Thanks for the reply.
It seems that I might have something wrong in my amavis/spamassassin
configuration, but the following log might show something obvious to a more
experienced user - can you help?
Here is a log for a spam message that arrived:
Sep 17 16:07:15 mailserver postfix/smtpd[9970]: connect from
localhost[127.0.0.1]
Sep 17 16:07:15 mailserver postfix/smtpd[9970]: 920C9507539:
client=localhost[127.0.0.1]
Sep 17 16:07:15 mailserver postfix/cleanup[9965]: 920C9507539: message-id=<
20180917150656.664ef152...@vps10593.com>
Sep 17 16:07:15 mailserver postfix/qmgr[18272]: 920C9507539: from=<
mowu...@wvtmo.net>, size=1806, nrcpt=3 (queue active)
Sep 17 16:07:15 mailserver amavis[9250]: (09250-06) Passed SPAM
{RelayedOpenRelay,Quarantined}, [180.125.253.237]:22311 [208.62.237.18] <
mowu...@wvtmo.net> -> <i...@bbv.com>, quarantine: l/spam-lIL6tWw0gz1s.gz,
Queue-ID: 910D6507538, Message-ID: <20180917150656.664ef152...@vps10593.com>,
mail_id: lIL6tWw0gz1s, Hits: 15.778, size: 1320, queued_as: 920C9507539,
2695 ms
Sep 17 16:07:15 mailserver postfix/smtpd[9970]: disconnect from
localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 17 16:07:15 mailserver postfix/smtp[9966]: 910D6507538: to=<i...@bbv.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=4.6, delays=1.9/0.01/0/2.7,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as 920C9507539)
Sep 17 16:07:15 mailserver postfix/qmgr[18272]: 910D6507538: removed
Sep 17 16:07:16 mailserver dovecot: lda(admit): sieve: msgid=<
20180917150656.664ef152...@vps10593.com>: stored mail into mailbox 'INBOX'
Sep 17 16:07:16 mailserver dovecot: lda(mma): sieve: msgid=<
20180917150656.664ef152...@vps10593.com>: stored mail into mailbox 'INBOX'
Sep 17 16:07:16 mailserver postfix/local[9971]: 920C9507539: to=<
ad...@itc.com>, orig_to=<i...@bbv.com>, relay=local, delay=1.3,
delays=0.17/0.02/0/1.1, dsn=2.0.0, status=sent (delivered to command:
/usr/lib/dovecot/deliver)
Sep 17 16:07:16 mailserver postfix/local[9972]: 920C9507539: to=<m...@itc.com>,
orig_to=<i...@bbv.com>, relay=local, delay=1.3, delays=0.17/0.04/0/1.1,
dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver)
It looks like it is being marked as quarentine, but going to the inbox
nonetheless?
My* /etc/amavis/conf.d/20-debian_defaults:*
$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if
$enable_db=1
$inet_socket_port = 10024; # default listening socket
#$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = -20; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 5; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
(...)
$final_virus_destiny = D_DISCARD; # (data not lost, see virus
quarantine)
$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
And the header of this email:
Return-Path: <mowu...@wvtmo.net>
X-Original-To: i...@bbv.com
Delivered-To: ad...@itc.com
Received: from localhost (localhost [127.0.0.1])
by mailserver.itc.com (Postfix) with ESMTP id 920C9507539
for <i...@bbv.com>; Mon, 17 Sep 2018 16:07:15 +0100 (WEST)
X-Virus-Scanned: Debian amavisd-new at itclinical.com
Which is different from other emails received (I configured amavis to
always add the X-Spam flags):
X-Virus-Scanned: Debian amavisd-new at itc.com
X-Spam-Flag: NO
X-Spam-Score: 2.441
X-Spam-Level: **
X-Spam-Status: No, score=2.441 tagged_above=-20 required=5
tests=[FROM_EXCESS_BASE64=0.105, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
HTML_IMAGE_ONLY_24=1.282, HTML_IMAGE_RATIO_02=0.805,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001] autolearn=no autolearn_force=no
On Mon, Sep 17, 2018 at 4:16 PM Noel Jones <njo...@megan.vbhcs.org> wrote:
> On 9/17/2018 5:44 AM, Miguel Almeida wrote:
> > My postfix installation is working correctly (delivery via dovecot,
> > spam filtering via amavis - spamassasin).
> >
> > I have some aliases in virtual, eg:
> >
> > |i...@mydomain.com <mailto:i...@mydomain.com> johnDoe |
> >
> > However, for the emails that match an entry in virtual, amavis is
> > not filtering for spam (resulting in lots of spam reaching my inbox).
> >
> > How can the configuration be changed so that the emails that match
> > virtual entries are also filtered for spam?
> >
> > You can find my main.cf <http://main.cf> file here
> > <https://gist.github.com/mmalmeida/68dd0c7bce64675084807464c59b3801>.
> >
> >
> > Thank you in advance for your help!
> >
> >
> > Miguel
> >
>
> That sounds unusual. For general debugging hints, please see
> http://www.postfix.org/DEBUG_README.html
>
> For further help from the list, please see:
> http://www.postfix.org/DEBUG_README.html#mail
>
> In your description of the problem, please be sure to include
> "postconf -n" output. It would also be helpful to include log
> entries showing the problem (NOT debug logs).
>
>
>
> -- Noel Jones
>
