1

Topic: Amavisd tagging every email as a spam

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (MySQL):
- Linux/BSD distribution name and version: CentOS release 6.3
- Related log if you're reporting an issue:
====
Hello ,,

suddenly amavisd starts tagging every message as a spam ,,
as a the problem is BAYES_99 always give high values .  I've enabled debug for postfix and amavis and sent message this is the log for it .


-----------------
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: < unknown[192.116.17.51]: MAIL FROM: <talal00123@palnet.com>
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: extract_addr: input: <talal00123@palnet.com>
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: smtpd_check_addr: addr=talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr address = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: input attribute value: talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: rewrite_clnt: local: talal00123@palnet.com -> talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr address = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: input attribute value: talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: resolve_clnt: `' -> `talal00123@palnet.com' -> transp=`smtp' host=`palnet.com' rcpt=`talal00123@palnet.com' flags= class=default
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: ctable_locate: install entry key talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: extract_addr: in: <talal00123@palnet.com>, result: talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: < unknown[192.116.17.51]: RCPT TO: <talal00123@yahoo.com>
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: extract_addr: input: <talal00123@yahoo.com>
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: smtpd_check_addr: addr=talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr address = talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: input attribute value: talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: rewrite_clnt: local: talal00123@yahoo.com -> talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr address = talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: input attribute value: talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: resolve_clnt: `' -> `talal00123@yahoo.com' -> transp=`smtp' host=`yahoo.com' rcpt=`talal00123@yahoo.com' flags= class=default
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: ctable_locate: install entry key talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: extract_addr: in: <talal00123@yahoo.com>, result: talal00123@yahoo.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: ctable_locate: move existing entry key talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: maps_find: recipient_canonical_maps: talal00123@palnet.com: not found
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: maps_find: recipient_canonical_maps: talal00123: not found
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: mail_addr_find: talal00123@palnet.com -> (not found)
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: maps_find: canonical_maps: talal00123@palnet.com: not found
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: maps_find: canonical_maps: talal00123: not found
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: mail_addr_find: talal00123@palnet.com -> (not found)
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr key = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: dict_proxy_lookup: table=mysql:/etc/postfix/mysql/virtual_alias_maps.cf flags=lock|fold_fix key=talal00123@palnet.com -> status=1 result=
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr key = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: dict_proxy_lookup: table=mysql:/etc/postfix/mysql/domain_alias_maps.cf flags=lock|fold_fix key=talal00123@palnet.com -> status=1 result=
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr key = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: dict_proxy_lookup: table=mysql:/etc/postfix/mysql/catchall_maps.cf flags=lock|fold_fix key=talal00123@palnet.com -> status=1 result=
