Amavis / spamassassin setup, how to disable quarantine and get default spamassassin behavior back?

spamassassin amavis

185

Solution 1

You should put this options on your /etc/amavis/conf.d/50-user file:

$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_spam_subject_tag = '**Spam**';

Configure the SPAM confidence level to the ones accordingly to your needs.

If you don't want to manage your score levels, you can set the quarantine directories to undefined ones. To do this add those lines in the same file:

$clean_quarantine_to      = undef;      # local quarantine
$virus_quarantine_to      = undef;      # traditional local quarantine
$banned_quarantine_to     = undef;      # local quarantine
$bad_header_quarantine_to = undef;      # local quarantine
$spam_quarantine_to       = undef;      # local quarantine

If you want to check the information or take a look at additional information here's the Quarantine block on the AMaViS website: http://www.amavis.org/amavisd-new-docs.html#quarantine

Solution 2

The best solution I found was simply to put this in /etc/amavis/conf.d/50-user:

$final_spam_destiny=D_PASS;
$final_virus_destiny=D_PASS;

This way bad e-mails are either marked SPAM or INFECTED, but still delivered to the users, without being rejected, blocked nor quarantined.

See AMAVIS documentation

185

airzinger1

Updated on September 18, 2022

Comments

airzinger1 almost 2 years

I have a non-private AWS VPC built on a Centos 7 image, however I am unable to to a yum update. Can you help me troubleshoot how I can get connection to the outside network to do updates and downloads?

here what I have to see so far:

command:  echo $https_proxy
http://172.2x.xx.xx:8080


command: $ sudo yum -y update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was
14: curl#7 - "Failed to connect to 2620:52:3:1:dead:beef:cafe:fed6: Network is unreachable"
 * base: centos.host-engine.com
 * epel: fedora.mirrors.pair.com
 * extras: linux.cc.lehigh.edu
 * updates: centos.mirrors.tds.net
http://centos.s.uw.edu/centos/7.7.1908/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2607:4000:200:4a::38: Network is unreachable"
Trying other mirror.
http://centos.host-engine.com/7.7.1908/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2001:49f0:d064:5::2: Network is unreachable"
Trying other mirror.
http://mirror.centos.iad1.serverforge.org/7.7.1908/os/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://mirror.centos.iad1.serverforge.org/7.7.1908/os/x86_64/repodata/repomd.xml: (28, 'Connection timed out after 30001 milliseconds')
Trying other mirror.
http://mirror.mobap.edu/centos/7.7.1908/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed connect to mirror.mobap.edu:80; Operation now in progress"
Trying other mirror.

Mike B almost 10 years

Can you please elaborate on some details? What specific Server OS/version are you using? What version of SpamAssassin? What version of amavis?
CaptSaltyJack almost 10 years

Details added..
John Rotenstein about 4 years

Is this Amazon EC2 instance in a public subnet, or a private subnet? How have you connected to it (directly, or via a bastion, or a VPN connection)? Why have you configured a proxy? Do you get a result if you curl google.com from the instance?

Vinícius Ferrão almost 10 years

On the $sa_kill_level_deflt = 6.9 put a score so high that will never be trigged to put on quarantine. Adjust the tags on the $sa_tag2_level_deflt.
CaptSaltyJack almost 10 years

Ok, I'll try that. Should $sa_tag2_level_deflt match SpamAssassin's required_score value?
Vinícius Ferrão almost 10 years

I've added more info. Choose the method that will do better for you.
CaptSaltyJack almost 10 years

Thanks! So, does it make sense to always have the required_score value in /etc/spamassassin/local.cf match the value of $sa_tag2_level_deflt? Or is spamassassin's required_score value not even relevant? (upon thinking about it more, I think this is the case.. spamassassin is only being used to return a score, not judge whether something is spam or not)
CaptSaltyJack almost 10 years

Thank you, your answers are awesome and have been quite helpful!
ychaouche over 6 years

In particular "for these actions to have any effect, mail must be allowed to be delivered to a recipient;"