We're trying to replace a Windows anti-spam on the mailbox servers with amavisd/sa/clam on the front-end mx.
We are running in tandem both now in the amavis/sa/clam testing phase. The backend mail content-scanner is still catching too many true spams that get past amavis. We uploaded the spams caught by backend to the mx and ran them through spamc, with these results: 70524039.eml 6.8/5.0 70524110.eml 2.2/5.0 70524179.eml -0.8/5.0 70524467.eml 0.6/5.0 70524539.eml 4.4/5.0 70524823.eml 5.3/5.0 70524975.eml 0.7/5.0 70525118.eml 0.0/5.0 70525193.eml 0.3/5.0 70525194.eml 0.3/5.0 70525195.eml 0.3/5.0 70525196.eml 0.3/5.0 70525268.eml 0.6/5.0 70525555.eml 0.6/5.0 70526054.eml 1.1/5.0 70526278.eml -6.9/5.0 70526349.eml 5.1/5.0 70526350.eml 5.1/5.0 70526355.eml 6.2/5.0 70526504.eml -1.5/5.0 70526736.eml 2.5/5.0 70526806.eml 0.6/5.0 70526878.eml 7.0/5.0 70526948.eml -4.7/5.0 70527201.eml -4.0/5.0 70527759.eml 1.7/5.0 70527851.eml 13.9/5.0 70527853.eml 6.6/5.0 70527857.eml 6.6/5.0 70527859.eml 1.7/5.0 70527964.eml 4.0/5.0 70528139.eml 0.3/5.0 70528238.eml -2.6/5.0 70528410.eml 2.5/5.0 70528676.eml 1.8/5.0 70528770.eml 3.2/5.0 70528867.eml -0.8/5.0 70528947.eml -2.6/5.0 70529227.eml 4.3/5.0 70529503.eml -0.2/5.0 70529506.eml -0.2/5.0 70529588.eml 0.0/5.0 70529687.eml 4.7/5.0 70529695.eml 0.0/5.0 70529768.eml 2.8/5.0 70529775.eml -8.0/5.0 70529866.eml 1.9/5.0 70529956.eml 4.3/5.0 70530039.eml 2.0/5.0 70530206.eml 3.5/5.0 70530469.eml 0.0/5.0 70530670.eml 6.1/5.0 70530671.eml 6.1/5.0 70530746.eml 0.2/5.0 70530840.eml 0.0/5.0 All of the above files are below the default 400KB amavis max file limit to send to sa, so they should be not skipped past sa. how do the *.eml's with 5+ score on just the body (excluding tests on the sending IP) getting through amavis/sa? our sa rulesets: mx1# ll /usr/local/etc/mail/spamassassin/ total 318 -rw-r--r-- 1 root wheel 22546 Jun 24 2005 backhair.cf -rw-r--r-- 1 root wheel 23422 Jun 24 2005 chickenpox.cf -rw-r--r-- 1 root wheel 1300 Jul 24 13:49 init.pre -rw-r--r-- 1 root wheel 1300 Dec 1 2007 init.pre.sample -rw-r--r-- 1 root wheel 1728 Jul 27 13:13 local.cf -rw-r--r-- 1 root wheel 1208 Dec 1 2007 local.cf.sample -rw-r--r-- 1 root wheel 224996 Jul 25 13:57 malwareblocklist.cf drwx------ 2 root wheel 512 Jul 24 14:05 sa-update-keys -rw-r--r-- 1 root wheel 2603 Jul 24 13:49 v310.pre -rw-r--r-- 1 root wheel 2603 Dec 1 2007 v310.pre.sample -rw-r--r-- 1 root wheel 1195 Jul 24 13:49 v312.pre -rw-r--r-- 1 root wheel 1195 Dec 1 2007 v312.pre.sample -rw-r--r-- 1 root wheel 2416 Jul 24 13:49 v320.pre -rw-r--r-- 1 root wheel 2416 Dec 1 2007 v320.pre.sample Any suggestions for other rulesets? thanks Len ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
