<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Time difference between amavisd-new and spamassassin checks are +30 minutes.<div><br></div><div>I don't reject spam, spam is set to be discarded:</div><div><br></div><div><div>$final_virus_destiny = D_DISCARD;</div><div>$final_banned_destiny = D_BOUNCE;</div><div>$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT</div><div>$final_bad_header_destiny = D_BOUNCE;</div></div><div><br></div><div>~amavis/.spamassissin contains:</div><div><div>-rw------- 1 amavis amavis 40960 Aug 27 07:45 bayes_seen<br></div><div>-rw------- 1 amavis amavis 1310720 Aug 27 07:45 bayes_toks</div><div>-rw-r--r-- 1 amavis amavis 1869 Aug 16 13:23 user_prefs</div></div><div><br></div><div>The user_prefs is just a sample file with only commented/blank lines</div><div><br></div><div><div>$ ls -lh /etc/amavisd/</div><div>total 88K</div><div>-rw-r--r-- 1 root root 37K Aug 22 12:22 amavisd.conf</div><div>-rw-r--r-- 1 root root 37K Jul 19 12:32 amavisd.conf.rpmsave</div><div>-rw-r--r-- 1 root root 19 Jul 5 2016 sender_scores_sitewide</div><div>-rw-r--r-- 1 root root 95 Jul 21 2018 whitelist_sender</div></div><div><br></div><div>sender_scores_sitewide contains one specific domain with score -5.0 to prevent mail from that domain to be accidentally identified as spam.</div><div>whitelist_sender contains my logwatch sender to prevent my logwatch reports to be seen as spam.</div><div><br></div><div>Approximately a month ago I uninstalled both amavisd-new and spamassassin en reinstalled both packaged again to get the most default config as possible. I changed $mydomain as well as the $syslog_facility to get the debug logs in a separate log.</div><div><br></div><div>Best regards,</div><div><br></div><div>Lambert</div><div><br></div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Op ma 26 aug. 2019 om 15:50 schreef Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">>> On 16.08.19 13:51, Lambert Rots wrote:<br>
>> >Did you get a solution for the issue about spam sneaking in? I think I<br>
>> >have the same issue about spam being scored differently between<br>
>> >spamassassin and amavisd-new.<br>
<br>
>Op zo 18 aug. 2019 om 11:59 schreef Matus UHLAR - fantomas <<br>
><a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>:<br>
>> did you also change the DKIM_VERIFIED score to -3?<br>
>> If not, you don't have the same issue.<br>
<br>
On 26.08.19 11:22, Lambert Rots wrote:<br>
>Sorry for the delayed response, I was first debugging/fetching logs for a<br>
>few days...<br>
><br>
>No I did not change the DKIM_VERIFIED score so apparently I have a<br>
>different issue ;-)<br>
<br>
>> >It looks like DNS blacklist checks are not scored as most spam is found<br>
>> >on blacklists when parsing the mail through spamassassin but debugging<br>
>> >amavisd-new shows that DNS checks are being performed.<br>
>><br>
>> this is also a different issue. Many sites and webs get into blacklist<br>
>> after the spam starte spreading, so first (early) recipients don't see<br>
>> the mail in blacklist, while late recipients or later checks shows<br>
>> blacklists.<br>
<br>
>Comparing debug logs between Amavisd-new (debug-sa) and spamassassin<br>
>directly shows that blacklist checks score 0 with NXDOMAIN replies when the<br>
>mail arrives the first time where spamassassin scores +3 with several hits<br>
>on blacklist checks.<br>
<br>
this shows early recipient issue. What's the time difference<br>
between amavis and spamassassin checks?<br>
Are there any differences in rules hit than blacklits?<br>
<br>
>I just cannot imagine that all spam I receive is early recipient based,<br>
<br>
do you reject any spam?<br>
<br>
>besides, postfix is already taking care of most blacklist checking.<br>
<br>
postfix does only check blacklists on direct sending machine. SA does deep<br>
header checks, which is why SA blacklist checks have more hits than postfix.<br>
<br>
>Most spam mail is coming from the same email domains, share the same<br>
>subject and a lot of other stuff on which amavisd-new should be able to<br>
>identify it as spam. Bayes scores some mail but not all.<br>
<br>
train what you can. bayes training is one the best antispam tools available.<br>
<br>
>Spam senders try a lot to bypass anti spam but in my opinion amavisd-new<br>
>should be able to do better than marking less than 1 percent of spam mail<br>
>as spam.<br>
<br>
what does ~amavis/.spamassassin contain?<br>
what does /etc/amavis/conf.d/ contain?<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
If Barbie is so popular, why do you have to buy her friends?<br>
</blockquote></div>