Hi folks,
I use Amavisd-new with ClamAV and Spamassassin in CentOS+Postfix
environment.
Recently I've seen some spam mails have passed through Amavisd-new
filter without problems. I wonder exactly why and how these mails have
done it. First of all I've modify the $log_level configuration variable
to high value (5) in amavis.conf file to extract more info.
The headers of one junk mail are the next:
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on KarlPC.Demmedio
X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=5.0 tests=AWL,UNCLAIMED_MONEY
autolearn=no version=3.1.8
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (tartarus [127.0.0.1])
by mail (Intergrid MailServer) with ESMTP id 0374ED50283
for <[EMAIL PROTECTED]>; Fri, 3 Aug 2007 18:17:49 +0200 (CEST)
X-Virus-Scanned: amavisd-new at opengea.org
Received: from mail ([127.0.0.1])
by localhost (tartarus.opengea.org [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id JhwwDFKkot72 for <[EMAIL PROTECTED]>;
Fri, 3 Aug 2007 18:17:48 +0200 (CEST)
Received: from mx-out.strefa.interia.pl (mx-out.strefa.interia.pl
[217.74.66.53])
by mail (Intergrid MailServer) with ESMTP id 9AE7FD50278
for <[EMAIL PROTECTED]>; Fri, 3 Aug 2007 18:17:48 +0200 (CEST)
Received: by scol3.st.interia.pl (Postfix, from userid 1235)
id 265D73EFDC; Fri, 3 Aug 2007 18:17:47 +0200 (CEST)
Received: from mx.strefa.interia.pl (mx-out.strefa.interia.pl
[217.74.66.59])
by scol3.st.interia.pl (Postfix) with ESMTP id D91893E29F;
Fri, 3 Aug 2007 18:17:44 +0200 (CEST)
Received: by mx.strefa.interia.pl (Postfix, from userid 65534)
id AEC0A3EB8; Fri, 3 Aug 2007 18:17:44 +0200 (CEST)
Received: from new.st.interia.pl (new.st.interia.pl [217.74.66.42])
by system.wewnetrzny (Postfix) with ESMTP id 68588F0;
Fri, 3 Aug 2007 18:17:44 +0200 (CEST)
Date: 03 Aug 2007 18:17:44 +0200
From: rosemarry_van <[EMAIL PROTECTED]>
Subject: File For Claim Of Fund.
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/plain;
CHARSET=ISO-8859-2
Content-Transfer-Encoding: QUOTED-PRINTABLE
X-EMID:e6740acc
X-ORIGINATE-IP:24.132.107.23
Organization: INTERIA.PL S.A.
Message-Id: <[EMAIL PROTECTED]>
X-Length: 5685
X-UID: 24
<SPAM BODY DATA HERE>
The more unpleasant thing is the junk mails are sended to ALL users in
my domains.
¿Any clues to improve SA effectivity? Maybe I should to set up
required_hits variable value lower than current value (5) in the
local.cf spamassassin conf file...
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
