Re: [AMaViS-user] spam in inbox

boricua wrote:

> below is sample of what i mean, i modified my amavis.conf to discfard bad headers, but if i dont do that this email which is spam would make it to inbox
> how do i know which headers are added by my server?
> shouldd the spam status local trigger the spam chk?

> Return-Path: <>
> Delivered-To: bad-header-quarantine
> X-Envelope-From: <Debbie.Morrow(a)evolvefish.com>
> X-Envelope-To: <boricua(a)localhost.is-a-geek.org>
> X-Quarantine-Id: <badh-20050807-101506-06734-02>
> Received: from localhost (localhost [127.0.0.1])
> by pepino.is-a-geek.org (Postfix) with ESMTP id 1B92310153
> for <boricua(a)localhost>; Sun, 7 Aug 2005 10:15:06 -0400 (EDT)
> Received: from pop.acecape.com [66.114.74.15]
> by localhost with POP3 (fetchmail-6.2.5.2)
> for boricua(a)localhost (single-drop); Sun, 07 Aug 2005 10:15:06 -0400 (EDT)
> Received: from mail2.acecape.com ([unix socket])
> by mail2 (Cyrus v2.1.17) with LMTP; Sun, 07 Aug 2005 10:12:57 -0400
> X-Sieve: CMU Sieve 2.2
> Received: from mail1.acecape.com (mail1.acecape.com [66.114.74.12])
> by mail2.acecape.com (8.12.11/8.12.11) with ESMTP id j77ECuCD030978;
> Sun, 7 Aug 2005 10:12:56 -0400
> Received: from 66.114.74.12 ([87.48.116.95])
> by mail1.acecape.com (8.12.11/8.12.11) with SMTP id j77EBLWc028658;
> Sun, 7 Aug 2005 10:12:25 -0400
> Received: from mail.diedrich.com ([87.48.116.95])
> by localhost.localdomain (8.12.10/8.12.10) with ESMTP id j6SJqn9x015260
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=YES check=POSITIVE)
> for <rroman(a)acedsl.com>; Sun, 07 Aug 2005 07:12:07 -0800
> Message-Id: <6.0.0.22.0..(a)pound.diedrich.com>
> X-Sender: Debbie.Morrow(a)evolvefish.com
> X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
> X-PGP: ==fWratVHfTWK (AES-256)
> X-Authentic: MATCH
> Date: Sun, 07 Aug 2005 07:12:07 -0800
> To: rroman(a)acedsl.com, rrood(a)acedsl.com, rrossi(a)acedsl.com,
> rrp8(a)acedsl.com
> From: "Jennie Frye" <Debbie.Morrow(a)evolvefish.com>
> Subject: FXXnd XffXrdablX cXggXXzz!kxquu
> Mime-Version: 1.0
> X-Badrcpts-Local: 3
> X-Spam-Status-Local: Yes (176/50)
> X-Spam-Report: BAYES_01,FORGED_MUA_EUDORA,LOCAL_BADHELO_1,LOCAL_B ADHELO_2,LOCAL_BADPTR_1,LOCAL_BADRCPT_3,RAZOR2_CF_ RANGE_51_100,RAZOR2_CHECK,SUBJ_ILLEGAL_CHARS

> X-Amavis-Alert: BAD HEADER Improper folded header field made up entirely of whitespace in message header 'X-Spam-Report': \t

I had buricua send me his amavisd.conf. Here are the parts relevant to
this thread:

$mydomain = 'pepino.is-a-geek.org'; # a convenient default for other settings
$MYHOME = '/var/amavis'; # a convenient default for other settings
$QUARANTINEDIR = '/var/virusmails';
@local_domains_maps = ( [".$mydomain"] );
$sa_tag_level_deflt = 2.0;
$sa_tag2_level_deflt = 6.31;
$sa_kill_level_deflt = 6.31;
$sa_dsn_cutoff_level = 10;
$sa_local_tests_only = 0;
$sa_spam_subject_tag = '***SPAM*** ';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_DISCARD;

Amavisd-new is located on pepino.is-a-geek.org.

So, buricua, an email addressed to someone at localhost.is-a-geek.org
will not get headers rewritten by amavisd-new because the mail is not
considered local. To be considered local, it must be listed in
@local_domain_maps. You have:
@local_domains_maps = ( [".$mydomain"] );
..$mydomain will translate to .pepino.is-a-geek.org
The mail is addressed to either boricua(a)localhost or
boricua(a)localhost.is-a-geek.org, so they do not match.

I believe the headers you are seeing are written by
one of the other servers in the list of servers that this message
passed through.

$mydomain = 'pepino.is-a-geek.org';
needs to be:
$mydomain = 'is-a-geek.org';

You can add as many domains you would like to @local_domains_maps.
@local_domains_maps = ( [".$mydomain"] ["localhost"] [".despiertapr.com"] );

I would also change:
$sa_tag_level_deflt = 2.0;
to:
$sa_tag_level_deflt = undef;

so YOUR amavisd-new will create a X-Spam-Report report on every mail, spam or not.

Gary V



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/