I have a postfix system running with spamassassin, amavisd and diverse rbl
checks.
The system removes almost all of the sent spam, except that I once in a
while receive a message, stating that the message was checked and given a
spam score of above 5
But the message is not rejected, like the prior 256 spam mails that are
rejected during a one day period.
Why and how do i get it removed?
Here is the header and the message received..
Received: from localhost by mail.domain1.dk
with SpamAssassin (version 3.1.1);
Wed, 21 Feb 2007 20:05:52 +0100
From: "Ekin Haigler" <[EMAIL PROTECTED]>
To: "Kausalya Rudd" <[EMAIL PROTECTED]>
Subject: *****SPAM***** at dutc
Date: Wed, 21 Feb 2007 19:48:40 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on
mail.domain1.dk
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.2 required=4.0 tests=RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_NJABL_DUL,RCVD_IN_XBL autolearn=no version=3.1.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45DC9810.045C8010"
Spam detection software, running on the system "mail.domain1.dk", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Hi, Via_aagra $3. 35 Va_aalium $1. 25 Cia_aalis $3. 75
Xan_nnax Som_mma http://www. kedrx .com [...]
Content analysis details: (6.2 points, 4.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?90.14.115.82>]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[90.14.115.82 listed in sbl-xbl.spamhaus.org]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[90.14.115.82 listed in combined.njabl.org]
___________________________________________________________
my amavis.conf
use strict;
# a minimalistic configuration file for amavisd-new with all necessary
settings
#
# see amavisd.conf-default for a list of all variables with their defaults;
# see amavisd.conf-sample for a traditional-style commented file;
# for more details see documentation in INSTALL, README_FILES/*
# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
# COMMONLY ADJUSTED SETTINGS:
# @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
$max_servers = 2; # number of pre-forked children (2..15 is
common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$mydomain = 'domain1.dk'; # a convenient default for other settings
$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created
manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
# $quarantine_subdir_levels = 1; # add level of subdirs to disperse
quarantine
# $daemon_chroot_dir = $MYHOME; # chroot directory or undef
# $db_home = "$MYHOME/db";
# $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root?
# $pid_file = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
@local_domains_maps = ( [".$mydomain"] );
@mynetworks = qw( 127.0.0.0/8 217.61.191.0/24);
$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if
$enable_db=1
$inet_socket_port = 10024; # listen on this local TCP port(s) (see
$protocol)
$unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 10; # spam level beyond which quarantine
is off
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0; # only tests which do not require internet
access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, cf option is 'use_auto_whitelist')
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1',
'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
$virus_admin = "[EMAIL PROTECTED]"; # notifications recip.
$mailfrom_notify_admin = "[EMAIL PROTECTED]"; # notifications sender
$mailfrom_notify_recip = "[EMAIL PROTECTED]"; # notifications sender
$mailfrom_notify_spamadmin = "[EMAIL PROTECTED]"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if
undef
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+'; # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf:
recipient_delimiter=+
$path =
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/usr/local/var';
$dspam = 'dspam';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
# OTHER MORE COMMON SETTINGS (defaults may suffice):
$myhostname = 'mail.domain1.dk';
# $notify_method = 'smtp:[127.0.0.1]:10025';
# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_REJECT;
# $final_bad_header_destiny = D_PASS;
@whitelist_sender_maps = (['.domain1.dk']);
[EMAIL PROTECTED] = ([qw(.example.org .example.net)]); # same thing
@whitelist_sender_maps = ( [".dk"] ); # $mydomain and its subdomains
# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
#
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
Dunno if you need more...
Thanx in advance
Chindoko
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
