1 (edited by bilaskill 2013-07-24 02:50:40)

Topic: Gmail.com amavis score

======== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.4
- Related log if you're reporting an issue:
====

Hello,

From maillog:
amavis[13130]: (13130-02) Passed CLEAN, LOCAL [209.85.128.48] [209.85.128.48] <xxx@gmail.com> -> <xxx@my_domain.tld>, Message-ID: <CABm=rkAZ9mM72uyPa8f6EarfQwWE1cZ9hKDWyAaqAEGyrjQWHQ@mail.gmail.com>, mail_id: 4aD0SLWeKwHP, Hits: -99.525, size: 2052, queued_as: B419A81AE2, dkim_id=@gmail.com, 16409 ms

Fresh install.
Why its gmail.com geting this score, marked with red in log.

2

Re: Gmail.com amavis score

I have this problem on 6 different servers from 3 different locations.
All of them, fresh install.
Please don't tell me nobody have this problem...

3

Re: Gmail.com amavis score

Do you have DKIM/SPF related score setting in SpamAssassin config file (/etc/mail/spamassassin/local.cf)?

4

Re: Gmail.com amavis score

No extra setting in /etc/mail/spamassassin/local.cf.
No whitelist, no blacklist, just default install.

5

Re: Gmail.com amavis score

bilaskill wrote:

No extra setting in /etc/mail/spamassassin/local.cf.
No whitelist, no blacklist, just default install.

Show us full content of local.cf please.

6

Re: Gmail.com amavis score

required_score      5.0
rewrite_header      subject [ SPAM ]
report_safe         0
lock_method         flock
use_bayes          1
bayes_auto_learn   1
bayes_auto_expire  1
score ALL_TRUSTED -10.000
score URIBL_AB_SURBL 0 0.3306 0 0.3812
score URIBL_JP_SURBL 0 0.3360 0 0.4087
score URIBL_OB_SURBL 0 0.2617 0 0.3008
score URIBL_PH_SURBL 0 0.2240 0 0.2800
score URIBL_SBL 0 0.1094 0 0.1639
score URIBL_SC_SURBL 0 0.3600 0 0.4498
score URIBL_WS_SURBL 0 0.1533 0 0.2140
loadplugin     Mail::SpamAssassin::Plugin::SPF
spf_timeout         5
whitelist_from_spf      *@126.com *@163.com
whitelist_from_spf      *@sina.com *@sohu.com *@tom.com
whitelist_from_spf      *@live.com *@hotmail.com
ok_locales          all

This is it (without # lines).

7

Re: Gmail.com amavis score

Any news?

8

Re: Gmail.com amavis score

There's no Gmail related settings in local.cf. We still don't know why it has score -99.525. Please try to decrease '$sa_tag_level_deflt' in Amavisd config file (for example, -1000), so that Amavisd will always insert 'X-Spam-*' headers, then we can know why new spam emails have low scores.

P.S. Please remove below lines in this file. It's configured by iRedMail by default, but it's not good. Restarting Amavisd service is required.

whitelist_from_spf      *@126.com *@163.com
whitelist_from_spf      *@sina.com *@sohu.com *@tom.com
whitelist_from_spf      *@live.com *@hotmail.com

9

Re: Gmail.com amavis score

Removed from file ->

whitelist_from_spf      *@126.com *@163.com
whitelist_from_spf      *@sina.com *@sohu.com *@tom.com
whitelist_from_spf      *@live.com *@hotmail.com

With '$sa_tag_level_deflt' = -1000 i have:

amavis[18954]: (18954-01) Passed CLEAN, LOCAL [209.85.216.53] [209.85.216.53] <xxx@gmail.com> -> <xxx@my_domain.tld>, Message-ID: <CABm=rkBo2ZYad9ZG_Uu=LHoNadyv8uO7BrXxVng5jEgJkFQz4g@mail.gmail.com>, mail_id: FQN7su5MVHvS, Hits: 0.476, size: 2054, queued_as: A5EFF81ADE, dkim_id=@gmail.com, 17732 ms

Score now its ok... but original question remains: why its gmail.com getting original score of -99.xxx?

