==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer?: downloadable installer
- Linux/BSD distribution name and version: Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: No
====

We have the problem that some SPAM Mails get discarded, but some some. It depends on the recipient.

In /etc/amavis/conf.d/50-user we have:
  $sa_kill_level_deflt = 6.9
and later:
  $final_spam_destiny = D_DISCARD;
It works for some recipients, but some still get the mails

/var/log/maillog shows the following
    Jun 22 17:41:55 mailserver postfix/postscreen[2186]: CONNECT from [xxx.xxx.xxx.xxx]:19795 to [xxx.xxx.xxx.xxy]:25
    Jun 22 17:41:55 mailserver postfix/postscreen[2186]: WHITELISTED [xxx.xxx.xxx.xxx]:19795
    Jun 22 17:41:55 mailserver postfix/smtpd[389819]: connect from mail-out-3.itc.uni.de[xxx.xxx.xxx.xxx]
    Jun 22 17:41:55 mailserver postfix/smtpd[389819]: Anonymous TLS connection established from mail-out-3.itc.uni.de[xxx.xxx.xxx.xxx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    Jun 22 17:41:55 mailserver postfix/smtpd[389819]: 4LSngR5W6Bz537: client=mail-out-3.itc.uni.de[xxx.xxx.xxx.xxx]
    Jun 22 17:41:55 mailserver postfix/cleanup[390975]: 4LSngR5W6Bz537: message-id=<29986454.1180728024697.sfdgfhh@sneezy.telenate.de>
    Jun 22 17:41:55 mailserver postfix/qmgr[1661]: 4LSngR5W6Bz537: from=<fghfgurn@sneezy.telenate.de>, size=8153, nrcpt=3 (queue active)
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390987]: connect from localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390988]: connect from localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390987]: 4LSngS152sz5dh: client=localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/cleanup[390975]: 4LSngS152sz5dh: message-id=<29986454.1180728024697.sfdgfhh@sneezy.telenate.de>
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390988]: 4LSngS19zJz5dr: client=localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/cleanup[390990]: 4LSngS19zJz5dr: message-id=<29986454.1180728024697.sfdgfhh@sneezy.telenate.de>
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS152sz5dh: from=<fghfgurn@sneezy.telenate.de>, size=9081, nrcpt=1 (queue active)
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390987]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 22 17:41:56 mailserver amavis[366826]: (366826-09) Passed SPAM {RelayedTaggedInbound}, [xxx.xxx.xxx.xxx]:19795 [89.149.209.111] ESMTP/ESMTP <fghfgurn@sneezy.telenate.de> -> <person3@web.de>, (ESMTPS://[xxx.xxx>
    Jun 22 17:41:56 mailserver amavis[366826]: (366826-09) ..., autolearnscore=11.194, 323 ms
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390988]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS19zJz5dr: from=<fghfgurn@sneezy.telenate.de>, size=9067, nrcpt=1 (queue active)
    Jun 22 17:41:56 mailserver postfix/amavis/smtp[390981]: 4LSngR5W6Bz537: to=<person3@web.de>, orig_to=<bar@my-domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.44, delays=0.08/0.02/0/0.33, dsn=2.0.0>
    Jun 22 17:41:56 mailserver amavis[369343]: (369343-06) Passed SPAM {RelayedTaggedInbound}, [xxx.xxx.xxx.xxx]:19795 [89.149.209.111] ESMTP/ESMTP <fghfgurn@sneezy.telenate.de> -> <person1@tum.de>, (ESMTPS://[xxx.xxx.xxx.xxx]:>
    Jun 22 17:41:56 mailserver amavis[369343]: (369343-06) ...earnscore=11.194, 345 ms
    Jun 22 17:41:56 mailserver postfix/amavis/smtp[390980]: 4LSngR5W6Bz537: to=<person1@tum.de>, orig_to=<bar@my-domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.44, delays=0.08/0.01/0/0.35, dsn=2.0.0, statu>
    Jun 22 17:41:56 mailserver postfix/smtp[390991]: 4LSngS152sz5dh: to=<person3@web.de>, relay=smarthost.uni.de[137.226.78.59]:25, delay=0.07, delays=0.02/0.02/0.01/0.02, dsn=2.0.0, status=sent (250 ok:  M>
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS152sz5dh: removed
    Jun 22 17:41:56 mailserver postfix/smtp[390992]: 4LSngS19zJz5dr: to=<person1@tum.de>, relay=smarthost.uni.de[137.226.78.59]:25, delay=0.07, delays=0.03/0.01/0.01/0.02, dsn=2.0.0, status=sent (250 ok:  Message >
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS19zJz5dr: removed
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390987]: connect from localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/10025/smtpd[390987]: 4LSngS2KVRz5dh: client=localhost[127.0.0.1]
    Jun 22 17:41:56 mailserver postfix/cleanup[390975]: 4LSngS2KVRz5dh: message-id=<29986454.1180728024697.sfdgfhh@sneezy.telenate.de>
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS2KVRz5dh: from=<fghfgurn@sneezy.telenate.de>, size=9095, nrcpt=1 (queue active)
    Jun 22 17:41:56 mailserver amavis[366826]: (366826-10) Passed SPAM {RelayedTaggedInbound}, [xxx.xxx.xxx.xxx]:19795 [89.149.209.111] ESMTP/ESMTP <fghfgurn@sneezy.telenate.de> -> <person2@uni.de>, (ESMTPS://[>
    Jun 22 17:41:56 mailserver amavis[366826]: (366826-10) ...orce=no, autolearnscore=11.194, 156 ms
    Jun 22 17:41:56 mailserver postfix/amavis/smtp[390981]: 4LSngR5W6Bz537: to=<person2@uni.de>, orig_to=<bar@my-domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.6, delays=0.08/0.35/0/0.16, dsn>
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngR5W6Bz537: removed
    Jun 22 17:41:56 mailserver postfix/smtp[390991]: 4LSngS2KVRz5dh: to=<person2@uni.de>, relay=smarthost.uni.de[137.226.78.59]:25, delay=0.04, delays=0.02/0/0.01/0.02, dsn=2.0.0, status=sent (250 ok>
    Jun 22 17:41:56 mailserver postfix/qmgr[1661]: 4LSngS2KVRz5dh: removed

bar@my-domain.com is a forwarding to ca 20 people.

The SPAM Mails have the following headers:
  X-Spam-Flag: YES
  X-Spam-Score: 10.686
  X-Spam-Level: **
  X-Spam-Status: Yes, score=10.686 tagged_above=2 required=6.2

Does somebody known why these mails are still forwarded to person1, person2 and person3?