1

Topic: amavisd add X-Spam-Status??

hey fellow iredmail users.

bean using iredmail for some time now great work, but i recive lots of spam from time to time and have tryed allots of methods to prevent this but nothing worked so fare. so i think maby just a rewrite of the headers and subject but NO

i'm not posting the logs and config files at this point just to keep it more simple an readeble so let me now what logs/conf files one need to to help me with this  thanks smile

my problem.
get mail from xxxx@example.com (spam score in logs 5.001) [note before changeing any thing this was spammy not spam]
now to me this is spam (mail containing links and stuff like 'free sex and so on..')

header not rewritten nor is the subject. im no expert on this.
and heres my current changes to /etc/amavis/conf.d/50-user
(started in /etc/amavis/conf.d/20-debian_defaults but no work there added them to /etc/amavis/conf.d/50-user same result)
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = -999.0;
$sa_tag2_level_deflt = 4;
$sa_kill_level_deflt = 4;
$sa_dsn_cutoff_level = 10;

i belive i'm doing something wrong or missing a simple config option.

Any help would be highly appreciated

Regards.


==== Provide basic information to help troubleshoot ====
- iRedMail version: 0.7.3
- Linux/BSD distribution name and version: Debian 6.0.2
- Any related log? Log is helpful for troubleshooting.
======== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: amavisd add X-Spam-Status??

So, you expect Amavisd to rewrite mail headers and subject, right?

Do you have below setting in Amavisd:

$sa_spam_modifies_subj = 1;

Could you please paste whole mail header of this spam email? (REPLACE email address before posting)

3

Re: amavisd add X-Spam-Status??

hello, thanks for your reply
yes i like if possible that, Amavisd to rewrite mail headers and subject
yes i have the following $sa_spam_modifies_subj = 1; in  /etc/amavis/conf.d/50-user

heres an header of a test spam mail with score (1005.001) send from myown test server iv deleted the other spam mails.

Return-Path: <root@gw.local.**********.org>
Delivered-To: CMJNISSEN@MYDOMAIN.dk
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mx1.MYDOMAIN.net (Postfix) with ESMTP id C8CF7B69907D
    for <CMJNISSEN@MYDOMAIN.dk>; Thu, 18 Aug 2011 19:55:42 +0000 (GMT)
X-Virus-Scanned: by amavisd at mx1.MYDOMAIN.net
Received: from mx1.MYDOMAIN.net ([127.0.0.1])
    by localhost (mx1.MYDOMAIN.net [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id DcWJzh31+2k3 for <CMJNISSEN@MYDOMAIN.dk>;
    Thu, 18 Aug 2011 19:55:28 +0000 (GMT)
X-Original-Helo: gw.local.**********.org (iRedMail: http://www.iredmail.org/)
Received: from gw.local.**********.org (4307ds4-abc.0.*******.dk [HIDDEN-IP-MY-Test-SERVER])
    by mx1.MYDOMAIN.net (Postfix) with ESMTP id DE7EEB69907C
    for <CMJNISSEN@MYDOMAIN.dk>; Thu, 18 Aug 2011 19:55:24 +0000 (GMT)
Received: by gw.local.**********.org (Postfix, from userid 0)
    id 688522996; Thu, 18 Aug 2011 21:54:38 +0200 (CEST)
To: <CMJNISSEN@MYDOMAIN.dk>
Subject: Test -- mail (local)
X-Mailer: mail (GNU Mailutils 2.1)
Message-Id: <20110818195438.688522996@gw.local.**********.org>
Date: Thu, 18 Aug 2011 21:54:38 +0200 (CEST)
From: root@gw.local.**********.org (root)

(content of mail is from http://spamassassin.apache.org/gtube/gtube.txt)

4

Re: amavisd add X-Spam-Status??

sorry just a typo from me i'm using iRedMail-0.7.2 and not iRedMail-0.7.3

5

Re: amavisd add X-Spam-Status??

Can you paste below settings in Amavisd:

$policy_bank{'MYNETS'} = {};
$policy_bank{'ORIGINATING'} = {};
$policy_bank{'MYUSERS'} = {};

6 (edited by cmjnissen 2011-08-19 10:07:35)

Re: amavisd add X-Spam-Status??

hey, thanks for you taken the time to help me.

