Spam sneaking in.

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Sep 12 22:26:22 CEST 2019 

>>>On 8/6/19 5:51 PM, Bob D wrote:
>>>>root at M1-2:~# grep -Fr '$sa_local_tests_only' /etc/amavis/conf.d
>>>>/etc/amavis/conf.d/20-debian_defaults:$sa_local_tests_only = 
>>>>0;    # only tests which do not require internet access?
>>>>root at M1-2:~#
>>>>
>>>>I assume 0 = false
>>>>This one was in a bunch in today,
>>>>X-Spam-Flag: NO
>>>>X-Spam-Score: 0.311
>>>>X-Spam-Level:
>>>>X-Spam-Status: No, score=0.311 required=4 tests=[BAYES_99=3.5,
>>>>    DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
>>>>    DKIM_VALID_EF=-0.1, DKIM_VERIFIED=-3, HTML_MESSAGE=0.001,
>>>>    T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
>>>>
>>>>Here is the replay to:
>>>>Reply-To:lowtestosterone.treatment at colubiastruts.com
>>>>0.311 ?

>>On 06.08.19 18:20, Bob D wrote:
>>>Here is the amavis debug of the above mail at receive.
>>>https://pastebin.com/kHY09Bim

>On 8/9/19 5:34 AM, Matus UHLAR - fantomas wrote:
>>50_scores.cf:score DKIM_VERIFIED 0
>>
>>why/where did you set DKIM_VERIFIED score to -3?

On 12.09.19 11:36, Bob D wrote:
>Was a fight to find where this was and decided that spam I was 
>receiving was getting DKIM verified so what  is the value of DKIM ?
>I disabled it as it appeared to be worthless.

funny that wou ask this immediately before my text explaining what is DKIM
for... again:

DKIM says that sender is not fake, and it was not modified on the way from
sender to you.  It does not say that the mail is or is not spam, just as
someone's signature on a paper does not prove that text on the paper is true
or false.

the info can be further user for whitelisting some domains, but you
definitely should not whitelist everyone, DKIM or not.

>>DKIM_VERIFIED only confirms that the message was sent from proper server,
>>it says nothing about hamminess.  nearly all yahoo/gmail/hotmail spam has
>>DKIM_VERIFIED.
>>
>>maybe you are early recipient, and maybe you don't have supporting
>>software for network checks like razor, pyzor and dcc installed.  They
>>help much.

>I do have razor, pyzor and dcc installed and functioning as far as I 
>could tell.

if you get DCC_CHECK, PYZOR_CHECK and RAZOR2_CHECK in spam logs, they work.

>I reinstalled just to be sure, no avail.
>Was still getting spam, only 99% was getting caught.

do you mean, 99% of our spam has been caught? That's perfect result.
there will alwaye be some spam sneaking in (if anyone could create a
solution that catches 100% of spam  and no ham, we'd all use it and spam
wouldn't exist anymore).

you only can train and report further, so any changes in spam 
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.

More information about the amavis-users mailing list