1

Topic: not filters spam any more.

Hi all,

i had installed iredmail 2 weeks ago and i used it for testing with one domain. my spam control was working perfectly. i edited sieve to move spam mails to junk folder. it worked for me too. everything was fine.

last week i finished testing and started to use this mail server. i'd added 4-5 domains, 40-40 mailboxes. and i'm sure i did not change any configuration parameters. 3 days ago i realized that spam mails are not caught. take a look at spamd status and it was stopped. and then i had started it manually but nothing changed. still my server does not catch spam mails.

what can i do?

thx in advance.

2

Re: not filters spam any more.

The latest iRedMail (-0.6.1) uses Dovecot-1.1.x by default, when user has a custom mail filter rule, global rule will be ignored. So you have to upgrade dovecot to 1.2.x, set your global sieve rule in "sieve_before" or "sieve_after", then it should work as expected.

Reference:
- wiki: Upgrade dovecot from 1.1.x to 1.2.x: http://iredmail.org/wiki/index.php?titl … 1.1.to.1.2
- Dovecot wiki: http://wiki.dovecot.org/LDA/Sieve/Dovecot

3 (edited by gzhn 2010-11-25 16:43:08)

Re: not filters spam any more.

ZhangHuangbin wrote:

The latest iRedMail (-0.6.1) uses Dovecot-1.1.x by default, when user has a custom mail filter rule, global rule will be ignored. So you have to upgrade dovecot to 1.2.x, set your global sieve rule in "sieve_before" or "sieve_after", then it should work as expected.

Reference:
- wiki: Upgrade dovecot from 1.1.x to 1.2.x: http://iredmail.org/wiki/index.php?titl … 1.1.to.1.2
- Dovecot wiki: http://wiki.dovecot.org/LDA/Sieve/Dovecot

but it was filtering after i changed sieve rule.

btw all i did was commenting out a line that was written in sieve before.

4

Re: not filters spam any more.

Amavisd will invoke SpamAssassin for anti-spam, so service "spamd" should be always stopped.

Also, sorry, what doesn "not catch spam mails" mean?

5

Re: not filters spam any more.

now i'm stopping it, but this won't solve my issue right? sad

6

Re: not filters spam any more.

gzhn, what do you mean by "does not catch spam"? Can you give examples? (Copy-paste some spam source).

7

Re: not filters spam any more.

maxie_ro wrote:

gzhn, what do you mean by "does not catch spam"? Can you give examples? (Copy-paste some spam source).

what i mean is that there is not a mail marked as spam,but i'm getting approximately 20 spam mails a day. as i said at first week server was catching 17-18 out of this 20 spam mail.

8

Re: not filters spam any more.

@gzhn: paste here the source of some messages which should be marked as spam, as I said above.

9

Re: not filters spam any more.

maxie_ro wrote:

@gzhn: paste here the source of some messages which should be marked as spam, as I said above.

sorry i'm a newbie on this issues, can you tell me what do you mean by "sources"?

10

Re: not filters spam any more.

Choose "View source" in Thunderbird or corresponding menu in whatever you're using.

11

Re: not filters spam any more.

maxie_ro wrote:

Choose "View source" in Thunderbird or corresponding menu in whatever you're using.

Return-Path: <kampanya@trendymarketing.info>
Delivered-To: gazi@tilda.com.tr
Received: from localhost (localhost [127.0.0.1])
    by armuz.tildapop.tilda.com.tr (iRedMail) with ESMTP id 9B3821E0D52;
    Thu, 25 Nov 2010 13:22:42 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at tildapop.tilda.com.tr
Received: from armuz.tildapop.tilda.com.tr ([127.0.0.1])
    by localhost (armuz.tildapop.tilda.com.tr [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id c2if1F118PTx; Thu, 25 Nov 2010 13:22:38 +0200 (EET)
X-Original-Helo: tayfunesgin.lnx (iRedMail: http://www.iredmail.org/)
Received: from tayfunesgin.lnx (unknown [93.186.114.6])
    by armuz.tildapop.tilda.com.tr (iRedMail) with ESMTPS id A9E121E0CBA
    for <info@ekonbilisim.net>; Thu, 25 Nov 2010 13:22:38 +0200 (EET)
Received: from [95.13.79.246] (helo=dsl95-13-20470.ttnet.net.tr)
    by tayfunesgin.lnx with esmtpa (Exim 4.67)
    (envelope-from <kampanya@trendymarketing.info>)
    id 1PLZuX-0002f3-3P
    for info@ekonbilisim.net; Thu, 25 Nov 2010 13:22:45 +0200
MIME-Version: 1.0
From: "Mailing Consept" <kampanya@trendymarketing.info>
Reply-To: kampanya@trendymarketing.info
To: info@ekonbilisim.net
Subject: =?iso-8859-9?Q?=DDndirim_Kodunuz..!!_Toplu_Mail_=DDndiriminiz..?=
Content-Type: text/html; charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable
X-Mailer: SmartSend.2.0.109
Date: Thu, 25 Nov 2010 13:22:31 +0200
Message-ID: <3908191219728110465291@2USERPC>
X-Antivirus: avast! (VPS 101125-0, 25.11.2010), Outbound message
X-Antivirus-Status: Clean