$policy_bank{'MYNETS'} = { }

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1,  # enables disclaimer insertion if available
};

$policy_bank{'ORIGINATING'} = {}

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@MYDOMAIN.net"],
  warnbadhsender   => 0,
  warnvirussender  => 1,
  warnspamsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  #forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

$policy_bank{'MYUSERS'} = {}

$policy_bank{'MYUSERS'} = {
    # declare that mail was submitted by our smtp client
    originating => 1,
    # enables disclaimer insertion if available
    allow_disclaimers => 1,
    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],
    warnbadhsender   => 0,
    warnvirussender  => 1,
    warnspamsender   => 1,
    # forward to a smtpd service providing DKIM signing service
    #forward_method => 'smtp:[127.0.0.1]:10027',
    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],
    # allow sending any file names and types
    bypass_banned_checks_maps => [1],
    # don't remove NOTIFY=SUCCESS option
    terminate_dsn_on_notify_success => 0,
    # don't perform spam/header/virus check.
    #bypass_spam_checks_maps => [1],
    #bypass_header_checks_maps => [1],
    #bypass_virus_checks_maps => [1],
};

7 (edited by cmjnissen 2011-08-20 03:56:22)

Re: amavisd add X-Spam-Status??

i have enabled debug ad for what i can se the headers are created but not saved in the recived mail?

Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Spam-Flag: YES\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Spam-Score: 1001.285\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Spam-Level: ****************************************************************\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Spam-Status: Yes, score=1001.285 tag=-999 tag2=4 kill=4 tests=[GTUBE=1000,\n\tHTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_RP_RNBL=1.284]\n\tautolearn=no\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Quarantine-ID: <XqmxEWAPI4ZM>\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Envelope-To-Blocked: \n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Envelope-To: <CMJNISSEN@MYDOMAIN.dk>\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: X-Envelope-From: <t***n-mun**@e***il.dk>\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) header: Received: from mx1.MYDOMAIN.net ([127.0.0.1])\n\tby localhost (mx1.MYDOMAIN.net [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id XqmxEWAPI4ZM for <CMJNISSEN@MYDOMAIN.dk>;\n\tFri, 19 Aug 2011 19:44:26 +0000 (GMT)\n
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) DO_QUARANTINE, local:spam-%m.gz, <> -> spam-quarantine
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) dkim: not signing mail which is not originating from inside
Aug 19 19:44:28 mx1 amavis[1618]: (01618-06) local delivery: <> -> spam-quarantine, mbx=/var/lib/amavis/virusmails/X/spam-XqmxEWAPI4ZM.gz
Aug 19 19:44:29 mx1 amavis[1618]: (01618-06) header: Delivered-To: spam-quarantine\n
Aug 19 19:44:29 mx1 amavis[1618]: (01618-06) header: Return-Path: <>\n

but i also see a line with write header == 0

Aug 19 19:44:29 mx1 amavis[1618]: (01618-06) write_header: 0, Amavis::IO::Zlib=HASH(0x2135cf40)

??

8

Re: amavisd add X-Spam-Status??

Could you please paste all log related to this email in Amavisd log?

9 (edited by cmjnissen 2011-08-21 23:27:41)

Re: amavisd add X-Spam-Status??

the size of the log made me put the filtered log on my web server at

http://cmjscriptor.com/7654ejy6847/amalog.txt (not activ any more)

by filtered  i mean all mail addresses, are somewhat masked

heres the headers of the mail..

Return-Path: <t***n-mun**@e***il.dk>
Delivered-To: CMJNISSEN@MYDOMAIN.dk
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mx1.MYDOMAIN.net (Postfix) with ESMTP id 17EE4B6990AE
    for <CMJNISSEN@MYDOMAIN.dk>; Fri, 19 Aug 2011 19:44:29 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at mx1.MYDOMAIN.net
Received: from mx1.MYDOMAIN.net ([127.0.0.1])
    by localhost (mx1.MYDOMAIN.net [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id XqmxEWAPI4ZM for <CMJNISSEN@MYDOMAIN.dk>;
    Fri, 19 Aug 2011 19:44:26 +0000 (GMT)
X-Original-Helo: smtp2.cybercity.dk (iRedMail: http://www.iredmail.org/)
Received: from smtp2.cybercity.dk (smtp2.cybercity.dk [212.242.43.252])
    by mx1.MYDOMAIN.net (Postfix) with ESMTP id C7370B6990AD
    for <CMJNISSEN@MYDOMAIN.dk>; Fri, 19 Aug 2011 19:44:25 +0000 (GMT)
Received: from uf7.cybercity.dk (uf7.cybercity.dk [212.242.42.164])
    by smtp2.cybercity.dk (Postfix) with ESMTP id D8EFF313C34
    for <CMJNISSEN@MYDOMAIN.dk>; Fri, 19 Aug 2011 21:44:24 +0200 (CEST)
Received: from Ma****gnPc (0x*4f*a**7.adsl.cybercity.dk [212.242.***.***])
    by uf7.cybercity.dk (Postfix) with ESMTP id C6518B85D98
    for <CMJNISSEN@MYDOMAIN.dk>; Fri, 19 Aug 2011 21:44:24 +0200 (CEST)
From: "T***en Mu**h Je***n" <t***n-mun**@e***il.dk>
To: <CMJNISSEN@MYDOMAIN.dk>
Subject: 
Date: Fri, 19 Aug 2011 21:44:26 +0200
Message-ID: <023201cc5ea8$6701a720$3504f560$@e***il.dk>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0233_01CC5EB9.2A8B3A70"
X-Mailer: Microsoft Outlook 14.0
thread-index: AcxeqGbxwXjf+2eJTcaDg1YZzhGxKw==
Content-Language: da

