On Jun 19, 2011, at 3:30 PM, Gary V wrote: > On 6/19/11, jason hirsh wrote: >> I am running >> >>> amavisd-new 2.6.4_10.1 >>> Postfix 2.9 >>> Mysql server 5..5 >> Freebsd 8.1 >> >> >> I am trying to find a way to blacklist specified domains and email address.. >> >> >> Mu current effort was tp try to block one of my own webmail accounts >> [email protected] >> >> >> This is what I put in amavisd.conf >> >> @score_sender_maps = ({ # a by-recipient hash lookup table >> >> # # per-recipient personal tables (NOTE: positive: black, negative: white) >> # '[email protected]' => [{'[email protected]' => 10.0}], >> # '[email protected]' => [{'.ebay.com' => -3.0}], >> # '[email protected]' => [{'[email protected]' => -7.0, >> # '.cleargreen.com' => -5.0}], >> >> # site-wide opinions about senders (the '.' matches any recipient) >> '.' => [ # the _first_ matching sender determines the score boost >> >> new_RE( # regexp-type lookup table, just happens to be all >> soft-blacklist >> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => >> 5.0], >> [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> >> 5.0], >> [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> >> 5.0], >> [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => >> 5.0], >> [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => >> 5.0], >> [qr'^(your_friend|greatoffers)@'i => >> 5.0], >> [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => >> 5.0], >> ), >> >> # read_hash("/var/amavis/sender_scores_sitewide"), >> >> { # a hash-type lookup table (associative array) >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> 'securityfocus.com' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]'=> -3.0, >> '[email protected]' => -3.0, >> 'spamassassin.apache.org' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -3.0, >> '[email protected]' => -5.0, >> '[email protected]' => -3.0, >> 'returns.groups.yahoo.com' => -3.0, >> '[email protected]' => -3.0, >> lc('[email protected]') => -3.0, >> lc('[email protected]') => -5.0, >> #blacklist test >> # soft-blacklisting (positive score) >> '[email protected]' => 4.0, >> '.example.net' => 1.0, >> >> }, >> ], # end of site-wide tables >> }); >> >> I went this approach to try to keep me from messing up to far >> >> with the other checks this should be anough an email from this address into >> spam >> but the score remains at 2.092 >> >> i can any one tell from this info what I am doing wrong? > > Did you remember to reload amavisd-new? I would look at the headers of > the message to see what rules did hit. I would also set: > $sa_tag_level_deflt = undef; > so that all messages address to local domaions will have the X-Spam > headers inserted, which can be useful when trying to debug which rules > hit. > > You may also choose to set: > > # If sender matches ACL, turn debugging fully up, just for this one message > @debug_sender_maps = ( ['[email protected]'] );
the maillog showed this whihc lloks like it found the address but didn't total the score Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup [whitelist_sender<[email protected]>,whitelist_sender] => undef, "[email protected]" does not match Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup_re("[email protected]"), no matches Jun 19 19:35:43 tuna amavis[84064]: (84064-01) query_keys: [email protected], captcurrent@, hotmail.com, .hotmail.com, .com, . Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup_hash([email protected]) matches key "[email protected]", result=4 Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup [score_sender<[email protected]>] => true, "[email protected]" matches, result="4", matching_key="[email protected]" Jun 19 19:35:43 tuna amavis[84064]: (84064-01) wbl: soft-blacklisted (4) sender <[email protected]> => <[email protected]>, recip_key="." Jun 19 19:35:44 tuna amavis[84064]: (84064-01) SPAM-TAG, <[email protected]> -> <[email protected]>, No, score=2.092 required=6.31 tests=[AM:BOOST=4, BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Jun 19 19:35:44 tuna amavis[84064]: (84064-01) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <[email protected]> -> <[email protected]> Jun 19 19:35:44 tuna amavis[84064]: (84064-01) smtp cmd> MAIL FROM:<[email protected]> BODY=7BIT Jun 19 19:35:44 tuna amavis[84064]: (84064-01) rw_loop sent 113> MAIL FROM:<[email protected]> BODY=7BIT\r\nRCPT TO:<[email protected]> ORCPT=rfc822;[email protected]\r\nDATA\r\n Jun 19 19:35:44 tuna postfix/qmgr[76930]: 4E09C5C23: from=<[email protected]>, size=2151, nrcpt=1 (queue active) Jun 19 19:35:44 tuna amavis[84064]: (84064-01) FWD via SMTP: <[email protected]> -> <[email protected]>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23 Jun 19 19:35:44 tuna amavis[84064]: (84064-01) DSN: sender NOT credible, SA: -1.908, <[email protected]> Jun 19 19:35:44 tuna amavis[84064]: (84064-01) query_keys: [email protected], captcurrent@, hotmail.com, .hotmail.com, .com, . Jun 19 19:35:44 tuna amavis[84064]: (84064-01) lookup_hash([email protected]) matches key "[email protected]", result=8 Jun 19 19:35:44 tuna amavis[84064]: (84064-01) lookup [spam_dsn_cutoff_level_bysender] => true, "[email protected]" matches, result="8", matching_key="[email protected]" Jun 19 19:35:44 tuna amavis[84064]: (84064-01) dsn: from MTA 250 NonBlocking:CleanTag <[email protected]> -> <[email protected]>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, mta_resp: "250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23" Jun 19 19:35:44 tuna amavis[84064]: (84064-01) DSN: SUCC from MTA 250 NonBlocking:CleanTag, no DSN requested: <[email protected]> -> <[email protected]> Jun 19 19:35:44 tuna amavis[84064]: (84064-01) one_response_for_all <[email protected]>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23' Jun 19 19:35:44 tuna amavis[84064]: (84064-01) Passed CLEAN, [65.55.90.36] [65.55.90.8] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Nh1SDVuRLjDk, Hits: 2.092, size: 1396, queued_as: 4E09C5C23, 896 ms Last lines of /var/log/maillog Only show lines with text > > so you get full debugging for a message sent from [email protected]. > > -- > Gary V
