Here is the /var/log/mail entry from the email that leaked past Amavis-new:
Feb 18 15:07:11 linux postfix/smtpd[19386]: connect from
unknown[121.27.33.247]
Feb 18 15:07:12 linux postfix/smtpd[19386]: 3BFD9404B1:
client=unknown[121.27.33.247]
Feb 18 15:07:13 linux postfix/cleanup[19387]: 3BFD9404B1:
message-id=<[EMAIL PROTECTED]>
Feb 18 15:07:13 linux postfix/qmgr[31362]: 3BFD9404B1:
from=<[EMAIL PROTECTED]>, size=3514, nrcpt=1 (queue active)
Feb 18 15:07:14 linux postfix/smtpd[19386]: disconnect from
unknown[121.27.33.247]
Feb 18 15:07:33 linux postfix/smtpd[19392]: connect from
localhost.shaker-net.com[127.0.0.1]
Feb 18 15:07:33 linux postfix/smtpd[19392]: 7C4FA404B4:
client=localhost.shaker-net.com[127.0.0.1]
Feb 18 15:07:33 linux postfix/cleanup[19387]: 7C4FA404B4:
message-id=<[EMAIL PROTECTED]>
Feb 18 15:07:33 linux postfix/qmgr[31362]: 7C4FA404B4:
from=<[EMAIL PROTECTED]>, size=3966, nrcpt=1 (queue active)
Feb 18 15:07:33 linux postfix/smtpd[19392]: disconnect from
localhost.shaker-net.com[127.0.0.1]
Feb 18 15:07:33 linux amavis[17984]: (17984-09) Passed CLEAN,
[121.27.33.247] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]>, mail_id:
If831cHwmATq, Hits: -222.952, size: 3510, queued_as: 7C4FA404B4, 20009 ms
Looks to me like it is getting a '-300' score from some rule that I
can't find. The email comes
in forged to look as if I had sent it, from '[EMAIL PROTECTED]'.
That email address is *not*
in the whitelist in /etc/mail/spamassassin/local.cf
When I run the leaking email message through spamassassin manually, it
comes up with a score
of 58.4, quite different from what amavis-new reported above!
I've attached the output of spamassasin on running the leaking email as
a gzip file.
Hopefully, that will pass through the email.
Thank you,
Chris Shaker
I've still got the mystery of how his email gets in without
being scored by Amavis.
When I run spamassassin on it, it gets a very high score.
Other spam gets filtered just fine. Somehow, this one spammer
avoids it.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
