1 Topic by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Topic: Spam checking

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm trying to figure out the proper settings for marking and deleting spam messages.
I would like to have anything over 6 (could be any number) marked with [SPAM] in the subject, and anything over 12 discarded. I don't see anywhere in the admin panel to set these two parameters, as well having the ability for users to have their own custom settings of these numbers.

Where would I configure these settings?
Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

Currently iRedAdmin-Pro doesn't support this, but you can try to update SQL table "amavisd.policy" for this purpose.

- spam_tag2_level/spam_tag3_level are declaring spam and marking subject.
- spam_kill_level is rejecting/discarding/quarantining.

3 Reply by jstewart (edited by jstewart 2018-11-28 19:53:00)

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

ZhangHuangbin wrote:

Currently iRedAdmin-Pro doesn't support this, but you can try to update SQL table "amavisd.policy" for this purpose.

- spam_tag2_level/spam_tag3_level are declaring spam and marking subject.
- spam_kill_level is rejecting/discarding/quarantining.

Thanks.
So when a user changes the Spam level in their personal settings, or if I change any global spam settings the kill level gets reset back to the spam_tag levels? Any chance the kill level can be set inside the interface. A lot of false positives will get discarded this way.

Also, how does the system treat outgoing mail as far as spam checking? By that I mean can I use the kill level for outgoing rather than the tag level. I am using https://docs.iredmail.org/disable.spam. … ails.html. Again, a lot of outbound false positives have blocked users outbound mail so I had to whitelist the entire domain, but I see that as a potential problem if a user gets their password hacked, or gets a virus.

Thanks.
Jeff

4 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

I also notice that maillog used to show:
Nov  4 03:19:51 mail amavis[21984]: (21984-17) Passed CLEAN {RelayedInbound}, [x.x.x.x]:46220 [x.x.x.x] <5ee23e86-27d0-11e2-8348-00259069d5fe@bounce.r.groupon.com> -> <user@domain.com>, Queue-ID: D12FC2271587, Message-ID: <1944844594.39484241.1541319586545.JavaMail.rocketman@push-dispatcher55.sac1>, mail_id: hUze8WURAtZd, Hits: -1.062, size: 152697, queued_as: 109C439A47C2, dkim_sd=s2048d20180404:r.groupon.com, 1233 ms, Tests: [BAYES_00=-1.9,DKIMWL_WL_HIGH=-0.451,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_DNSWL_NONE=-0.0001,SPF_HELO_PASS=-0.001,SPF_SOFTFAIL=0.665]

I have been making some changes to try and bring spam down to a dull roar, and that is no longer in the maillog. What setting might I have changed that would remove that line?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

jstewart wrote:

So when a user changes the Spam level in their personal settings, or if I change any global spam settings the kill level gets reset back to the spam_tag levels? Any chance the kill level can be set inside the interface. A lot of false positives will get discarded this way.

This feature has been implemented in upcoming iRedAdmin-Pro release.

6 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

Any thoughts on this one:


I also notice that maillog used to show:
Nov  4 03:19:51 mail amavis[21984]: (21984-17) Passed CLEAN {RelayedInbound}, [x.x.x.x]:46220 [x.x.x.x] <5ee23e86-27d0-11e2-8348-00259069d5fe@bounce.r.groupon.com> -> <user@domain.com>, Queue-ID: D12FC2271587, Message-ID: <1944844594.39484241.1541319586545.JavaMail.rocketman@push-dispatcher55.sac1>, mail_id: hUze8WURAtZd, Hits: -1.062, size: 152697, queued_as: 109C439A47C2, dkim_sd=s2048d20180404:r.groupon.com, 1233 ms, Tests: [BAYES_00=-1.9,DKIMWL_WL_HIGH=-0.451,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_DNSWL_NONE=-0.0001,SPF_HELO_PASS=-0.001,SPF_SOFTFAIL=0.665]

I have been making some changes to try and bring spam down to a dull roar, and that is no longer in the maillog. What setting might I have changed that would remove that line?

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

jstewart wrote:

What setting might I have changed that would remove that line?

Excuse me, remove which line?

