On 5/21/10, Karsten Bräckelmann wrote: > On Fri, 2010-05-21 at 15:58 +0200, Sasa wrote: > > Hi, I have a problem with some mails that are discarded when in body message > > there is a web link with http prefix, i.e. with: > > http://www.example.com/example > > > > with this link the mail is discarded and in log file I have: > > You didn't show *any* traces of SA even being involved here. At the very > least, we'd need the rules hit. > > > [r...@mail ~]# grep 707F026A302 /var/log/maillog > > May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302: > > client=unknown[192.168.1.88], sasl_method=LOGIN, > > sasl_username=u...@mydomain.com > > May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302: > > message-id=000d01caf7f9$c95308e0$5bf91a...@com > > May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302: > > from=<u...@mydomain.com>, size=3075, nrcpt=2 (queue active) > > So you're filtering outbound mail? > > > May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302: > > to=<dvd...@domain.it>, relay=127.0.0.1[127.0.0.1]:10024,delay=23, > > delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, > > id=13116-02) > > SA does not discard mail. It merely classifies it, any action is left to > other tools in your chain. > > You just clearly showed that it is postfix discarding the mail. What's > missing from your pasted logs is the reason *why* postfix did that. > You'll need to dig deeper. > > > postfix 2.5.6 > > amavisd-new > > spamassassin > > clamav > > So, first question to check for in the logs is, which of these tools > even processed the message, and what the respective results are. >
Actually, Postfix did not discard the mail, it delivered it to amavisd-new at 127.0.0.1:10024 and amavisd-new reported back to Postfic that it discarded the UBE mail. The mail is not necessarily discarded however, it may have been quarantined by amavisd-new. Of course this all depends on settings in amavisd-new. The first message shows the amavisd-new log entry where spamassassin scored Hits: 4.339 and this message was Passed CLEAN. You do not show the amavisd-new log entry for the second message. If the message has only this small amout of text it it, this seems like a pretty high score, so you do need to see which rules hit. If you increase amavisd-new $log_level to 2 during testing, you should see which rules were triggered. Here is a sample from amavisd-new 2.6.4: # tail -f /var/log/mail.log | grep SPAM May 23 02:55:54 filter amavis[3942]: (03942-01) SPAM-TAG, <ga...@example.com> -> <ga...@example.com>, No, score=1.317 required=6.1 tests=[ALL_TRUSTED=-1, AWL=0.549, DATE_IN_FUTURE_06_12=0.001, MISSING_SUBJECT=1.767] autolearn=no -- Gary V
