Topic: Spam filtering not working
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5
- Linux/BSD distribution name and version: CentOS Linux release 7.0.1406 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (mariadb)
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? yes - 2.4.4
====
Hi there
We just migrated to a new server and it seems that the spam filtering is simply not working.
Amavis is configured correctly and we have the same configuration as in the old server, but the amount of spam we get is really high.
Spam and virus do not seem to be going to quarantine. Please check the attached image
If I check the logs, all emails have a low score, and clear spam messages are passing through:
May 23 16:05:10 ns8 amavis[1297]: (01297-04) Passed CLEAN {RelayedInbound}, [79.142.64.180]:41589 [79.142.64.180] <return@newsjornais3.com.br> -> <ers@ersempreendimentos.com.br>, Queue-ID: 3F90CDF8AF, Message-ID: <037eeec75b3cd6e79dc9468bdc011516@newsjornais3.com.br>, mail_id: ygezI_wVzErf, Hits: 1.277, size: 17841, queued_as: 007C5DF7F4, dkim_sd=default:newsjornais3.com.br, 7226 ms, Tests: [DATE_IN_PAST_06_12=1.103,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_MESSAGE=0.001,RP_MATCHES_RCVD=-1.426,SPF_PASS=-0.001,URIBL_BLACK=1.7]
May 23 16:05:11 ns8 amavis[29567]: (29567-14) Passed CLEAN {RelayedInbound}, [209.85.217.172]:35101 [209.85.217.172] <eventos.fcbc@gmail.com> -> <presidencia.fcbc@balneariocamboriu.sc.gov.br>, Queue-ID: A782CDF7F4, Message-ID: <CABqyKVey7ZG28uk6HbKUxKwKqURu_5_ys+f=K6Nd59bwDCXEiA@mail.gmail.com>, mail_id: 6c5Ek7ENN-jp, Hits: -, size: 4300, queued_as: EDFCDDF8B5, dkim_sd=20120113:gmail.com, 145 ms
May 23 16:05:13 ns8 amavis[2017]: (02017-02) Passed CLEAN {RelayedInbound}, [187.61.34.165]:59835 [187.61.34.165] <dma_4486@enviocorpbusiness.com.br> -> <atendimento@queirozmello.com.br>, Queue-ID: A7908DF8AC, Message-ID: <0.1.3B.E29.1D1B5260190C5C2.32D0@f165.e.expvtinboxonline.net>, mail_id: c0QV-hhumlEt, Hits: 2.485, size: 13893, queued_as: 51C4DDF7F4, dkim_sd=k1:dkim.vttrack.com.br, 5637 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_IMAGE_RATIO_02=0.805,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_MSPIKE_H3=-0.01,RCVD_IN_MSPIKE_WL=-0.01,SPF_PASS=-0.001,URIBL_BLACK=1.7]
May 23 16:05:17 ns8 amavis[29279]: (29279-17) Passed CLEAN {RelayedInbound}, [198.52.142.167]:60108 [198.52.142.167] <return@classvida.com.br> -> <atendimento@fortecconstrutora.com.br>, Queue-ID: A9F9EDF8AF, Message-ID: <617660de6350e514807e125f87a18a93@classvida.com.br>, mail_id: GnZl6KfUdqzp, Hits: -1.423, size: 10785, queued_as: 8A625DF911, dkim_sd=my-selector-name:classvida.com.br, 5721 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,RP_MATCHES_RCVD=-1.426]
May 23 16:05:20 ns8 amavis[29916]: (29916-14) Passed CLEAN {RelayedInbound}, [78.41.202.19]:34108 [78.41.202.19] <contato@timebis.com.br> -> <ana@mondoconstrutora.com.br>, Queue-ID: 122A9DF7F4, Message-ID: <1463610666843a52656b417d8519bfddd910b0b3d9_@timebis.com.br>, mail_id: 8zFxVCWaG_XX, Hits: 2.362, size: 2505, queued_as: 124DEDF8FD, dkim_sd=default:timebis.com.br, 5782 ms, Tests: [DATE_IN_PAST_06_12=1.103,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,FROM_EXCESS_BASE64=0.105,RCVD_IN_MSPIKE_H4=-0.01,RCVD_IN_MSPIKE_WL=-0.01,RCVD_IN_PSBL=2.7,RP_MATCHES_RCVD=-1.426,SPF_PASS=-0.001,URIBL_DBL_ABUSE_REDIR=0.001]
May 23 16:05:20 ns8 amavis[1502]: (01502-02) Passed CLEAN {RelayedInbound}, [94.46.251.129]:48353 [94.46.251.129] <bounce+95857-2-5abd3b070c+vendas=vtrade.com.br@72.dtikm4.com> -> <cidi@vtrade.com.br>, Queue-ID: 16AB3DF8AC, Message-ID: <6ef3155b8c668a37da11f10d88e93cf5@smtp129.1-hostingservice.com>, mail_id: MGxVJjMrDwcD, Hits: 0.014, size: 17163, queued_as: 7A8DDDF958, dkim_sd=email:1-hostingservice.com, 5665 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.001,HTML_FONT_LOW_CONTRAST=0.001,HTML_IMAGE_RATIO_08=0.001,HTML_MESSAGE=0.001,T_REMOTE_IMAGE=0.01]
May 23 16:05:21 ns8 amavis[27049]: (27049-19) Passed CLEAN {RelayedInbound}, [94.46.251.129]:48353 [94.46.251.129] <bounce+95857-2-5abd3b070c+vendas=vtrade.com.br@72.dtikm4.com> -> <marcio@vtrade.com.br>, Queue-ID: 16AB3DF8AC, Message-ID: <6ef3155b8c668a37da11f10d88e93cf5@smtp129.1-hostingservice.com>, mail_id: WBwZ9FpR_HzD, Hits: 0.012, size: 17163, queued_as: 15654DF8E3, dkim_sd=email:1-hostingservice.com, 6250 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.001,HTML_FONT_LOW_CONTRAST=0.001,HTML_IMAGE_RATIO_08=0.001,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_MSPIKE_H2=-0.001,SPF_PASS=-0.001,T_REMOTE_IMAGE=0.01]
Anything we should look at?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.