Time difference between amavisd-new and spamassassin checks are +30 minutes.
I don't reject spam, spam is set to be discarded: $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT $final_bad_header_destiny = D_BOUNCE; ~amavis/.spamassissin contains: -rw------- 1 amavis amavis 40960 Aug 27 07:45 bayes_seen -rw------- 1 amavis amavis 1310720 Aug 27 07:45 bayes_toks -rw-r--r-- 1 amavis amavis 1869 Aug 16 13:23 user_prefs The user_prefs is just a sample file with only commented/blank lines $ ls -lh /etc/amavisd/ total 88K -rw-r--r-- 1 root root 37K Aug 22 12:22 amavisd.conf -rw-r--r-- 1 root root 37K Jul 19 12:32 amavisd.conf.rpmsave -rw-r--r-- 1 root root 19 Jul 5 2016 sender_scores_sitewide -rw-r--r-- 1 root root 95 Jul 21 2018 whitelist_sender sender_scores_sitewide contains one specific domain with score -5.0 to prevent mail from that domain to be accidentally identified as spam. whitelist_sender contains my logwatch sender to prevent my logwatch reports to be seen as spam. Approximately a month ago I uninstalled both amavisd-new and spamassassin en reinstalled both packaged again to get the most default config as possible. I changed $mydomain as well as the $syslog_facility to get the debug logs in a separate log. Best regards, Lambert Op ma 26 aug. 2019 om 15:50 schreef Matus UHLAR - fantomas < [email protected]>: > >> On 16.08.19 13:51, Lambert Rots wrote: > >> >Did you get a solution for the issue about spam sneaking in? I think I > >> >have the same issue about spam being scored differently between > >> >spamassassin and amavisd-new. > > >Op zo 18 aug. 2019 om 11:59 schreef Matus UHLAR - fantomas < > >[email protected]>: > >> did you also change the DKIM_VERIFIED score to -3? > >> If not, you don't have the same issue. > > On 26.08.19 11:22, Lambert Rots wrote: > >Sorry for the delayed response, I was first debugging/fetching logs for a > >few days... > > > >No I did not change the DKIM_VERIFIED score so apparently I have a > >different issue ;-) > > >> >It looks like DNS blacklist checks are not scored as most spam is found > >> >on blacklists when parsing the mail through spamassassin but debugging > >> >amavisd-new shows that DNS checks are being performed. > >> > >> this is also a different issue. Many sites and webs get into blacklist > >> after the spam starte spreading, so first (early) recipients don't see > >> the mail in blacklist, while late recipients or later checks shows > >> blacklists. > > >Comparing debug logs between Amavisd-new (debug-sa) and spamassassin > >directly shows that blacklist checks score 0 with NXDOMAIN replies when > the > >mail arrives the first time where spamassassin scores +3 with several hits > >on blacklist checks. > > this shows early recipient issue. What's the time difference > between amavis and spamassassin checks? > Are there any differences in rules hit than blacklits? > > >I just cannot imagine that all spam I receive is early recipient based, > > do you reject any spam? > > >besides, postfix is already taking care of most blacklist checking. > > postfix does only check blacklists on direct sending machine. SA does deep > header checks, which is why SA blacklist checks have more hits than > postfix. > > >Most spam mail is coming from the same email domains, share the same > >subject and a lot of other stuff on which amavisd-new should be able to > >identify it as spam. Bayes scores some mail but not all. > > train what you can. bayes training is one the best antispam tools > available. > > >Spam senders try a lot to bypass anti spam but in my opinion amavisd-new > >should be able to do better than marking less than 1 percent of spam mail > >as spam. > > what does ~amavis/.spamassassin contain? > what does /etc/amavis/conf.d/ contain? > > -- > Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > If Barbie is so popular, why do you have to buy her friends? >
