Still message quarantined as SPAM

Scappatura Rocco Rocco.Scappatura at infracom.it
Mon Oct 9 12:19:52 CEST 2017 

Hi,

I have Debian Lenny with postfix+amavisd-new+spamassassin+clamav.

I have detected that a message has been quarantined:

Sep 19 09:35:42 av7 amavis[30289]: (30289-13) Blocked SPAM {DiscardedInbound,Quarantined}, [193.109.254.106]:23755 [193.67.127.189] <bbb at other.dom> <aaa at my.dom>, quarantine: b/spam-bvFcVqwLYH_b.gz, Queue-ID: 81AA7D64C1, Message-ID: <OFD67CD6BE.3DE4AFDD-ON802581A0.0029B33C at leaseplancorp.net>, mail_id: bvFcVqwLYH_b, Hits: 8.033, size: 156725, 884 ms

But I have checked it against spamassassin:

gunzip -c b/spam-bvFcVqwLYH_b.gz | spamassassin -t

and I get:

.
.
.

Content analysis details:   (0.3 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-2.8 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                            [193.109.254.106 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
                            trust
                            [193.109.254.106 listed in list.dnswl.org]
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 1.5 BASE64_LENGTH_79_INF   BODY: base64 encoded email part uses line length
                             greater than 79 characters
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 HTML_IMAGE_ONLY_32     BODY: HTML: images with 2800-3200 bytes of words
 0.0 MISSING_MIME_HB_SEP    BODY: Missing blank line between MIME header and
                            body
 0.8 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.0 T_REMOTE_IMAGE         Message contains an external image
 2.0 TO_NO_BRKTS_HTML_IMG   To: lacks brackets and HTML and one image

So the total score is 0.3 as infact states header of quarantined email:

X-Spam-Status: No, score=0.3 required=5.0 tests=BASE64_LENGTH_79_INF,BAYES_00,
        HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIME_HB_SEP,
        MPART_ALT_DIFF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,TO_NO_BRKTS_HTML_IMG,
        T_REMOTE_IMAGE autolearn=no autolearn_force=no version=3.4.0

In amavisd configuration file I have set:

$sa_spam_subject_tag = '[Spam] ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

How the the score 8.033 of amavis is obtained? Why the message has been quarantined?

Regards,

RS

More information about the amavis-users mailing list