On Thu, Oct 30, 2014 at 5:27 PM, Patrick Ben Koetter <[email protected]> wrote: > * Bruce Pennypacker <[email protected]>: >> I have version 2.9.1 of amavisd-new set up using version 3.3.1 of >> SpamAssassin on a centos/postfix system and I'm really confused about >> the scoring that's going on. I'm seeing a lot of spam get delivered >> with really low scores. For example, the headers of a recent spam >> show: >> >> X-Virus-Scanned: amavisd-new at <mydomain> >> X-Spam-Flag: NO >> X-Spam-Score: 0.904 >> X-Spam-Level: >> X-Spam-Status: No, score=0.904 tagged_above=-9999 required=5 >> tests=[BAYES_00=-0.5, HTML_MESSAGE=2, RP_MATCHES_RCVD=-0.594, >> SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no >> >> If I log in as the amavis user (which is what amavisd-new is running >> as) and pipe the full body of the spam to SpamAssassin in test mode I >> get a very different result: >> >> $ spamassassin -t < /tmp/foo >> >> ... >> >> Content analysis details: (14.0 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL >> blocklist [URIs: effr.eu] >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL >> blacklist [URIs: effr.eu] >> 3.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% >> [score: 1.0000] >> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record >> -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay >> domain >> 3.5 BAYES_999 BODY: Bayes spam probability is 99.9 to >> 100% [score: 1.0000] >> 2.0 HTML_MESSAGE BODY: HTML included in message >> 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net) >> >> What am I missing in my setup that's causing such poor SA scoring >> under amavisd-new but good scoring when run locally as the same user? > > Do amavis and Spamassassin know who is a trusted sender and what their > local (read: recipient) domains are? Seems like both don't have an idea of > what's incoming and what's outgoing.
I've verified @local_domains_acl and @local_domains_maps both contain my domain. @mynetworks didn't have the IP of my mailserver in it so I added it and restarted amavisd-new. The mailserver IP is also listed in trusted_networks in /etc/mail/spamassassin/local.cf. But despite adding/verifying all this and restarting I'm still seeing spam come in that gets scored differently by amavisd than if I invoke spamassassin manually... -Bruce