Oct 30 14:34:42 mailgate3 postfix/smtpd[2671]: send attr key = talal00123@palnet.com
Oct 30 14:34:42 mailgate3 policyd: rcpt=34233, throttle=bypass, host=192.116.17.51 (unknown), from=talal00123@palnet.com, to=talal00123@yahoo.com, size=2368
Oct 30 14:34:42 mailgate3 postfix/qmgr[1364]: B7623214AD: from=<talal00123@palnet.com>, size=2550, nrcpt=1 (queue active)
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_tag_level] => true,  "talal00123@yahoo.com" matches, result="2.1", matching_key="(constant:2.1)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_tag2_level] => true,  "talal00123@yahoo.com" matches, result="4", matching_key="(constant:4)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_tag3_level] => undef, "talal00123@yahoo.com" does not match
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_kill_level] => true,  "talal00123@yahoo.com" matches, result="6", matching_key="(constant:6)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [Lovers2,spam_lovers] => undef, "talal00123@yahoo.com" does not match
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) blocking contents category is (6) for talal00123@yahoo.com
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) final_destiny 0, recip talal00123@yahoo.com
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup => true,  "talal00123@yahoo.com" matches, result="root@mailgate3.hadara.ps", matching_key="(constant:root@mailgate3.hadara.ps)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup => undef, "talal00123@yahoo.com", no lookup tables
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_quarantine_bysender_to] => undef, "talal00123@palnet.com" does not match
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) Admin notifications to <root@mailgate3.hadara.ps>; sender: <talal00123@palnet.com>
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) header: Subject: Spam FROM LOCAL [192.116.17.51]:27129 <talal00123@palnet.com>\n
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) build_mime_entity Subject: Spam FROM LOCAL [192.116.17.51]:27129 <talal00123@palnet.com>
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [forward_method] => true,  "talal00123@yahoo.com" matches, result="smtp:[127.0.0.1]:10025", matching_key="(opaque:smtp:[127.0.0.1]:10025)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) delivery method is 1, recips: talal00123@yahoo.com
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) DSN: sender is credible (orig), SA: 7.569, <talal00123@palnet.com>
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) lookup [spam_crediblefrom_dsn_cutoff_level_bysender] => true,  "talal00123@palnet.com" matches, result="18", matching_key="(constant:18)"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) dsn: . 250 Spam <talal00123@palnet.com> -> <talal00123@yahoo.com>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=, destiny=0, mta_resp: "250 2.7.0 Ok, discarded, id=04289-18 - spam"
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) DSN: SUCC (discarded) . 250 Spam, destiny=DISCARD: <talal00123@palnet.com> -> <talal00123@yahoo.com>
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) one_response_for_all <talal00123@palnet.com>: all DISCARD, '250 2.7.0 Ok, discarded, id=04289-18 - spam'
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) Blocked SPAM {DiscardedInternal}, MYUSERS LOCAL [192.116.17.51]:27129 [192.116.17.51] <talal00123@palnet.com> -> <talal00123@yahoo.com>, Message-ID: <001c01ced56c$472849d0$d578dd70$@com>, mail_id: gKZ4o4BTf5U6, Hits: 7.569, size: 2550, 1190 ms
Oct 30 14:34:45 mailgate3 amavis[4289]: (04289-18) save_info_final gKZ4o4BTf5U6, orig=Y, chks=VSHBP, cont.ty=S, q.type= , q.to=, dsn=N, score=7.569, Message-ID: <001c01ced56c$472849d0$d578dd70$@com>, From: '"talal shobaita" <talal00123@palnet.com>', Subject: 'test'
Oct 30 14:34:45 mailgate3 postfix/smtp[4556]: B7623214AD: to=<talal00123@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=0.06/1.4/0.11/1.2, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=04289-18 - spam)

