SPAM filter working ?

Discussion in 'General' started by muekno, May 2, 2016.

  1. muekno

    muekno Member HowtoForge Supporter

    I am not quite shure if the SPAM filter s working. I set policy to normal but it seams I have too much SPAM. Virusfilter is working, could test with ICAR. Is the a log or any other thing I can see how SPAM filter works, eventuelly to tune it. As I understand I should not manually change SPAMassasin etc.

    Thanks for help

  2. lano

    lano Member

  3. sjau

    sjau Local Meanie Moderator

    yeah, add a few rbls, that cuts down spam considerably.

    Are you the only one using the server?
  4. muekno

    muekno Member HowtoForge Supporter

    I have RDNS for the mail server and some RBLS too
    OK solution, to see what spamassassin is doing, was to add an email address under email/spamfilter/policy/qurantine/forward...
    There are round about 2 to 3 thousends of spam catched a day. Adjusting the Tag-level a litte bit was fine too.

    To stop the notifications I removed the email address, but I still got the notifications. How to stop them????
    Is there a bug in ISPConfig, that it does not remove the email address in spamassasin?
    Thanks for help

  5. muekno

    muekno Member HowtoForge Supporter

    Can anyone tell me who to get rid of the SPAM notifivation.

  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Would you have set that same quarantine address as Email > Spamfilter > Policy > Other > SPAM admin, by chance?

    Restart amavisd if you have not (though I don't know if that should be needed, I wouldn't guess so, but worth a quick try if nothing else).
    muekno likes this.
  7. muekno

    muekno Member HowtoForge Supporter

    Thank you seams to work

  8. xrstokes

    xrstokes Member

    Can someone please help me. I've set the spam admin email address, but spam is not getting sent to the email address I put in there. everything else about my setup seems to work perfectly except for this feature. The mailbox can send and receive fine. but when I use GTUBE test spam. it is just tagged as ***SPAM*** but no copy or message is sent to spam admin.

    Attached Files:

  9. xrstokes

    xrstokes Member

    Here is some more info. in the ispconfig database it says the correct address next to "spam_quarantine_to"
    here is the relevant mail log.
    Mar  6 21:33:22 ispc postfix/smtpd[8422]: connect from[]
    Mar  6 21:33:23 ispc postfix/smtpd[8422]: NOQUEUE: filter: RCPT from[]: <[email protected]>: Sender address triggers FILTER amavis:[]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<>
    Mar  6 21:33:23 ispc postfix/smtpd[8422]: NOQUEUE: filter: RCPT from[]: <[email protected]>: Sender address triggers FILTER amavis:[]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<>
    Mar  6 21:33:23 ispc postfix/smtpd[8422]: 75BBA1832FD:[]
    Mar  6 21:33:23 ispc postfix/cleanup[8430]: 75BBA1832FD: message-id=<>
    Mar  6 21:33:23 ispc postfix/qmgr[1181]: 75BBA1832FD: from=<[email protected]>, size=3517, nrcpt=1 (queue active)
    Mar  6 21:33:23 ispc postfix/smtpd[8422]: disconnect from[]
    Mar  6 21:33:24 ispc amavis[8398]: (08398-01) Blocked SPAM {DiscardedInbound}, []:34847 [] <[email protected]> -> <[email protected]>, Queue-ID: 75BBA1832FD, Message-ID: <>, mail_id: vsfQwenIfcZ8, Hits: 999.882, size: 3517,, 561 ms
    Mar  6 21:33:24 ispc postfix/smtp[8431]: 75BBA1832FD: to=<[email protected]>, relay=[]:10024, delay=0.98, delays=0.38/0.03/0.01/0.55, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08398-01 - spam)
    Mar  6 21:33:24 ispc postfix/qmgr[1181]: 75BBA1832FD: removed
  10. xrstokes

    xrstokes Member

    fixed it...
    Added these three lines into 50-user, I did a lot of things else it might have been. but i'm pretty sure it was this.
    $banned_files_quarantine_method = 'smtp:localhost:10025';
    $spam_quarantine_method = 'smtp:localhost:10025';
    $bad_header_quarantine_method = 'smtp:localhost:10025';
  11. concept21

    concept21 Active Member

    Install ConfigServer Security & Firewall and a subset of their spam black lists.
    Then, install this header check file.
    Plus my smart tips. All spam will become past tense. Of course, you also have to install the ISPConfig spamassasin as well. :)

    The focus is on the message's header check. Many mail exchange gateways have built-in spam stamps. They will leave them on the message. We just pick up all those stamps are blocked them. Better use command HOLD instead of REJECT. :D
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPconfig uses amavisd-new for mail scanning which internally uses spamassassin to classify spam emails.

Share This Page