R: R: R: R: Message quarantined as SPAM

Patrick Ben Koetter p at sys4.de
Tue Jun 27 15:37:04 CEST 2017


* Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> Hello.
> 
> Maybe is the line:
> 
> 50-user:$spam_quarantine_to         = 'spam-quarantine';
> 
> that has enabled quarantine..

Quite likely this line enables quarantine. In case you want to disable it:

$spam_quarantine_to = undef;


> Moreover, I have the list of 'mynetworks' defined in a mysql DB used by postfix, through the following query:
> 
> select action from access where inet_aton(ip) & inet_aton(mask) = inet_aton('%s') & inet_aton(mask) order by mask DESC limit 0,1;
> 
> Similarly, I have  the list of local domain defined in a mysql DB used by postfix, through the following query:
> 
> select domain from domain where domain='%s' and active='1';
> 
> How can I safely import these lists into amavis?

If they change frequently, add a trigger to MySQL that dumps the results to
tables. If they change only once in a while, create a script that does the
same.

Then import the lists into amavis, using the read_* methods. For example:

@local_domains_maps = (
    ".$mydomain",
    read_hash('/etc/postfix/relay_domains')                                                                                                  
);

Or for networks:

@mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };

See the RELEASE-NOTES for more information.

p at rick





> 
> Regards,
> 
> RS
> 
> 
> 
> > -----Messaggio originale-----
> > Da: amavis-users [mailto:amavis-users-
> > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Patrick Ben
> > Koetter
> > Inviato: martedì 27 giugno 2017 15:16
> > A: amavis-users at amavis.org
> > Oggetto: Re: R: R: R: Message quarantined as SPAM
> > 
> > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > Hello.
> > >
> > > Here, all what you ask for:
> > >
> > > 1) @bypass_spam_checks_maps:
> > >
> > > 15-content_filter_mode:@bypass_spam_checks_maps = (
> > >    \%bypass_spam_checks, \@bypass_spam_checks_acl,
> > > \$bypass_spam_checks_re);
> > >
> > > @spam_tag_level_maps =
> > >         ({
> > > #        'yyy at example.org' => 1.5,
> > >         '.' => 5.0,
> > >         });
> > >
> > > @spam_tag2_level_maps =
> > >         ({
> > > #        ' yyy at example.org ' => 2.0,
> > >         '.' => 6.31,
> > >         });
> > >
> > > @spam_kill_level_maps =
> > >         ({
> > > #        ' yyy at example.org ' => 2.0,
> > >         '.' => 6.31,
> > >         });
> > >
> > > 2) $final_spam_destiny:
> > >
> > > 20-debian_defaults:$final_spam_destiny       = D_DISCARD;
> > > 50-user:$final_spam_destiny       = D_DISCARD;
> > >
> > > 3) $spam_quarantine_method:
> > >
> > > 50-user:#$spam_quarantine_method         = 'sql:';
> > 
> > 
> > You have disabled quarantine in 50-user, but it is enabled somethere else. It
> > delivers messages to a file based quarantine, as your original LOG shows:
> > 
> > Jun 22 11:45:48 av8 amavis[22610]: (22610-11) Blocked SPAM
> > {DiscardedOpenRelay,Quarantined}, [xxx.yyy.zzz.uuu]:50412
> > [xxx.yyy.zzz.uuu] <aaa at example.com> -> <bbb at mydomain>, quarantine:
> > z/spam-zRJd9Wo5250M.gz, Queue-ID: 8647AD5DBA, Message-ID:
> > <776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local>, mail_id:
> > zRJd9Wo5250M, Hits: 6.793, size: 77514, 364 ms
> > 
> > The message has been save to $QUARANTINE/z/spam-zRJd9Wo5250M.gz.
> > 
> > 
> > In order to find out why the message has a different score you need to set
> > @local_domains_maps correctly, or amavis will not add the header to the
> > message.
> > 
> > Add these to 50-user, once you have setup @local_domains_maps, and
> > amavis will document the rules SA used and how they scored:
> > 
> > $allowed_added_header_fields{lc('X-Spam-Status')} = 1;
> > $allowed_added_header_fields{lc('X-Spam-Report')} = 1;
> > 
> > p at rick
> > 
> > 
> > 
> > 
> > >
> > > 4) $sa_local_tests_only:
> > >
> > > 20-debian_defaults:$sa_local_tests_only = 0;    # only tests which do not
> > require internet access?
> > > 50-user:$sa_local_tests_only = 1;    # only tests which do not require
> > internet access?
> > >
> > > 5) $sa_tag_level_deflt:
> > > 20-debian_defaults:$sa_tag_level_deflt  = 2.0;  # add spam info
> > > headers if at, or above that level
> > >
> > > 6) $sa_tag2_level_deflt:
> > > 20-debian_defaults:$sa_tag2_level_deflt = 6.31;
> > >
> > > @spam_tag2_level_maps = ({
> > > },
> > > \$sa_tag2_level_deflt,
> > > );
> > >
> > > 7) $sa_dsn_cutoff_level:
> > > 20-debian_defaults:$sa_dsn_cutoff_level = 10;   # spam level beyond
> > which a DSN is not sent
> > >
> > > 8) $sa_crediblefrom_dsn_cutoff_level:
> > >
> > > NOT DEFINED
> > >
> > > Moreover I have set:
> > >
> > > @spam_lovers_maps = ({
> > >   '.example.net'     => 1, # this domain and it's subdomains
> > > });
> > >
> > > @spam_kill_level_maps = ({
> > >   '.example.net'     => 9999,
> > > },
> > > \$sa_kill_level_deflt,
> > > );
> > >
> > > Regards,
> > >
> > > RS
> > >
> > > > -----Messaggio originale-----
> > > > Da: amavis-users [mailto:amavis-users-
> > > > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di
> > > > bounces+Patrick Ben
> > > > Koetter
> > > > Inviato: martedì 27 giugno 2017 14:01
> > > > A: amavis-users at amavis.org
> > > > Oggetto: Re: R: R: Message quarantined as SPAM
> > > >
> > > > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > > > Thank you Patrick.
> > > > >
> > > > > What configuration you need, in particular?
> > > >
> > > > Lets start with this and LOG that shows the incident you need to
> > research:
> > > >
> > > > @bypass_spam_checks_maps
> > > > $final_spam_destiny
> > > > $spam_quarantine_method
> > > > $sa_local_tests_only
> > > > $sa_tag_level_deflt
> > > > $sa_tag2_level_deflt
> > > > $sa_dsn_cutoff_level
> > > > $sa_crediblefrom_dsn_cutoff_level
> > > >
> > > > p at rick
> > > >
> > > >
> > > > --
> > > > [*] sys4 AG
> > > >
> > > > https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße
> > > > 26/MG,80333 München
> > > >
> > > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > > > Aufsichtsratsvorsitzender: Florian Kirstein
> > > >
> > 
> > --
> > [*] sys4 AG
> > 
> > https://sys4.de, +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> > 
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > Aufsichtsratsvorsitzender: Florian Kirstein
> > 

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the amavis-users mailing list