R: Message quarantined as SPAM

Patrick Ben Koetter p at sys4.de
Tue Jun 27 13:45:41 CEST 2017


* Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> Can anyone help me to understand?

All I can say is:

The message was quarantined, because a policy in amavis said, spam should be
quarantined. The level at which spam gets quarantined is defined in amavis.

Compared with SpamAssassin amavis uses additional rules to calculate if a
message is spam or not.

Everything else can only be told if you share configuration details.

p at rick



> 
> Regards,
> 
> RS
> 
> Da: amavis-users [mailto:amavis-users-bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Scappatura Rocco
> Inviato: venerdì 23 giugno 2017 09:40
> A: 'amavis-users at amavis.org' <amavis-users at amavis.org>
> Oggetto: R: Message quarantined as SPAM
> 
> Hello.
> 
> Here the headers:
> 
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on av8.mydomain
> X-Spam-Level: ****
> X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_08,
>         HTML_MESSAGE,IMG_DIRECT_TO_MX,MIME_HTML_MOSTLY,MPART_ALT_DIFF,
>         SHORT_HELO_AND_INLINE_IMAGE,TVD_SPACE_RATIO autolearn=no autolearn_force=no
>         version=3.4.0
> Delivered-To: spam-quarantine
> X-Envelope-To: <bbb at mydomain>
> X-Envelope-To-Blocked: <bbb at mydomain>
> X-Quarantine-ID: <zRJd9Wo5250M>
> Received: from av8.mydomain ([127.0.0.1])
>         by localhost (av8.mydomain [127.0.0.1]) (amavisd-new, port 10024)
>         with ESMTP id zRJd9Wo5250M for <bbb at mydomain>;
>         Thu, 22 Jun 2017 11:45:47 +0200 (CEST)
> Received: from aaa (unknown [xxx.yyy.zzz.uuu])
>         by av8.mydomain (Postfix) with SMTP id 8647AD5DBA
>         for <bbb at mydomain>; Thu, 22 Jun 2017 11:45:43 +0200 (CEST)
> Message-ID: <776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local<mailto:776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local>>
> From: "aaa" <aaa at example.com<mailto:aaa at example.com>>
> To: <bbb at mydomain>
> Subject: prova
> Date: Thu, 22 Jun 2017 11:30:23 +0200
> MIME-Version: 1.0
> Content-Type: multipart/related;
>         type="multipart/alternative";
>         boundary="----=_NextPart_000_0084_01D2EB4A.F00878C0"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Importance: Normal
> X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
> X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
> 
> But they don’t clarify why the messafe is blocked as SPAM and quarantined at all.
> 
> Anyone could please justify what has happened?
> 
> Regards,
> 
> RS
> 
> 
> 
> Da: amavis-users [mailto:amavis-users-bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Dominic Raferd
> Inviato: venerdì 23 giugno 2017 08:08
> A: amavis-users at amavis.org<mailto:amavis-users at amavis.org>
> Oggetto: Re: Message quarantined as SPAM
> 
> 
> 
> On 22 June 2017 at 13:13, Scappatura Rocco <Rocco.Scappatura at infracom.it<mailto:Rocco.Scappatura at infracom.it>> wrote:
> Hi,
> 
> I have Debian Lenny with postfix+amavisd-new+spamassassin+clamav.
> 
> I have detected that a message has been quarantined:
> 
> Jun 22 11:45:48 av8 amavis[22610]: (22610-11) Blocked SPAM {DiscardedOpenRelay,Quarantined}, [xxx.yyy.zzz.uuu]:50412 [xxx.yyy.zzz.uuu] <aaa at example.com<mailto:aaa at example.com>> -> <bbb at mydomain>, quarantine: z/spam-zRJd9Wo5250M.gz, Queue-ID: 8647AD5DBA, Message-ID: <776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local<mailto:776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local>>, mail_id: zRJd9Wo5250M, Hits: 6.793, size: 77514, 364 ms
> 
> But I have checked it against spamassassin:
> 
> gunzip -c z/spam-zRJd9Wo5250M.gz | spamassassin -t
> 
> and I get:
> 
> .
> .
> .
> 
> Content analysis details:   (4.1 points, 5.0 required)
> 
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  0.4 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
> -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
>                             [score: 0.0000]
>  0.8 MPART_ALT_DIFF         BODY: HTML and text parts are different
>  1.7 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
>  0.0 TVD_SPACE_RATIO        No description available.
>  1.4 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
>  1.8 IMG_DIRECT_TO_MX       No description available.
> 
> So the total score is 4,2.
> 
> In amavisd configuraton file I have set:
> 
> $sa_spam_subject_tag = '[Spam] ';
> $sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
> $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
> $sa_kill_level_deflt = 6.31; # triggers spam evasive actions
> $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
> 
> How the the score 6.793 of amavis is obtained?
> 
> ​If you look at this mail in your quarantine it should have 'X-Spam-Status' header added by amavis showing how the score was calculated.​ Amavis doesn't only use spamassassin for the calculation.
> 

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the amavis-users mailing list