1

Topic: SPAM Score

Hi,
i'm 30-some hours into tweaking sa/amavisd/policyd and I have noticed a few spams coming through that disobey the rules, for example:

X-Spam-Status: Yes, score=11.336 required=6.2 tests=[BAYES_99=3.5,
    HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033,
    RDNS_NONE=0.1, URIBL_BLACK=1.955, URIBL_JP_SURBL=0.4087,
    URIBL_SBL=0.1639, URIBL_WS_SURBL=0.214] autolearn=no

I receive the *** SPAM *** subject, however it is set to block at 6.8.  This one failed.

Any thoughts as to what I can check/change?

Thanks!
Matt
[iredmail: 0.6.1]

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SPAM Score

What result do you expect? Drop them to Junk folder?

3

Re: SPAM Score

ZhangHuangbin wrote:

What result do you expect? Drop them to Junk folder?

Shouldn't the above example been sent to the quarantine?  I see similar scores in the quarantine, but for whatever reason a 10-15 spams (say, above 10) are getting through to the user's mailbox.

I think I have something mis-configured.  My amavisd is set to flag at 6.2 and action at 6.6.

Thanks for your help.

4

Re: SPAM Score

What's your sa_tag_level in amavisd.conf? e.g.

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions

Also, do you configure Amavisd to quarantine SPAM into MySQL database and manage them with iRedAdmin-Pro? e.g. in amavisd.conf:

$final_spam_destiny       = D_DISCARD;

$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';

@storage_sql_dsn = (
    ['DBI:mysql:database=amavisd;host=localhost;port=3306', 'amavisd', 'xxxxx'],
);

Reference:
http://www.iredmail.org/wiki/index.php? … g.Messages

5 (edited by oneclick 2011-03-19 05:33:16)

Re: SPAM Score

$sa_tag_level_deflt  = undef;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.6;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
$sa_quarantine_cutoff_level = 30; # spam level beyond which quarantine is off
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces

no, the emails are quarantined in the virusemails folder, no database hook.  From what I've read/found, 0.6.1 of iredmail did not have the db hooks for amavisd.  Is this correct?   I also think that I read somewhere that 0.7 stores in the db.

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

and here is the final destinations, however, I know think this maybe the problem:

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

also, how is the upgrade from 0.6.1 to 0.7?  I would definitely like to have amavisd in the database!

thank you for your help.

6

Re: SPAM Score

oneclick wrote:

0.6.1 of iredmail did not have the db hooks for amavisd.  Is this correct?   I also think that I read somewhere that 0.7 stores in the db.

You're correct.
iRedMail-0.7.0 will store log of sent/received mails (not mail body) in MySQL database, but won't quarantine SPAM/VIRUS into database by default, because users can't manage them without iRedAdmin-Pro.

oneclick wrote:

$final_spam_destiny       = D_PASS;

That's the root cause, it will always deliver SPAM to user mailbox.

7

Re: SPAM Score

Thank you for your reply and help.  This helped quite a bit, however I still see several spams being scored as -1 through -15. 

Any thoughts on how to clean that up?

8

Re: SPAM Score

oneclick wrote:

Thank you for your reply and help.  This helped quite a bit, however I still see several spams being scored as -1 through -15. 
Any thoughts on how to clean that up?

Please paste related amavisd scanning log (same as postfix log file) and mail header for analyticsing.