDC023769@virt2.int.splunk.com> for spamme:501 
Apr  8 07:35:20 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  8 07:35:20 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41110,mid=<200904081435.n38EZIDC023769@virt2.int.splunk.com>,bayes=0.114680969005585,autolearn=no 
Apr  8 07:35:20 splunk3 sendmail[12612]: n38EZII2012611: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:35:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:36:03 splunk3 sendmail[12801]: n38Ea3HR012801: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:37:03 splunk3 sendmail[13039]: n38Eb3N7013039: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:38:03 splunk3 sendmail[13289]: n38Ec3fb013289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:39:03 splunk3 sendmail[13557]: n38Ed3U9013557: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:39:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:40:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:40:03 splunk3 sendmail[13806]: n38Ee3Gg013806: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:40:18 splunk3 sendmail[13863]: n38EeI76013863: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081440.n38EeI48024406@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:40:18 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41165 
Apr  8 07:40:18 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:40:18 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:40:18 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:40:18 splunk3 spamd[25517]: spamd: processing message <200904081440.n38EeI48024406@virt2.int.splunk.com> for spamme:501 
Apr  8 07:40:20 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1308 bytes. 
Apr  8 07:40:20 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41165,mid=<200904081440.n38EeI48024406@virt2.int.splunk.com>,bayes=0.114680969005585,autolearn=no 
Apr  8 07:40:20 splunk3 sendmail[13865]: n38EeI76013863: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:40:20 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:41:03 splunk3 sendmail[14059]: n38Ef33t014059: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 07:42:03 splunk3 sendmail[14296]: n38Eg3rL014296: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:43:03 splunk3 sendmail[14537]: n38Eh3kT014537: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:43:11 splunk3 sendmail[14278]: n38Eg1rw014278: from=<shih25tzi@shawcable.net>, size=1360, class=0, nrcpts=1, msgid=<7467019dbbee$c6963fa2$d77c5d02@shawcable.net>, proto=ESMTP, daemon=MTA, relay=20151241043.user.veloxzone.com.br [201.51.241.43]
Apr  8 07:43:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41201 
Apr  8 07:43:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:43:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:43:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:43:11 splunk3 spamd[25517]: spamd: processing message <7467019dbbee$c6963fa2$d77c5d02@shawcable.net> for spamme:501 
Apr  8 07:43:13 splunk3 spamd[25517]: spamd: identified spam (14.9/5.0) for spamme:501 in 2.3 seconds, 1694 bytes. 
Apr  8 07:43:13 splunk3 spamd[25517]: spamd: result: Y 14 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_SORBS_DUL scantime=2.3,size=1694,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41201,mid=<7467019dbbee$c6963fa2$d77c5d02@shawcable.net>,bayes=0.999997607368892,autolearn=no 
Apr  8 07:43:13 splunk3 sendmail[14562]: n38Eg1rw014278: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31595, dsn=2.0.0, stat=Sent
Apr  8 07:43:13 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:43:25 splunk3 sendmail[14497]: n38Egv4N014497: from=<stamosh@dnforum.com>, size=5785, class=0, nrcpts=1, msgid=<9e5f019dc171$6de0c522$d73321dd@dnforum.com>, proto=ESMTP, daemon=MTA, relay=213-167-198-253.domolink.elcom.ru [213.167.198.253] (may be forged)
Apr  8 07:43:25 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41204 
Apr  8 07:43:25 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:43:25 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:43:25 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:43:25 splunk3 spamd[25517]: spamd: processing message <9e5f019dc171$6de0c522$d73321dd@dnforum.com> for spamme:501 
Apr  8 07:43:28 splunk3 spamd[25517]: spamd: identified spam (32.5/5.0) for spamme:501 in 2.7 seconds, 6129 bytes. 
Apr  8 07:43:28 splunk3 spamd[25517]: spamd: result: Y 32 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,DNS_FROM_RFC_POST,DRUGS_ERECTILE,FROM_EXCESS_BASE64,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_XBL,SUBJECT_EXCESS_BASE64,URIBL_JP_SURBL,URIBL_SBL,URIBL_WS_SURBL scantime=2.7,size=6129,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41204,mid=<9e5f019dc171$6de0c522$d73321dd@dnforum.com>,bayes=1,autolearn=spam 
Apr  8 07:43:28 splunk3 sendmail[14622]: n38Egv4N014497: to=<spamme@splunkit.com>, delay=00:00:09, xdelay=00:00:03, mailer=local, pri=36038, dsn=2.0.0, stat=Sent
Apr  8 07:43:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:44:03 splunk3 sendmail[14782]: n38Ei3p5014782: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:44:33 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:45:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:45:03 splunk3 sendmail[15027]: n38Ej34O015027: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:45:20 splunk3 sendmail[15090]: n38EjKQg015090: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081445.n38EjI1E025023@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:45:20 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41224 
Apr  8 07:45:20 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:45:20 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:45:20 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:45:20 splunk3 spamd[25517]: spamd: processing message <200904081445.n38EjI1E025023@virt2.int.splunk.com> for spamme:501 
Apr  8 07:45:22 splunk3 sendmail[15050]: n38Ej9ui015050: from=<sushila5471shreeram@osdir.com>, size=3756, class=0, nrcpts=1, msgid=<4a0e019dc0b9$4fab8f67$7a4913a2@osdir.com>, proto=ESMTP, daemon=MTA, relay=[88.251.186.133]
Apr  8 07:45:22 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 07:45:22 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41224,mid=<200904081445.n38EjI1E025023@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 07:45:22 splunk3 sendmail[15091]: n38EjKQg015090: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:45:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:45:30 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41234 
Apr  8 07:45:30 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:45:30 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:45:30 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:45:30 splunk3 spamd[25517]: spamd: processing message <4a0e019dc0b9$4fab8f67$7a4913a2@osdir.com> for spamme:501 
Apr  8 07:45:32 splunk3 spamd[25517]: spamd: identified spam (11.0/5.0) for spamme:501 in 2.3 seconds, 4045 bytes. 
Apr  8 07:45:32 splunk3 spamd[25517]: spamd: result: Y 10 - BAYES_99,DATE_IN_FUTURE_96_XX,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID scantime=2.3,size=4045,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41234,mid=<4a0e019dc0b9$4fab8f67$7a4913a2@osdir.com>,bayes=1,autolearn=no 
Apr  8 07:45:32 splunk3 sendmail[15112]: n38Ej9ui015050: to=<spamme@splunkit.com>, delay=00:00:11, xdelay=00:00:10, mailer=local, pri=33934, dsn=2.0.0, stat=Sent
Apr  8 07:45:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:46:03 splunk3 sendmail[15284]: n38Ek3wB015284: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:47:03 splunk3 sendmail[15535]: n38El3iF015535: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:48:03 splunk3 sendmail[15768]: n38Em3al015768: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:49:03 splunk3 sendmail[16006]: n38En3j8016006: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:49:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:50:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:50:03 splunk3 sendmail[16256]: n38Eo3GJ016256: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:50:21 splunk3 sendmail[16317]: n38EoLLq016317: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081450.n38EoLU0025640@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:50:21 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41280 
Apr  8 07:50:21 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:50:21 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:50:21 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:50:21 splunk3 spamd[25517]: spamd: processing message <200904081450.n38EoLU0025640@virt2.int.splunk.com> for spamme:501 
Apr  8 07:50:23 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 07:50:23 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41280,mid=<200904081450.n38EoLU0025640@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 07:50:23 splunk3 sendmail[16318]: n38EoLLq016317: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:50:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:51:03 splunk3 sendmail[16511]: n38Ep3lX016511: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:52:04 splunk3 sendmail[16746]: n38Eq3gU016746: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:53:04 splunk3 sendmail[16986]: n38Er4FN016986: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:54:04 splunk3 sendmail[17225]: n38Es4FZ017225: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:54:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 07:55:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 07:55:04 splunk3 sendmail[17470]: n38Et4aG017470: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:55:21 splunk3 sendmail[17532]: n38EtL0R017532: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081455.n38EtLLX026247@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 07:55:21 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41336 
Apr  8 07:55:21 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 07:55:21 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 07:55:21 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 07:55:21 splunk3 spamd[25517]: spamd: processing message <200904081455.n38EtLLX026247@virt2.int.splunk.com> for spamme:501 
Apr  8 07:55:23 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 07:55:23 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41336,mid=<200904081455.n38EtLLX026247@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 07:55:23 splunk3 sendmail[17533]: n38EtL0R017532: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 07:55:23 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 07:56:04 splunk3 sendmail[17721]: n38Eu4f4017721: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 07:57:04 splunk3 sendmail[17961]: n38Ev4r9017961: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:58:04 splunk3 sendmail[18194]: n38Ew44L018194: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:59:04 splunk3 sendmail[18434]: n38Ex4iN018434: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 07:59:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:00:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:00:04 splunk3 sendmail[18736]: n38F04GG018736: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:00:04 splunk3 sendmail[18745]: n38F04pU018745: from=root, size=291, class=0, nrcpts=1, msgid=<200904081500.n38F04pU018745@splunk3.splunkit.com>, relay=root@localhost
Apr  8 08:00:04 splunk3 sendmail[18749]: n38F04jw018749: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081500.n38F04pU018745@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 08:00:04 splunk3 sendmail[18745]: n38F04pU018745: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38F04jw018749 Message accepted for delivery)
Apr  8 08:00:06 splunk3 sendmail[18750]: n38F04jw018749: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 08:00:21 splunk3 sendmail[18831]: n38F0L0P018831: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081500.n38F0L2Q026895@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:00:21 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41393 
