Re: Help With Configuration Issue
Quoting Bill Randle <[EMAIL PROTECTED]>: On Sun, 2006-06-11 at 10:08 -0400, L. Mark Stone wrote: Started noticing the system flagging spam emails but not deleting them: [cut] Jun 11 07:37:18 pinot amavis[10738]: (10738-04) spam_scan: hits=24.677 tests=BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_TEXT_AFTER_BODY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TW_EH,TW_NH,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL Jun 11 07:37:18 pinot amavis[10738]: (10738-04) SPAM, <[EMAIL PROTECTED]> -> , Yes, hits=24.7 tag1=-999.0 tag2=4.0 kill=4.0 tests=BAYES_99, HTML_50_60, HTML_IMAGE_ONLY_20, HTML_MESSAGE, HTML_SHORT_LINK_IMG_3, HTML_TEXT_AFTER_BODY, RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CF_RANGE_E8_51_100, RAZOR2_CHECK, TW_EH, TW_NH, URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SBL, URIBL_WS_SURBL Jun 11 07:37:18 pinot amavis[10738]: (10738-04) FWD via SMTP: [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> System is SuSE Linux Enterprise Server9 with spamassassin 3.1.0 and amavis Spamassassin lints OK, and here are relevant portions of /etc/amavisd.conf (probably may wordwrap). [cut] Given the configuration, I would have expected the message to have been discarded. What did I miss? By any chance did you accidentally set $final_spam_destiny to D_PASS in the config file? There's a line that does this, but it's commented out by default. -Bill Bill, We did have $final_spam_destiny to D_PASS but have now changed this to D_DISCARD and increased the discard level from 4.0 to 5.0. Not as high as you suggested, but since I have been grepping the mail logs, we have had no false positives. Thanks for that great catch; that will save me from doing some regexp work in Postfix to combat backscatter. All the best, Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC "We manage your network so you can manage your business" 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you. binuoZ1SCE6lQ.bin Description: PGP Public Key
Re: Help With Configuration Issue
Yes, discarding is not only controlled by $sa_kill_level_deflt by also by $final_spam_desiny and whether a quarantine is configured or not, and if quarantine is configured, then also $sa_quarantine_cutoff_level. This is not a SpamAssassin question, it is an amavisd-new question. Having said that, if a larger than normal percentage of spam scores at 4.0 or below, and that is why you want to discard at a score of 4.0, then that would be a concern and that *is* a SpamAssassin question. Gary V _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: Help With Configuration Issue
> Given the configuration, I would have expected the message to have > been discarded. What did I miss? By any chance did you accidentally set $final_spam_destiny to D_PASS in the config file? There's a line that does this, but it's commented out by default. -Bill Yes, discarding is not only controlled by $sa_kill_level_deflt by also by $final_spam_desiny and whether a quarantine is configured or not, and if quarantine is configured, then also $sa_quarantine_cutoff_level. This is not a SpamAssassin question, it is an amavisd-new question. This may help: http://www200.pair.com/mecham/spam/amavisd-settings.html BTW, if you are really going to discard mail that scores 4.0 or higher, you will loose legitimate mail. If anything, I would suggest accepting mail up to a score of somewhere around 7.0 and marking mail between 4.0 and 7.0 as ***SPAM*** on the Subject: line. Maybe something like this: $final_spam_destiny = D_DISCARD; $spam_quarantine_to = 'spam-quarantine'; $sa_tag_level_deflt = -999; $sa_tag2_level_deflt = 4.0; $sa_kill_level_deflt = 7.0; $sa_spam_subject_tag = '***SPAM*** '; $sa_quarantine_cutoff_level = 14; Then set up a cron job to delete items in the quarantine that are older than 60 days or something. If by 'discard' you mean quarantine, then it is still not a good idea to quarantine at such a low level. You are more likely to find ham in the quarantine which means you will spend more time searching for items in the quarantine which ends up being counterproductive. My 0.02 Gary V _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: Help With Configuration Issue
