It appears postfix is operating properly; this is either an amavis problem or a dovecot/sieve problem. Those products have their own support lists.
-- Noel Jones On 9/17/2018 10:33 AM, Miguel Almeida wrote: > Thanks for the reply. > > It seems that I might have something wrong in my amavis/spamassassin > configuration, but the following log might show something obvious to > a more experienced user - can you help? > > Here is a log for a spam message that arrived: > > Sep 17 16:07:15 mailserver postfix/smtpd[9970]: connect from > localhost[127.0.0.1] > Sep 17 16:07:15 mailserver postfix/smtpd[9970]: 920C9507539: > client=localhost[127.0.0.1] > Sep 17 16:07:15 mailserver postfix/cleanup[9965]: 920C9507539: > message-id=<20180917150656.664ef152...@vps10593.com > <mailto:20180917150656.664ef152...@vps10593.com>> > Sep 17 16:07:15 mailserver postfix/qmgr[18272]: 920C9507539: > from=<mowu...@wvtmo.net <mailto:mowu...@wvtmo.net>>, size=1806, > nrcpt=3 (queue active) > Sep 17 16:07:15 mailserver amavis[9250]: (09250-06) Passed SPAM > {RelayedOpenRelay,Quarantined}, [180.125.253.237]:22311 > [208.62.237.18] <mowu...@wvtmo.net <mailto:mowu...@wvtmo.net>> -> > <i...@bbv.com <mailto:i...@bbv.com>>, quarantine: > l/spam-lIL6tWw0gz1s.gz, Queue-ID: 910D6507538, Message-ID: > <20180917150656.664ef152...@vps10593.com > <mailto:20180917150656.664ef152...@vps10593.com>>, mail_id: > lIL6tWw0gz1s, Hits: 15.778, size: 1320, queued_as: 920C9507539, 2695 ms > Sep 17 16:07:15 mailserver postfix/smtpd[9970]: disconnect from > localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > Sep 17 16:07:15 mailserver postfix/smtp[9966]: 910D6507538: > to=<i...@bbv.com <mailto:i...@bbv.com>>, > relay=127.0.0.1[127.0.0.1]:10024, delay=4.6, delays=1.9/0.01/0/2.7, > dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): > 250 2.0.0 Ok: queued as 920C9507539) > Sep 17 16:07:15 mailserver postfix/qmgr[18272]: 910D6507538: removed > Sep 17 16:07:16 mailserver dovecot: lda(admit): sieve: > msgid=<20180917150656.664ef152...@vps10593.com > <mailto:20180917150656.664ef152...@vps10593.com>>: stored mail into > mailbox 'INBOX' > Sep 17 16:07:16 mailserver dovecot: lda(mma): sieve: > msgid=<20180917150656.664ef152...@vps10593.com > <mailto:20180917150656.664ef152...@vps10593.com>>: stored mail into > mailbox 'INBOX' > Sep 17 16:07:16 mailserver postfix/local[9971]: 920C9507539: > to=<ad...@itc.com <mailto:ad...@itc.com>>, orig_to=<i...@bbv.com > <mailto:i...@bbv.com>>, relay=local, delay=1.3, > delays=0.17/0.02/0/1.1, dsn=2.0.0, status=sent (delivered to > command: /usr/lib/dovecot/deliver) > Sep 17 16:07:16 mailserver postfix/local[9972]: 920C9507539: > to=<m...@itc.com <mailto:m...@itc.com>>, orig_to=<i...@bbv.com > <mailto:i...@bbv.com>>, relay=local, delay=1.3, > delays=0.17/0.04/0/1.1, dsn=2.0.0, status=sent (delivered to > command: /usr/lib/dovecot/deliver) > > It looks like it is being marked as quarentine, but going to the > inbox nonetheless? > > My*/etc/amavis/conf.d/20-debian_defaults:* > > $QUARANTINEDIR = "$MYHOME/virusmails"; > $quarantine_subdir_levels = 1; # enable quarantine dir hashing > > $log_recip_templ = undef; # disable by-recipient level-0 log entries > $DO_SYSLOG = 1; # log via syslogd (preferred) > $syslog_ident = 'amavis'; # syslog ident tag, prepended