Spamassassin remote checks work when run manually, don't show up in amavis

Thomas Spuhler thomas.spuhler at btspuhler.com
Wed Feb 18 22:47:17 CET 2015 

On Wednesday, February 18, 2015 01:58:39 PM Bruce Pennypacker wrote:
> I have amavisd-new-2.9.1 running on a Centos 6.6 server with
> spamassassin-3.3.1 and postfix-2.6.6.  I'm regularly seeing spam come in
> that only hits a subset of SA rules when it's processed by amavisd, but
> more checks are matched when I run the command locally.  For example, one
> spam I received just a few minutes ago had the following header:
> 
> X-Spam-Status: Yes, score=6.491 tagged_above=-9999 required=6
> tests=[BAYES_99=3, BAYES_999=3.5, T_RP_MATCHES_RCVD=-0.01,
> URIBL_BLOCKED=0.001] autolearn=no
> 
> Yet when I took the full contents of that spam and piped it to
> "spamassassin -t" it generated the following results:
> 
> Content analysis details:   (14.6 points, 6.0 required)
> 
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
>                 [Blocked - see <http://www.spamcop.net/bl.shtml?46.166.189.2
> 
> >]
> 
>  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
> blocked.
>                             See
> 
> http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
>                              for more information.
>                             [URIs: pennypacker.org]
>  3.0 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>                             [score: 1.0000]
>  3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
>                             [46.166.189.2 listed in zen.spamhaus.org]
> -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
>                             domain
>  3.5 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
>                             [score: 1.0000]
>  1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
>  2.0 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
>  0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
> 
> In the above test I was logged in as the amavis user, which is the same
> user that amavisd-new is running as.  It seems that amavisd-new isn't
> running any of the remote checks. Why am I getting different results when
> the e-mails are processed through amavisd-new, and what can I do to get it
> to run them?
> 
> Thanks,
> 
> -Bruce

Wouldn't this e-mail already be reject in postfix, so it even wouldn't bother and load your system 
with scanning it?
 in /etc/postfix/main.cf, I have
 smtpd_recipient_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org ....

or am I wrong with this?


-- 
Best regards
Thomas Spuhler

All of my e-mails have a valid digital signature
ID 60114E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150218/18ba561f/attachment.sig>

More information about the amavis-users mailing list