I have Amavis, SpamAssassin and ClamAV integrated into Postfix and it seems to work perfectly. Unfortunately last times one of my system users has his outgoing mails frequently flagged as SPAM, blocked and quarantined. A recent example follows: Code: Return-Path: <[email protected]> Delivered-To: spam-quarantine X-Envelope-From: <[email protected]> X-Envelope-To: <[email protected]> X-Envelope-To-Blocked: <[email protected]> X-Quarantine-ID: <xwe2uV0yNMnY> X-Spam-Flag: YES X-Spam-Score: 6.605 X-Spam-Level: ****** X-Spam-Status: Yes, score=6.605 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-1.715, DCC_CHECK=1.37, DIGEST_MULTIPLE=0.001, HTML_MESSAGE=0.001, MIME_HTML_MOSTLY=0.001, PYZOR_CHECK=2.834, RCVD_IN_SORBS_WEB=1.117, RCVD_IN_XBL=2.896, RDNS_NONE=0.1] Received: from mail.ustm.ac.mz ([127.0.0.1]) by localhost (mail.ustm.ac.mz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwe2uV0yNMnY for <[email protected]>; Mon, 28 Dec 2009 10:34:36 +0200 (CAT) Received: from dod061269 (unknown [196.28.239.21]) by mail.ustm.ac.mz (Postfix) with ESMTP id 10B4E48080 for <[email protected]>; Mon, 28 Dec 2009 10:34:31 +0200 (CAT) Reply-To: <[email protected]> From: "Agrippah Kandiero" <[email protected]> To: "'Noleen Massuco'" <[email protected]> Subject: AK Profile [...] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_004D_01CA87A9.5AE28D60" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqHmJNrjOInD+/dTJmv+Pc1kg1Y1g== Content-Language: en-us x-cr-hashedpuzzle: CK3A DjgV Es+H E7xC FVio FZr0 FZ17 Fdto Fpr+ G2Pf G2iZ HMRb HaH1 Hxyb IbWZ JVdR [ ... ] I have been trying to find solution on spamassassin documentation, but I found it very hard to understand things like changing the rules, kill levels, setting scores, whitelist and so. Help please interpreting the pieces in the quarantined mail and as well what can I do in this particular case. TIA, thavaht
Depends on your distribution. If you use Debian or Ubuntu, it's somewhere in the /etc/amavis/conf.d/ directory, otherwise it's probably /etc/amavisd/amavisd.conf or /etc/amavisd.conf.
I’m using Debian Lenny and followed the steps on this tutorial and also considered the "amavisd-new, SpamAssassin, And ClamAV" part on this other one. BTW, I didn’t find any reference to $mydomain variable. Rgds, thavaht
Code: mail:/etc/amavis/conf.d# grep -R mydomain * 05-domain_id:# $mydomain is used just for convenience in the config files and it is not 05-domain_id:chomp($mydomain = `head -n 1 /etc/mailname`); 05-domain_id:# Default local domains to $mydomain and all subdomains. Remember to 05-domain_id:# override or redefine this if $mydomain is changed later in the config 05-domain_id:@local_domains_acl = ( ".$mydomain" ); 20-debian_defaults:$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default 20-debian_defaults:$X_HEADER_LINE = "Debian $myproduct_name at $mydomain"; mail:/etc/amavis/conf.d#
mail:~# cat /etc/amavis/conf.d/05-domain_id use strict; # $mydomain is used just for convenience in the config files and it is not # used internally by amavisd-new except in the default X_HEADER_LINE (which # Debian overrides by default anyway). chomp($mydomain = `head -n 1 /etc/mailname`); # amavisd-new needs to know which email domains are to be considered local # to the administrative domain. Only emails to "local" domains are subject # to certain functionality, such as the addition of spam tags. # # Default local domains to $mydomain and all subdomains. Remember to # override or redefine this if $mydomain is changed later in the config # sequence. @local_domains_acl = ( ".$mydomain" ); 1; # ensure a defined return mail:~#
That seems to be ok. The highest scores come from the blacklist checks. Can you check if your server is blacklisted? http://mxtoolbox.com/blacklists.aspx
Hi Falko, I do regular checks, I am very concerned about it, and just now it is not listed, except for UCEPROTECTL3 so that that’s certainly not the problem. Regards, thavaht
It is on a static IP Address. In fact I found that there is a problem, not with the server’s IP Address itself but with the IP Address from which the message was sent from. That IP is in mynetworks and it is blacklisted. Thank you for your patience. Best regards, thavaht
Thanks so much for recommending our DNS tools! Have you tried our Free Monitoring Tool? It will send you an alert if your server is Blacklisted. You can also configure it to send you an alert if your server goes down. We are working hard on creating an all in one tool that does all the DNS test and lookups you could ever need! If you have any other tools additions or feedback, please let us know.