Thanks everyone who helped with upgrading on my new Sarge box.

Now that I have a relatively current spamassassin, and up-to-date rules, I realize two things:

1. I need to turn on Baysian filtering - too much stuff still gets through. But that's another topic.

2. A whole LOT of stuff that got through on my old box isn't showing up at all (backscatter for one, probably other stuff) - and it's not showing up in my spam folder either. Since I worry a lot about false positives, I'm wondering if a lot of stuff is getting deleted rather than marked and sorted. So...

My previous installation was sendmail, with spamassassin applied by individual users via .forward files. I'm now more tightly wired into the MTA (Postfix) via Amavisd-new - and I don't quite understand all the little pieces yet.

I wonder if anybody might point at things in my install that might be invisibly rejecting or flushing messages.

I have a pretty much stock install of:

- Postfix 2.1.5 (Debian stable) - with no special filtering turned on in main.cf

- Amavisd-new (Debian stable - based on the 20020300 CVS snapshot, configured as:

$final_virus_destiny=D_DISCARD;
$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
$final_banned_destiny=D_PASS;
$final_bad_header_destiny=D_PASS;[AND THIS IS WORKING - VIRUSES ARE ENDING UP IN THE DESIGNATED MAILBOXES]

$final_spam_destiny=D_PASS;
$sa_tag_level_deflt  = 0.0;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 10.0;
$sa_dsn_cutoff_level = 20;

And this is what's confusing me:

- I'm seeing about the expected level of viruses and bad headers - marked along the way, and I filter them into a separate maibox. - A very low number of spams marked with high point scores (this surprised me). - An even lower number of spams marked with low point scores (this also surprises me). - A fairly sizeable percentage of spams that come through as false negatives, ending up in my normal mailbox (I was hoping for better). - And a whole slew of things that I used to see, that aren't coming through at all.

Now, when I send test messages from outside, all the right things seem to happen - they get processed, marked, and filtered into spam or virus folders.

All of which makes me suspect that some checks are getting applied early in the process, that I don't know about (RBLs and such) that are causing messages to just disappear. Now if I knew what was happening, and could tune this, that's great - it's the not knowing that's worrying me.

So... if anybody has any suggestions or pointers, I'd very much appreciate it.

Thanks again!

Miles



Reply via email to