Rocco Scappatura wrote:
Rocco Scappatura wrote:
[snip]
Sorry It was not the case to send the entire email.. Here the
X-Spam-Status after running the message against 'spamassassin -D':
X-Spam-Status: Yes, score=11.2 required=5.0
tests=AWL,BAYES_50,HTML_MESSAGE,
RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RDNS_NONE,URIBL_BLACK,URIBL_JP_SU
RBL,
URIBL_OB_SURBL,URIBL_SC_SURBL autolearn=unavailable
version=3.2.4
But it is really strange from amavisd-new log I see that the message is
passed as clean:
the URL may have been added in $uri lists in the meantime. That said,
make sure Bayes is using the right "user". rerun spamassassin as the
amavisd user. if your Bayes db is in mysql, use
bayes_sql_override_username to force a single user.
X-Spam-Status: Yes, score=6.3 required=5.0 tests=AWL,BAYES_50,HTML_MESSAGE,
RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SC_SURBL autolearn=unavailable version=3.2.4
What URL? What is $uri_list?
URIBL, SURBL, ... etc. the message contains one or more URIs that are
listed. but they may have been listed after you received the message
which would explain why the message was not caught at reception time.
To make sure, copy one of the messages, remove the Delivered-To header
the top (if yoy leave it, you'll get a loop error from postfix) and
resubmit the message for example using telnet:
% telnet yourserver 25
...
EHLO somehostname
...
MAIL FROM:<sender>
...
RCPT TO:<recipient>
DATA
copy-patse the message with full headers except the Delivered-To that
contains your recipient address
end with a line containing a dot ('.') like this:
.
QUIT
you can retrieve the <sender> from the return-Path header, and the
<recipient> from the Delivered-To header that you removed before
resubmitting the message, or use any address you want.
make sure the message passes through amavisd-new (in case you submit
from a "whitelisted" client).
If the client is not in your trusted_network, the test may pollute your
AWL. you could disable AWL while testing.
when your receive the message, see if it was caught by the URI* tests.
I had already set bayes_sql_override_username:
[EMAIL PROTECTED]:/tmp> cat /etc/mail/spamassassin/local.cf | grep
bayes_sql_override_username
what's this? you should only have the following one:
bayes_sql_override_username amavis
Is it possible that there is a lack of spamhaus? I suppose that I query
the DNSBL much more then 100.000 times per day.. :-(
that doesn't explain the miss because the message is caught by other checks.
to test for spamhaus access, try
% host 2.0.0.127.zen.spamhaus.org
you should see something like this:
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
if you are doing to many queries, you may need to pay.