I apologize here is the email headers and body

https://pastebin.com/bgXrfKaQ

Thanks,


On 04/10/2018 01:40 PM, David Jones wrote:
On 04/10/2018 03:34 PM, Motty Cruz wrote:
Thanks for your help David,

https://pastebin.com/wsYRfM8K

That email is missing a lot of headers that are critical.  Please post the entire email including the Received: headers.


-Motty


On 04/10/2018 01:22 PM, David Jones wrote:
On 04/10/2018 03:05 PM, Motty Cruz wrote:
Thanks for your prompt reply:

https://pastebin.com/bLy3Jcqt


The Bayes setup looks good.  Can you put a lightly redacted version of that email on pastbin.com so we can run it through our SA instances?

Amavis should have blocked that message based on the score being 3.501 and the kill threshhold being 3.1.  This sounds like an amavis config issue.

Please post the output of 'grep 723EC1A1706 maillog' to get the full message conversation from Postfix.


Apr 10 11:51:44 vm1 postfix/qmgr[791]: 723EC1A1706: from=<emily.thomp...@spontaneous-search-level.com>, size=16883, nrcpt=1 (queue active) Apr 10 11:51:46 vm1 amavis[1395]: (01395-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] [171.61.147.96] <emily.thomp...@spontaneous-search-level.com> -> <iu...@domainfq.com>, Message-ID: <1747601d3d0fc$dc189190$9449b4b0$@spontaneous-search-level.com>, mail_id: G71jMeOxz-Ha, Hits: 3.501, size: 16883, 1972 ms
root@vm1


On 04/10/2018 12:34 PM, David Jones wrote:
On 04/10/2018 02:13 PM, Motty Cruz wrote:
tons of spam fed to my spam-filter and yet very spammy emails get low score.

zcat /var/virusmails/spam-G71jMeOxz-Ha.gz | less
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <emily.thomp...@spontaneous-search-level.com>
X-Envelope-To: <iu...@domainfq.com>
X-Envelope-To-Blocked: <iu...@domainfq.com>
X-Quarantine-ID: <G71jMeOxz-Ha>
X-Spam-Flag: YES
X-Spam-Score: 3.501
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.501 tag=-999.9 tag2=3.1 kill=3.1
         tests=[BAYES_99=3.5, HTML_MESSAGE=0.001] autolearn=disabled
Received: from vm1.domainfq.com ([127.0.0.1])
         by vm1 (vm1.domainfq.com [127.0.0.1]) (amavisd-new, port 10024)
         with ESMTP id G71jMeOxz-Ha for <iu...@domainfq.com>;
         Tue, 10 Apr 2018 11:51:44 -0700 (PDT)
Received: from pba.mrc.mrface.com (pba.mrc.mrface.com [178.62.193.238])
         (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
         (No client certificate requested)


in local.cf
use_bayes 1

skip_rbl_checks 1
#   Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 0

bayes_path /var/amavis/.spamassassin/bayes

use_razor2 1
# Tell SA that we want to use Razor version 2

use_pyzor 0
# Tells SA that we don't want to use Pyzor

dns_available yes
# If you are sure you have DNS access set it to "yes"

#

score DKIM_POLICY_SIGNALL 2
score DKIM_SIGNED 0.00
score DKIM_POLICY_SIGNSOME 2
score DKIM_POLICY_TESTING 2
score DKIM_VERIFIED 0.0
score T_DKIM_INVALID 3.59
score T_DKIM_VALID_AU 3.59
score DKIM_INVALID 3.59
score DKIM_VALID_AU 3.59

score HTML_LINK_CLICK_HERE 3
score LINES_OF_YELLING 2
score BODY_ENHANCEMENT 5.213
score BODY_ENHANCEMENT2 5.213
score DRUGS_ERECTILE 5.713
score DRUG_ED_SILD 5.713
score HELO_DYNAMIC_DHCP 4.213
score HS_INDEX_PARAM 5.713
score ONLINE_PHARMACY 5.713
score RDNS_DYNAMIC 2.99
score RDNS_NONE 2.99
score NO_DNS_FOR_FROM 5.5
score SPF_HELO_FAIL 5.0




Need more info:

- example email in pastbin.com only lightly redacted
- mail log output from this message
- output of the bayes DB: 'sa-learn --dump magic' run as amavis user
- output of this command: 'spamassassin -D --lint 2>&1 | /bin/grep -i bayes' run as the amavis user








Reply via email to