Apr  8 08:00:21 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:00:21 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 08:00:21 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 08:00:21 splunk3 sendmail[18832]: n38F0L0P018831: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:00:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:00:27 splunk3 sendmail[18866]: n38F0RWw018866: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904081500.n38F0RWw018866@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 08:00:27 splunk3 sendmail[18868]: n38F0RWw018866: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 08:00:27 splunk3 sendmail[18868]: n38F0RWw018866: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 08:00:27 splunk3 sendmail[18868]: n38F0RWw018866: n38F0RWw018868: postmaster notify: User unknown
Apr  8 08:00:29 splunk3 sendmail[18868]: n38F0RWw018868: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 08:00:54 splunk3 sendmail[18978]: n38F0qcu018978: from=<lasyhpop@Notifact.com>, size=284, class=0, nrcpts=1, msgid=<200904081500.n38F0qcu018978@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=[213.252.194.207]
Apr  8 08:00:54 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41414 
Apr  8 08:00:54 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:00:54 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 08:00:54 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 08:00:54 splunk3 sendmail[18980]: n38F0qcu018978: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30576, dsn=2.0.0, stat=Sent
Apr  8 08:00:54 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:01:04 splunk3 sendmail[19035]: n38F14oC019035: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:01:12 splunk3 sendmail[19030]: n38F12lt019030: from=root, size=443, class=0, nrcpts=1, msgid=<200904081501.n38F12lt019030@splunk3.splunkit.com>, relay=root@localhost
Apr  8 08:01:12 splunk3 sendmail[19075]: n38F1CCm019075: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081501.n38F12lt019030@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 08:01:12 splunk3 sendmail[19030]: n38F12lt019030: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38F1CCm019075 Message accepted for delivery)
Apr  8 08:01:14 splunk3 sendmail[19076]: n38F1CCm019075: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 08:02:04 splunk3 sendmail[19274]: n38F24IA019274: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:03:04 splunk3 sendmail[19512]: n38F34Fx019512: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:04:04 splunk3 sendmail[19747]: n38F44HB019747: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:04:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:05:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:05:04 splunk3 sendmail[19995]: n38F544d019995: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:05:22 splunk3 sendmail[20073]: n38F5Mqu020073: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081505.n38F5Mck027569@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:05:22 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41458 
Apr  8 08:05:22 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:05:22 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 08:05:22 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 08:05:22 splunk3 sendmail[20074]: n38F5Mqu020073: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:05:22 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:06:04 splunk3 sendmail[20245]: n38F64LZ020245: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:07:04 splunk3 sendmail[20484]: n38F74lF020484: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:08:04 splunk3 sendmail[20725]: n38F845d020725: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:09:04 splunk3 sendmail[20962]: n38F94VU020962: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:09:14 splunk3 sendmail[20602]: n38F7a5V020602: from=<theodore6270shih_chi@justdropped.com>, size=3731, class=0, nrcpts=1, msgid=<2bed019dbf8a$fba045ae$c5ad8918@justdropped.com>, proto=ESMTP, daemon=MTA, relay=213.210.185.64.adsl.nextra.cz [213.210.185.64]
Apr  8 08:09:14 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41502 
Apr  8 08:09:14 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:09:14 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 08:09:14 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 08:09:14 splunk3 sendmail[21004]: n38F7a5V020602: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:00, mailer=local, pri=33959, dsn=2.0.0, stat=Sent
Apr  8 08:09:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:09:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:10:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:10:02 splunk3 sendmail[21306]: n38FA2K2021306: from=root, size=292, class=0, nrcpts=1, msgid=<200904081510.n38FA2K2021306@splunk3.splunkit.com>, relay=root@localhost
Apr  8 08:10:03 splunk3 sendmail[21311]: n38FA2gI021311: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081510.n38FA2K2021306@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 08:10:03 splunk3 sendmail[21306]: n38FA2K2021306: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38FA2gI021311 Message accepted for delivery)
Apr  8 08:10:04 splunk3 sendmail[21317]: n38FA4ol021317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:10:04 splunk3 sendmail[21312]: n38FA2gI021311: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 08:10:23 splunk3 sendmail[21396]: n38FANXg021396: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081510.n38FANJM028190@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:10:23 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41516 
Apr  8 08:10:23 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:10:23 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:10:23 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:10:23 splunk3 spamd[25517]: spamd: processing message <200904081510.n38FANJM028190@virt2.int.splunk.com> for spamme:501 
Apr  8 08:10:25 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1308 bytes. 
Apr  8 08:10:25 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41516,mid=<200904081510.n38FANJM028190@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:10:25 splunk3 sendmail[21397]: n38FANXg021396: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:10:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:11:04 splunk3 sendmail[21574]: n38FB44A021574: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 08:12:04 splunk3 sendmail[21810]: n38FC4OC021810: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:13:04 splunk3 sendmail[22049]: n38FD4GC022049: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:14:04 splunk3 sendmail[22285]: n38FE45P022285: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:14:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:15:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:15:04 splunk3 sendmail[22531]: n38FF4dl022531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:15:23 splunk3 sendmail[22609]: n38FFNqS022609: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081515.n38FFNqV028968@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:15:23 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41572 
Apr  8 08:15:23 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:15:23 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:15:23 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:15:23 splunk3 spamd[25517]: spamd: processing message <200904081515.n38FFNqV028968@virt2.int.splunk.com> for spamme:501 
Apr  8 08:15:25 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 08:15:25 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41572,mid=<200904081515.n38FFNqV028968@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:15:25 splunk3 sendmail[22610]: n38FFNqS022609: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:15:25 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:16:04 splunk3 sendmail[22780]: n38FG4pi022780: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:17:04 splunk3 sendmail[23019]: n38FH46h023019: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:18:04 splunk3 sendmail[23254]: n38FI4jb023254: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:19:04 splunk3 sendmail[23493]: n38FJ4u5023493: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:19:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:20:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:20:04 splunk3 sendmail[23744]: n38FK4lj023744: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:20:24 splunk3 sendmail[23823]: n38FKORt023823: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081520.n38FKNon029602@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:20:24 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41628 
Apr  8 08:20:24 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:20:24 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:20:24 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:20:24 splunk3 spamd[25517]: spamd: processing message <200904081520.n38FKNon029602@virt2.int.splunk.com> for spamme:501 
Apr  8 08:20:26 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 08:20:26 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41628,mid=<200904081520.n38FKNon029602@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:20:26 splunk3 sendmail[23824]: n38FKORt023823: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:20:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:20:31 splunk3 sendmail[23536]: n38FJGax023536: from=<trieuthaddeus@osdir.com>, size=1340, class=0, nrcpts=1, msgid=<9916019dc0b2$0a080740$a1872ffc@osdir.com>, proto=ESMTP, daemon=MTA, relay=[85.110.186.124]
Apr  8 08:20:31 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41638 
Apr  8 08:20:31 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:20:31 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:20:31 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:20:31 splunk3 spamd[25517]: spamd: processing message <9916019dc0b2$0a080740$a1872ffc@osdir.com> for spamme:501 
Apr  8 08:20:33 splunk3 spamd[25517]: spamd: identified spam (11.0/5.0) for spamme:501 in 2.2 seconds, 1617 bytes. 
Apr  8 08:20:33 splunk3 spamd[25517]: spamd: result: Y 10 - BAYES_99,DATE_IN_FUTURE_96_XX,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID scantime=2.2,size=1617,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41638,mid=<9916019dc0b2$0a080740$a1872ffc@osdir.com>,bayes=0.999878602486078,autolearn=no 
Apr  8 08:20:33 splunk3 sendmail[23875]: n38FJGax023536: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31518, dsn=2.0.0, stat=Sent
Apr  8 08:20:33 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:21:04 splunk3 sendmail[24005]: n38FL4bO024005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:22:04 splunk3 sendmail[24239]: n38FM4Kh024239: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:23:04 splunk3 sendmail[24482]: n38FN4qi024482: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:24:04 splunk3 sendmail[24716]: n38FO4Ra024716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:24:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:25:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:25:04 splunk3 sendmail[24976]: n38FP4JN024976: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:25:24 splunk3 sendmail[25057]: n38FPOAs025057: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081525.n38FPOSH030209@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:25:24 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41692 
Apr  8 08:25:24 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:25:24 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:25:24 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:25:24 splunk3 spamd[25517]: spamd: processing message <200904081525.n38FPOSH030209@virt2.int.splunk.com> for spamme:501 
Apr  8 08:25:26 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1308 bytes. 