2

Re: Amavisd tagging every email as a spam

I didn't see the detailed scores, could you please paste related mail headers (X-Spam-*) of those spam emails?

3

Re: Amavisd tagging every email as a spam

Here is header for another email ,, the same case BAYES_99 ,, the problem is BAYES_99 always get high value

From test@wassel.ps Wed Oct 30 04:37:09 2013
X-Apparently-To: talal00123@yahoo.com via 72.30.236.174; Wed, 30 Oct 2013 04:37:17 -0700
Return-Path: <test@wassel.ps>
Received-SPF: neutral (217.66.226.34 is neither permitted nor denied by domain of wassel.ps)
X-YMailISG: hpg9xIgWLDthDelFzHbnO7jk80UGUBOKn80v.02FEijgogfs
dJRi0ceu3k_owGgD66mhJZmJjbkI27FqnD0NEX2RN8QK3wP_I.JMKFk7DNAd
eA7z4fwWLOz1MDzFDji7nJnQEBqmNBqIIrvaD9TFSNK8coTF5grRIS4dydJc
dKjVCmU6vQuv_vLgQ8nx7.tJ3kTBRSU26Y.nfbKDyzRHVwaWFHw8DzTKeVix
1.xFJ7hF7lfrGHOsdxHptJgwx4JTxSILfGxXE6SAF2t_TwkIgeS.RTMfQ5Uy
JmFhoP49jbGRt7BkuCq7pZ.6XVz0juNfASNYBoj2PkpSAUhfFv4cIVyJ4ZyF
mJYk9OJpkSJRtT5lXuExjzQsPvFWILovsEdW391b_ExPOQrB_RVtj0wM3IJS
jNHms721lB5pY7RHTfhBjSlqfczPB5bfVat_qtAQ6TInX7wPV0DjrwWXSXsf
WHmLhXQkd9pb0ohIeNh2ozzytH3mJzj3qxZR._H3xt7LyUvQ6ISTi4jQQXG2
dj5rGDTCaGR2or4WHbTL2qOfX1J.TkWO8oLrYIVtiYj63TlqtoNvsT3ofhmI
YE_eCdRRhPK7ZeOvKMkU9DCZgY.94rWHC6OQ85bEnXk1tbf2QujsLJgQY48m
QjbsAtjFptQsyNf8PZmmRbjAsw6b.MXkaOCApVqW.lReKoKc_4WBTrMPiqZJ
KJyLNY2jJQrkAWjixB5zVrCuzECd.wCwjwuJbruAROJ73Wep36MHLb3Z3njn
cCNaeeWRtV0Cff8kpj_HDUzmOxfzaa_Bdc_fbl6AYG9DMB9jlclcoAbeT9pX
o9mEls7z0bmZIVMDBTqbbcWlbcg5BRX9EMVC.1rWpJu2JTj7z7E.f85bS46E
J.Vv1hcxAa55lvbN3AXLV1E6RP1GFTqLv_sSvbPkk.6xF7RdhhUEDgzu9nXL
ONQIwxLV7i5wENddX4JjEtOVlVHWlTDFpDaqBKPo_IVXPKHHyJ9XnbaJIA7o
QHuwMmcfowiQibs9izoTWECkxYzFKWZA2uhTJ07qNupp1U3KoWPkwDTDekzW
n.pvBPvcq0huvsrm4koqg7noMe5.dxfwFQ--
X-Originating-IP: [217.66.226.34]
Authentication-Results: mta1346.mail.bf1.yahoo.com  from=wassel.ps; domainkeys=neutral (no sig);  from=wassel.ps; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO mailgate3.hadara.ps) (217.66.226.34)
  by mta1346.mail.bf1.yahoo.com with SMTP; Wed, 30 Oct 2013 04:37:16 -0700
Received: from localhost (mailgate3.hadara.ps [127.0.0.1])
    by mailgate3.hadara.ps (Postfix) with ESMTP id 17A262176B
    for <talal00123@yahoo.com>; Wed, 30 Oct 2013 13:38:13 +0200 (EET)
X-Virus-Scanned: amavisd-new at mailgate3.hadara.ps
X-Spam-Flag: YES
X-Spam-Score: 5.741
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.741 tagged_above=2.1 required=4
    tests=[BAYES_99=3.5, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_NONE=0.793,
    SPF_PASS=-0.001] autolearn=no
Received: from mailgate3.hadara.ps ([127.0.0.1])
    by localhost (mailgate3.hadara.ps [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id XoVsJi7bdzFt for <talal00123@yahoo.com>;
    Wed, 30 Oct 2013 13:38:12 +0200 (EET)
Received: from ns1.hadarapal.com (unknown [217.66.226.39])
    by mailgate3.hadara.ps (Postfix) with ESMTPS id 288D221770
    for <talal00123@yahoo.com>; Wed, 30 Oct 2013 13:38:12 +0200 (EET)
Received: from localhost ([127.0.0.1]:59605 helo=ns1.hadarapal.com)
    by ns1.hadarapal.com with esmtpa (Exim 4.80)
    (envelope-from <test@wassel.ps>)
    id 1VbU5F-0003Ki-VS
    for talal00123@yahoo.com; Wed, 30 Oct 2013 13:37:10 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 30 Oct 2013 13:37:09 +0200
From: test@wassel.ps
To: <talal00123@yahoo.com>
Subject: ***SPAM*** test
Message-ID: <83d3c32da94ba2f4a87b203688a457ed@wassel.ps>
X-Sender: test@wassel.ps
User-Agent: Roundcube Webmail/0.8.5
Content-Length: 5

4

Re: Amavisd tagging every email as a spam

Check what BAYES_99 is: http://wiki.apache.org/spamassassin/Rules/BAYES_99
You can assign a low score in /etc/mail/spamassassin/local.cf like below:

score BAYES_99 1.0

Reference: http://wiki.apache.org/spamassassin/BasicConfiguration

5

Re: Amavisd tagging every email as a spam

Thanks