1 Topic by MERP Solutions (edited by MERP Solutions 2024-12-09 20:53:55)

  • MERP Solutions
  • Member
  • Offline
  • From: Netherlands
  • Registered: 2024-12-09
  • Posts: 2

Topic: Spam scanning works, but no headers

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.1 PGSQL edition
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 24.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I can see in the logs my emails are getting scanned for SPAM, but somehow my headers don't shown it.

This is in my log file:

2024-12-09T12:27:49.210716+00:00 mail amavis[3873064]: (3873064-01) Passed CLEAN {RelayedInbound}, [XX]:43564 [XX] ESMTP/ESMTP <no-reply@forum.iredmail.org> -> <info@merp.nl>, (ESMTPS://[XX]:43564 < ESMTPSA://XX), Queue-ID: 4Y6Ljc3HHqz40Q9, mail_id: HsJjBrhTtPUi, b: T66enSPW3, Hits: -0.06, size: 2503, queued_as: 4Y6Ljd1QV4z4155, Subject: "Welcome to iRedMail! (raw: =?UTF-8?B?V2VsY29tZSB0byBpUmVkTWFpbCE=?=)", From: <no-reply@forum.iredmail.org>, X-Mailer: PunBB_Mailer, helo=mail.iredmail.org, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,DMARC_PASS=-0.001,FROM_EXCESS_BASE64=0.001,MISSING_MID=0.14,SPF_HELO_NONEE=0.001,SPF_PASS=-0.001], autolearn=ham autolearn_force=no, autolearnscore=-0.059, dkim_i=@forum.iredmail.org, dkim_sd=dkim:iredmail.org, 692 ms

But my header shows this:

Return-Path: <no-reply@forum.iredmail.org>
Delivered-To: info@merp.nl
Received: from mail.merp.nl (mail.merp.nl [127.0.0.1])
    by mail.merp.nl (Postfix) with ESMTP id 4Y6Ljd1QV4z4155
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:49 +0000 (UTC)
X-Virus-Scanned: Debian amavis at mail.merp.nl
Authentication-Results: mail.merp.nl (amavis); dkim=pass (1024-bit key)
 header.d=iredmail.org
Received: from mail.merp.nl ([127.0.0.1])
 by mail.merp.nl (mail.merp.nl [127.0.0.1]) (amavis, port 10024) with ESMTP
 id HsJjBrhTtPUi for <info@merp.nl>; Mon,  9 Dec 2024 12:27:48 +0000 (UTC)
Received: from mail.iredmail.org (mail.iredmail.org [XX])
    by mail.merp.nl (Postfix) with ESMTPS id 4Y6Ljc3HHqz40Q9
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:48 +0000 (UTC)
Received: from mail.iredmail.org (mail.iredmail.org [127.0.0.1])
    by mail.iredmail.org (Postfix) with ESMTP id 4Y6LjT72FFz2y2x
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
Authentication-Results: mail.iredmail.org (amavisd-new);
    dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
    header.d=iredmail.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iredmail.org; h=
    content-transfer-encoding:x-mailer:content-type:mime-version
    :date:from:to:subject; s=dkim; i=@forum.iredmail.org; t=
    1733747261; x=1736339262; bh=H7Zm92lePWT59GU0va4eKXPGxQz+o1+meMX
    Y8dQ89Bw=; b=WPrIp0tcl59iTHa2iMBqFFGLVN/Wg+JTBlNCD2F+uQc5xCf5brN
    eOiGbZ5LhnANLWBEJSIyOBFHZc6hgV26X+erOUCBcSX7pSQRPMAen8l7Zrl+JkGl
    dsV6Bt3uEXW83XRsjvOwH32zL870tDvokaajm02P8lNrjtvS2RnVFztY=
X-Virus-Scanned: Debian amavisd-new at mail.iredmail.org
Received: from mail.iredmail.org ([127.0.0.1])
    by mail.iredmail.org (mail.iredmail.org [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id Xw8IdD-I19cE for <info@merp.nl>;
    Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
X-Envelope-To: info@merp.nl
Received: from web.iredmail.org (web.iredmail.org [XX])
    by mail.iredmail.org (Postfix) with ESMTPSA id 4Y6LjT5MBYz2xB1
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
Subject: =?UTF-8?B?V2VsY29tZSB0byBpUmVkTWFpbCE=?=
To: <info@merp.nl>
From: =?UTF-8?B?aVJlZE1haWwgTWFpbGVy?= <no-reply@forum.iredmail.org>
Date: Mon, 09 Dec 2024 12:27:41 +0000
MIME-Version: 1.0
Content-type: text/plain; charset=utf-8
X-Mailer: PunBB Mailer

I did a few changes to the amavisd config:

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = -100.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

So I should see the email header AFAIK. Am I missing something? I am working on this, since I am getting a lot of spam on a new domain for me (old domain from a new customer).

