So today I saw a message was blocked by Amavisd with the following in my logs:
ar 26 12:40:14 mail postfix/qmgr[6810]: 8CBBF77AFE7: from=<[email protected]>, size=1092, nrcpt=1 (queue active) Mar 26 12:40:15 mail amavis[24976]: (24976-05) Blocked SPAM, MYNETS LOCAL [192.168.0.164] [173.132.102.218] <[email protected]> -> <[email protected]>, quarantine: spam-bDpQHvADjOfc.gz, Message-ID: <[email protected]>, mail_id: bDpQHvADjOfc, Hits: 9.201, size: 1092, 487 ms I found the message in /var/virusmails/ and saw the following: [car...@tuna] $ zcat spam-bDpQHvADjOfc.gz ************************************************************************** Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: <[email protected]> X-Envelope-To: <[email protected]> X-Envelope-To-Blocked: <[email protected]> X-Quarantine-ID: <bDpQHvADjOfc> X-Spam-Flag: YES X-Spam-Score: 9.201 X-Spam-Level: ********* X-Spam-Status: Yes, score=9.201 tag=-999 tag2=5 kill=8 tests=[BAYES_00=-1.9, FH_HELO_EQ_D_D_D_D=3.177, HELO_DYNAMIC_IPADDR2=3.607, RCVD_IN_PBL=3.335, RDNS_DYNAMIC=0.982] autolearn=no Received: from mail.mydomain.tld ([127.0.0.1]) by localhost (mydomain.tld [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bDpQHvADjOfc for <[email protected]>; Fri, 26 Mar 2010 12:40:14 -0400 (EDT) Received: from miller (unknown [192.168.0.164]) by mail.mydomain.tld (Postfix) with ESMTP id 8CBBF77AFE7 for <[email protected]>; Fri, 26 Mar 2010 12:40:14 -0400 (EDT) Received: from 173-132-102-218.pools.spcsdns.net (173-132-102-218.pools.spcsdns.net [173.132.102.218]) by miller (Postfix) with ESMTP id 45A2867EE7 for <[email protected]>; Fri, 26 Mar 2010 12:40:14 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1077) Subject: Re: Package at Front Desk From: Kurt <[email protected]> In-Reply-To: <[email protected]> Date: Fri, 26 Mar 2010 12:40:12 -0400 Content-Transfer-Encoding: 7bit Message-Id: <[email protected]> References: <[email protected]> To: Damon <[email protected]> X-Mailer: Apple Mail (2.1077) Thank you. On Mar 26, 2010, at 12:37 PM, Damon wrote: > Kurt, > > You received a package today from UPS. It is located at the front desk. > > Damon > How do I understand what triggered this message to score so high in Amavisd? They're asking me why and I don't know how to respond based after reviewing this message above. ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