Apr  8 08:25:26 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41692,mid=<200904081525.n38FPOSH030209@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:25:26 splunk3 sendmail[25058]: n38FPOAs025057: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:25:26 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:26:04 splunk3 sendmail[25218]: n38FQ4TR025218: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 08:27:04 splunk3 sendmail[25459]: n38FR4aZ025459: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:28:04 splunk3 sendmail[25695]: n38FS41P025695: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:29:04 splunk3 sendmail[25933]: n38FT48G025933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:29:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:30:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:30:04 splunk3 sendmail[26191]: n38FU4i2026191: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:30:25 splunk3 sendmail[26270]: n38FUOme026270: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081530.n38FUOJW030837@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:30:25 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41749 
Apr  8 08:30:25 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:30:25 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:30:25 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:30:25 splunk3 spamd[25517]: spamd: processing message <200904081530.n38FUOJW030837@virt2.int.splunk.com> for spamme:501 
Apr  8 08:30:27 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.4 seconds, 1308 bytes. 
Apr  8 08:30:27 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.4,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41749,mid=<200904081530.n38FUOJW030837@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:30:27 splunk3 sendmail[26271]: n38FUOme026270: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:30:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:31:04 splunk3 sendmail[26436]: n38FV4Dl026436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:32:04 splunk3 sendmail[26672]: n38FW4nf026672: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:33:04 splunk3 sendmail[26911]: n38FX4KA026911: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:34:04 splunk3 sendmail[27145]: n38FY4u5027145: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:34:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:35:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:35:04 splunk3 sendmail[27402]: n38FZ4QK027402: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:35:25 splunk3 sendmail[27482]: n38FZPrq027482: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081535.n38FZPRS031578@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:35:25 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41804 
Apr  8 08:35:25 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:35:25 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:35:25 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:35:25 splunk3 spamd[25517]: spamd: processing message <200904081535.n38FZPRS031578@virt2.int.splunk.com> for spamme:501 
Apr  8 08:35:27 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 08:35:27 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41804,mid=<200904081535.n38FZPRS031578@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:35:27 splunk3 sendmail[27483]: n38FZPrq027482: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:35:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:36:04 splunk3 sendmail[27643]: n38Fa4k7027643: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:37:04 splunk3 sendmail[27881]: n38Fb4aP027881: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:38:04 splunk3 sendmail[28121]: n38Fc4tu028121: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:39:04 splunk3 sendmail[28359]: n38Fd4pW028359: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:39:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:40:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:40:04 splunk3 sendmail[28617]: n38Fe424028617: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:40:25 splunk3 sendmail[28698]: n38FePmO028698: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081540.n38FePwT032225@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:40:25 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41860 
Apr  8 08:40:25 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:40:25 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:40:25 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:40:25 splunk3 spamd[25517]: spamd: processing message <200904081540.n38FePwT032225@virt2.int.splunk.com> for spamme:501 
Apr  8 08:40:27 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 08:40:27 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41860,mid=<200904081540.n38FePwT032225@virt2.int.splunk.com>,bayes=0.114676482018722,autolearn=no 
Apr  8 08:40:27 splunk3 sendmail[28699]: n38FePmO028698: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 08:40:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:41:04 splunk3 sendmail[28863]: n38Ff4T8028863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 08:42:04 splunk3 sendmail[29100]: n38Fg48m029100: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:42:35 splunk3 sendmail[14417]: n38EgYPl014417: timeout waiting for input from [78.177.244.48] during server cmd read
Apr  8 08:42:35 splunk3 sendmail[14417]: n38EgYPl014417: [78.177.244.48] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:43:04 splunk3 sendmail[29338]: n38Fh4Jr029338: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:44:04 splunk3 sendmail[29573]: n38Fi4PD029573: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:44:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:45:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:45:04 splunk3 sendmail[29829]: n38Fj4Vd029829: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:45:26 splunk3 sendmail[29907]: n38FjP7c029907: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904081545.n38FjP7P000370@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:45:26 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41916 
Apr  8 08:45:26 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:45:26 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:45:26 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:45:26 splunk3 spamd[25517]: spamd: processing message <200904081545.n38FjP7P000370@virt2.int.splunk.com> for spamme:501 
Apr  8 08:45:28 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1302 bytes. 
Apr  8 08:45:28 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41916,mid=<200904081545.n38FjP7P000370@virt2.int.splunk.com>,bayes=0.0680312966052553,autolearn=no 
Apr  8 08:45:28 splunk3 sendmail[29908]: n38FjP7c029907: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  8 08:45:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:45:32 splunk3 sendmail[29931]: n38FjTd0029931: from=<sudhir2tammie@armkb.com>, size=3716, class=0, nrcpts=1, msgid=<f758019dc0b7$8aed9e8e$aae100c6@armkb.com>, proto=ESMTP, daemon=MTA, relay=93-141-20-91.adsl.net.t-com.hr [93.141.20.91]
Apr  8 08:45:32 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41918 
Apr  8 08:45:32 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:45:32 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:45:32 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:45:32 splunk3 spamd[25517]: spamd: processing message <f758019dc0b7$8aed9e8e$aae100c6@armkb.com> for spamme:501 
Apr  8 08:45:34 splunk3 spamd[25517]: spamd: identified spam (18.5/5.0) for spamme:501 in 2.4 seconds, 4027 bytes. 
Apr  8 08:45:34 splunk3 spamd[25517]: spamd: result: Y 18 - BAYES_99,DATE_IN_FUTURE_96_XX,DNS_FROM_RFC_BOGUSMX,FORGED_RCVD_HELO,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL scantime=2.4,size=4027,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41918,mid=<f758019dc0b7$8aed9e8e$aae100c6@armkb.com>,bayes=1,autolearn=spam 
Apr  8 08:45:34 splunk3 sendmail[29952]: n38FjTd0029931: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=33928, dsn=2.0.0, stat=Sent
Apr  8 08:45:34 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:46:04 splunk3 sendmail[30074]: n38Fk4st030074: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:47:04 splunk3 sendmail[30315]: n38Fl4ED030315: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:48:04 splunk3 sendmail[30550]: n38Fm4Vi030550: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:49:04 splunk3 sendmail[30789]: n38Fn4MV030789: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:49:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:50:02 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:50:04 splunk3 sendmail[31046]: n38Fo4Xb031046: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:50:26 splunk3 sendmail[31144]: n38FoQgc031144: from=<spammer@spamdomain.com>, size=1026, class=0, nrcpts=1, msgid=<200904081550.n38FoQwN000994@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:50:26 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41973 
Apr  8 08:50:26 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:50:26 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:50:26 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:50:26 splunk3 spamd[25517]: spamd: processing message <200904081550.n38FoQwN000994@virt2.int.splunk.com> for spamme:501 
Apr  8 08:50:28 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1302 bytes. 
Apr  8 08:50:28 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1302,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41973,mid=<200904081550.n38FoQwN000994@virt2.int.splunk.com>,bayes=0.0680292442234384,autolearn=no 
Apr  8 08:50:28 splunk3 sendmail[31145]: n38FoQgc031144: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31218, dsn=2.0.0, stat=Sent
Apr  8 08:50:28 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:51:04 splunk3 sendmail[31290]: n38Fp4bo031290: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:52:04 splunk3 sendmail[31527]: n38Fq4AC031527: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:53:04 splunk3 sendmail[31770]: n38Fr4i3031770: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:54:04 splunk3 sendmail[32005]: n38Fs4Vw032005: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:54:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 08:55:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 08:55:04 splunk3 sendmail[32261]: n38Ft4e6032261: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:55:27 splunk3 sendmail[32358]: n38FtQIZ032358: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081555.n38FtQeY001622@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 08:55:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42028 
Apr  8 08:55:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 08:55:27 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 08:55:27 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 08:55:27 splunk3 spamd[25517]: spamd: processing message <200904081555.n38FtQeY001622@virt2.int.splunk.com> for spamme:501 
Apr  8 08:55:29 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1305 bytes. 
