Not all rules firing

Kent Oyer kent at
Sat Jul 13 23:13:57 CEST 2013

Thanks Patrick. I thought of that as well. However, the network tests are firing for some messages but just not all. I have skip_rbl_checks 0 in my file and I have $sa_local_tests_only = 0 in my amavisd.conf file. I thought maybe the tests were timing out so I setup a non-forwarding, caching name server but that hasn't seemed to help either. Maybe there's another setting I'm missing.


-----Original Message-----
From: Patrick Ben Koetter [mailto:p at] 
Sent: Friday, July 12, 2013 5:22 PM
To: amavis-users at
Subject: Re: Not all rules firing

* Kent Oyer <kent at>:
> Hello,
> I hope someone out there can help me. Everything was working great but recently I am seeing a lot of spam slipping through. When I look at the message headers and I see very few tests are hitting. 
> X-Spam-Status: No, score=2.067 tag=x tag2=3.5 kill=3.5 tests=[BAYES_60=1.5,
> 	RP_MATCHES_RCVD=-0.303, SARE_MLH_Stock1=0.87] autolearn=no
> However, when I take the same message and pipe it through spamassassin -t, I get a very different result:
> Content analysis details:   (12.4 points, 5.0 required)
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
>                            [ listed in]
>  1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                             [URIs:]
>  1.2 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
>                             [URIs:]
>  1.7 URIBL_DBL_SPAM         Contains an URL listed in the DBL blocklist
>                             [URIs:]
>  0.9 SARE_MLH_Stock1        Subject mentions stock or stock related words
>  0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
>                             [score: 0.5285]
>  1.1 DCC_CHECK              Detected as bulk mail by DCC (
>  0.9 RAZOR2_CHECK           Listed in Razor2 (
>  1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>                             above 50%
>                             [cf: 100]
>  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>                             [cf: 100]
>  0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
> I am using a SQL database for lookups. How would I begin to troubleshoot this? 

Seems like all tests that require network access aren't used, when the mail is processed by your mailserver/content filter. There's an option to switch that off in spamassassin and IIRC you can also control that from within amavis sa_... settings. This is where I'd look first.

p at rick

[*] sys4 AG, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the amavis-users mailing list