On Sun, 2006-06-11 at 10:08 -0400, L. Mark Stone wrote: > Started noticing the system flagging spam emails but not deleting them: [cut] > Jun 11 07:37:18 pinot amavis[10738]: (10738-04) spam_scan: hits=24.677 > tests=BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_TEXT_AFTER_BODY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TW_EH,TW_NH,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL > Jun 11 07:37:18 pinot amavis[10738]: (10738-04) SPAM, > <[EMAIL PROTECTED]> -> , Yes, > hits=24.7 tag1=-999.0 tag2=4.0 kill=4.0 tests=BAYES_99, HTML_50_60, > HTML_IMAGE_ONLY_20, HTML_MESSAGE, HTML_SHORT_LINK_IMG_3, > HTML_TEXT_AFTER_BODY, RAZOR2_CF_RANGE_51_100, > RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CF_RANGE_E8_51_100, RAZOR2_CHECK, > TW_EH, TW_NH, URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SBL, URIBL_WS_SURBL > Jun 11 07:37:18 pinot amavis[10738]: (10738-04) FWD via SMTP: > [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> > > > System is SuSE Linux Enterprise Server9 with spamassassin 3.1.0 and amavis > > Spamassassin lints OK, and here are relevant portions of > /etc/amavisd.conf (probably may wordwrap). [cut] > Given the configuration, I would have expected the message to have > been discarded. What did I miss? By any chance did you accidentally set $final_spam_destiny to D_PASS in the config file? There's a line that does this, but it's commented out by default. -Bill
Help With Configuration Issue
Started noticing the system flagging spam emails but not deleting them: Jun 11 07:37:13 pinot postfix/smtpd[8568]: connect from unknown[160.79.37.83] Jun 11 07:37:14 pinot postfix/smtpd[8568]: 9F6CBE88001: client=unknown[160.79.37.83] Jun 11 07:37:16 pinot postfix/cleanup[11935]: 9F6CBE88001: message-id=<[EMAIL PROTECTED]> Jun 11 07:37:16 pinot postfix/qmgr[7184]: 9F6CBE88001: from=<[EMAIL PROTECTED]>, size=4038, nrcpt=1 (queue active) Jun 11 07:37:16 pinot amavis[10738]: (10738-04) ESMTP::10024 /var/spool/amavis/tmp/amavis-20060611T044830-10738: <[EMAIL PROTECTED]> -> Received: SIZE=4038 BODY=8BITMIME from pinot.rnome.com ([127.0.0.1]) by localhost (pinot [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10738-04 for ; Sun, 11 Jun 2006 07:37:16 -0400 (EDT) Jun 11 07:37:16 pinot amavis[10738]: (10738-04) Checking: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Jun 11 07:37:18 pinot amavis[10738]: (10738-04) spam_scan: hits=24.677 tests=BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_TEXT_AFTER_BODY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TW_EH,TW_NH,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL Jun 11 07:37:18 pinot amavis[10738]: (10738-04) SPAM, <[EMAIL PROTECTED]> -> , Yes, hits=24.7 tag1=-999.0 tag2=4.0 kill=4.0 tests=BAYES_99, HTML_50_60, HTML_IMAGE_ONLY_20, HTML_MESSAGE, HTML_SHORT_LINK_IMG_3, HTML_TEXT_AFTER_BODY, RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CF_RANGE_E8_51_100, RAZOR2_CHECK, TW_EH, TW_NH, URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SBL, URIBL_WS_SURBL Jun 11 07:37:18 pinot amavis[10738]: (10738-04) FWD via SMTP: [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> System is SuSE Linux Enterprise Server9 with spamassassin 3.1.0 and amavis Spamassassin lints OK, and here are relevant portions of /etc/amavisd.conf (probably may wordwrap). $sa_tag_level_deflt = -999.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 4.0; $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 6.5; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default; $sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) # (only seen when spam is not to be rejected # and recipient is in local_domains*) Given the configuration, I would have expected the message to have been discarded. What did I miss? Thanks, Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC "We manage your network so you can manage your business" 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com This email was sent from Reliable Networks of Maine LLC. It may contain information that is privileged and confidential. If you suspect that you were not intended to receive it, please delete it and notify us as soon as possible. Thank you. bindklhQDFNd4.bin Description: PGP Public Key