1 Topic by Animatrix

  • Animatrix
  • Member
  • Offline
  • Registered: 2015-12-18
  • Posts: 24

Topic: Strange Spam Results

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5
- Linux/BSD distribution name and version: Centos
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):MySQL
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

Hi Zhang,
My server has been online for quite a few years now and mostly functions well, however i have a wierd issue with the spam scanning and scoring. if i get a mail and it's listed as spam it's obviously given a score and the system does with it what it is supposed to, mostly ... however sometimes an email will come in and be scanned and given a score of 0.0 , if this happens the email is not delivered, in fact nothing is done with it, the server seems to drop the email. I don't know if this helps but i have a small device on the network that is able to send emails, if this device sends an email as an authenticated user this also gets listed as 0.0 and doesn't get sent. In the same respect say a user sets up outlook for mailbox access, and during that setup outlook sends a test message ... well that message also gets listed as 0.0 score and doesn't get sent.

Any ideas ?
I have upgraded and use the latest apd and iredmail pro, all the sql (mysql) have been done and the server uses amavisd

Thanks
Kurt

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Strange Spam Results

Dear Kurt,

We need related log in Postfix log file, and debug log in Amavisd, cannot help troubleshoot without related log.

FYI: http://www.iredmail.org/docs/debug.amavisd.html

3 Reply by Animatrix

  • Animatrix
  • Member
  • Offline
  • Registered: 2015-12-18
  • Posts: 24

Re: Strange Spam Results

Hi Zhang, please see theattached  trace from my mail log, i basically got an email service to email me some spam checks and eicars files, i have also included a screenshot of the email that have the 0.0 spam score

Thanks in advance
Kurt

PS the mail log is too large,for this post please see next



ZhangHuangbin wrote:

Dear Kurt,

We need related log in Postfix log file, and debug log in Amavisd, cannot help troubleshoot without related log.

FYI: http://www.iredmail.org/docs/debug.amavisd.html

Post's attachments

screen grab.png 277.94 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4 Reply by Animatrix

  • Animatrix
  • Member
  • Offline
  • Registered: 2015-12-18
  • Posts: 24

Re: Strange Spam Results

Log Attached

Animatrix wrote:

Hi Zhang, please see theattached  trace from my mail log, i basically got an email service to email me some spam checks and eicars files, i have also included a screenshot of the email that have the 0.0 spam score

Thanks in advance
Kurt

PS the mail log is too large,for this post please see next



ZhangHuangbin wrote:

Dear Kurt,

We need related log in Postfix log file, and debug log in Amavisd, cannot help troubleshoot without related log.

FYI: http://www.iredmail.org/docs/debug.amavisd.html

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Strange Spam Results

Animatrix wrote:

however sometimes an email will come in and be scanned and given a score of 0.0

No spam score '0.0' in the maillog.

Note: if email was detected as spam and quarantined into SQL database, it will be scored at 0.0. So, do you have quarantining enabled?
FYI: http://www.iredmail.org/docs/quarantining.html

6 Reply by Animatrix

  • Animatrix
  • Member
  • Offline
  • Registered: 2015-12-18
  • Posts: 24

Re: Strange Spam Results

Hi zhang,
Yes i do have them being quarantined into SQL, is that not correct, problem is that these 0.0 emails dont end up in the quarantine section on iredadmin, which means i cant release them if its a false positive ? For example Microsoft sent me a password reminder and it scored as 0.0 , i cant release it because its not in the quarantine section and it isnt delivered either so how can i get round this issue ?

Thanks
Kurt

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Strange Spam Results

This isn't expected behavour.

Could you please show me output of commands below?

grep -n 'final_spam_destiny' /etc/amavisd/amavisd.conf
grep -n 'spam_quarantine_' /etc/amavisd/amavisd.conf

8 Reply by Animatrix

  • Animatrix
  • Member
  • Offline
  • Registered: 2015-12-18
  • Posts: 24

Re: Strange Spam Results

Hi Zhang, please see below...

156:#$final_spam_destiny          =D_DISCARD;
366:$final_spam_destiny         =D_DISCARD

182:# $bad_header_quarantine_to, $spam_quarantine_to,
474:# $spam_quarantine_method = undef;
476:$spam_quarantine_to = 'spam-quarantine';

Hope that helps

thanks kurt



ZhangHuangbin wrote:

This isn't expected behavour.

Could you please show me output of commands below?

grep -n 'final_spam_destiny' /etc/amavisd/amavisd.conf
grep -n 'spam_quarantine_' /etc/amavisd/amavisd.conf

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Strange Spam Results

Please add one setting (it's better to add it right after '$spam_quarantine_to =', group all related settings in one place):

$spam_quarantine_method = 'sql:';

Then restart Amavisd service.

Without this setting, detected spams are quarantined to file system. Check /var/spool/amavisd/ to find old quarantined emails.