2

I have a Debian 10 server with posfix, amavis and spamassassin.

Another server managed by me sends every day a mail containing no content and only a gif as attachment. I have whitelisted the from address in the local.cf of spamassassin.

The header of the received mail contains the following:

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ~~~.~~~.net
X-Spam-Level: 
X-Spam-Status: No, score=-93.2 required=5.0 tests=ALL_TRUSTED,BAYES_50,
    DC_GIF_UNO_LARGO,DC_IMAGE_SPAM_TEXT,MISSING_HEADERS,PYZOR_CHECK,
    SB_GIF_AND_NO_URIS,TVD_SPACE_RATIO,USER_IN_WHITELIST autolearn=no
    autolearn_force=no version=3.4.2

which say that the mail is not considered spam because the from address is in the whitelist.

The problem is that the subject field contains [SPAM] which is the spam marker. This spam marker is defined in my spamassassin local.cf and in amavis. I don’t know yet which one of the two is adding this spam marker.

According to the amavis configuration, it should not put the spam tag because I have this in the configuration

$sa_tag2_level_deflt = 5.0; #add spam tag to subject for score greater than this value
$sa_spam_subject_tag = '[SPAM]';

As we can see, the score is lower. amavis should not add this spam tag.

So how can I get a spam tag in the subject line ?

I’m sure the problem is in my mail server because when I send that message to another address I don’t get the spam tag.

Another strange thing is that when I send the exact same mail from my desktop with the same from address, it doesn’t get the spam tag.

EDIT: I have two other mails with inconsistent behavior of amavis.

With one mail I have this: 

Received: from localhost by xxx.xxx.net
    with SpamAssassin (version 3.4.2);
    Wed, 11 Nov 2020 17:08:01 +0100
From: huixin0010 <huixin0010@126.com>
Subject: [*SPAM*] [~SPAM~]Re: Leather bags manufacturer with 14 years experience
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on xxx.xxx.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.3 required=5.0 tests=BAYES_50,DEAR_SOMETHING,
    FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
    HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,PYZOR_CHECK,
    RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE,T_SPF_HELO_PERMERROR
    autolearn=no autolearn_force=no version=3.4.2

where [*SPAM*] is the spam tag added by spamassassin and [~SPAM~] the spam tag added by amavis.

The rule is set for amavis to add a spam tag when the score is above 5.

What is unexpected is this other mail below where amavis did not add the spam tag in the subject even though the score is above 5.

Received: from localhost by xxx.xxx.net
    with SpamAssassin (version 3.4.2);
    Wed, 11 Nov 2020 18:08:24 +0100
From: liyulan029 <liyulan029@126.com>
To: xxx <xxx@xxx.net>
Subject: [*SPAM*] Re: new design eyeglasses frame and sunglasses
Date: Thu, 12 Nov 2020 01:10:33 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on xxx.xxx.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.2 required=5.0 tests=BAYES_50,DEAR_SOMETHING,
    FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
    HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RCVD_IN_RP_RNBL,
    RDNS_NONE autolearn=no autolearn_force=no version=3.4.2

Nothing was changed on the server between these two mails.

chmike
  • 429
  • 2
  • 5
  • 18

1 Answers1

0

There were two main problems.

The first one is that I tried to be smart and configured amavis with two different sets of rules. One for mails of external origin, and another one for mails of internal origin (those submitted to port 587 or 465). This made the configuration of postfix and amavis more complex. It could have a mistake.

The second one is that final_virus_destiny and final_spam_destiny were configured with D_PASS. They are now configured with D_DISCARD. It may be that in D_PASS mode, amavis has a problem. I’m not sure. Now, with D_DISCARD, mails are quarantined and a report is sent to postmaster.

Here is the amavis configuration stored in /etc/amavis/conf.d/99-local.

use strict;

# Place your configuration directives here.  They will override those in
# earlier files.


# -- General configuration options

$myhostname = 'smtp.xxx.xxx';
@local_domains_acl = (".xxx.xxx",".yyy.yyy");
@mynetworks = qw(127.0.0.0/8 ::1/128);
$X_HEADER_LINE = "by Amavis at $mydomain";          # Customize header line (don’t show version)
#$log_level = 5; 

# -- Parameters for anti-virus
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
$final_virus_destiny = D_DISCARD;                   # Quarantine virus mails for science
$virus_admin = "postmaster\@$mydomain";             # Where to send virus notification (the default)


# -- Parameters for anti-spam
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
$final_spam_destiny = D_DISCARD;                    # Quarantine spam mails for recovery if no spam
$spam_admin = "postmaster\@$mydomain";              # Where to send spam notification
$sa_tag_level_deflt = -999;                         # Add X-Spam headers when score is above that level
$sa_tag2_level_deflt = 5.0;                         # Add spam subject tag when score above that level
$sa_spam_subject_tag = '[SPAM] ';                   # Spam subject tag 
$sa_kill_level_deflt = 5.0;                         # DISCARD mail when score is above that level


# -- Parameters for banned mails
$final_banned_destiny = D_DISCARD;                  # Quarantine banned mails for debugging
$banned_admin = "postmaster\@$mydomain";            # Where to send notification

# -- Parameters for bad header mails
$final_bad_header_destiny = D_DISCARD;              # Quarantine bad header mails for debugging
$bad_header_admin = "postmaster\@$mydomain";         # Where to send notification

... <skip dkim configuration> ...

1;  # ensure a defined return
chmike
  • 429
  • 2
  • 5
  • 18