Apr  8 08:55:29 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42028,mid=<200904081555.n38FtQeY001622@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 08:55:29 splunk3 sendmail[32359]: n38FtQIZ032358: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 08:55:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 08:56:04 splunk3 sendmail[32503]: n38Fu4jj032503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 08:57:04 splunk3 sendmail[32745]: n38Fv4Tm032745: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:58:04 splunk3 sendmail[510]: n38Fw4ck000510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:59:04 splunk3 sendmail[750]: n38Fx4Rg000750: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 08:59:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:00:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:00:03 splunk3 sendmail[1057]: n38G03u8001057: from=<splunk@localhost>, size=721, class=0, nrcpts=1, msgid=<200904081600.n38G03u8001057@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 09:00:03 splunk3 sendmail[1059]: n38G03u8001057: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120721, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 09:00:03 splunk3 sendmail[1059]: n38G03u8001057: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120721, dsn=5.1.1, stat=User unknown
Apr  8 09:00:03 splunk3 sendmail[1059]: n38G03u8001057: n38G03u8001059: postmaster notify: User unknown
Apr  8 09:00:04 splunk3 sendmail[1079]: n38G04IU001079: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:00:04 splunk3 sendmail[1083]: n38G04ki001083: from=root, size=291, class=0, nrcpts=1, msgid=<200904081600.n38G04ki001083@splunk3.splunkit.com>, relay=root@localhost
Apr  8 09:00:04 splunk3 sendmail[1059]: n38G03u8001059: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32089, dsn=2.0.0, stat=Sent
Apr  8 09:00:04 splunk3 sendmail[1087]: n38G04Dn001087: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081600.n38G04ki001083@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 09:00:04 splunk3 sendmail[1083]: n38G04ki001083: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38G04Dn001087 Message accepted for delivery)
Apr  8 09:00:06 splunk3 sendmail[1088]: n38G04Dn001087: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 09:00:27 splunk3 sendmail[1188]: n38G0RWX001188: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081600.n38G0RXg002278@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:00:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42093 
Apr  8 09:00:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:00:27 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 09:00:27 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 09:00:27 splunk3 sendmail[1189]: n38G0RWX001188: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:00:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:01:04 splunk3 sendmail[1342]: n38G14ER001342: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:01:09 splunk3 sendmail[1335]: n38G11UH001335: from=root, size=443, class=0, nrcpts=1, msgid=<200904081601.n38G11UH001335@splunk3.splunkit.com>, relay=root@localhost
Apr  8 09:01:09 splunk3 sendmail[1366]: n38G19pD001366: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081601.n38G11UH001335@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 09:01:10 splunk3 sendmail[1335]: n38G11UH001335: to=root, ctladdr=root (0/0), delay=00:00:09, xdelay=00:00:01, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38G19pD001366 Message accepted for delivery)
Apr  8 09:01:11 splunk3 sendmail[1367]: n38G19pD001366: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 09:02:04 splunk3 sendmail[1583]: n38G24Yc001583: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:03:04 splunk3 sendmail[1821]: n38G34mh001821: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:04:04 splunk3 sendmail[2057]: n38G44KL002057: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:04:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:05:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:05:04 splunk3 sendmail[2312]: n38G54TI002312: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:05:27 splunk3 sendmail[2409]: n38G5RsT002409: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081605.n38G5Ru5002982@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:05:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42150 
Apr  8 09:05:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:05:27 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 09:05:27 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 09:05:27 splunk3 sendmail[2410]: n38G5RsT002409: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:05:27 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:06:04 splunk3 sendmail[2551]: n38G64VQ002551: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:07:04 splunk3 sendmail[2804]: n38G74kn002804: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:08:04 splunk3 sendmail[3053]: n38G8427003053: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:09:04 splunk3 sendmail[3294]: n38G94AR003294: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:09:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:10:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:10:02 splunk3 sendmail[3653]: n38GA21i003653: from=root, size=292, class=0, nrcpts=1, msgid=<200904081610.n38GA21i003653@splunk3.splunkit.com>, relay=root@localhost
Apr  8 09:10:02 splunk3 sendmail[3658]: n38GA2fi003658: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081610.n38GA21i003653@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 09:10:02 splunk3 sendmail[3653]: n38GA21i003653: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38GA2fi003658 Message accepted for delivery)
Apr  8 09:10:03 splunk3 sendmail[3659]: n38GA2fi003658: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 09:10:04 splunk3 sendmail[3677]: n38GA42D003677: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:10:27 splunk3 sendmail[3782]: n38GARgB003782: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081610.n38GARU0003571@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:10:27 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42206 
Apr  8 09:10:27 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:10:27 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:10:27 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:10:27 splunk3 spamd[25517]: spamd: processing message <200904081610.n38GARU0003571@virt2.int.splunk.com> for spamme:501 
Apr  8 09:10:29 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  8 09:10:29 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42206,mid=<200904081610.n38GARU0003571@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:10:29 splunk3 sendmail[3783]: n38GARgB003782: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:10:29 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:11:04 splunk3 sendmail[3934]: n38GB4o7003934: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 09:12:04 splunk3 sendmail[4184]: n38GC4Zo004184: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:13:04 splunk3 sendmail[4437]: n38GD4Ag004437: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:14:04 splunk3 sendmail[4679]: n38GE4Rv004679: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:14:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:15:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:15:04 splunk3 sendmail[4931]: n38GF4Vs004931: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:15:28 splunk3 sendmail[5043]: n38GFSeb005043: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081615.n38GFSVa004378@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:15:28 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42263 
Apr  8 09:15:28 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:15:28 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:15:28 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:15:28 splunk3 spamd[25517]: spamd: processing message <200904081615.n38GFSVa004378@virt2.int.splunk.com> for spamme:501 
Apr  8 09:15:30 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.1 seconds, 1305 bytes. 
Apr  8 09:15:30 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.1,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42263,mid=<200904081615.n38GFSVa004378@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:15:30 splunk3 sendmail[5044]: n38GFSeb005043: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:15:30 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:16:04 splunk3 sendmail[5220]: n38GG4xu005220: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:17:04 splunk3 sendmail[5463]: n38GH4C0005463: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:18:04 splunk3 sendmail[5697]: n38GI4xD005697: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:19:04 splunk3 sendmail[5933]: n38GJ4VX005933: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:19:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:20:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:20:04 splunk3 sendmail[6182]: n38GK4fm006182: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:20:29 splunk3 sendmail[6292]: n38GKTNp006292: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081620.n38GKSZe004986@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:20:29 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42318 
Apr  8 09:20:29 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:20:29 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:20:29 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:20:29 splunk3 spamd[25517]: spamd: processing message <200904081620.n38GKSZe004986@virt2.int.splunk.com> for spamme:501 
Apr  8 09:20:31 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 09:20:31 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42318,mid=<200904081620.n38GKSZe004986@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:20:31 splunk3 sendmail[6293]: n38GKTNp006292: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:20:31 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:21:04 splunk3 sendmail[6436]: n38GL4xG006436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:22:04 splunk3 sendmail[6671]: n38GM4Nn006671: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:23:04 splunk3 sendmail[6914]: n38GN4gL006914: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:24:04 splunk3 sendmail[7150]: n38GO4wv007150: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:24:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:25:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:25:04 splunk3 sendmail[7397]: n38GP4gE007397: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:25:29 splunk3 sendmail[7507]: n38GPTge007507: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081625.n38GPTXp005620@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:25:29 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42374 
Apr  8 09:25:29 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:25:29 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:25:29 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:25:29 splunk3 spamd[25517]: spamd: processing message <200904081625.n38GPTXp005620@virt2.int.splunk.com> for spamme:501 
Apr  8 09:25:32 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1305 bytes. 
Apr  8 09:25:32 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42374,mid=<200904081625.n38GPTXp005620@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:25:32 splunk3 sendmail[7508]: n38GPTge007507: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:25:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:26:04 splunk3 sendmail[7655]: n38GQ4oB007655: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 09:27:04 splunk3 sendmail[7896]: n38GR4HG007896: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:27:07 splunk3 sendmail[7855]: n38GQt2i007855: from=<spamme@splunkit.com>, size=585, class=0, nrcpts=1, msgid=<200904081626.n38GQt2i007855@splunk3.splunkit.com>, proto=SMTP, daemon=MTA, relay=[41.252.55.41]
Apr  8 09:27:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42392 
Apr  8 09:27:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:27:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:27:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:27:07 splunk3 spamd[25517]: spamd: processing message <200904081626.n38GQt2i007855@splunk3.splunkit.com> for spamme:501 
Apr  8 09:27:10 splunk3 spamd[25517]: spamd: identified spam (10.4/5.0) for spamme:501 in 2.7 seconds, 939 bytes. 