<HEAD>
<META content=3D"text/html; charset=3Diso-8859-9" http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 8.00.6001.18928"></HEAD>
<BODY><FONT face=3D"Georgia, Times New Roman, Times, serif"><FONT size=3D2>=
Merhaba,&nbsp;<STRONG><U><FONT color=3D#0000ff>info@ekonbilisim.net</FONT><=
/U> ;&nbsp;=DDndirim Kodunuz <FONT color=3D#0000ff><U>#0546#</U></FONT><FON=
T color=3D#000000> Bu Kodu Bize Bildirin %25 =DDndirim Kazan=FDn</FONT></ST=
RONG></FONT></FONT>=20

<P><FONT size=3D2 face=3D"Georgia, Times New Roman, Times, serif">E-B=FClte=
n ve Toplu Mail G=F6nderimleriniz =DD=E7in L=FCtfen =DDleti=FEim Kurunuz..<=
/FONT></P>
<P><FONT size=3D2 face=3DGeorgia>YATIRIMINIZIN KATLARINI KAZANDIRAN TEK S=
=DDSTEM..!!! <BR>D=DCNYADAK=DD EN G=DCNCEL MA=DDL L=DDSTELER=DD..!!! <BR>=
=DEAHSIN ADINA G=D6NDER=DD..!!!<BR>D=DCNYANIN EN =DDY=DD RAPORLAMA S=DDSTEM=
=DD..!!!</FONT></P>
<P><FONT face=3D"Georgia, Times New Roman, Times, serif"><STRONG>Toplu Mail=
G=F6nderimi'nin Faydalar=FD</STRONG></FONT></P>

<P><FONT face=3D"Georgia, Times New Roman, Times, serif">*Yeni M=FC=FEteril=
er Bulursunuz<BR>*Sat=FD=FElar=FDn=FDz Y=FCkselir<BR>*Web Sitenizin =DDzlen=
imi Artar<BR>*Reklam Maliyetleriniz D=FC=FEer<BR>*Milyonlarca Adrese Ula=FE=
=FDrs=FDn=FDz<BR>*Prestijiniz Artar</FONT></P>
<P><FONT face=3D"Georgia, Times New Roman, Times, serif">K=FDsacas=FD Herza=
man Kazan=FDrs=FDn=FDz..</FONT></P>
<P><STRONG><U><FONT face=3D"Georgia, Times New Roman, Times, serif">&nbsp;T=
oplu Mail Fiyatlar=FDm=FDz</FONT></U></STRONG><STRONG><FONT face=3DGeorgia>=

<BR></FONT></STRONG><STRONG><FONT face=3D"Georgia, Times New Roman, Times, =
serif">1Milyon Adet Mail G=F6nderimi ---------------------------&nbsp;&nbsp=
;275,00 TL <BR></FONT><STRONG><FONT face=3D"Georgia, Times New Roman, Times=
, serif">2Milyon Adet Mail G=F6nderimi ---------------------------&nbsp;&nb=
sp;385,00 TL <BR>3Milyon Adet Mail G=F6nderimi ---------------------------&=
nbsp;&nbsp;450,00 TL<BR>5Milyon Adet Mail G=F6nderimi ---------------------=
------&nbsp;&nbsp;575,00 TL<BR>10Milyon Adet Mail G=F6nderimi -------------=
------------&nbsp;&nbsp;975,00 TL</FONT> </STRONG></STRONG></P>

<P>
<P><STRONG><FONT color=3D#ff0000 size=3D4><FONT color=3D#000000 size=3D3 fa=
ce=3DGeorgia><FONT color=3D#000000 size=3D3 face=3DGeorgia><FONT color=3D#0=
00000 size=3D3 face=3DGeorgia><FONT color=3D#000000 size=3D3 face=3DGeorgia=
><FONT color=3D#000000 size=3D3 face=3DGeorgia></FONT></FONT></FONT></FONT>=
</FONT></FONT></STRONG></P>&nbsp;=20

