tuning the interface between amavis and a list manager

Cedric Knight cedric at gn.apc.org
Fri Mar 25 15:01:14 CET 2016 

On 23/03/16 19:00, Miles Fidelman wrote:
> I'm running postfix, amavis-d, and spamassassin in conjunction with a
> list manager (sympa).  I keep the detection threshold relatively high in
> order to avoid false positives on business related mail (also handled on
> the server) - but I'm wondering if there's an easy way to set a
> different threshold for rejecting mail to lists.
> 
> Can anybody suggest an easy place and mechanism for intercepting mail
> destined for the server and rejecting based on the spamassassin score?

I see you had a reply on users at spamassassin.apache.org.  A lower
rejection threshold probably is a common requirement if you have
unmoderated lists and want to avoid spam ever getting through, or
moderated ones where the moderators just get tired of moderating spam.

IMHO the amavisd-new way of doing this is adding something to the config
like:

@spam_kill_level_maps = (
    new_RE(
       [qr'-(?:l|list|subscribe|join|request)?\@'i => 3.0],
       [qr'\blists\.'i => 3.0],
    ),
    read_hash("/var/amavis/thresholds"),
    \$sa_kill_level_deflt);

The last line includes the default 'kill' level that you have at the
moment.  The amavis new_RE() expression sets the kill level for local
parts ending -l or using a 'lists' subdomain.  With luck your recipient
list addresses follow such a pattern.

/var/amavis/thresholds is an alternative way of doing it, where that
file is a table with individual email addresses or domains on the
left-hand side, and the threshold score to trigger the
final_spam_destiny on the right.  The drawback of this is that it
requires amavis configuration to be reloaded when the list of addresses
changes.

A third method, to try to avoid additional config files and not tested,
might be to instead add \%sa_kill_level to the maps, and run something like:
  my %sa_kill_level;
  map { s/://; $sa_kill_level{lc($_)}=2.5 } ( keys
%{read_hash('/home/sympa/etc/sympa_aliases')} );
But read_hash() probably does too much validation, and you need to write
code to read and parse the file yourself.

For more information, see
https://www.ijs.si/software/amavisd/README.lookups.txt.

HTH

CK

More information about the amavis-users mailing list