On 05/11/2024 17:31, Damian wrote:
I don't see any SPF or DMARC checking in the headers on inbound
email and I am currently researching it.
Amavis does not check SPF or DMARC itself, but SpamAssassin will do
it, if configured.
On 05.11.24 19:47, Nick Howitt wrote:
Odd one this. It may be doing the checks as I see the X-Virus-Scanned
header "Debian amavis at mail-www.howitts.co.uk".
Previously in ClearOS (based on Centos7), I would see in the mail log
something like:
Nov 4 08:42:04 server amavis[1874]: (01874-15) size: 105876, TIMING
[total 2285 ms] - SMTP greeting: 1.4 (0%)0, SMTP EHLO: 0.7 (0%)0,
SMTP pre-MAIL: 0.6 (0%)0, SMTP MAIL: 0.8 (0%)0, SMTP pre-DATA-flush:
1.0 (0%)0, SMTP DATA: 40 (2%)2, check_init: 0.3 (0%)2, digest_hdr:
1.4 (0%)2, digest_body_dkim: 7 (0%)2, collect_info: 4.1 (0%)3,
mime_decode: 10 (0%)3, get-file-type1: 10 (0%)3, parts_decode: 0.1
(0%)3, check_header: 0.2 (0%)3, AV-scan-1: 162 (7%)10, spam-wb-list:
0.2 (0%)10, SA msg read: 0.3 (0%)11, SA parse: 3.0 (0%)11, SA check:
1945 (85%)96, decide_mail_destiny: 4.5 (0%)96, notif-quar: 0.2
(0%)96, fwd-connect: 38 (2%)98, fwd-mail-pip: 4.3 (0%)98,
fwd-rcpt-pip: 0.2 (0%)98, fwd-data-chkpnt: 0.0 (0%)98, write-header:
0.5 (0%)98, fwd-data-contents: 2.2 (0%)98, fwd-end-chkpnt: 41
(2%)100, prepare-dsn: 0.7 (0%)100, report: 1.1 (0%)100,
main_log_entry: 2.9 (0%)100, update_snmp: 0.9 (0%)100, SMTP
pre-response: 0.2 (0%)100, SMTP response: 0.1 (0%)100,
unlink-2-files: 0.2 (0%)100, rundown: 0.4 (0%)100
Nov 4 08:42:04 server amavis[16349]: (16349-18) ESMTP :10024
/var/lib/amavis/tmp/amavis-20241103T141640-16349-3pL0YovS:
<[email protected]> -> <[email protected]> SIZE=108333 Received: from
mailserver.howitts.co.uk ([127.0.0.1]) by localhost
(server.howitts.co.uk [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP for <[email protected]>; Mon, 4 Nov 2024 08:42:04 +0000 (GMT)
Nov 4 08:42:04 server mailfilter: starting up
([email protected], [email protected],
client_address=127.0.0.1)
Nov 4 08:42:04 server amavis[27659]: (27659-12) spam-tag,
<[email protected]> -> <[email protected]>, No, score=-7.488
tagged_above=-99 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1,
SPF_HELO_NONE=0.001, T_REMOTE_IMAGE=0.01, USER_IN_DEF_DKIM_WL=-7.5]
autolearn=ham autolearn_force=no
So spamassassin must be communicating with amavis somehow. I'll keep
digging.
amavis uses SpamAssassin routines internally.
It also contacts clamd directly via clamav socket, or can run clamscan if
clamd does not run.
Note that it must be configured to do so, on Debian this is in
/etc/amavis/conf.d/15-av_scanners
you can check clamd logs.
I have turned clamscan off, because it overloads system if multiple mails
are being received:
@av_scanners_backup = ();
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
