Sandy Drobic wrote:
Richard Mixon (qwest) wrote: <SNIP>
I would like to either: 1) Have Spamassassin put a score in the email headers that the users email agent can use for filtering.
That is the default. There are three headers you can use for filtering:
X-Spam-Status: Yes, hits=20.929 tagged_above=0.5 required=3.5 tests=BAYES_99, DNS_FROM_RFC_POST, DRUGS_PAIN, DRUGS_PAIN_OBFU, HELO_DYNAMIC_IPADDR2, HELO_DYNAMIC_SPLIT_IP, MIME_BASE64_TEXT, RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL, RCVD_IN_SORBS_WEB, URIBL_OB_SURBL, URIBL_SC_SURBL
X-Spam-Level: ********************
X-Spam-Flag: YES
If you have Clients that can query these headers you can use the $sa_spam_subject_tag = '[suspect SPAM] ';
in /etc/amavisd.conf
Sandy - thank you for the response. I would think that I should be seeing one of the above headers - as my detected SPAM messages are being directed to my admin email address as SPAM. But there is no "X-Spam..." header. For example, next are the headers from some SPAM I recently received, followed by the notification I received and further below is a snip from my /etc/amavisd.conf: **** SPAM example headers:**** Return-Path: <armstrong@myeinfomail.net> Received: from gofish.FromLtoJSoftware.com ([unix socket]) by gofish (Cyrus v2.2.3) with LMTP; Wed, 30 Mar 2005 17:29:45 -0700 X-Sieve: CMU Sieve 2.2 Received: from localhost (localhost [127.0.0.1]) by gofish.FromLtoJSoftware.com (Postfix) with ESMTP id EF471174D for <rnmixon@gofish.FromLtoJSoftware.com>; Wed, 30 Mar 2005 17:29:44 -0700 (MST) Received: from gofish.FromLtoJSoftware.com ([127.0.0.1]) by localhost (gofish [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08941-08 for <rnmixon@gofish.FromLtoJSoftware.com>; Wed, 30 Mar 2005 17:29:44 -0700 (MST) Received: from myeinfomail.net (myeinfomail.net [209.203.195.35]) by gofish.FromLtoJSoftware.com (Postfix) with ESMTP id CD25711B6 for <rnmixon@acme.com>; Wed, 30 Mar 2005 17:29:43 -0700 (MST) From: "Armstrong Flag Company" <armstrong@myeinfomail.net> Subject: Great Flags with Complimentary Shipping To: rnmixon@acme.com Content-Type: multipart/alternative; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; charset="us-ascii" MIME-Version: 1.0 Reply-To: armstrong@myeinfomail.net Date: Wed, 30 Mar 2005 18:26:16 -0600 Message-Id: <20050331002943.CD25711B6@gofish.FromLtoJSoftware.com> X-Virus-Scanned: by amavisd-new at acme.com ****SPAM example notification to admin:**** -----Original Message----- From: rnmixon@acme.com [mailto:admin1@acme.com] Sent: Wednesday, March 30, 2005 5:30 PM To: rnmixon@acme.com Subject: SPAM FROM <armstrong@myeinfomail.net> Unsolicited bulk email from: armstrong@myeinfomail.net Subject: Great Flags with Complimentary Shipping According to the 'Received:' trace, the message originated at: myeinfomail.net (myeinfomail.net [209.203.195.35]) The message WILL BE delivered to: <rnmixon@gofish.FromLtoJSoftware.com> Not quarantined. SpamAssassin report: Spam detection software, running on the system "gofish.FromLtoJSoftware.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is a multi-part message in MIME format URI:http://www.infoweb-email.com/080E001C1F1B0A1D1C3214001D1F1E061D185 C111D1F0E46414340470E43420E400E4041444B4B40420E08.aspx ARMSTRONG FLAG COMPANY March Special: Free Shipping [...] Content analysis details: (12.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------- ------ 2.0 MIME_BOUND_RKFINDY Spam tool pattern in MIME boundary (rfkindy) 0.6 LARGE_HEX BODY: Contains a large block of hexadecimal code 0.4 ORDER_NOW BODY: Encourages you to waste no time in ordering 1.5 HTML_IMAGE_ONLY_06 BODY: HTML: images with 400-600 bytes of words 0.2 HTML_FONT_FACE_ODD BODY: HTML font face is not a commonly used face 0.0 HTML_80_90 BODY: Message is 80% to 90% HTML 0.2 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_IMAGE_RATIO_12 BODY: HTML has a low ratio of text to image area 0.3 HTML_FONT_BIG BODY: HTML has a big font 0.6 HTML_TABLE_THICK_BORD BODY: HTML table has thick border 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red 3.7 MSGID_FROM_MTA_SHORT Message-Id was added by a relay 0.9 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary 1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts ------------------------- BEGIN HEADERS ----------------------------- Return-Path: <armstrong@myeinfomail.net> Received: from myeinfomail.net (myeinfomail.net [209.203.195.35]) by gofish.FromLtoJSoftware.com (Postfix) with ESMTP id CD25711B6 for <rnmixon@acme.com>; Wed, 30 Mar 2005 17:29:43 -0700 (MST) From: "Armstrong Flag Company" <armstrong@myeinfomail.net> Subject: Great Flags with Complimentary Shipping To: rnmixon@acme.com Content-Type: multipart/alternative; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; charset="us-ascii" MIME-Version: 1.0 Reply-To: armstrong@myeinfomail.net Date: Wed, 30 Mar 2005 18:26:16 -0600 Message-Id: <20050331002943.CD25711B6@gofish.FromLtoJSoftware.com> -------------------------- END HEADERS ------------------------------ Below is the amavisd.conf I am using. Any ideas on what I'm doing wrong. Thanks again - Richard ****Snipped from /etc/amavisd.conf **** # SpamAssassin settings # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value # of the option local_tests_only. See Mail::SpamAssassin man page. # If set to 1, SA tests are restricted to local tests only, i.e. no tests # that require internet access will be performed. # $sa_local_tests_only = 1; # (default: false) #$sa_auto_whitelist = 1; # turn on AWL (default: false) $sa_timeout = 30; # timeout in seconds for a call to SpamAssassin # (default is 30 seconds, undef disables it) $sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is larger # (less than 1% of spam is > 64k) # default: undef, no limitations # default values, can be overridden by more specific lookups, e.g. SQL $sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default; # # The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt # may also be hashrefs to hash lookup tables, to make static per-recipient # settings possible without having to resort to SQL or LDAP lookups. # a quick reference: # tag_level controls adding the X-Spam-Status and X-Spam-Level headers, # tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject, # kill_level controls 'evasive actions' (reject, quarantine, extensions); # it only makes sense to maintain the relationship: # tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level # string to prepend to Subject header field when message exceeds tag2 level #$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) # (only seen when spam is not to be rejected # and recipient is in local_domains*) #$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true # Example: modify Subject for all local recipients except user@example.com #$sa_spam_modifies_subj = [qw( !user@example.com . )];