[AMaViS-user] Improve SA behaviour
This is a discussion on [AMaViS-user] Improve SA behaviour within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Hi folks, I use Amavisd-new with ClamAV and Spamassassin in CentOS+Postfix environment. Recently I've seen some spam ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-05-2007
|
|||
|
|||
[AMaViS-user] Improve SA behaviour
Hi folks,
I use Amavisd-new with ClamAV and Spamassassin in CentOS+Postfix environment. Recently I've seen some spam mails have passed through Amavisd-new filter without problems. I wonder exactly why and how these mails have done it. First of all I've modify the $log_level configuration variable to high value (5) in amavis.conf file to extract more info. The headers of one junk mail are the next: Return-Path: <rosemarry_van@poczta.pf.pl> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on KarlPC.Demmedio X-Spam-Level: * X-Spam-Status: No, score=3D1.9 required=3D5.0 tests=3DAWL,UNCLAIMED_MONEY autolearn=3Dno version=3D3.1.8 X-Original-To: karlggest@opengea.org Delivered-To: karlggest@opengea.org Received: from localhost (tartarus [127.0.0.1]) by mail (Intergrid MailServer) with ESMTP id 0374ED50283 for <karlggest@opengea.org>; Fri, 3 Aug 2007 18:17:49 +0200 (CEST) X-Virus-Scanned: amavisd-new at opengea.org Received: from mail ([127.0.0.1]) by localhost (tartarus.opengea.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhwwDFKkot72 for <karlggest@opengea.org>; Fri, 3 Aug 2007 18:17:48 +0200 (CEST) Received: from mx-out.strefa.interia.pl (mx-out.strefa.interia.pl [217.74.66.53]) by mail (Intergrid MailServer) with ESMTP id 9AE7FD50278 for <karlggest@opengea.org>; Fri, 3 Aug 2007 18:17:48 +0200 (CEST) Received: by scol3.st.interia.pl (Postfix, from userid 1235) id 265D73EFDC; Fri, 3 Aug 2007 18:17:47 +0200 (CEST) Received: from mx.strefa.interia.pl (mx-out.strefa.interia.pl [217.74.66.59]) by scol3.st.interia.pl (Postfix) with ESMTP id D91893E29F; Fri, 3 Aug 2007 18:17:44 +0200 (CEST) Received: by mx.strefa.interia.pl (Postfix, from userid 65534) id AEC0A3EB8; Fri, 3 Aug 2007 18:17:44 +0200 (CEST) Received: from new.st.interia.pl (new.st.interia.pl [217.74.66.42]) by system.wewnetrzny (Postfix) with ESMTP id 68588F0; Fri, 3 Aug 2007 18:17:44 +0200 (CEST) Date: 03 Aug 2007 18:17:44 +0200 From: rosemarry_van <rosemarry_van@poczta.pf.pl> Subject: File For Claim Of Fund. To: rosemarry_van@poczta.pf.pl MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=3DISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE X-EMID:e6740acc X-ORIGINATE-IP:24.132.107.23 Organization: INTERIA.PL S.A. Message-Id: <20070803161744.68588F0@mx.strefa.interia.pl> X-Length: 5685 X-UID: 24 <SPAM BODY DATA HERE> The more unpleasant thing is the junk mails are sended to ALL users in my domains. =BFAny clues to improve SA effectivity? Maybe I should to set up required_hits variable value lower than current value (5) in the local.cf spamassassin conf file... ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
