1 Topic by eddie (edited by eddie 2022-03-27 18:58:26)

  • eddie
  • Member
  • Offline
  • Registered: 2021-12-14
  • Posts: 20

Topic: Spam Tests not Running? (amavis & SA are logging..)

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 2021091301 (Backend: mysql, Date: 2021-12-12 23:16:00) iRedMail Easy: https://www.iredmail.org/easy.html
- Deployed with iRedMail Easy or the downloadable installer?  Easy
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):   MySQL
- Web server (Apache or Nginx):   nginx
- Manage mail accounts with iRedAdmin-Pro?  no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


I read docs = https://docs.iredmail.org/no.x-spam.headers.html

It says the amavis logging should include `tests=blah` of the tests run, but my log does not indidcatre any tests.

```
Mar 27 03:13:56 mail postfix/qmgr[1661]: 4KR1BX33GYz1xZR: from=<melvm@send-your-emails.com>, size=1743, nrcpt=1 (queue active)
Mar 27 03:13:56 mail amavis[466305]: (466305-13) Passed CLEAN {RelayedInbound}, [47.244.185.173]:42146 [193.148.61.138] ESMTP/ESMTP <melvm@send-your-emails.com> -> <eddie@adkadv.com>, (ESMTPS://[47.244.185.173]:42146 < ESMTP://193.148.61.138), Queue-ID: 4KR1BX1LtFz1wCq, mail_id: hXWXGgdD8AmR, b: Ea0zlhygQ, Hits: -, size: 1251, queued_as: 4KR1BX33GYz1xZR, Subject: "Email lists 100% VALID - Any country in the world", From: <melvm@send-your-emails.com>, helo=mail.send-your-emails.com, 39 ms

```

Does this mean it passed because it wasn't tested?  It was the spammiest kind of spam.

expecting somethign like...: `Tests: [ALL_TRUSTED=-1,INVALID_DATE=0.432,
MISSING_MID=0.14], autolearn=no autolearn_force=no, autolearnscore=0.572,
dkim_new=dkim:a.cn, 19162 ms`




I have log format on (default on easy)

# Use default verbose log template.
$log_templ = $log_verbose_templ;


ANd set the

$sa_tag_level_deflt  = -999;

to see on next round if headers get added (they were not previously)






==========


Return-Path: <efeuotjduuj@metagenics.com.au>
Delivered-To: ME
Received: from MYSERVER (MYSERVER [127.0.0.1])
    by MYSERVER (Postfix) with ESMTP id 4KN6t73vkdz21cq
    for <ME>; Tue, 22 Mar 2022 10:19:43 +0000 (UTC)
Received: from MYSERVER ([127.0.0.1])
    by MYSERVER (MYSERVER [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 7CSySfwoXT37 for <ME>;
    Tue, 22 Mar 2022 10:19:42 +0000 (UTC)
Received: from M-Hybrid.Metagenics.com.au (unknown [119.225.99.214])
    by MYSERVER (Postfix) with ESMTPS id 4KN6t64SKzz1wNS
    for <hello@adirondackmototours.com>; Tue, 22 Mar 2022 10:19:42 +0000 (UTC)
Received: from M-Hybrid.Metagenics.com.au (10.30.1.25) by
M-Hybrid.Metagenics.com.au (10.30.1.25) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2044.4; Tue, 22 Mar 2022 20:19:31 +1000
Received: from mail.metagenics.com.au (193.148.61.138) by
M-Hybrid.Metagenics.com.au (10.30.1.25) with Microsoft SMTP Server id
15.1.2044.4 via Frontend Transport; Tue, 22 Mar 2022 20:19:30 +1000
From: SUPER LIST <efeuotjduuj@metagenics.com.au>
Subject: Email lists 100% VALID - Any country in the world
To: <fambakery.usa@gmail.com>
Reply-To: <contactardados@gmail.com>
Date: Tue, 22 Mar 2022 03:19:32 -0700
Message-ID: <f10ed932-f0e7-4b0b-a175-6617a783b891@M-Hybrid.Metagenics.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Get the best email lists for your email marketing.

100% VALID email lists of any country in the world.

