[AMaViS-user] Amavis still passing identified spam
This is a discussion on [AMaViS-user] Amavis still passing identified spam within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; I have an amavis problem that's driving me nuts. Spam is being identified in the logs appropriately, but amavis ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2007
|
|||
|
|||
[AMaViS-user] Amavis still passing identified spam
I have an amavis problem that's driving me nuts.
Spam is being identified in the logs appropriately, but amavis still passes it, so I get a copy sent to the spam quarantine address, but also the original message is delivered without any headers added or the subject altered. The setup is freebsd, most current amavisd-new, current postfix. Once postfix is done with the messages it forwards to a qmail instance on the same box for local delivery. Relevant amavis config entries: @local_domains_maps = ( <set to my domains $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_PASS; $spam_quarantine_to = 'spam\@mydomain.com'; @spam_lovers_maps = ( 'spam\@mydomain.com' ); $sa_spam_modifies_subj = 'true'; $sa_tag_level_deflt = 1.0; #$sa_tag2_level_deflt = 2.0; $sa_kill_level_deflt = 2.4; $sa_dsn_cutoff_level = 3; $sa_quarantine_cutoff_level = 200; An email comes in, SA processes, leaves an entry like so: Feb 16 14:39:34 host amavis[61828]: (61828-06) SPAM, <aycy@barrault-recherche.com> -> <announce-unsubscribe@oneofmymydomains.com>, Yes, score =8.206 tag=1 tag2=x kill=2.4 tests=[EXTRA_MPART_TYPE=0.815, HELO_DYNAMIC_DIALIN=2.08, HTML_MESSAGE=0.001, MY_CID_AND_ARIAL2=0.65, MY _CID_AND_CLOSING=0.9, MY_CID_AND_STYLE=0.71, MY_CID_ARIAL2_CLOSING=1.25, MY_CID_ARIAL_STYLE=1.05, SARE_GIF_ATTACH=0.75], autolearn=n o, quarantine 46YxBtP8cN-O (spam@mydomain.com) Then: Feb 16 14:39:34 host amavis[61828]: (61828-06) FWD via SMTP: <aycy@barrault-recherche.com> -> <announce-unsubscribe@oneofmydomains.com>, 25 0 2.6.0 Ok, id=61828-06, from MTA([xx.xx.xx.xx]:25): 250 ok 1171654774 qp 65075 and Feb 16 14:39:35 host amavis[61828]: (61828-06) Passed SPAM, [84.163.88.231] [28.39.65.136] <aycy@barrault-recherche.com> -> <announce-unsubscribe@oneofmydomains.com>, quarantine: spam@mydomain.com, Message-ID: <000501c751ff$2f5ddf60$8841271c@mdtis>, mail_id: 46YxBtP8cN-O, Hits: 8.206, queued_as: 250 ok 1171654774 qp 65075, 22908 ms Feb 16 14:39:35 host postfix/smtp[65052]: 129B5B86C: to=<announce-unsubscribe@oneofmydomains.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1280, delays=1257/0/0.01/23, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=61828-06, from MTA([xx.xx.xx.xx]:25): 250 ok 1171654774 qp 65075) So a copy goes to the quarantine address, spam@mydomain. But the unaltered original is also delivered. Quite frustrating. Any ideas on where I could look to fix this? -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
