hi! issues with soft whitelist / amavis / SA
Bailey, Damian S.
baileyds at lcps.k12.va.us
Tue May 10 22:25:55 CEST 2011
Good afternoon,
I've been working with amavis for over a year now, and haven't really had to fine tune it much. That being said, I've recently found the need to "whitelist" a local email address as it goes through my filter and gets quarantined as spam; however, the mail is legitimate.
I'm running amavis with Postfix 2.8.2, clamAV and SA. I've read some of the amavis documentation on soft white listing, but haven't been able to get it to work.
My most recent example:
May 10 14:29:42 ubuntu-spam postfix/qmgr[31896]: CF9C622CE7E: from=<SISdb at lcps.k12.va.us>, size=65725, nrcpt=1 (queue active)
May 10 14:29:42 ubuntu-spam amavis[364]: (00364-01) ESMTP::10024 /var/lib/amavis/tmp/amavis-20110510T142942-00364: <SISdb at lcps.k12.va.us> -> <baileyds at lcps.k12.va.us> SIZE=65725 Received: from ubuntu-spam.lcps.k12.va.us ([127.0.0.1]) by localhost (ubuntu-spam.lcps.k12.va.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <baileyds at lcps.k12.va.us>; Tue, 10 May 2011 14:29:42 -0400 (EDT)
May 10 14:29:42 ubuntu-spam amavis[364]: (00364-01) Checking: UeX4w65dHsOp [10.1.200.45] <SISdb at lcps.k12.va.us> -> <baileyds at lcps.k12.va.us>
May 10 14:29:55 ubuntu-spam postfix/qmgr[31896]: D073622CE81: from=<SISdb at lcps.k12.va.us>, size=66749, nrcpt=1 (queue active)
May 10 14:29:55 ubuntu-spam amavis[364]: (00364-01) SEND via SMTP: <SISdb at lcps.k12.va.us> -> <spambox at lcps.k12.va.us>,ENVID=AM.UeX4w65dHsOp.20110510T182955Z at ubuntu-spam.lcps.k12.va.us BODY=7BIT 250 2.0.0 Ok, id=00364-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D073622CE81
May 10 14:29:55 ubuntu-spam amavis[364]: (00364-01) SPAM, <SISdb at lcps.k12.va.us> -> <baileyds at lcps.k12.va.us>, Yes, score=6.391 tag=-100 tag2=3 kill=5 tests=[ALL_TRUSTED=-1, BAYES_50=0.8, FRT_ROLEX=2.699, LONGWORDS=2.035, MISSING_DATE=1.36, MISSING_MID=0.497] autolearn=no, quarantine UeX4w65dHsOp (spambox at lcps.k12.va.us)
May 10 14:29:56 ubuntu-spam amavis[364]: (00364-01) Blocked SPAM, LOCAL [10.1.200.45] [10.1.200.45] <SISdb at lcps.k12.va.us> -> <baileyds at lcps.k12.va.us>, quarantine: spambox at lcps.k12.va.us, mail_id: UeX4w65dHsOp, Hits: 6.391, size: 65725, 13125 ms
I have attempted to configure a whitelist both in 50-user and in 20-debian_defaults as follows:
...
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
# read_hash("/var/amavis/sender_scores_sitewide"),
# This are some examples for whitelists, since envelope senders can be forged
# they are not enabled by default.
{ # a hash-type lookup table (associative array)
'SISdb at lcps.k12.va.us' => -10.0,
},
], # end of site-wide tables
});
1; # ensure a defined return
-----------------------------------
Even after restarting amavis, the spam score stays the same.
Thanks for any suggestions. I apologize if I'm missing some obvious troubleshooting info - this is my first post here.
Damian Bailey | 540.894.4373x8220 | baileyds at lcps.k12.va.us
Lead Technician | Technology Department
Louisa County Public Schools
757 Davis Hwy | Mineral VA 23117
More information about the amavis-users
mailing list