<P></P>
<P><STRONG>KDV Hari=E7 Net Fiyatlard=FDr..</STRONG></P>
<P><STRONG>Mail G=F6nderim S=FCreci</STRONG></P>
<P><STRONG>*=DDlk Olarak Yap=FDlacak Mailingin Yasal Olup Olmad=FD=F0=FD Ko=
ntrol Edilir T.C Yasalar=FDna Ayk=FDr=FD =DD=E7eriklere G=F6nderi Yap=FDlma=
z.<BR>*Fatura Bilgileriniz Talep Edilir Faturan=FDz Haz=FDrlan=FDr Taraf=FD=
n=FDza (mail,fax ile ) G=F6nderilir.<BR>*=D6deme Talep Edilir =D6demeye M=
=FCtaakip Kurulum ve Lisanslama =DD=FElemleriniz Ba=FElat=FDl=FDr. (8-10 sa=
at s=FCrer)<BR>*Raporlama Linkiniz ve Kullan=FDc=FD Bilgileriniz G=F6nderil=
ir.<BR>*Mailing =C7al=FD=FEman=FDz Ba=FElat=FDl=FDr.&nbsp;<BR></STRONG></P>

<P><STRONG><A title=3Dblocked::http://mailingconsept.com/hakkimizda.html hr=
ef=3D"http://www.trackemailmarketing.com/app/app.php=3Fp=3D/default/tracker=
/index/m/MGRYWPTS/r/aW5mb0Bla29uYmlsaXNpbS5uZXQ%3D/l/aHR0cDovL21haWxpbmdjb2=
5zZXB0LmNvbS9oYWtraW1pemRhLmh0bWw%3D"><FONT title=3Dblocked::http://mailing=
consept.com/hakkimizda.html color=3D#0000ff>Raporlama Sistemimiz =DD=E7in T=
=FDklay=FDn=FDz..</FONT></A></STRONG></P>
<P><STRONG>T=FCrkiyede Tek, =DDsme Mail G=F6nderimi Bizde =F6rnek: Merhaba =
<U><FONT color=3D#0000ff>info@ekonbilisim.net</FONT></U></STRONG></P>
<P><STRONG><A title=3Dblocked::http://www.e-haberajansi.com/haberdetay.php=
=3Fhaber=3D16061 href=3D"http://www.trackemailmarketing.com/app/app.php=3Fp=
=3D/default/tracker/index/m/MGRYWPTS/r/aW5mb0Bla29uYmlsaXNpbS5uZXQ%3D/l/aHR=
0cDovL3d3dy5lLWhhYmVyYWphbnNpLmNvbS9oYWJlcmRldGF5LnBocD9oYWJlcj0xNjA2MQ%3D%=
3D"><U title=3Dblocked::http://www.e-haberajansi.com/haberdetay.php=3Fhaber=
=3D16061><FONT title=3Dblocked::http://www.e-haberajansi.com/haberdetay.php=
=3Fhaber=3D16061>&nbsp;Bas=FDnda MailingConsept</FONT></U>&nbsp; </A></STRO=
NG></P>

<P>L=FCtfen Sadece Telefon =DDle =DDleti=FEim Kurunuz..&nbsp; Bu Maile Vere=
ce=F0iniz Yan=FDt Okunmayabilir..!!!</P>
<P>&nbsp;</P>
<P>&nbsp;<FONT color=3Dblack face=3D"Trebuchet MS"><SPAN style=3D"FONT-FAMI=
LY: 'Trebuchet MS'; COLOR: black; FONT-SIZE: 12pt">TRENDY =DDLET=DD=DE=DDM =
B=DDL=DD=DE=DDM ELK.MALZ.PAZ.T=DDC.<BR></SPAN></FONT><FONT color=3Dblack fa=
ce=3D"Trebuchet MS"><SPAN style=3D"FONT-FAMILY: 'Trebuchet MS'; COLOR: blac=
k; FONT-SIZE: 12pt">Merkez Mah. =DEair Nigar Sok.No:23 D-5 KA=D0ITHANE<BR><=
/SPAN></FONT><FONT color=3Dblack face=3D"Trebuchet MS"><SPAN style=3D"FONT-=
FAMILY: 'Trebuchet MS'; COLOR: black; FONT-SIZE: 12pt">0212 321 63 35<BR></=
SPAN></FONT><FONT color=3D#0000ff face=3D"Trebuchet MS"><SPAN style=3D"FONT=
-FAMILY: 'Trebuchet MS'; COLOR: black; FONT-SIZE: 12pt"><A title=3Dblocked:=
:http://www.mailingconsept.com/ href=3D"http://www.trackemailmarketing.com/=
app/app.php=3Fp=3D/default/tracker/index/m/MGRYWPTS/r/aW5mb0Bla29uYmlsaXNpb=
S5uZXQ%3D/l/aHR0cDovL3d3dy5tYWlsaW5nY29uc2VwdC5jb20%3D">www.mailingconsept.=
com</A></SPAN></FONT></P>

