SpamAssassin scoring
Patrick Ben Koetter
p at sys4.de
Thu Oct 30 23:10:53 CET 2014
* Bruce Pennypacker <bruce.pennypacker at gmail.com>:
> I have the following in /etc/amavisd/amavisd.conf:
>
> $mydomain = 'mydomain.org';
> @local_domains_acl = ( ".$mydomain");
> ...
> @local_domains_maps = ( [".$mydomain"]);
>
>
> I didn't have my mail servers IP address listed in @mynetworks though
> so I just added that and restarted, so I'll see if that helps.
>
> Is there an easy way to take an existing e-mail and have amavisd
> process it again?
Not really, if you really want to go all the way. Use swaks to resend the
message. It can do XCLIENT with Postfix. which might just make all the
difference, because Postfix, amavis and SpamAssassin will do all their policy
calculations with the IP you specify in XCLIENT.
p at rick
>
> -Bruce
>
>
> On Thu, Oct 30, 2014 at 5:27 PM, Patrick Ben Koetter <p at sys4.de> wrote:
> > * Bruce Pennypacker <bruce.pennypacker at gmail.com>:
> >> I have version 2.9.1 of amavisd-new set up using version 3.3.1 of
> >> SpamAssassin on a centos/postfix system and I'm really confused about
> >> the scoring that's going on. I'm seeing a lot of spam get delivered
> >> with really low scores. For example, the headers of a recent spam
> >> show:
> >>
> >> X-Virus-Scanned: amavisd-new at <mydomain>
> >> X-Spam-Flag: NO
> >> X-Spam-Score: 0.904
> >> X-Spam-Level:
> >> X-Spam-Status: No, score=0.904 tagged_above=-9999 required=5
> >> tests=[BAYES_00=-0.5, HTML_MESSAGE=2, RP_MATCHES_RCVD=-0.594,
> >> SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
> >>
> >> If I log in as the amavis user (which is what amavisd-new is running
> >> as) and pipe the full body of the spam to SpamAssassin in test mode I
> >> get a very different result:
> >>
> >> $ spamassassin -t < /tmp/foo
> >>
> >> ...
> >>
> >> Content analysis details: (14.0 points, 5.0 required)
> >>
> >> pts rule name description
> >> ---- ---------------------- --------------------------------------------------
> >> 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL
> >> blocklist [URIs: effr.eu]
> >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL
> >> blacklist [URIs: effr.eu]
> >> 3.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> >> [score: 1.0000]
> >> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> >> -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
> >> 3.5 BAYES_999 BODY: Bayes spam probability is 99.9 to
> >> 100% [score: 1.0000]
> >> 2.0 HTML_MESSAGE BODY: HTML included in message
> >> 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
> >>
> >> What am I missing in my setup that's causing such poor SA scoring
> >> under amavisd-new but good scoring when run locally as the same user?
> >
> > Do amavis and Spamassassin know who is a trusted sender and what their
> > local (read: recipient) domains are? Seems like both don't have an idea of
> > what's incoming and what's outgoing.
> >
> > p at rick
> >
> > --
> > [*] sys4 AG
> >
> > https://sys4.de, +49 (89) 30 90 46 64
> > Franziskanerstraße 15, 81669 München
> >
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> > Aufsichtsratsvorsitzender: Florian Kirstein
> >
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list