Maurizio, > I have a mailgw postifix+amavis+spamassassin+clamav in front of many > many server. A two stage mail server. When a message is tagged SPAM > i see the scoring in the postfix log, like here: > > Feb 23 09:53:30 mx2 amavis[2859]: (02859-01) Passed SPAMMY, > [x.y.w.z][x.y.w.z] <...> -> <...>, Message-ID:<..>, mail_id:L4DrDGWNWRkr, > Hits: 3.879, size: 108122, queued_as: 1C83B126699, 2888 ms > > I cannot say how this Hits: 3.879 is counted, however.
If you include a macro call %T in your $log_templ, the log entry will include the score breakdown by individual rules. Either uncomment the line by removing the first '#' (twice, a copy is a bit further down): #[? %#T ||, Tests: \[[%T|,]\]]# near the end of file amavisd (search for 'per-message amavisd-new log entry'), or assign a replacement template string to $log_templ somewhere in your amavisd.conf, e.g.: $log_templ = <<'EOD'; [?%#D|#|Passed # [? [:ccat|major] |OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ UNCHECKED|BANNED (%F)|INFECTED (%V)]# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]# [? %q ||, quarantine: %q]# [? %Q ||, Queue-ID: %Q]# [? %m ||, Message-ID: %m]# [? %r ||, Resent-Message-ID: %r]# , mail_id: %i# , Hits: [:SCORE]# , size: %z# [? [:partition_tag] ||, pt: [:partition_tag]]# [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ [remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]# [? %#T ||, Tests: \[[%T|,]\]]# [? [:dkim|identity] ||, dkim_id=[:dkim|identity]]# , %y ms# ] [?%#O|#|Blocked # [? [:ccat|major|blocking] |# OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ UNCHECKED|BANNED (%F)|INFECTED (%V)]# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]# [? %q ||, quarantine: %q]# [? %Q ||, Queue-ID: %Q]# [? %m ||, Message-ID: %m]# [? %r ||, Resent-Message-ID: %r]# , mail_id: %i# , Hits: [:SCORE]# , size: %z# [? [:partition_tag] ||, pt: [:partition_tag]]# [? %#T ||, Tests: \[[%T|,]\]]# [? [:dkim|identity] ||, dkim_id=[:dkim|identity]]# , %y ms# ] EOD > The receiving mailserver (zimbra wikth postfix+amavis) cut away the score > of mailgw. The second stage amavis is cutting away these infos ;( > > How can I get this info's? > Customer ask me: why this message is spam? but i am not able to explain > 3.879 Is there some trick to get it logged by amavis, in mailgw stage? > > when the receiving mail server is qmail, instead, without amavis, the > scoring is not cutted away Are you talking here about removed X-Spam-* lines in a passed mail header? If so, by default amavisd strips them, but this can be turned off (in the second instance of amavisd) by: $remove_existing_spam_headers = 0; Mark ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
