Francisco wrote: > Hello Gary,
> First off thanx for answering. I am attaching two text files with this > email, one is the debug information that amavis spits out ( I only > included some of the information that I thought was relevant) when I > send the email and the other one is the email headers when I actually > receive the email. > It is being awarded a score of 4.35 for some reason. The reason is listed in the X-Spam-Status: > X-Spam-Status: No, score=4.35 tagged_above=3 required=6.3 > tests=[ALL_TRUSTED=-1.44, DATE_IN_FUTURE_03_06=2.007, > HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=0.629, > NO_DNS_FOR_FROM=2.603, > NO_REAL_NAME=0.55] It lists the rules that hit. Your custom rule did not hit because the regular expression did not match the header. > Not the 50+ score > that I was waiting to see since that is what I've set for that rule. I > guess my next question is that if that rule is not being hit like you > said then how would I know if the following rule (which the howto guide > tells me to write in the conf file) is actually being hit: > header LOCAL_RCVD Received =~ /.*\(\S+\.mydomain\.com\s+\[.*\]\)/ > describe LOCAL_RCVD Received from local machine > score LOCAL_RCVD -50 This makes some assumptions. It assumes that if you send a message from the local machine (not a client from your network) that because you set myorign = $myhostname in main.cf that the received header will be in a form like this: Received: from host.mydomain.com ([127.0.0.1]) But this is not what the header looked like on my machine. Since this is a relay server I am going to assume the intent is to keep the pflogsumm report and other system generated reports getting marked as spam. The header I got for the pflogsumm report (the first received header) was: Received: by host.mydomain.com (Postfix, from userid 0) So I changed the rule to: header LOCAL_RCVD Received =~ /.*by host\.mydomain\.com \(Postfix, from userid 0\)/ I'm sure other system messages will differ, and may require similar rules. I can't tell you if a spammer will spoof a header like this however. > Again, I'm just really looking to test this server to make sure that it > works fine before it goes out for production. I can't really test this > on my live network so I need to find a way to send some actuall spam > emails so to see if it picks them up or not, and I cant really do that > since I have the server on an isolated network with nothing but a mock > email server. If it can receive and send mail, it's not mock. Without proper DNS records, it may not be ready to face the Internet, but it's not mock. You have already demonstrated that postfix and amavisd-new process mail. I assume you sent the mail from a client on the same network as this server. > Is there another way that I can test the spam server's > functionality? It should not be difficult to find a client with a few hundred messages in the trash (mostly spam). Simply use this server as the outgoing SMTP server for that client and redirect or forward all that mail to one temporary mail recipient. You will probably find that because you are using a before-queue content filter, Postfix will start complaining about a "queue file write error" meaning you are overloading the before-queue filter. The setup illustrated in that howto is not recommended, see: http://www.ijs.si/software/amavisd/README.postfix.txt for the recommended way to configure amavisd-new (as an after-queue filter as opposed to a proxy filter). After you test, your Bayes and AWL files will be corrupt (subsequent mail from that sender is likely to get marked as spam), so you should delete your Bayes file and start fresh. See files in /var/amavisd/.spamassassin/ > I also noticed below that only a few of the tests are running: > subtests=__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__HAS_MIMEOLE,_ > _HAS_MSGID,__HAS_OUTLOOK_IN_MAILER,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAIL > ER,__HTML_LENGTH_0000_1024,__HTML_LENGTH_384,__HTML_LENGTH_512,__MIMEOLE > _MS,__MIME_HTML,__MIME_VERSION,__MSGID_DOLLARS_MAYBE,__MSGID_DOLLARS_OK, > __MSGID_OK_HEX,__NEXTPART_ALL,__NEXTPART_NORMAL,__NONEMPTY_BODY,__OE_MSG > ID_2,__SANE_MSGID,__TOCC_EXISTS > Is there a way to run more? Like the ones listed here: > http://spamassassin.apache.org/tests_3_1_x.html The tests are running and debug shows it. Every line that says: dbg: rules: shows different sets of rules are running. Only the rules that actually hit have the detail shown above. You do have a problem with Bayes however: > [29737] dbg: bayes: no dbs present, cannot tie DB R/O: > /var/amavisd/.spamassassin/bayes_toks run this to create the inital Bayes database, then debug again: sudo -H -u amavisd sa-learn --sync > Thanx Gary V ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
