We're trying to replace a Windows anti-spam on the mailbox servers with amavisd/sa/clam on the front-end mx.
We are running both now. the backend mail scanner is still catching too many true spams. We uploaded the backend spams to the mx and run them through spamc, with these results: 70524039.eml 6.8/5.0 70524110.eml 2.2/5.0 70524179.eml -0.8/5.0 70524467.eml 0.6/5.0 70524539.eml 4.4/5.0 70524823.eml 5.3/5.0 70524975.eml 0.7/5.0 70525118.eml 0.0/5.0 70525193.eml 0.3/5.0 70525194.eml 0.3/5.0 70525195.eml 0.3/5.0 70525196.eml 0.3/5.0 70525268.eml 0.6/5.0 70525555.eml 0.6/5.0 70526054.eml 1.1/5.0 70526278.eml -6.9/5.0 70526349.eml 5.1/5.0 70526350.eml 5.1/5.0 70526355.eml 6.2/5.0 70526504.eml -1.5/5.0 70526736.eml 2.5/5.0 70526806.eml 0.6/5.0 70526878.eml 7.0/5.0 70526948.eml -4.7/5.0 70527201.eml -4.0/5.0 70527759.eml 1.7/5.0 70527851.eml 13.9/5.0 70527853.eml 6.6/5.0 70527857.eml 6.6/5.0 70527859.eml 1.7/5.0 70527964.eml 4.0/5.0 70528139.eml 0.3/5.0 70528238.eml -2.6/5.0 70528410.eml 2.5/5.0 70528676.eml 1.8/5.0 70528770.eml 3.2/5.0 70528867.eml -0.8/5.0 70528947.eml -2.6/5.0 70529227.eml 4.3/5.0 70529503.eml -0.2/5.0 70529506.eml -0.2/5.0 70529588.eml 0.0/5.0 70529687.eml 4.7/5.0 70529695.eml 0.0/5.0 70529768.eml 2.8/5.0 70529775.eml -8.0/5.0 70529866.eml 1.9/5.0 70529956.eml 4.3/5.0 70530039.eml 2.0/5.0 70530206.eml 3.5/5.0 70530469.eml 0.0/5.0 70530670.eml 6.1/5.0 70530671.eml 6.1/5.0 70530746.eml 0.2/5.0 70530840.eml 0.0/5.0 All of the above files are below the amavis max file limit to send to sa, so they should be scanned. how do the the eml's with 5+ on just the body (not the sending IP) getting through amavis/sa? our sa rulesets: mx1# ll /usr/local/etc/mail/spamassassin/ total 318 -rw-r--r-- 1 root wheel 22546 Jun 24 2005 backhair.cf -rw-r--r-- 1 root wheel 23422 Jun 24 2005 chickenpox.cf -rw-r--r-- 1 root wheel 1300 Jul 24 13:49 init.pre -rw-r--r-- 1 root wheel 1300 Dec 1 2007 init.pre.sample -rw-r--r-- 1 root wheel 1728 Jul 27 13:13 local.cf -rw-r--r-- 1 root wheel 1208 Dec 1 2007 local.cf.sample -rw-r--r-- 1 root wheel 224996 Jul 25 13:57 malwareblocklist.cf drwx------ 2 root wheel 512 Jul 24 14:05 sa-update-keys -rw-r--r-- 1 root wheel 2603 Jul 24 13:49 v310.pre -rw-r--r-- 1 root wheel 2603 Dec 1 2007 v310.pre.sample -rw-r--r-- 1 root wheel 1195 Jul 24 13:49 v312.pre -rw-r--r-- 1 root wheel 1195 Dec 1 2007 v312.pre.sample -rw-r--r-- 1 root wheel 2416 Jul 24 13:49 v320.pre -rw-r--r-- 1 root wheel 2416 Dec 1 2007 v320.pre.sample Any suggestions for other rulesets? thanks Len ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