Apr  8 09:27:10 splunk3 spamd[25517]: spamd: result: Y 10 - BAYES_99,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MSGID_FROM_MTA_ID,RCVD_IN_SORBS_WEB scantime=2.7,size=939,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42392,mid=<200904081626.n38GQt2i007855@splunk3.splunkit.com>,bayes=0.999665237445914,autolearn=no 
Apr  8 09:27:10 splunk3 sendmail[7922]: n38GQt2i007855: to=<spamme@splunkit.com>, ctladdr=<spamme@splunkit.com> (501/502), delay=00:00:11, xdelay=00:00:03, mailer=local, pri=30863, dsn=2.0.0, stat=Sent
Apr  8 09:27:10 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:28:04 splunk3 sendmail[8136]: n38GS4uO008136: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:29:04 splunk3 sendmail[8376]: n38GT4Hs008376: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:29:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:30:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:30:04 splunk3 sendmail[8624]: n38GU4Bj008624: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:30:30 splunk3 sendmail[8735]: n38GUTDh008735: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081630.n38GUTvH006216@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:30:30 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42431 
Apr  8 09:30:30 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:30:30 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:30:30 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:30:30 splunk3 spamd[25517]: spamd: processing message <200904081630.n38GUTvH006216@virt2.int.splunk.com> for spamme:501 
Apr  8 09:30:32 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 09:30:32 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42431,mid=<200904081630.n38GUTvH006216@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:30:32 splunk3 sendmail[8736]: n38GUTDh008735: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:30:32 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:31:04 splunk3 sendmail[8879]: n38GV44h008879: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:32:04 splunk3 sendmail[9115]: n38GW4xi009115: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:33:04 splunk3 sendmail[9351]: n38GX4OA009351: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:34:04 splunk3 sendmail[9585]: n38GY4kR009585: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:34:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:35:00 splunk3 sendmail[9809]: n38GZ01v009809: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081635.n38GZ0CC006887@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:35:00 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42475 
Apr  8 09:35:00 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:35:00 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:35:00 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:35:00 splunk3 spamd[25517]: spamd: processing message <200904081635.n38GZ0CC006887@virt2.int.splunk.com> for spamme:501 
Apr  8 09:35:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:35:02 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 09:35:02 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42475,mid=<200904081635.n38GZ0CC006887@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:35:02 splunk3 sendmail[9810]: n38GZ01v009809: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:35:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:35:04 splunk3 sendmail[9838]: n38GZ4qD009838: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:36:04 splunk3 sendmail[10081]: n38Ga4MQ010081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:37:04 splunk3 sendmail[10319]: n38Gb4bl010319: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:38:04 splunk3 sendmail[10560]: n38Gc4ml010560: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:39:04 splunk3 sendmail[10799]: n38Gd4aG010799: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:39:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:40:00 splunk3 sendmail[11035]: n38Ge09f011035: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081640.n38Ge0CQ007502@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:40:00 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42531 
Apr  8 09:40:00 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:40:00 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:40:00 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:40:00 splunk3 spamd[25517]: spamd: processing message <200904081640.n38Ge0CQ007502@virt2.int.splunk.com> for spamme:501 
Apr  8 09:40:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:40:02 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.4 seconds, 1305 bytes. 
Apr  8 09:40:02 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.4,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42531,mid=<200904081640.n38Ge0CQ007502@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:40:02 splunk3 sendmail[11036]: n38Ge09f011035: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:40:02 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:40:04 splunk3 sendmail[11052]: n38Ge4TP011052: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:41:04 splunk3 sendmail[11300]: n38Gf4M4011300: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 09:42:04 splunk3 sendmail[11538]: n38Gg47Y011538: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:43:04 splunk3 sendmail[11777]: n38Gh4Sc011777: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:44:04 splunk3 sendmail[12012]: n38Gi4rb012012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:44:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:45:01 splunk3 sendmail[12255]: n38Gj1ZE012255: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081645.n38Gj0te008132@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:45:01 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42587 
Apr  8 09:45:01 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:45:01 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:45:01 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:45:01 splunk3 spamd[25517]: spamd: processing message <200904081645.n38Gj0te008132@virt2.int.splunk.com> for spamme:501 
Apr  8 09:45:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:45:03 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.7 seconds, 1305 bytes. 
Apr  8 09:45:03 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42587,mid=<200904081645.n38Gj0te008132@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:45:03 splunk3 sendmail[12256]: n38Gj1ZE012255: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:45:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:45:04 splunk3 sendmail[12266]: n38Gj4qT012266: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:46:04 splunk3 sendmail[12510]: n38Gk4cj012510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:46:32 splunk3 sendmail[12628]: n38GkVit012628: from=<359TcSRQKBuIKSSKPIEPIVXW-RSVITPcKSSKPI.GSQWTEQQIWTPYROMX.GSQ@alerts.bounces.google.com>, size=9408, class=0, nrcpts=1, msgid=<0016e644c708ab51da04670ddf09@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.186]
Apr  8 09:46:32 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42609 
Apr  8 09:46:32 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:46:32 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:46:32 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:46:32 splunk3 spamd[25517]: spamd: processing message <0016e644c708ab51da04670ddf09@google.com> for spamme:501 
Apr  8 09:46:34 splunk3 spamd[25517]: spamd: clean message (-1.3/5.0) for spamme:501 in 1.7 seconds, 9838 bytes. 
Apr  8 09:46:34 splunk3 spamd[25517]: spamd: result: . -1 - AWL,BAYES_00,HTML_50_60,HTML_MESSAGE,MIME_BASE64_NO_NAME,MIME_BASE64_TEXT,MIME_HTML_ONLY scantime=1.7,size=9838,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42609,mid=<0016e644c708ab51da04670ddf09@google.com>,bayes=0,autolearn=no 
Apr  8 09:46:34 splunk3 sendmail[12629]: n38GkVit012628: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=39619, dsn=2.0.0, stat=Sent
Apr  8 09:46:34 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:47:04 splunk3 sendmail[12755]: n38Gl4Kg012755: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:48:04 splunk3 sendmail[12989]: n38Gm4bh012989: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:49:04 splunk3 sendmail[13226]: n38Gn4RA013226: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:49:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:50:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:50:02 splunk3 sendmail[13509]: n38Go23N013509: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081650.n38Go1wd008750@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:50:02 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42644 
Apr  8 09:50:02 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:50:02 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:50:02 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:50:02 splunk3 spamd[25517]: spamd: processing message <200904081650.n38Go1wd008750@virt2.int.splunk.com> for spamme:501 
Apr  8 09:50:04 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1305 bytes. 
Apr  8 09:50:04 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42644,mid=<200904081650.n38Go1wd008750@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:50:04 splunk3 sendmail[13510]: n38Go23N013509: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:50:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:50:04 splunk3 sendmail[13519]: n38Go4Dk013519: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:51:04 splunk3 sendmail[13766]: n38Gp4Fk013766: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:52:04 splunk3 sendmail[14002]: n38Gq46V014002: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:53:04 splunk3 sendmail[14244]: n38Gr4u2014244: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:54:04 splunk3 sendmail[14475]: n38Gs4Xf014475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:54:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 09:55:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 09:55:02 splunk3 sendmail[14720]: n38Gt2IG014720: from=<spammer@spamdomain.com>, size=1029, class=0, nrcpts=1, msgid=<200904081655.n38Gt2QL009395@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 09:55:02 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42699 
Apr  8 09:55:02 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 09:55:02 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 09:55:02 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 09:55:02 splunk3 spamd[25517]: spamd: processing message <200904081655.n38Gt2QL009395@virt2.int.splunk.com> for spamme:501 
Apr  8 09:55:04 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.7 seconds, 1305 bytes. 