10

Re: amavisd add X-Spam-Status??

hello,

maby this is just a temporary fix but changed

@local_domains_maps = ['mx1.MYDOMAIN.net', 'MYDOMAIN.net'];

to

@local_domains_maps = ['.'];

the adds the headers to all inbound mails. a lookup in the db for local domans, would do the trick for me but at this point to advanced for me
will try get that to work but for now this is fine.

will buy iRedAdmin-pro when the savings allow me to (student selleri not that huge)

anyway thanks for your help it's appreciated

anywho can't say this enugh GREAT WORK with the iRedmail solution smile

11

Re: amavisd add X-Spam-Status??

hallo again
hope this will/can help some one.

found my way to lookup local domains from mysql server in database vmail so fare it seams to work.
changed the linie

@local_domains_maps = ['.'];
back to.
@local_domains_maps = ['mx1.MYDOMAIN.net', 'MYDOMAIN.net'];

and added the following to the end of file before the ending '1'

@lookup_sql_dsn =  (
    ['DBI:mysql:database=vmail;host=127.0.0.1;port=3306', 'vmail', '***vmail_user_passwd***'],
);
$sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)';

i found this at. http://www.howtoforge.com/forums/showthread.php?t=14221

and i get my headers.

X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=4
    tests=[RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham

noted that #@lookup_sql_dsn = @storage_sql_dsn;
is there but comment out guess that is for the amavisd database only??
but the other way it lookups the virtual domains in the vmail db.

Happy mailing.

12

Re: amavisd add X-Spam-Status??

Finally, someone brings the answer to my question about one month ago.

Thanks to cmjnissen.

miles

cmjnissen wrote:

hallo again
hope this will/can help some one.

found my way to lookup local domains from mysql server in database vmail so fare it seams to work.
changed the linie

@local_domains_maps = ['.'];
back to.
@local_domains_maps = ['mx1.MYDOMAIN.net', 'MYDOMAIN.net'];

and added the following to the end of file before the ending '1'

@lookup_sql_dsn =  (
    ['DBI:mysql:database=vmail;host=127.0.0.1;port=3306', 'vmail', '***vmail_user_passwd***'],
);
$sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)';

i found this at. http://www.howtoforge.com/forums/showthread.php?t=14221

and i get my headers.

X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=4
    tests=[RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham

noted that #@lookup_sql_dsn = @storage_sql_dsn;
is there but comment out guess that is for the amavisd database only??
but the other way it lookups the virtual domains in the vmail db.

Happy mailing.

13

Re: amavisd add X-Spam-Status??

no prob.
was looking the forum (no search) before posting this thread, hade i fund your post i guess i never had posted this..

happy this help some one smile

14

Re: amavisd add X-Spam-Status??

cmjnissen wrote:

no prob.
was looking the forum (no search) before posting this thread, hade i fund your post i guess i never had posted this..

happy this help some one smile

==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

ZhangHuangbin, please put that into the new version of iRedMail.
Thanks all.

smiles

15

Re: amavisd add X-Spam-Status??

Just a vote for the usefulness of this.  I too needed to have the spam scores added to the headers as I need to monitor what the scores are on both legit and spam mail for a week or so in order to be able to adjust the SpamAssassin scoring (my users are all business users, so I set the spam scoring to be much less permissive than a typical ISP).  Thanks for the information.

16

Re: amavisd add X-Spam-Status??

Added this sql lookup setting for Amavisd in iRedMail trunk (will be available in iRedMail-0.7.4), but disabled by default.

Also, if you're running Amavisd-new-2.7.0 or later versions, this SQL command will be better:

$sql_select_policy = 'SELECT domain FROM domain WHERE domain=%d';

Placeholder '%d' is available in Amavisd-new-2.7.0. MySQL IN() is a performance killer.