Thanks for looking at this!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

MERP Solutions's Website

2 Reply by MERP Solutions

  • MERP Solutions
  • Member
  • Offline
  • From: Netherlands
  • Registered: 2024-12-09
  • Posts: 2

Re: Spam scanning works, but no headers

MERP Solutions wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.1 PGSQL edition
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 24.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I can see in the logs my emails are getting scanned for SPAM, but somehow my headers don't shown it.

This is in my log file:

2024-12-09T12:27:49.210716+00:00 mail amavis[3873064]: (3873064-01) Passed CLEAN {RelayedInbound}, [XX]:43564 [XX] ESMTP/ESMTP <no-reply@forum.iredmail.org> -> <info@merp.nl>, (ESMTPS://[XX]:43564 < ESMTPSA://XX), Queue-ID: 4Y6Ljc3HHqz40Q9, mail_id: HsJjBrhTtPUi, b: T66enSPW3, Hits: -0.06, size: 2503, queued_as: 4Y6Ljd1QV4z4155, Subject: "Welcome to iRedMail! (raw: =?UTF-8?B?V2VsY29tZSB0byBpUmVkTWFpbCE=?=)", From: <no-reply@forum.iredmail.org>, X-Mailer: PunBB_Mailer, helo=mail.iredmail.org, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,DMARC_PASS=-0.001,FROM_EXCESS_BASE64=0.001,MISSING_MID=0.14,SPF_HELO_NONEE=0.001,SPF_PASS=-0.001], autolearn=ham autolearn_force=no, autolearnscore=-0.059, dkim_i=@forum.iredmail.org, dkim_sd=dkim:iredmail.org, 692 ms

But my header shows this:

Return-Path: <no-reply@forum.iredmail.org>
Delivered-To: info@merp.nl
Received: from mail.merp.nl (mail.merp.nl [127.0.0.1])
    by mail.merp.nl (Postfix) with ESMTP id 4Y6Ljd1QV4z4155
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:49 +0000 (UTC)
X-Virus-Scanned: Debian amavis at mail.merp.nl
Authentication-Results: mail.merp.nl (amavis); dkim=pass (1024-bit key)
 header.d=iredmail.org
Received: from mail.merp.nl ([127.0.0.1])
 by mail.merp.nl (mail.merp.nl [127.0.0.1]) (amavis, port 10024) with ESMTP
 id HsJjBrhTtPUi for <info@merp.nl>; Mon,  9 Dec 2024 12:27:48 +0000 (UTC)
Received: from mail.iredmail.org (mail.iredmail.org [XX])
    by mail.merp.nl (Postfix) with ESMTPS id 4Y6Ljc3HHqz40Q9
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:48 +0000 (UTC)
Received: from mail.iredmail.org (mail.iredmail.org [127.0.0.1])
    by mail.iredmail.org (Postfix) with ESMTP id 4Y6LjT72FFz2y2x
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
Authentication-Results: mail.iredmail.org (amavisd-new);
    dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
    header.d=iredmail.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iredmail.org; h=
    content-transfer-encoding:x-mailer:content-type:mime-version
    :date:from:to:subject; s=dkim; i=@forum.iredmail.org; t=
    1733747261; x=1736339262; bh=H7Zm92lePWT59GU0va4eKXPGxQz+o1+meMX
    Y8dQ89Bw=; b=WPrIp0tcl59iTHa2iMBqFFGLVN/Wg+JTBlNCD2F+uQc5xCf5brN
    eOiGbZ5LhnANLWBEJSIyOBFHZc6hgV26X+erOUCBcSX7pSQRPMAen8l7Zrl+JkGl
    dsV6Bt3uEXW83XRsjvOwH32zL870tDvokaajm02P8lNrjtvS2RnVFztY=
X-Virus-Scanned: Debian amavisd-new at mail.iredmail.org
Received: from mail.iredmail.org ([127.0.0.1])
    by mail.iredmail.org (mail.iredmail.org [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id Xw8IdD-I19cE for <info@merp.nl>;
    Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
X-Envelope-To: info@merp.nl
Received: from web.iredmail.org (web.iredmail.org [XX])
    by mail.iredmail.org (Postfix) with ESMTPSA id 4Y6LjT5MBYz2xB1
    for <info@merp.nl>; Mon,  9 Dec 2024 12:27:41 +0000 (UTC)
Subject: =?UTF-8?B?V2VsY29tZSB0byBpUmVkTWFpbCE=?=
To: <info@merp.nl>
From: =?UTF-8?B?aVJlZE1haWwgTWFpbGVy?= <no-reply@forum.iredmail.org>
Date: Mon, 09 Dec 2024 12:27:41 +0000
MIME-Version: 1.0
Content-type: text/plain; charset=utf-8
X-Mailer: PunBB Mailer

I did a few changes to the amavisd config:

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = -100.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

So I should see the email header AFAIK. Am I missing something? I am working on this, since I am getting a lot of spam on a new domain for me (old domain from a new customer).

Thanks for looking at this!

I was being dumb! I changed it in the wrong config file, which in turn got overwritten by the following config. So when I changed it in the 50-user config of amavis it works perfectly!

MERP Solutions's Website