Sometimes I get emails with the ***SPAM*** in the subject (ISPconfig/email/Policy/spamfilter/normal/tag level). The problem is that these emails arrive to my inbox and should not be marked as spam since in the header I see: X-Spam-Status: No, score=1.0 required=4.0 or X-Spam-Status: No, score=3.4 required=4.0 (for example). These emails are marked as spam only in the subject field. I am sure they are marked on my server because I changed the SPAM subject tag2 field to be **SPAM** (with two stars) and now I receive them with two stars. Other spams I receive and reach the score level 4, have also X-Spam-Flag: YES and they arrive to my Junk folder as expected (dovecot sieve). Strange thing is that the spams I receive in my inbox are always real spam so I could easily write a local spamassassin header rule to get rid of them, but the question still remains: Why are these emails marked as spam in the subject field when they dont reach the required score? I am using Postfix, Spamassassin, Amavis, Dovecot in my ISPconfig
I've never seen that the spam header and subject dont match. The only possible reason that I see is that the mails are sent to an alias address of your mailbox and this alias has no or a different policy assigned. Example: your mailbox: [email protected] [email protected] is an alias address pointing to [email protected]. In this case a policy assigned to the domain.tld and not a policy assigned to [email protected] will get applied. If domain.tld has no policy then the defaults from amavisd.conf get applied.
The email I get the fake spam to is an email forward indeed, but the policy for @domain.tld is set to Normal (as well as mine).
You can try to turn on logging in amavisd.conf (or 50-user file if you use debain and ubuntu) to see what is going on in detail. Set log level e.g. to 5.
I configured the loglevel to debug and waited patiently for a fake spam. Finally I got one (this one is addressed to me specifically not to an alias). This is what the header looks like: http://pastebin.com/28xSdKQn And this is the log: http://pastebin.com/1uY86bw0 Im not sure why a single mail has three different id's but here in all cases I see Passed SPAMMY in the logs which makes things more interesting...
Thats strange indeed, the email got 7.925 if the debug output matches the email, so marking it in the header is correct. Code: Aug 27 22:25:53 web amavis[3178]: (03178-06) header: X-Virus-Scanned: Debian amavisd-new at domain.tld\n Aug 27 22:25:53 web amavis[3178]: (03178-06) header: X-Spam-Flag: YES\n Aug 27 22:25:53 web amavis[3178]: (03178-06) header: X-Spam-Score: 7.925\n Aug 27 22:25:53 web amavis[3178]: (03178-06) header: X-Spam-Level: *******\n Aug 27 22:25:53 web amavis[3178]: (03178-06) header: X-Spam-Status: Yes, score=7.925 tagged_above=1 required=4.5\n\ttests=[HTML_MESSAGE=0.001, MISSING_MID=0.14,\n\tRCVD_IN_BL_SPAMCOP_NET=1.246, RCVD_IN_BRBL_LASTEXT=1.644,\n\tRCVD_IN_PSBL=2.7, RDNS_NONE=1.274, SPF_FAIL=0.919,\n\tUNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no\n So marking it in the subject is correct but the spam score headers dont match the ones that amavis assigned, so the headers must have been altered afterwards. Do you use the exact perfect servers setup or did you alter the postfix config somehow? My guess is that there must run a second spamassassin instance after the amavis check which alters spam tag header.
You may be right. I made some modifications in postfix but its unclear to me what went wrong. Pasting you the relevant information that could be related. I really appreciate the help: http://pastebin.com/VmXKz5k9
The problem is this from master.cf: dovecot-spamassassin unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -f -e /usr/lib/dovecot/deliver -f ${sender} -d ${recipient} you run spamassassin a second time after amavis has scanned and tagged the email and this causes wrong results. Change the transport back to the original one from ispconfig and restart postfix.
Amavis loads the SpamAssassin libraries internally and uses them to scan for spam, so amavis does not have to call SpamAssassin. You can disable spamd on your server as it is not needed.