Thanks everyone who helped with upgrading on my new Sarge box.
Now that I have a relatively current spamassassin, and up-to-date rules,
I realize two things:
1. I need to turn on Baysian filtering - too much stuff still gets
through. But that's another topic.
2. A whole LOT of stuff that got through on my old box isn't showing up
at all (backscatter for one, probably other stuff) - and it's not
showing up in my spam folder either. Since I worry a lot about false
positives, I'm wondering if a lot of stuff is getting deleted rather
than marked and sorted. So...
My previous installation was sendmail, with spamassassin applied by
individual users via .forward files. I'm now more tightly wired into
the MTA (Postfix) via Amavisd-new - and I don't quite understand all the
little pieces yet.
I wonder if anybody might point at things in my install that might be
invisibly rejecting or flushing messages.
I have a pretty much stock install of:
- Postfix 2.1.5 (Debian stable) - with no special filtering turned on in
main.cf
- Amavisd-new (Debian stable - based on the 20020300 CVS snapshot,
configured as:
$final_virus_destiny=D_DISCARD;
$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
$final_banned_destiny=D_PASS;
$final_bad_header_destiny=D_PASS;[AND THIS IS WORKING - VIRUSES ARE
ENDING UP IN THE DESIGNATED MAILBOXES]
$final_spam_destiny=D_PASS;
$sa_tag_level_deflt = 0.0;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 10.0;
$sa_dsn_cutoff_level = 20;
And this is what's confusing me:
- I'm seeing about the expected level of viruses and bad headers -
marked along the way, and I filter them into a separate maibox.
- A very low number of spams marked with high point scores (this
surprised me).
- An even lower number of spams marked with low point scores (this also
surprises me).
- A fairly sizeable percentage of spams that come through as false
negatives, ending up in my normal mailbox (I was hoping for better).
- And a whole slew of things that I used to see, that aren't coming
through at all.
Now, when I send test messages from outside, all the right things seem
to happen - they get processed, marked, and filtered into spam or virus
folders.
All of which makes me suspect that some checks are getting applied early
in the process, that I don't know about (RBLs and such) that are causing
messages to just disappear. Now if I knew what was happening, and could
tune this, that's great - it's the not knowing that's worrying me.
So... if anybody has any suggestions or pointers, I'd very much
appreciate it.
Thanks again!
Miles