10

Re: Gmail.com amavis score

bilaskill wrote:

but original question remains: why its gmail.com getting original score of -99.xxx?

You have to check mail header.

11

Re: Gmail.com amavis score

Return-Path: <xxx@gmail.com>
Delivered-To: xxx@my_domain.tld
Received: from localhost (mail.my_domain.tld [127.0.0.1])
    by mail.my_domain.tld (Postfix) with ESMTP id 40A7D824B8
    for <xxx@my_domain.tld>; Tue, 23 Jul 2013 14:48:57 +0300 (EEST)
X-Virus-Scanned: amavisd-new at mail.my_domain.tld
Received: from mail.my_domain.tld ([127.0.0.1])
    by localhost (mail.my_domain.tld [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id DxxOYFAu5k-6 for <xxx@my_domain.tld>;
    Tue, 23 Jul 2013 14:48:56 +0300 (EEST)
Received: from mail-qc0-f171.google.com (unknown [209.85.216.171])
    by mail.my_domain.tld (Postfix) with ESMTPS id A4744823E6
    for <xxx@my_domain.tld>; Tue, 23 Jul 2013 14:48:55 +0300 (EEST)
Received: by mail-qc0-f171.google.com with SMTP id n1so4215223qcw.2
        for <xxx@my_domain.tld>; Tue, 23 Jul 2013 04:48:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=asKijpAdv6hT0T7U0tn9N91zss1LMYAf5Q1df4uYoMY=;
        b=DVZOXcxY/HtI4A+e2x3MinIBqjD/n5EgRAZU64Yc2gQkS1i9svWZKiFsFkJuAMtgsN
         kZO35tGaMOeDCYym+UXP2E7hkPdUfBwJpEodKC/B0YPFndQ8wYmTwBTTZPOi7aOlmy0G
         BAftJhml6swlsPrRPBJXBbV12n7viY3T+Bp0fzvUM9+0PNpvSK+EpDBYoB3d5Hhg/1f4
         W+xCM0/1F6DsmjJjVKYzJ/FSkHHWROMGGeage8wti1XjBLFD45JTsJ2A3dud2g+c/q7v
         ZBAhwiUiYKszXPIpRYDG4nerJ5hIyqmlZvBUCJWi2qcUTEvi6GL/mo5IBEh+s44LE9Go
         v8Eg==
MIME-Version: 1.0
X-Received: by 10.49.58.134 with SMTP id r6mr8717118qeq.27.1374580133945; Tue,
 23 Jul 2013 04:48:53 -0700 (PDT)
Received: by 10.49.28.138 with HTTP; Tue, 23 Jul 2013 04:48:53 -0700 (PDT)
Date: Tue, 23 Jul 2013 14:48:53 +0300
Message-ID: <CABm=rkAcv9kq7812hzNwjWT0XLKpEOr16V2MOAgvwMy6vp+Jpw@mail.gmail.com>
Subject: test
From: XXX <xxx@gmail.com>
To: xxx@my_domain.tld
Content-Type: multipart/alternative; boundary=047d7b6dd1329968b604e22c60ab

--047d7b6dd1329968b604e22c60ab
Content-Type: text/plain; charset=ISO-8859-1

test

--047d7b6dd1329968b604e22c60ab
Content-Type: text/html; charset=ISO-8859-1

<div dir="ltr">test<br></div>

--047d7b6dd1329968b604e22c60ab--

12

Re: Gmail.com amavis score

Is this the email marked "Hits: -99.525" by Amavisd? It doesn't contains 'X-Spam-*' related headers, so we cannot figure it out.

13

Re: Gmail.com amavis score

Yes, this is the mail.
Header of this mail its before i switched to '$sa_tag_level_deflt' = -1000 (default install setting its -2) so that's why its no X-Spam Header.

