Spamassassin remote checks work when run manually, don't show up in amavis
thomas.spuhler at btspuhler.com
Wed Feb 18 22:47:17 CET 2015
On Wednesday, February 18, 2015 01:58:39 PM Bruce Pennypacker wrote:
> I have amavisd-new-2.9.1 running on a Centos 6.6 server with
> spamassassin-3.3.1 and postfix-2.6.6. I'm regularly seeing spam come in
> that only hits a subset of SA rules when it's processed by amavisd, but
> more checks are matched when I run the command locally. For example, one
> spam I received just a few minutes ago had the following header:
> X-Spam-Status: Yes, score=6.491 tagged_above=-9999 required=6
> tests=[BAYES_99=3, BAYES_999=3.5, T_RP_MATCHES_RCVD=-0.01,
> URIBL_BLOCKED=0.001] autolearn=no
> Yet when I took the full contents of that spam and piped it to
> "spamassassin -t" it generated the following results:
> Content analysis details: (14.6 points, 6.0 required)
> pts rule name description
> ---- ----------------------
> 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see <http://www.spamcop.net/bl.shtml?126.96.36.199
> 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> for more information.
> [URIs: pennypacker.org]
> 3.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> [score: 1.0000]
> 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
> [188.8.131.52 listed in zen.spamhaus.org]
> -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
> 3.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
> [score: 1.0000]
> 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
> 2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> 0.3 DIGEST_MULTIPLE Message hits more than one network digest check
> In the above test I was logged in as the amavis user, which is the same
> user that amavisd-new is running as. It seems that amavisd-new isn't
> running any of the remote checks. Why am I getting different results when
> the e-mails are processed through amavisd-new, and what can I do to get it
> to run them?
Wouldn't this e-mail already be reject in postfix, so it even wouldn't bother and load your system
with scanning it?
in /etc/postfix/main.cf, I have
smtpd_recipient_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org ....
or am I wrong with this?
All of my e-mails have a valid digital signature
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the amavis-users