Apr  8 09:55:04 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.7,size=1305,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42699,mid=<200904081655.n38Gt2QL009395@virt2.int.splunk.com>,bayes=0.17201573938411,autolearn=no 
Apr  8 09:55:04 splunk3 sendmail[14721]: n38Gt2IG014720: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31221, dsn=2.0.0, stat=Sent
Apr  8 09:55:04 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 09:55:04 splunk3 sendmail[14727]: n38Gt49j014727: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:56:04 splunk3 sendmail[14971]: n38Gu4OG014971: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 09:57:05 splunk3 sendmail[15212]: n38Gv5I0015212: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:58:05 splunk3 sendmail[15449]: n38Gw5Jl015449: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:59:05 splunk3 sendmail[15698]: n38Gx5ua015698: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 09:59:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:00:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:00:03 splunk3 sendmail[15998]: n38H03Jw015998: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081700.n38H027q010033@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:00:03 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42756 
Apr  8 10:00:03 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:00:03 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 10:00:03 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 10:00:03 splunk3 sendmail[15999]: n38H03Jw015998: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:00:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:00:04 splunk3 sendmail[16011]: n38H04aM016011: from=root, size=291, class=0, nrcpts=1, msgid=<200904081700.n38H04aM016011@splunk3.splunkit.com>, relay=root@localhost
Apr  8 10:00:04 splunk3 sendmail[16015]: n38H04C1016015: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081700.n38H04aM016011@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 10:00:04 splunk3 sendmail[16011]: n38H04aM016011: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38H04C1016015 Message accepted for delivery)
Apr  8 10:00:05 splunk3 sendmail[16021]: n38H05J2016021: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:00:05 splunk3 sendmail[16016]: n38H04C1016015: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 10:00:08 splunk3 sendmail[16055]: n38H08hb016055: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904081700.n38H08hb016055@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 10:00:08 splunk3 sendmail[16057]: n38H08hb016055: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 10:00:08 splunk3 sendmail[16057]: n38H08hb016055: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 10:00:08 splunk3 sendmail[16057]: n38H08hb016055: n38H08hb016057: postmaster notify: User unknown
Apr  8 10:00:10 splunk3 sendmail[16057]: n38H08hb016057: to=root, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 10:01:05 splunk3 sendmail[16290]: n38H150m016290: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:01:11 splunk3 sendmail[16285]: n38H11pk016285: from=root, size=443, class=0, nrcpts=1, msgid=<200904081701.n38H11pk016285@splunk3.splunkit.com>, relay=root@localhost
Apr  8 10:01:11 splunk3 sendmail[16334]: n38H1BtI016334: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081701.n38H11pk016285@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 10:01:11 splunk3 sendmail[16285]: n38H11pk016285: to=root, ctladdr=root (0/0), delay=00:00:10, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38H1BtI016334 Message accepted for delivery)
Apr  8 10:01:12 splunk3 sendmail[16335]: n38H1BtI016334: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 10:02:05 splunk3 sendmail[16531]: n38H25dB016531: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:03:05 splunk3 sendmail[16772]: n38H35G5016772: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:04:05 splunk3 sendmail[17007]: n38H453E017007: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:04:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:05:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:05:03 splunk3 sendmail[17252]: n38H53kj017252: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081705.n38H53EW010720@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:05:03 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42820 
Apr  8 10:05:03 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:05:03 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 10:05:03 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 10:05:03 splunk3 sendmail[17254]: n38H53kj017252: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:05:03 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:05:05 splunk3 sendmail[17258]: n38H55ih017258: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:06:05 splunk3 sendmail[17503]: n38H65uq017503: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:07:05 splunk3 sendmail[17741]: n38H757p017741: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:08:05 splunk3 sendmail[17982]: n38H85N4017982: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:09:05 splunk3 sendmail[18218]: n38H95Zb018218: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:09:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:10:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:10:02 splunk3 sendmail[18557]: n38HA2SA018557: from=root, size=292, class=0, nrcpts=1, msgid=<200904081710.n38HA2SA018557@splunk3.splunkit.com>, relay=root@localhost
Apr  8 10:10:02 splunk3 sendmail[18561]: n38HA2ql018561: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081710.n38HA2SA018557@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 10:10:02 splunk3 sendmail[18557]: n38HA2SA018557: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38HA2ql018561 Message accepted for delivery)
Apr  8 10:10:04 splunk3 sendmail[18562]: n38HA2ql018561: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 10:10:04 splunk3 sendmail[18566]: n38HA4hl018566: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081710.n38HA4PP011330@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:10:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42877 
Apr  8 10:10:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:10:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:10:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:10:04 splunk3 spamd[25517]: spamd: processing message <200904081710.n38HA4PP011330@virt2.int.splunk.com> for spamme:501 
Apr  8 10:10:05 splunk3 sendmail[18577]: n38HA5xC018577: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:10:06 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 10:10:06 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42877,mid=<200904081710.n38HA4PP011330@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:10:06 splunk3 sendmail[18567]: n38HA4hl018566: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:10:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:11:05 splunk3 sendmail[18836]: n38HB55n018836: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 10:12:05 splunk3 sendmail[19074]: n38HC5X2019074: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:13:05 splunk3 sendmail[19317]: n38HD5Cw019317: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:14:05 splunk3 sendmail[19552]: n38HE5LZ019552: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:14:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:15:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:15:04 splunk3 sendmail[19777]: n38HF4PP019777: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081715.n38HF4vq012115@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:15:04 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42933 
Apr  8 10:15:04 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:15:04 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:15:04 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:15:04 splunk3 spamd[25517]: spamd: processing message <200904081715.n38HF4vq012115@virt2.int.splunk.com> for spamme:501 
Apr  8 10:15:05 splunk3 sendmail[19803]: n38HF5sr019803: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:15:06 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 10:15:06 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42933,mid=<200904081715.n38HF4vq012115@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:15:06 splunk3 sendmail[19778]: n38HF4PP019777: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:15:06 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:16:05 splunk3 sendmail[20046]: n38HG5f8020046: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:17:05 splunk3 sendmail[20287]: n38HH5hf020287: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:18:05 splunk3 sendmail[20523]: n38HI54c020523: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:19:05 splunk3 sendmail[20761]: n38HJ5pH020761: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:19:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:20:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:20:05 splunk3 sendmail[21012]: n38HK5lX021012: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:20:05 splunk3 sendmail[21013]: n38HK5OQ021013: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081720.n38HK5Fl012752@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:20:05 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42989 
Apr  8 10:20:05 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:20:05 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:20:05 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:20:05 splunk3 spamd[25517]: spamd: processing message <200904081720.n38HK5Fl012752@virt2.int.splunk.com> for spamme:501 
Apr  8 10:20:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 10:20:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42989,mid=<200904081720.n38HK5Fl012752@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:20:07 splunk3 sendmail[21014]: n38HK5OQ021013: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:20:07 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:21:05 splunk3 sendmail[21266]: n38HL5lr021266: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:22:05 splunk3 sendmail[21500]: n38HM5rN021500: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:23:05 splunk3 sendmail[21743]: n38HN5MJ021743: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:24:05 splunk3 sendmail[21977]: n38HO5ql021977: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:24:11 splunk3 sendmail[21998]: n38HOAMr021998: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=61-231-65-253.dynamic.hinet.net [61.231.65.253], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Apr  8 10:24:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:25:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:25:05 splunk3 sendmail[22226]: n38HP58x022226: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:25:05 splunk3 sendmail[22227]: n38HP5Xw022227: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081725.n38HP5tP013365@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:25:05 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43045 
Apr  8 10:25:05 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:25:05 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:25:05 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:25:05 splunk3 spamd[25517]: spamd: processing message <200904081725.n38HP5tP013365@virt2.int.splunk.com> for spamme:501 
Apr  8 10:25:07 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  8 10:25:07 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43045,mid=<200904081725.n38HP5tP013365@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:25:07 splunk3 sendmail[22228]: n38HP5Xw022227: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:25:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:26:05 splunk3 sendmail[22475]: n38HQ524022475: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:26:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 10:27:05 splunk3 sendmail[22716]: n38HR5P5022716: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:28:05 splunk3 sendmail[22949]: n38HS5bC022949: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:29:05 splunk3 sendmail[23188]: n38HT5Yf023188: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:29:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:30:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:30:05 splunk3 sendmail[23436]: n38HU5te023436: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:30:06 splunk3 sendmail[23437]: n38HU5Y4023437: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081730.n38HU5JP013983@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:30:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43101 
Apr  8 10:30:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:30:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:30:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:30:06 splunk3 spamd[25517]: spamd: processing message <200904081730.n38HU5JP013983@virt2.int.splunk.com> for spamme:501 
Apr  8 10:30:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 10:30:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43101,mid=<200904081730.n38HU5JP013983@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:30:08 splunk3 sendmail[23438]: n38HU5Y4023437: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:30:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:31:05 splunk3 sendmail[23689]: n38HV5gW023689: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:32:05 splunk3 sendmail[23927]: n38HW54b023927: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:33:05 splunk3 sendmail[24164]: n38HX5tY024164: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:34:05 splunk3 sendmail[24400]: n38HY5ZJ024400: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:34:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:35:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:35:05 splunk3 sendmail[24648]: n38HZ5YG024648: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:35:06 splunk3 sendmail[24650]: n38HZ6ec024650: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081735.n38HZ645014733@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:35:06 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43157 
Apr  8 10:35:06 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:35:06 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:35:06 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:35:06 splunk3 spamd[25517]: spamd: processing message <200904081735.n38HZ645014733@virt2.int.splunk.com> for spamme:501 
Apr  8 10:35:08 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 10:35:08 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43157,mid=<200904081735.n38HZ645014733@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:35:08 splunk3 sendmail[24651]: n38HZ6ec024650: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:35:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:36:05 splunk3 sendmail[24897]: n38Ha5f8024897: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:37:05 splunk3 sendmail[25136]: n38Hb5rA025136: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:38:05 splunk3 sendmail[25376]: n38Hc5dT025376: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:39:05 splunk3 sendmail[25617]: n38Hd5ma025617: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:39:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:40:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:40:05 splunk3 sendmail[25863]: n38He5IZ025863: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:40:07 splunk3 sendmail[25865]: n38He7YM025865: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081740.n38He6K3015362@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:40:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43212 
Apr  8 10:40:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:40:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:40:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:40:07 splunk3 spamd[25517]: spamd: processing message <200904081740.n38He6K3015362@virt2.int.splunk.com> for spamme:501 
Apr  8 10:40:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.5 seconds, 1308 bytes. 
