High score for email but no rules are being triggered

rsmits-l rsmits-l at tudelft.nl
Thu Jul 24 14:35:28 CEST 2014 

Hello,

We have an incoming email which was discarded because of the high spam 
score. In the logging we see no rules being triggered. What could be the 
cause of this ?
It looks like it happens with more emails.

do_notify_and_quarantine: spam level exceeds quarantine cutoff level 20

Thank you for any help offered.

Greetings, Richard.

Logging below :
----
Jul 23 03:56:08 mx3 amavis[23021]: (23021-14) ESMTP::10026 
/data1/tmp/amavis-20140723T030805-23021-wnWVJInl: <xxxxxxxx at xxxxxx.com> 
-> <xxxxxxxx at mail.xxx> SIZE=39241 Received: from mail.xxxx.nl 
([130.161.131.74]) by localhost (xxxxxxxx.nl [127.0.0.1]) (amavisd-new, 
port 10026) with ESMTP for <xxxxxxxx at mail.xxx>; Wed, 23 Jul 2014 
03:56:08 +0200 (CEST)
Jul 23 03:56:08 mx3 amavis[23021]: (23021-14) Checking: hAn9gito5pOy 
[209.85.220.54] <weijiamail at xxxxxx.com> -> <xxxxxx at xxxxxx.xxxxxx.net>
Jul 23 03:56:08 mx3 amavis[23021]: (23021-14) p003 1 Content-Type: 
multipart/alternative
Jul 23 03:56:08 mx3 amavis[23021]: (23021-14) p001 1/1 Content-Type: 
text/plain, size: 2378 B, name:
Jul 23 03:56:08 mx3 amavis[23021]: (23021-14) p002 1/2 Content-Type: 
text/html, size: 28368 B, name:
Jul 23 03:56:09 mx3 amavis[23021]: (23021-14) do_notify_and_quarantine: 
spam level exceeds quarantine cutoff level 20
Jul 23 03:56:09 mx3 amavis[23021]: (23021-14) Blocked SPAM 
{DiscardedInbound}, [209.85.220.54]:51315 [58.216.164.98] 
<weijiamail at xxxxxx.com> -> <xxxxxx at xxxxxx.xxxxxx.net>, Message-ID: 
<005a01cfa619$40d13780$c273a680$@xxxxxx.com>, mail_id: hAn9gito5pOy, 
Hits: 41.149, size: 39241, 1024 ms
Jul 23 03:56:09 mx3 amavis[23021]: (23021-14) TIMING-SA total 932 ms - 
parse: 6 (0.6%), extract_message_metadata: 32 (3.5%), 
get_uri_detail_list: 3 (0.3%), tests_pri_-1000: 6 (0.6%), 
tests_pri_-950: 0.89 (0.1%), tests_pri_-900: 10 (1.1%), tests_pri_-400: 
28 (3.0%), check_bayes: 27 (2.9%), tests_pri_0: 826 (88.6%), 
check_dkim_signature: 9 (1.0%), check_spf: 55 (5.9%), poll_dns_idle: 38 
(4.1%), check_razor2: 327 (35.1%), check_pyzor: 0.03 (0.0%), 
tests_pri_500: 8 (0.9%), get_report: 0.87 (0.1%)
Jul 23 03:56:09 mx3 postfix/smtp[24645]: CBA4E660079: 
to=<xxxxxx at xxxxxx.xxxxxx.net>, orig_to=<xxxxxx at xxxxxx.nl>, 
relay=127.0.0.1[127.0.0.1]:10026, delay=1.8, delays=0.77/0/0/1, 
dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23021-14 - spam)
Jul 23 03:56:09 mx3 amavis[23021]: (23021-14) size: 39241, TIMING [total 
1025 ms] - SMTP greeting: 1 (0%)0, SMTP EHLO: 0 (0%)0, SMTP pre-MAIL: 1 
(0%)0, SMTP pre-DATA-flush: 1 (0%)0, SMTP DATA: 39 (4%)4, check_init: 0 
(0%)4, digest_hdr: 1 (0%)4, digest_body: 1 (0%)4, custom-new: 1 (0%)4, 
mime_decode: 14 (1%)6, get-file-type2: 11 (1%)7, parts_decode: 0 (0%)7, 
check_header: 1 (0%)7, AV-scan-1: 12 (1%)8, AV-scan-2: 2 (0%)8, 
spam-wb-list: 1 (0%)8, SA msg read: 0 (0%)8, SA parse: 6 (1%)9, SA 
check: 921 (90%)99, custom-checks: 6 (1%)99, decide_mail_destiny: 1 
(0%)100, notif-quar: 0 (0%)100, custom-before_send: 0 (0%)100, 
custom-after_send: 0 (0%)100, prepare-dsn: 0 (0%)100, main_log_entry: 3 
(0%)100, custom-mail_done: 0 (0%)100, SMTP pre-response: 0 (0%)100, SMTP 
response: 0 (0%)100, unlink-2-files: 0 (0%)100, rundown: 0 (0%)100

More information about the amavis-users mailing list