to all > messages > $syslog_facility = 'mail'; > $syslog_priority = 'debug'; # switch to info to drop debug output, etc > > $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP > and nanny) > $enable_global_cache = 1; # enable use of libdb-based cache if > $enable_db=1 > > $inet_socket_port = 10024; # default listening socket > > #$sa_spam_subject_tag = '***SPAM*** '; > $sa_tag_level_deflt = -20; # add spam info headers if at, or above > that level > $sa_tag2_level_deflt = 5; # add 'spam detected' headers at that level > $sa_kill_level_deflt = 5; # triggers spam evasive actions > $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent > (...) > $final_virus_destiny = D_DISCARD; # (data not lost, see virus > quarantine) > $final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA > $final_spam_destiny = D_PASS; > $final_bad_header_destiny = D_PASS; # False-positive prone (for > spam) > > And the header of this email: > > Return-Path: <mowu...@wvtmo.net <mailto:mowu...@wvtmo.net>> > X-Original-To: i...@bbv.com <mailto:i...@bbv.com> > Delivered-To: ad...@itc.com <mailto:ad...@itc.com> > Received: from localhost (localhost [127.0.0.1]) > by mailserver.itc.com <http://mailserver.itc.com> (Postfix) with ESMTP > id 920C9507539 > for <i...@bbv.com <mailto:i...@bbv.com>>; Mon, 17 Sep 2018 16:07:15 > +0100 (WEST) > X-Virus-Scanned: Debian amavisd-new at itclinical.com <http://itclinical.com> > > > Which is different from other emails received (I configured amavis to always > add the X-Spam flags): > > X-Virus-Scanned: Debian amavisd-new at itc.com <http://itc.com> > X-Spam-Flag: NO > X-Spam-Score: 2.441 > X-Spam-Level: ** > X-Spam-Status: No, score=2.441 tagged_above=-20 required=5 > tests=[FROM_EXCESS_BASE64=0.105, HEADER_FROM_DIFFERENT_DOMAINS=0.25, > HTML_IMAGE_ONLY_24=1.282, HTML_IMAGE_RATIO_02=0.805, > HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, > SPF_PASS=-0.001] autolearn=no autolearn_force=no > > > On Mon, Sep 17, 2018 at 4:16 PM Noel Jones <njo...@megan.vbhcs.org > <mailto:njo...@megan.vbhcs.org>> wrote: > > On 9/17/2018 5:44 AM, Miguel Almeida wrote: > > My postfix installation is working correctly (delivery via > dovecot, > > spam filtering via amavis - spamassasin). > > > > I have some aliases in virtual, eg: > > > > |i...@mydomain.com <mailto:i...@mydomain.com> > <mailto:i...@mydomain.com <mailto:i...@mydomain.com>> johnDoe | > > > > However, for the emails that match an entry in virtual, amavis is > > not filtering for spam (resulting in lots of spam reaching my > inbox). > > > > How can the configuration be changed so that the emails that match > > virtual entries are also filtered for spam? > > > > You can find my main.cf <http://main.cf> <http://main.cf> file > here > > > <https://gist.github.com/mmalmeida/68dd0c7bce64675084807464c59b3801>. > > > > > > Thank you in advance for your help! > > > > > > Miguel > > > > That sounds unusual. For general debugging hints, please see > http://www.postfix.org/DEBUG_README.html > > For further help from the list, please see: > http://www.postfix.org/DEBUG_README.html#mail > > In your description of the problem, please be sure to include > "postconf -n" output. It would also be helpful to include log > entries showing the problem (NOT debug logs). > > > > -- Noel Jones >