8 Reply by jstewart (edited by jstewart 2018-12-02 22:07:30)

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

Nov  4 03:19:51 mail amavis[21984]: (21984-17) Passed CLEAN {RelayedInbound}, [x.x.x.x]:46220 [x.x.x.x] <5ee23e86-27d0-11e2-8348-00259069d5fe@bounce.r.groupon.com> -> <user@domain.com>, Queue-ID: D12FC2271587, Message-ID: <1944844594.39484241.1541319586545.JavaMail.rocketman@push-dispatcher55.sac1>, mail_id: hUze8WURAtZd, Hits: -1.062, size: 152697, queued_as: 109C439A47C2, dkim_sd=s2048d20180404:r.groupon.com, 1233 ms, Tests: [BAYES_00=-1.9,DKIMWL_WL_HIGH=-0.451,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_DNSWL_NONE=-0.0001,SPF_HELO_PASS=-0.001,SPF_SOFTFAIL=0.665]

This information doesn't show in the maillog any more. I don't know what I might have done to disable it.

All that shows now is:
Nov 29 10:41:09 mail postfix/amavis/smtp[6206]: EF51942D1AA4: to=<user@domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.26, delays=0.06/0/0/0.19, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03448-19 - INFECTED: )
Nov 29 10:44:25 mail postfix/amavis/smtp[11193]: E75B332E113E: to=<user@domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.2/0/0/1.9, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08562-11 - spam)

9 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

jstewart wrote:

Nov  4 03:19:51 mail amavis[21984]: (21984-17) Passed CLEAN {RelayedInbound}, [x.x.x.x]:46220 [x.x.x.x] <5ee23e86-27d0-11e2-8348-00259069d5fe@bounce.r.groupon.com> -> <user@domain.com>, Queue-ID: D12FC2271587, Message-ID: <1944844594.39484241.1541319586545.JavaMail.rocketman@push-dispatcher55.sac1>, mail_id: hUze8WURAtZd, Hits: -1.062, size: 152697, queued_as: 109C439A47C2, dkim_sd=s2048d20180404:r.groupon.com, 1233 ms, Tests: [BAYES_00=-1.9,DKIMWL_WL_HIGH=-0.451,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_DNSWL_NONE=-0.0001,SPF_HELO_PASS=-0.001,SPF_SOFTFAIL=0.665]

This information doesn't show in the maillog any more. I don't know what I might have done to disable it.

All that shows now is:
Nov 29 10:41:09 mail postfix/amavis/smtp[6206]: EF51942D1AA4: to=<user@domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.26, delays=0.06/0/0/0.19, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03448-19 - INFECTED: )
Nov 29 10:44:25 mail postfix/amavis/smtp[11193]: E75B332E113E: to=<user@domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.2/0/0/1.9, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08562-11 - spam)


Any thoughts on this? The $log_templ appears to be still properly defined in amavisd.conf.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

I don't see any error.

The message "INFECTED" means email contains virus, and "spam" means email is considered as spam.
"discarded" means email was discarded or quarantined into SQL db (or file system, depends on your setting).

11 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

ZhangHuangbin wrote:

I don't see any error.

The message "INFECTED" means email contains virus, and "spam" means email is considered as spam.
"discarded" means email was discarded or quarantined into SQL db (or file system, depends on your setting).

Yes, I understand all that - As I said, up until last week the line in maillog defined in amavisd.conf - $log_temp - was showing as in the example in my posts, and now that is not being shown in maillog. The Spam tags and scores no longer show in the log.

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

It think Amavisd still logs detailed log as you wish, but your "grep" got wrong log lines. I suggest double check, for example, run command "less /var/log/maillog", then search "amavis".

13 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

ZhangHuangbin wrote:

It think Amavisd still logs detailed log as you wish, but your "grep" got wrong log lines. I suggest double check, for example, run command "less /var/log/maillog", then search "amavis".

I can guarantee those log entries are not happening. I have tried setting the log_level from 0 to 5 in amavisd.conf, and there is no difference in the log output no matter what I set the log_level. I am  linux system administrator, and I know how to tail, less and grep. I am not seeing those entries in the log. As I said, they were there a couple of week ago, and now they are not.

14 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

OK, here's a quick solution: add line below in Amavisd config file (better at the bottom of config file to avoid unexpected overwritten), then restart amavisd service:

$log_templ = $log_verbose_templ;

15 Reply by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Re: Spam checking

ZhangHuangbin wrote:

OK, here's a quick solution: add line below in Amavisd config file (better at the bottom of config file to avoid unexpected overwritten), then restart amavisd service:

$log_templ = $log_verbose_templ;

I had already tried that, still no output in the log.

16 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam checking

Even restart Amavisd service doesn’t help?
That’s weird enough. No clue yet. sad
I suggest posting to Amavisd mailing list to get some help.