Header after '$sa_tag_level_deflt' = -1000

Return-Path: <xxx@gmail.com>
Delivered-To: xxx@my_domain.tld
Received: from localhost (localhost [127.0.0.1])
    by mail.my_domain.tld (Postfix) with ESMTP id A5EFF81ADE
    for <xxx@my_domain.tld>; Fri, 26 Jul 2013 17:05:44 +0300 (EEST)
X-Virus-Scanned: amavisd-new at mail.my_domain.tld
X-Spam-Flag: NO
X-Spam-Score: 0.476
X-Spam-Level: 
X-Spam-Status: No, score=0.476 tagged_above=-1000 required=6.2
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
    RDNS_NONE=1.274, SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001] autolearn=no
Authentication-Results: mail.my_domain.tld (amavisd-new); dkim=pass
    header.i=@gmail.com
Received: from mail.my_domain.tld ([127.0.0.1])
    by localhost (mail.my_domain.tld [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id FQN7su5MVHvS for <xxx@my_domain.tld>;
    Fri, 26 Jul 2013 17:05:27 +0300 (EEST)
Received: from mail-qa0-f53.google.com (unknown [209.85.216.53])
    by mail.my_domain.tld (Postfix) with ESMTPS id 9CA2181A80
    for <xxx@my_domain.tld>; Fri, 26 Jul 2013 17:05:25 +0300 (EEST)
Received: by mail-qa0-f53.google.com with SMTP id hu14so428479qab.5
        for <xxx@my_domain.tld>; Fri, 26 Jul 2013 07:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=J5U5DNeaHnTi2ACmui1jiOgxZJM6vciYxkMKLHmkh9U=;
        b=09Nx9Oqgohf+2z8pXKZCtRWP73F8RMtI109TcgTCep7Qi0l3c8BIZTZgYZz/SOihwM
         EzCkGdWtyyWUs1Sn5uedpiJS+GV0a++oMDp5UdCWzOLkxtctYMf0mTa+I7Y8XYSDjm3h
         EioSnq3jYEQpaM9Q16Wtw6xtzFrJoLntJ82sbsmqLJgVdOMMA1oXz6xp5C5rv4sFqCYE
         0bzjpNu+E2bjS7vTAKb/XcWfy1xk/sqJO0gEEKGpOL8K6Omm1tdSJW6S3NzsllvgF3Wn
         hvSN4YfMNOkKxLsFJq73Cb4LoHQrmDtbmpM2CLNIK497Y322bSGBZEKyQFsb5A8cEZJh
         W/sQ==
MIME-Version: 1.0
X-Received: by 10.49.13.66 with SMTP id f2mr54034017qec.81.1374847741443; Fri,
 26 Jul 2013 07:09:01 -0700 (PDT)
Received: by 10.49.28.138 with HTTP; Fri, 26 Jul 2013 07:09:01 -0700 (PDT)
Date: Fri, 26 Jul 2013 17:09:01 +0300
Message-ID: <CABm=rkBo2ZYad9ZG_Uu=LHoNadyv8uO7BrXxVng5jEgJkFQz4g@mail.gmail.com>
Subject: TEST
From: XXX <xxx@gmail.com>
To: "xxx@my_domain.tld" <xxx@my_domain.tld>
Content-Type: multipart/alternative; boundary=047d7b677fac3fc3a604e26aafe8

--047d7b677fac3fc3a604e26aafe8
Content-Type: text/plain; charset=ISO-8859-1

17:10

--047d7b677fac3fc3a604e26aafe8
Content-Type: text/html; charset=ISO-8859-1

<div dir="ltr">17:10<br></div>

--047d7b677fac3fc3a604e26aafe8--

14

Re: Gmail.com amavis score

Amavisd shows how it makes decision:

X-Spam-Status: No, score=0.476 tagged_above=-1000 required=6.2
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
    RDNS_NONE=1.274, SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]

15

Re: Gmail.com amavis score

So... why its not '$sa_tag_level_deflt' = -1000 default on fresh install, if this is the answer to gmail.com negative high score?