Apr  8 10:40:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43212,mid=<200904081740.n38He6K3015362@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:40:09 splunk3 sendmail[25866]: n38He7YM025865: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:40:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:41:05 splunk3 sendmail[26119]: n38Hf5Ti026119: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:41:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 10:42:05 splunk3 sendmail[26355]: n38Hg5m8026355: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:43:05 splunk3 sendmail[26591]: n38Hh5d0026591: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:44:05 splunk3 sendmail[26824]: n38Hi5L1026824: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:44:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:45:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:45:05 splunk3 sendmail[27071]: n38Hj5Zf027071: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:45:07 splunk3 sendmail[27073]: n38Hj7nI027073: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081745.n38Hj7Od015972@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:45:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43269 
Apr  8 10:45:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:45:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:45:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:45:07 splunk3 spamd[25517]: spamd: processing message <200904081745.n38Hj7Od015972@virt2.int.splunk.com> for spamme:501 
Apr  8 10:45:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.3 seconds, 1308 bytes. 
Apr  8 10:45:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.3,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43269,mid=<200904081745.n38Hj7Od015972@virt2.int.splunk.com>,bayes=0.114671995393627,autolearn=no 
Apr  8 10:45:09 splunk3 sendmail[27074]: n38Hj7nI027073: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:45:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:46:05 splunk3 sendmail[27322]: n38Hk5sk027322: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:47:05 splunk3 sendmail[27561]: n38Hl5Ev027561: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:48:05 splunk3 sendmail[27797]: n38Hm5vT027797: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:48:40 splunk3 sendmail[27917]: n38HmalY027917: from=<yaserf@bariaur.com>, size=2137, class=0, nrcpts=1, msgid=<684e019db508$e0c47a03$b340682e@bariaur.com>, proto=ESMTP, daemon=MTA, relay=[124.5.203.56]
Apr  8 10:48:40 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43310 
Apr  8 10:48:40 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:48:40 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:48:40 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:48:40 splunk3 spamd[25517]: spamd: processing message <684e019db508$e0c47a03$b340682e@bariaur.com> for spamme:501 
Apr  8 10:48:43 splunk3 spamd[25517]: spamd: identified spam (35.5/5.0) for spamme:501 in 2.3 seconds, 2402 bytes. 
Apr  8 10:48:43 splunk3 spamd[25517]: spamd: result: Y 35 - BAYES_99,DATE_IN_FUTURE_96_XX,FROM_EXCESS_BASE64,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,MSGID_OUTLOOK_INVALID,RCVD_IN_NJABL_PROXY,REPLICA_WATCH,SUBJECT_EXCESS_BASE64,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=2.3,size=2402,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43310,mid=<684e019db508$e0c47a03$b340682e@bariaur.com>,bayes=1,autolearn=spam 
Apr  8 10:48:43 splunk3 sendmail[27936]: n38HmalY027917: to=<spamme@splunkit.com>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=32313, dsn=2.0.0, stat=Sent
Apr  8 10:48:43 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:49:05 splunk3 sendmail[28041]: n38Hn5bo028041: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:49:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:50:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:50:05 splunk3 sendmail[28289]: n38Ho5qL028289: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:50:07 splunk3 sendmail[28292]: n38Ho7LW028292: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081750.n38Ho7gS016585@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:50:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43325 
Apr  8 10:50:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:50:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:50:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:50:07 splunk3 spamd[25517]: spamd: processing message <200904081750.n38Ho7gS016585@virt2.int.splunk.com> for spamme:501 
Apr  8 10:50:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.5 seconds, 1308 bytes. 
Apr  8 10:50:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.5,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43325,mid=<200904081750.n38Ho7gS016585@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 10:50:09 splunk3 sendmail[28293]: n38Ho7LW028292: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:50:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:51:05 splunk3 sendmail[28542]: n38Hp5ds028542: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:52:05 splunk3 sendmail[28778]: n38Hq53I028778: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:53:05 splunk3 sendmail[29024]: n38Hr5wi029024: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:54:05 splunk3 sendmail[29257]: n38Hs50R029257: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:54:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 10:55:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 10:55:05 splunk3 sendmail[29505]: n38Ht5ww029505: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:55:07 splunk3 sendmail[29506]: n38Ht7If029506: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081755.n38Ht7Aq017192@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 10:55:07 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43381 
Apr  8 10:55:07 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 10:55:07 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 10:55:07 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 10:55:07 splunk3 spamd[25517]: spamd: processing message <200904081755.n38Ht7Aq017192@virt2.int.splunk.com> for spamme:501 
Apr  8 10:55:09 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.6 seconds, 1308 bytes. 
Apr  8 10:55:09 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43381,mid=<200904081755.n38Ht7Aq017192@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 10:55:09 splunk3 sendmail[29507]: n38Ht7If029506: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 10:55:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 10:56:05 splunk3 sendmail[29754]: n38Hu5gx029754: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:56:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 10:57:05 splunk3 sendmail[29994]: n38Hv5nR029994: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:58:05 splunk3 sendmail[30226]: n38Hw507030226: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:59:05 splunk3 sendmail[30464]: n38Hx54B030464: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 10:59:32 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:00:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:00:04 splunk3 sendmail[30758]: n38I04RW030758: from=root, size=291, class=0, nrcpts=1, msgid=<200904081800.n38I04RW030758@splunk3.splunkit.com>, relay=root@localhost
Apr  8 11:00:04 splunk3 sendmail[30769]: n38I04Nh030769: from=<root@splunk3.splunkit.com>, size=564, class=0, nrcpts=1, msgid=<200904081800.n38I04RW030758@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 11:00:04 splunk3 sendmail[30758]: n38I04RW030758: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38I04Nh030769 Message accepted for delivery)
Apr  8 11:00:05 splunk3 sendmail[30784]: n38I05ej030784: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:00:06 splunk3 sendmail[30779]: n38I04Nh030769: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=30791, dsn=2.0.0, stat=Sent
Apr  8 11:00:08 splunk3 sendmail[30785]: n38I08jJ030785: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081800.n38I08qu017828@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:00:08 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43438 
Apr  8 11:00:08 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:00:08 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 11:00:08 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 11:00:08 splunk3 sendmail[30786]: n38I08jJ030785: to=<spamme@splunkit.com>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:00:08 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:00:16 splunk3 sendmail[30838]: n38I0GGr030838: from=<splunk@localhost>, size=725, class=0, nrcpts=1, msgid=<200904081800.n38I0GGr030838@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 11:00:16 splunk3 sendmail[30840]: n38I0GGr030838: to=<mark@splunk.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120725, relay=[10.2.1.10] [10.2.1.10], dsn=5.1.1, stat=User unknown
Apr  8 11:00:16 splunk3 sendmail[30840]: n38I0GGr030838: to=<splunk@localhost>, delay=00:00:00, mailer=local, pri=120725, dsn=5.1.1, stat=User unknown
Apr  8 11:00:16 splunk3 sendmail[30840]: n38I0GGr030838: n38I0GGr030840: postmaster notify: User unknown
Apr  8 11:00:17 splunk3 sendmail[30840]: n38I0GGr030840: to=root, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32093, dsn=2.0.0, stat=Sent
Apr  8 11:01:05 splunk3 sendmail[31058]: n38I1566031058: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:01:15 splunk3 sendmail[31035]: n38I11xA031035: from=root, size=443, class=0, nrcpts=1, msgid=<200904081801.n38I11xA031035@splunk3.splunkit.com>, relay=root@localhost
Apr  8 11:01:15 splunk3 sendmail[31097]: n38I1FXt031097: from=<root@splunk3.splunkit.com>, size=716, class=0, nrcpts=1, msgid=<200904081801.n38I11xA031035@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 11:01:15 splunk3 sendmail[31035]: n38I11xA031035: to=root, ctladdr=root (0/0), delay=00:00:14, xdelay=00:00:00, mailer=relay, pri=30443, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38I1FXt031097 Message accepted for delivery)
Apr  8 11:01:19 splunk3 sendmail[31098]: n38I1FXt031097: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:04, xdelay=00:00:04, mailer=local, pri=30943, dsn=2.0.0, stat=Sent
Apr  8 11:02:05 splunk3 sendmail[31301]: n38I25LK031301: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:03:05 splunk3 sendmail[31539]: n38I35eS031539: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:04:05 splunk3 sendmail[31773]: n38I45nW031773: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:04:31 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:05:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:05:05 splunk3 sendmail[32020]: n38I559S032020: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:05:09 splunk3 sendmail[32023]: n38I585L032023: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081805.n38I5821018506@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:05:09 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43502 
Apr  8 11:05:09 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:05:09 splunk3 spamd[25517]: config: failed to load user (spamme) scores from SQL database: config: SQL error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) 
Apr  8 11:05:09 splunk3 spamd[25517]: spamd: service unavailable: Error fetching user preferences via SQL at /usr/bin/spamd line 1679. 
