On 08/06/2017 05:10 PM, msxc wrote:
I have a logwatch output that gets mailed to me daily. Spamassassin is
scoring it high enough as exceed my threshold for whacking it as spam.
Please subscribe to the list for future posts.
However, I would argue that this is expected behavior because your
logwatch notice almost certainly contains lots of information about spam
emails. You'll want to look at whitelisting/exempting it from scanning.
KAM, thanks.
Re subscribe, I am, I may have my sending address crossed up as I migrate to a
new server. I'll try to get that straightened out. Sorry about that.
I understand/agree whit your point. If it smells like spam, tag it if asked to
analyze it. Perhaps I incorrectly assumed it shouldn't be smelling for trusted
networks. :)
Anyway, I found a potential cause, or at least a misconfiguration. I've got
Amavisd calling SA and I missed a primary IP in its mynetworks setting. If
that doesn't clear it I'll see about whitelisting.
As Alex already mentioned, the mynetworks setting isn't about
whitelisting. That only controls the ALL_TRUSTED rule hit and some other
RBL checks based on last_external. Basically it provides a little trust
based on IP reputation and has nothing to do with content-based rules
that are most likely the problem with logwatch emails.
I would and have setup a whitelist_from_rcvd entry something like:
whitelist_from_rcvd root@* [ip.ad.dr.ess]
or
whitelist_from_rcvd root@* mycompany.com
Note the second one is going going to be useful if you have setup
correct FCrDNS which is not common on internal RFC 1918 network space so
I would recommend the IP address version.
--
David Jones
