Problem with spam quarantine

Mark Martinec Mark.Martinec+amavis at ijs.si
Thu Aug 30 17:49:31 CEST 2012 

Nick,

> > Set it to: $QUARANTINEDIR = '/var/blockedmail';
> Thanks Mark, it worked!

Good!

> /var/blockedmail/ must be writable by amavis.
> If not, it causes a server breakdown; /var/log/amavisd.log:
> (!!)TROUBLE in pre_loop_hook:
>   QUARANTINEDIR directory not writable: /var/blockedmail

Of course. The failure is clearly reported.
 
> By the way, can I configure amavisd so as to quarantine spam only if
> score (X-Spam-Score) is higher than a value (rather than always)?

Here is a default setting:

  %quarantine_method_by_ccat = (
    CC_VIRUS,       sub { c('virus_quarantine_method') },
    CC_BANNED,      sub { c('banned_files_quarantine_method') },
    CC_UNCHECKED,   sub { c('unchecked_quarantine_method') },
    CC_SPAM,        sub { c('spam_quarantine_method') },
    CC_BADH,        sub { c('bad_header_quarantine_method') },
    CC_CLEAN,       sub { c('clean_quarantine_method') },
  );

The $spam_quarantine_method in this case is effective when
a mail contents is classified as CC_SPAM, i.e. when its
spam score reaches or exceeds a kill level ($sa_kill_level_deflt).

There are two additional levels: tag2 level and tag3 level,
which are usually the same as a kill level, but may be
set lover than that for some additional flexibility.

  @spam_tag_level_maps  = (\$sa_tag_level_deflt);     # CC_CLEAN,1
  @spam_tag2_level_maps = (\$sa_tag2_level_deflt);    # CC_SPAMMY
  @spam_tag3_level_maps = (\$sa_tag3_level_deflt);    # CC_SPAMMY,1
  @spam_kill_level_maps = (\$sa_kill_level_deflt);    # CC_SPAM"

When a score is above tag2 level (but below kill level),
mail contents is classified as CC_SPAMMY. This is where
mail receives its Subject tagging, X-Spam-Status:YES,
and adding address extensions. Its common usage is to let
a message be marked as a likely spam, but still delivered.
As it is supposed to be delivered, there is no need to
quarantine it, although you can do so by adding a
CC_SPAMMY entry into the %quarantine_method_by_ccat.

When a score is above tag3 level (but below kill level),
mail contents is classified as "CC_SPAMMY,1", i.e. with a minor
contents category 1. Consider it 'a likely blatant spam',
but not high enough to be killed. The tag3 level is usually
undefined or set to the same value as the kill level, so
it has no effect.

In summary: adjust the kill level to control
where spam quarantining and mail blocking starts.

  Mark

More information about the amavis-users mailing list