Apr  8 11:05:09 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:05:09 splunk3 sendmail[32024]: n38I585L032023: to=<spamme@splunkit.com>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:06:05 splunk3 sendmail[32269]: n38I65AX032269: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:07:05 splunk3 sendmail[32510]: n38I75V2032510: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:08:05 splunk3 sendmail[32749]: n38I85eV032749: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:09:05 splunk3 sendmail[521]: n38I955K000521: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:09:31 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:10:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:10:02 splunk3 sendmail[840]: n38IA20S000840: from=root, size=292, class=0, nrcpts=1, msgid=<200904081810.n38IA20S000840@splunk3.splunkit.com>, relay=root@localhost
Apr  8 11:10:02 splunk3 sendmail[845]: n38IA2jx000845: from=<root@splunk3.splunkit.com>, size=565, class=0, nrcpts=1, msgid=<200904081810.n38IA20S000840@splunk3.splunkit.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr  8 11:10:02 splunk3 sendmail[840]: n38IA20S000840: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n38IA2jx000845 Message accepted for delivery)
Apr  8 11:10:03 splunk3 sendmail[846]: n38IA2jx000845: to=<root@splunk3.splunkit.com>, ctladdr=<root@splunk3.splunkit.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=30792, dsn=2.0.0, stat=Sent
Apr  8 11:10:05 splunk3 sendmail[873]: n38IA5c1000873: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:10:10 splunk3 sendmail[892]: n38IA9ck000892: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081810.n38IA9cK019122@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:10:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43558 
Apr  8 11:10:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:10:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 11:10:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 11:10:10 splunk3 spamd[25517]: spamd: processing message <200904081810.n38IA9cK019122@virt2.int.splunk.com> for spamme:501 
Apr  8 11:10:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.6 seconds, 1308 bytes. 
Apr  8 11:10:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.6,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43558,mid=<200904081810.n38IA9cK019122@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 11:10:12 splunk3 sendmail[893]: n38IA9ck000892: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:10:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:11:05 splunk3 sendmail[1130]: n38IB5Nn001130: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:11:31 splunk3 imap-login: Aborted login [::ffff:10.2.1.48]
Apr  8 11:12:05 splunk3 sendmail[1367]: n38IC5UM001367: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:13:05 splunk3 sendmail[1605]: n38ID5kA001605: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:13:48 splunk3 sendmail[1764]: n38IDmnZ001764: from=<3W-ncSRQKBmsPXXPUNJUNacb-WXaNYUhPXXPUN.LXVbYJVVNbYUdWTRc.LXV@alerts.bounces.google.com>, size=3462, class=0, nrcpts=1, msgid=<001485f54734c4dbdd04670f1748@google.com>, proto=ESMTP, daemon=MTA, relay=an-out-0910.google.com [209.85.132.187]
Apr  8 11:13:48 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43602 
Apr  8 11:13:48 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:13:48 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 11:13:48 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 11:13:48 splunk3 spamd[25517]: spamd: processing message <001485f54734c4dbdd04670f1748@google.com> for spamme:501 
Apr  8 11:13:50 splunk3 spamd[25517]: spamd: clean message (-1.4/5.0) for spamme:501 in 1.7 seconds, 3892 bytes. 
Apr  8 11:13:50 splunk3 spamd[25517]: spamd: result: . -1 - AWL,BAYES_00,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY scantime=1.7,size=3892,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43602,mid=<001485f54734c4dbdd04670f1748@google.com>,bayes=0,autolearn=no 
Apr  8 11:13:50 splunk3 sendmail[1765]: n38IDmnZ001764: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=33673, dsn=2.0.0, stat=Sent
Apr  8 11:13:50 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:14:05 splunk3 sendmail[1848]: n38IE5Xe001848: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:14:31 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:15:01 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:15:05 splunk3 sendmail[2095]: n38IF5is002095: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:15:10 splunk3 sendmail[2115]: n38IFAo2002115: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081815.n38IFApP019903@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:15:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43616 
Apr  8 11:15:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:15:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 11:15:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 11:15:10 splunk3 spamd[25517]: spamd: processing message <200904081815.n38IFApP019903@virt2.int.splunk.com> for spamme:501 
Apr  8 11:15:14 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 4.2 seconds, 1308 bytes. 
Apr  8 11:15:14 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=4.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43616,mid=<200904081815.n38IFApP019903@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 11:15:14 splunk3 sendmail[2116]: n38IFAo2002115: to=<spamme@splunkit.com>, delay=00:00:04, xdelay=00:00:04, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:15:14 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:16:05 splunk3 sendmail[2345]: n38IG5IU002345: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:17:05 splunk3 sendmail[2588]: n38IH5nR002588: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:18:05 splunk3 sendmail[2833]: n38II5Ir002833: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:19:05 splunk3 sendmail[3081]: n38IJ57w003081: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:19:31 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:20:00 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:20:05 splunk3 sendmail[3333]: n38IK5ZQ003333: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:20:10 splunk3 sendmail[3353]: n38IKAN4003353: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081820.n38IKA9Q020538@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:20:10 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43671 
Apr  8 11:20:10 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:20:10 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 11:20:10 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 11:20:10 splunk3 spamd[25517]: spamd: processing message <200904081820.n38IKA9Q020538@virt2.int.splunk.com> for spamme:501 
Apr  8 11:20:12 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 1.2 seconds, 1308 bytes. 
Apr  8 11:20:12 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=1.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43671,mid=<200904081820.n38IKA9Q020538@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 11:20:12 splunk3 spamd[3033]: prefork: child states: II 
Apr  8 11:20:12 splunk3 sendmail[3354]: n38IKAN4003353: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:21:05 splunk3 sendmail[3609]: n38IL5HX003609: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:22:05 splunk3 sendmail[3853]: n38IM524003853: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:23:05 splunk3 sendmail[4112]: n38IN58O004112: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:24:05 splunk3 sendmail[4364]: n38IO5KJ004364: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:24:11 splunk3 sendmail[21998]: n38HOAMr021998: timeout waiting for input from 61-231-65-253.dynamic.hinet.net during server cmd read
Apr  8 11:24:11 splunk3 sendmail[21998]: n38HOAMr021998: lost input channel from 61-231-65-253.dynamic.hinet.net [61.231.65.253] to MTA after rcpt
Apr  8 11:24:11 splunk3 sendmail[21998]: n38HOAMr021998: from=<0407pc@163.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=61-231-65-253.dynamic.hinet.net [61.231.65.253]
Apr  8 11:24:31 splunk3 imap-login: Disconnected [::ffff:127.0.0.1]
Apr  8 11:25:00 splunk3 imap-login: Login: spamme [::ffff:10.2.1.57]
Apr  8 11:25:05 splunk3 sendmail[4647]: n38IP58A004647: lb1.int.splunk.com [10.2.1.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr  8 11:25:11 splunk3 sendmail[4668]: n38IPBSB004668: from=<spammer@spamdomain.com>, size=1032, class=0, nrcpts=1, msgid=<200904081825.n38IPBMZ021146@virt2.int.splunk.com>, proto=ESMTP, daemon=MTA, relay=[64.127.105.34]
Apr  8 11:25:11 splunk3 spamd[25517]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43727 
Apr  8 11:25:11 splunk3 spamd[25517]: spamd: setuid to spamme succeeded 
Apr  8 11:25:11 splunk3 spamd[25517]: config: failed to parse, now a plugin, skipping: ok_languages all 
Apr  8 11:25:11 splunk3 spamd[25517]: config: SpamAssassin failed to parse line, ".4" is not valid for "required_hits", skipping: required_hits .4 
Apr  8 11:25:11 splunk3 spamd[25517]: spamd: processing message <200904081825.n38IPBMZ021146@virt2.int.splunk.com> for spamme:501 
Apr  8 11:25:13 splunk3 spamd[25517]: spamd: identified spam (100.6/5.0) for spamme:501 in 2.2 seconds, 1308 bytes. 
Apr  8 11:25:13 splunk3 spamd[25517]: spamd: result: Y 100 - AWL,BAYES_20,HTML_30_40,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NO_REAL_NAME,USER_IN_BLACKLIST scantime=2.2,size=1308,user=spamme,uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43727,mid=<200904081825.n38IPBMZ021146@virt2.int.splunk.com>,bayes=0.114667509130265,autolearn=no 
Apr  8 11:25:13 splunk3 sendmail[4669]: n38IPBSB004668: to=<spamme@splunkit.com>, delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31224, dsn=2.0.0, stat=Sent
Apr  8 11:25:13 splunk3 spamd[3033]: prefork: child states: II