<P><FONT color=3D#0000ff face=3D"Trebuchet MS"><SPAN style=3D"FONT-FAMILY: =
'Trebuchet MS'; COLOR: black; FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;B=DDZ=DD=
TERC=DDH EDEN BAZI M=DC=DETER=DDLER=DDM=DDZ</P>
<P>Taksim Dan=FD=FEmanl=FDk<BR>Patika Tur<BR>Esteticare<BR>Begovil Turizm<B=
R>Prestij Otel<BR>E-Mey<BR>Ayy=FDld=FDz Tekstil<BR>Hospident<BR>Focus Yurt =
D=FDs=FD Egitim<BR>Esermak<BR>Prestij Konutlar=FD<BR>Dijital =DDmaj<BR>Pro =
Yap=FD<BR>Lineer =DDn=FEaat<BR>Mavi Egitim<BR>Marmara G=FCvenlik<BR>=DDnka =
LTD.<BR><BR>Daha Fazlas=FD =DD=E7in =DDleti=FEim Kurunuz<BR><BR><BR><BR><BR=
><BR></P>

<P><FONT color=3D#0000ff face=3D"Trebuchet MS"><SPAN style=3D"FONT-FAMILY: =
'Trebuchet MS'; COLOR: black; FONT-SIZE: 12pt"></SPAN></FONT><A href=3D"htt=
p://www.trackemailmarketing.com/app/app.php=3Fp=3D/default/tracker/index/m/=
MGRYWPTS/r/aW5mb0Bla29uYmlsaXNpbS5uZXQ%3D/l/aHR0cDovL3RyZW5keW1hcmtldGluZy5=
pbmZvL2xpc3RlZGVuY2lrYXJ0aWxkaW5pei5odG1s"><FONT size=3D2>&nbsp;Mail Almak =
=DDstemiyorsan=FDz L=FCtfen T=FDklay=FDn=FDz..Unsubscribe<BR></FONT></A>Y=
=F6nlendirme Ard=FDndan Otomatik Listeden =C7=FDkart=FDlacaks=FDn=FDz..!!</=
P><IMG border=3D0 src=3D"http://www.trackemailmarketing.com/app/app.php=3Fp=
=3D/default/tracker/index/m/MGRYWPTS/r/aW5mb0Bla29uYmlsaXNpbS5uZXQ%3D"></BO=
DY>

12 (edited by maxie_ro 2010-11-25 19:53:56)

Re: not filters spam any more.

Apparently Amavisd is either not working or not marking score for your domain(s).


1. Check that your amavisd service is actually started and that it is set to start on reboot.

2. Check /etc/amavisd.conf (or where your amavisd.conf is located):

$sa_tag_level_deflt  = undef;

3. Check that your local domains are listed in /etc/amavisd.conf:

@local_domains_map = ( ["mydomain.tld", "myotherdomain.tld", ..., "my100domain.tld"]);

4. Restart amavisd service.

Wait to receive another mail/spam and check for X-Spam headers in the message source. They should be there now, even for non-spam.

13

Re: not filters spam any more.

maxie_ro wrote:

Apparently Amavisd is either not working or not marking score for your domain(s).
Check /etc/amavisd.conf (or where your amavisd.conf is located):

1. Check that your amavisd service is actually started and that it is set to start on reboot.

2.

$sa_tag_level_deflt  = undef;

3. Check that your local domains are listed:

@local_domains_map = ( ["mydomain.tld", "myotherdomain.tld", ..., "my100domain.tld"]);

4. Restart amavisd service.

Wait to receive another mail/spam and check for X-Spam headers in the message source. They should be there now, even for non-spam.

thanks a lot. most probably it's because of @local_domains_map. i didn't my newly added domains here.

now i'm waiting for a spam to come for testing smile

by the way, i'm going to add approximately 350 domains to this mail server. should i write them all to @local_domains_map? or is there another way?

14

Re: not filters spam any more.

There was a post sometime ago about getting the local domain map from SQL directly, if I remember correctly... Just search around.

15

Re: not filters spam any more.

thanks a lot it works now smile

16

Re: not filters spam any more.

Hi,
sorry for late RE, but:

here under post #18

and here

explains how to make Amavis do SQL search for local domains and filter them without manually adding.

It's a VERY valuable solution but hard to find.