Postfix/Amavis/Spamassasin/ClamAV - SPAM getting through.

Discussion in 'Installation/Configuration' started by Tekati, Jun 14, 2017.

  1. Tekati

    Tekati Member Moderator

    I do not consider myself a newbie when it comes to email. I have been an ISPConfig user since 2.0 and have several installations of both single and multi-servers. But email is such a finicky beast I need help figuring out what is going on here.

    I have ClamAV and I also have it scan once a day through all the email. I find 100's of emails in the daily clamav scan that gets emailed to me. My question is why isn't amavis/spamassasin/clamav catching this and discarding it from the time it comes in?

    For now I have a script that parses through these and delete's the messages. But that is a pathetic quick fix for now.

    I have a heck of a time following all the logs that all of these services create on each and every email.

    Is there a DEBUG setting some where were I can see all the things that are happening? I have Razor and Pyzor setup and I do not even know if they are being activated through the process correctly.

    A really thorough blog post on how to properly setup, check, test, retest, read logs, and test some more on email servers would be such a great thing. I have spent countless hours hardening the email servers from spam and just plain general junk type mail and some of those efforts seem to just not work all the time.

    Example of the email summary of all the spam messages scanned and found on the server daily.

    ----------- SCAN SUMMARY -----------
    Known viruses: 12978269
    Engine version: 0.99.2
    Scanned directories: 22
    Scanned files: 84
    Infected files: 0
    Data scanned: 4.81 MB
    Data read: 2.66 MB (ratio 1.81:1)
    Time: 84.294 sec (1 m 24 s)
    /var/vmail/somedomain/someuser/Maildir/cur/1497088661.M167847P27032.mail,S=5444,W=5542:2,S: FOUND
    /var/vmail/somedomain/someuser/Maildir/cur/1496763339.M190392P15423.mail,S=28420,W=29052:2,S: FOUND
    /var/vmail/somedomain/someuser/Maildir/cur/1497039012.M332541P15518.mail,S=12032,W=12318:2,: FOUND
    ----------- SCAN SUMMARY -----------
    Known viruses: 12978269
    Engine version: 0.99.2
    Scanned directories: 33921
    Scanned files: 1260447
    Infected files: 461
    Data scanned: 418028.09 MB
    Data read: 213509.86 MB (ratio 1.96:1)
    Time: 127421.033 sec (2123 m 41 s)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the mail headers of the spam mails to find out why they got trough. spamassassin / amavis are listing there which rules matched and which score the email got.

Share This Page