Hi all, I recently switched from a spamassassin only based setup to an amavis-new combo setup, which seems to be doing all the right things, apart from the fact that it's picking up 60% of the spam. The rest of the spam is blatantly being identified as spam, then being re-itemised and finally sent to mailbox as valid mail.
I've been trawling the net for days now looking for the answer and I simply cannot find out what's going on. The cpu isn't so great (366 P3/512MB RAM, but as it's only a small mail server, I didn't think it would matter too much). I did notice in the logs that SA TIMEOUT had ocurred, so I changed that from 30s to 300s (i'll change that later when I find out whats optimal). That fixed that issue, but the amount of spam getting to my users' mailbox is unacceptable, especially compared to my previous no-frills setup without amavis-new. I post the output of a typical spam getting through, in the hope that it will get some of you to go ooh, ahh and generally notice straight away how stupid I am being and point out the problem to me. Note that the mail is first given a spam level of 35.65, identified as spam, then it's quarantined, then some how, it gets a status of 'Passed' and then is finally delivered. Please ask if you wish to see my amavis-new config file. I thought that my post was already long enough to add even more on to it, hopefully un-necessarily. Please help!! Thanks In Advance. I have changed the recipient address to XXXXX: Jan 25 00:07:59 xbolt amavis[14198]: (14198-04) ESMTP::10024 /var/lib/amavis/amavis-20060124T232351-14198: <[EMAIL PROTECTED]> -> <XXXXXXXXXXXX> Received: SIZE=798 from xbolt.net ([127.0.0.1]) by localhost (xbolt.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14198-04 for <XXXXXXXXXXXX>; Wed, 25 Jan 2006 00:07:59 +0000 (GMT) Jan 25 00:07:59 xbolt amavis[14198]: (14198-04) Checking: <[EMAIL PROTECTED]> -> <XXXXXXXXXXXX> Jan 25 00:08:00 xbolt postfix/smtpd[14962]: disconnect from 200-161-100-146.dsl.telesp.net.br[200.161.100.146] Jan 25 00:08:40 xbolt postfix/smtpd[14962]: connect from unknown[218.5.142.157] -- Jan 25 00:09:05 xbolt amavis[14198]: (14198-04) spam_scan: hits=35.65 tests=BAYES_99,FB_GET_MEDS,FORGED_YAHOO_RCVD,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_SORBS_SOCKS,SARE_RECV_SPAM_DOMN02,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,WLS_URI_OPT_2741 Jan 25 00:09:05 xbolt amavis[14198]: (14198-04) local delivery: <> -> <spam-quarantine>, mbx=/var/lib/amavis/virusmails/spam-3c292f3cc6d105f92c4a12ea8e605039-20060125-000905-14198-04.gz Jan 25 00:09:05 xbolt amavis[14198]: (14198-04) SPAM, <[EMAIL PROTECTED]> -> <XXXXXXXXXXXX>, Yes, hits=35.6 tag1=0.0 tag2=5.0 kill=5.0 tests=BAYES_99, FB_GET_MEDS, FORGED_YAHOO_RCVD, HELO_DYNAMIC_HCC, HELO_DYNAMIC_IPADDR2, RAZOR2_CF_RANGE_51_100, RAZOR2_CHECK, RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL, RCVD_IN_SORBS_SOCKS, SARE_RECV_SPAM_DOMN02, URIBL_AB_SURBL, URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SC_SURBL, URIBL_WS_SURBL, WLS_URI_OPT_2741, quarantine spam-3c292f3cc6d105f92c4a12ea8e605039-20060125-000905-14198-04 (spam-quarantine) Jan 25 00:09:05 xbolt amavis[14198]: (14198-04) FWD via SMTP: [127.0.0.1]:10025 <[EMAIL PROTECTED]> -> <XXXXXXXXXXXX> Jan 25 00:09:05 xbolt postfix/smtpd[15021]: connect from xbolt.net[127.0.0.1] Jan 25 00:09:05 xbolt postfix/smtpd[15021]: EEF302D029A: client=xbolt.net[127.0.0.1] -- Jan 25 00:09:06 xbolt amavis[14198]: (14198-04) Passed, <[EMAIL PROTECTED]> -> <XXXXXXXXXXXX>, quarantine spam-3c292f3cc6d105f92c4a12ea8e605039-20060125-000905-14198-04, Message-ID: <[EMAIL PROTECTED]>, Hits: 35.65 Jan 25 00:09:06 xbolt amavis[14198]: (14198-04) TIMING [total 66794 ms] - SMTP EHLO: 41 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 18 (0%), SMTP DATA: 36 (0%), body hash: 34 (0%), mime_decode: 113 (0%), get-file-type: 64 (0%), decompose_part: 4 (0%), parts: 0 (0%), AV-scan-1: 50 (0%), SA msg read: 5 (0%), SA parse: 40 (0%), SA check: 66011 (99%), write-header: 253 (0%), save-to-local-mailbox: 4 (0%), fwd-connect: 20 (0%), fwd-mail-from: 4 (0%), fwd-rcpt-to: 5 (0%), write-header: 10 (0%), fwd-data: 1 (0%), fwd-data-end: 45 (0%), fwd-rundown: 4 (0%), unlink-1-files: 15 (0%), rundown: 17 (0%) Jan 25 00:09:06 xbolt amavis[14198]: (14198-04) Requesting a process rundown after 10 tasks Jan 25 00:09:06 xbolt postfix/smtp[14933]: 8B3AE2D02CE: to=<XXXXXXXXXXXX>, relay=127.0.0.1[127.0.0.1], delay=75, status=sent (250 2.6.0 Ok, id=14198-04, from MTA: 250 Ok: queued as EEF302D029A) Jan 25 00:09:06 xbolt postfix/qmgr[14132]: 8B3AE2D02CE: removed Jan 25 00:09:06 xbolt amavis[14198]: (14198-04) tempdir being removed: /var/lib/amavis/amavis-20060124T232351-14198 Jan 25 00:09:06 xbolt postfix/local[15023]: EEF302D029A: to=<XXXXXXXXXXX>, orig_to=<XXXXXXXXXXXX>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -f- -a "$USER") Jan 25 00:09:06 xbolt postfix/qmgr[14132]: EEF302D029A: removed
