Pflogsumm emails through amavisd and SA hitting BAYES_99

Peter Santiago vanyell2001 at
Fri Apr 28 13:54:19 CEST 2017

Create a two instance postfix setup.. the localhost instance handles the
pflogsumm emails

On Apr 28, 2017 19:44, "Simon Wilson" <simon at> wrote:

----- Message from Dominic Raferd <dominic at> ---------
   Date: Fri, 28 Apr 2017 11:55:03 +0100
   From: Dominic Raferd <dominic at>
Subject: Re: Pflogsumm emails through amavisd and SA hitting BAYES_99
     To: amavis-users at

On 28 April 2017 at 11:34, Simon Wilson <simon at> wrote:
> Hi all,
>> I have pflogsumm running log summaries on my postfix install, and sending
>> to an address that resolves locally. All is on localhost, which is a newly
>> installed CentOS7 server, amavisd-new 2.10.1 from EPEL.
>> The pflogsumm emails from root are triggering BAYES_99 as they go through
>> amavisd-new and spamassassin, and are often ending up marked as spam.
>> What's the best way to ensure that those are not flagged as spam, or
>> potentially to whitelist them somehow?
> You can whitelist sender addresses, would this solve your problem? I have
> these lines in /etc/amavis/conf.d/50-user​:
> read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
> @whitelist_sender_maps = (\%whitelist_sender);
>     bypass_spam_checks_maps   => ['@whitelist_sender_maps'],  # don't
> spam-check this mail
>     bypass_banned_checks_maps => ['@whitelist_sender_maps'],  # don't
> banned-check this mail
>     bypass_header_checks_maps => ['@whitelist_sender_maps'],  # don't
> header-check this mail
> File /etc/amavis/whitelist contains a line-by-line list of whitelisted
> addresses. To whitelist a whole domain, just precede with a dot. Examples:
> fred at
> HTH, Dominic

----- End message from Dominic Raferd <dominic at> -----

Thanks Dominic... it seems like a bit of a 'sledgehammer' to whitelist a
sender address, when sender addresses can be spoofed. Perhaps I'm being
paranoid :) Keen to hear feedback on that (the approach, not whether I am
paranoid :) ).

One thing I just noticed is that pflogsumm emails are dropped into Postfix
(and thence into Amavisd) via postfix/pickup not postfix/smtpd. I wonder if
there is a way there to mark emails from localhost root that are fed into
postfix/pickup as being not spam-checked.


Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the amavis-users mailing list