amavis + SA not marking messages as spam
You need to provide more detailed logging output to solve that: Stop amavisd and restart it in debug mode (amavisd debug, on Debian/Ubuntu it's probably amavisd-new debug, but since you mention you configured amavisd with amavisd.conf and not /etc/amavis/conf.d/50-user, I guess you are not on Debian/Ubuntu). While you do that, you will probably want to disable the Postfix SMTP port 25 listeners on your mail servers external interfaces (you can always submit mail locally) or else you will probably get a little bit too much logging, so locate those in /etc/postfix/master.cf and uncomment the appropriate entries (don't forget postfix reload afterwards).
Also, to avoid cluttering your screen, remove the $sa_debug setting from your amavisd.conf temporarily - but reenable it if you can't figure out the cause of your problem (and also try to check why autolearning fails).
Two more comments on your configuration, which are not really related to your problem:
- Set
$sa_kill_level_defltto$sa_tag2_level_deflt- your final spam destiny isD_PASSanyways. - Set
$sa_tag_level_deflttoundef.
A comment directed at Dave: amavisd-new doesn't use spamd by default, so restarting spamd is rather pointless. Furthermore, there is no way you can modify the way amavisd-new treats a message of a given content category (here: CC_SPAM) from within Spamassassin's configuration.
Related videos on Youtube
00 : 26
04 : 29
03 : 45
01 : 09 : 17
02 : 53
Glen Solsberry
I write code that solves problems. Human problems or machine problems, I try to solve them.
Updated on September 17, 2022Comments
-
Glen Solsberry over 1 year
I'm running Postfix + amavis + SpamAssassin. Messages are coming through just fine, and they're getting
X-Spam-Scoreas I would expect, along withX-Spam-Statusvalues, implying that SA is doing something with them. Unfortunately, amavis doesn't seem to want to actually mark them as spam, as all messages are coming through withX-Spam-Flag: NO.An example message that I'm looking at right now has the following headers:
X-Virus-Scanned: Debian amavisd-new at magni X-Spam-Flag: NO X-Spam-Score: 11.733 X-Spam-Level: *********** X-Spam-Status: No, score=11.733 tests=[BAYES_99=3.5, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033] autolearn=noHere's my amavisd.conf file:
$mydomain = ""; $MYHOME = '/var/amavisd'; $TEMPBASE = "$MYHOME/tmp"; $inet_socket_port = 10024; $forward_method = 'smtp:127.0.0.1:10025'; $notify_method = $forward_method; # @local_domains_acl = qw( "." ); # you may want to use qw() to check all in and out $sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 999; # triggers spam evasive actions $sa_debug = 1; $final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE) $final_spam_destiny = D_PASS; # (defaults to D_REJECT but we're tagging and passing) $spam_admin = "postmaster\@$mydomain"; $spam_lovers{lc("postmaster\@$mydomain")} = 1; $virus_admin = "postmaster\@$mydomain"; $QUARANTINEDIR = undef; $virus_quarantine_to = undef; #$spam_quarantine_to = 'spam-quarantine'; $remove_existing_spam_headers = 0; $sa_local_tests_only = 0; # (default: false) $SYSLOG_LEVEL = 'mail.err'; $DO_SYSLOG = 1; $log_level = 2; $enable_dkim_verification = 0; # @bypass_spam_checks_maps = (1); @lookup_sql_dsn = ( 'DBI:mysql:database=postfix;host=127.0.0.1;port=3306', '', '' ); $sql_select_policy = 'SELECT "Y" as local FROM aliases WHERE source IN (%k) UNION SELECT "Y" as local FROM users WHERE address IN (%k)'; 1;Any ideas?
UPDATE: A message that I've been holding on to:
X-Spam-Flag: NO X-Spam-Score: 14.085 X-Spam-Level: ************** X-Spam-Status: No, score=14.085 tests=[BAYES_99=3.5, NO_DNS_FOR_FROM=1.496, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501] autolearn=nohas this entry in the mail logs:
mail.log.1:Sep 5 21:43:39 magni amavis[25486]: (25486-10) Passed CLEAN, [78.189.26.137] [88.206.193.68] <[email protected]> -> <gms8994>, Message-ID: <[email protected]>, mail_id: 4Moi5p2dOV-I, Hits: 14.085, size: 891, queued_as: AFF8C2C367, 1156 msAs suggested by Dave Drager, I'm going to try stopping spamd, and see what happens.
UPDATE2: Stopped spamassassin, leaving amavis running, just got this message:
X-Spam-Flag: NO X-Spam-Score: 17.712 X-Spam-Level: ***************** X-Spam-Status: No, score=17.712 tests=[BAYES_99=3.5, FH_FROMEML_NOTLD=2.696, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_ILLEGAL_IP=1.908, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501] autolearn=failedwith this in the logs:
mail.log:Sep 9 08:49:11 magni amavis[13604]: (13604-10) Passed CLEAN, [77.70.121.78] [77.70.121.78] <trfq@pc-2bb82028ef37> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Lg-rCSg9x0rr, Hits: 17.712, size: 844, queued_as: 8269D2BF6B, 2312 msper @cite, I looked at /etc/amavis/conf.d/50-user (I am actually running debian). It was empty. I moved the configuration from /etc/amavis/amavisd.conf to 50-user, and restarted, and messages are now being tagged with
X-Spam-Flag: YES. Points to cite.-
hdanniel over 14 yearsIt seems that your configuration is ok. No hints in the amavis logs?
-