The Friday 2005-04-01 at 10:35 -0700, Richard Mixon (qwest) wrote:
**** /var/log/mail - BEGIN **** <SNIP> Apr 1 09:24:12 gofish amavis[19362]: (19362-01) Passed, <email1@qwest.net> -> <email1@gofish.acmesoftware.com>, Message-ID: <DKELJBPNDHJEECCAEPGOKEALLEAA.email1@qwest.net>, Hits: 3.584
Amavis is working, and gave a level of "3.584" to that email.
Apr 1 09:24:12 gofish amavis[19362]: (19362-01) TIMING [total 1300 ms] - SMTP EHLO: 4 (0%), SMTP pre-MAIL: 0 (0%), mkdir tempdir: 0 (0%), create email.txt: 0 (0%), SMTP pre-DATA-flush: 3 (0%), SMTP DATA: 38 (3%), body hash: 1 (0%), mkdir parts: 1 (0%), mime_decode: 15 (1%), get-file-type: 14 (1%), get-file-type: 14 (1%), decompose_part: 2 (0%), decompose_part: 0 (0%), parts: 0 (0%), AV-scan-1: 4 (0%), SA msg read: 2 (0%), SA parse: 1 (0%), SA check: 1106 (85%), fwd-connect: 33 (3%), fwd-mail-from: 2 (0%), fwd-rcpt-to: 7 (1%), write-header: 2 (0%), fwd-data: 0 (0%), fwd-data-end: 46 (4%), fwd-rundown: 1 (0%), unlink-2-files: 3 (0%), rundown: 0 (0%)
You can tell amavis-new not to add this line, it is too verbose. But you can see there that it in fact running SA.
**** Received message headers - BEGIN **** .... Content-Type: multipart/alternative; boundary="----=_NextPart_000_04AC_01C5369C.8624BD80" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
I would try to use a "real" mail program, say Mozilla, for example...
X-Virus-Scanned: by amavisd-new at acme.com
It has been scanned.
**** Received message headers - END ****
**** /var/log/messages - BEGIN **** ... Apr 1 09:22:16 gofish amavis[19360]: ANTI-SPAM code loaded
Ok.
**** /etc/amavisd.conf - BEGIN **** <SNIP> ...
# default values, can be overridden by more specific lookups, e.g. SQL $sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0;
These two are interesting. Info headers are only added if level is more or equal to 3.0. You have the explanation below: # a quick reference: # tag_level controls adding the X-Spam-Status and X-Spam-Level headers, # tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject, # kill_level controls 'evasive actions' (reject, quarantine, extensions); # it only makes sense to maintain the relationship: # tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level So, it will only add the X-Spam-Flag above level 5.0. Your email does not get to that level. But you should be seeing the "X-Spam-Status" and "X-Spam-Level" headers - unless outlook is playing tricks on you. Change.
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension
Translation: above level 5.0, it will take "evasive action".
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default;
If I read it correctly, from level 5 to 10, email is bounced, and above 10 it is discarded. You don't see them at all. I don't like those actions. I would never bounce an spam! I don't clearly see how to tell it to quarantine always, or to do nothing. To do nothing I think would be, perhaps, setting "sa_kill_level_deflt = 10000" I don't see this clear, and I know no documentation. :-/ -- Cheers, Carlos Robinson