Talk to us in WhatsApp:
+55 22 99788 1694

Or Skype:
corbettsoftware

-------------------------------------------
Email lists from any country in the world:

Each 500.000 emails = US$ 150
Each 1 million emails = US$ 250

Segmented email lists from any country:

Each 10.000 emails = US$ 200
Each 50.000 emails = US$ 250
--------------------------------------------


We are waiting for you.

Best regards,

SUPER LIST
The best email lists since 1998

WhatsApp:
+55 22 99788 1694

Skype:
corbettsoftware

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by eddie

  • eddie
  • Member
  • Offline
  • Registered: 2021-12-14
  • Posts: 20

Re: Spam Tests not Running? (amavis & SA are logging..)

Looks like spam is disabled in easy's provided config?!


@bypass_virus_checks_maps = 1;
@bypass_spam_checks_maps = 1;


I've commented them out in /etc/amavis/conf.d/50-user. but next upgrade will overwrite, so I need to add to custom i guess too, but explicitily set to 0?


====

# file: /opt/iredmail/custom/amavisd/amavisd.conf:
#
#  DO NOT BYPASS checks..  default iredmail sets these to 1, meaning disabled. 
# we set to 0, meaning enabled..

@bypass_virus_checks_maps = 0;
@bypass_spam_checks_maps = 0;

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Spam Tests not Running? (amavis & SA are logging..)

eddie wrote:

- iRedMail version (check /etc/iredmail-release): 2021091301 (Backend: mysql, Date: 2021-12-12 23:16:00) iRedMail Easy: https://www.iredmail.org/easy.html

- 2021091301 is very old, why don't you upgrade?
- The log says "Hits: -", which means spam scanning was not performed due to some reason (for example, whitelisting, or no spam scanning enabled at all).
- Please login to iRedMail Easy platform (https://easy.iredmail.org/) and double check whether you have spam/virus scanning enabled.

4 Reply by eddie

  • eddie
  • Member
  • Offline
  • Registered: 2021-12-14
  • Posts: 20

Re: Spam Tests not Running? (amavis & SA are logging..)

ZhangHuangbin wrote:
eddie wrote:

- iRedMail version (check /etc/iredmail-release): 2021091301 (Backend: mysql, Date: 2021-12-12 23:16:00) iRedMail Easy: https://www.iredmail.org/easy.html

- 2021091301 is very old, why don't you upgrade?
- The log says "Hits: -", which means spam scanning was not performed due to some reason (for example, whitelisting, or no spam scanning enabled at all).
- Please login to iRedMail Easy platform (https://easy.iredmail.org/) and double check whether you have spam/virus scanning enabled.


Making the changes I mentioned to custom worked. 

====

Mar 30 02:35:17 mail amavis[567948]: (567948-18) Blocked SPAM {DiscardedInbound,Quarantined}, [165.232.156.229]:49362 [104.238.248.109] ESMTP/ESMTP <dgkkhex@mindsanctuary.net> -> <ME>, (ESMTPS://[165.232.156.229]:49362 < ESMTP://104.238.248.109), quarantine: GQ-D-tEwnJbX, Queue-ID: 4KSrBX5Qy5z1wMg, mail_id: GQ-D-tEwnJbX, b: Ea0zlhygQ, Hits: 8.41, size: 1262, Subject: "Email lists 100% VALID - Any country in the world", From: <dgkkhex@mindsanctuary.net>, helo=mail.mindsanctuary.net, Tests: [BIGNUM_EMAILS_FREEM=1.482,BIGNUM_EMAILS_MANY=2.999,FREEMAIL_FORGED_REPLYTO=2.503,MISSING_MID=0.14,NA_DOLLARS=0.001,RCVD_IN_DNSWL_HI=-5,RCVD_IN_PSBL=5,RCVD_IN_VALIDITY_RPBL=1.284,SPF_HELO_NONE=0.001,T_SCC_BODY_TEXT_LINE=-0.01,T_SPF_PERMERROR=0.01], autolearn=no autolearn_force=no, autolearnscore=8.41, 699 ms

====

I installed with easy initially but can't afford the ongoing monthly fees for my personal email, so I had to cancel my subscription which prevents me from accessing site or updating outside manual process right?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Spam Tests not Running? (amavis & SA are logging..)

eddie wrote:

I installed with easy initially but can't afford the ongoing monthly fees for my personal email, so I had to cancel my subscription which prevents me from accessing site or updating outside manual process right?

You don't need to subscribe for every month, just subscribe again when you need to update.