On Sun, 6 Aug 2017 10:37:36 -0700 (MST) Scott wrote: > Centos7 > Posftfix 3.2.2 > Amavisd 2.11.0 > spamassassin-3.4.0 > > I have a logwatch output that gets mailed to me daily. Spamassassin > is scoring it high enough as exceed my threshold for whacking it as > spam. > > While this is not good, I'm concerned I have something fundamental > misconfigured where it would flag anything internal at all. Bayes is > not being used yet (tokens <200). What is the proper way to allow > messages form the server itself to not get flagged by SA? > > I have the server's IP address (y.y.y.y) in my lists of trusted and > internal as so: > trusted_networks xx.xx.xx.xx > trusted_networks y.y.y.y > trusted_networks z.z.z.z > > internal_networks xx.xx.xx.xx > internal_networks y.y.y.y > internal_networks z.z.z.z > > I don't see that that made any difference. Shouldn't it have? > > Header of intercepted message: > > From MAILER-DAEMON Sun Aug 6 04:02:19 2017 > Return-Path: <> > X-Original-To: s...@myserver.com > Delivered-To: s...@myserver.com > X-Envelope-From: <r...@mail2.myserver.com> > X-Envelope-To: <r...@mail2.myserver.com> > X-Envelope-To-Blocked: <r...@mail2.myserver.com> > X-Quarantine-ID: <oadqecN-93HM> > X-Spam-Flag: YES > X-Spam-Score: 7.332 > X-Spam-Level: ******* > X-Spam-Status: Yes, score=7.332 tag=-9999 tag2=5 kill=6.4 > tests=[NORMAL_HTTP_TO_IP=0.001, NO_RELAYS=-0.001, > URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7, URIBL_DBL_SPAM=2.5, > URIBL_GREY=1.084, URIBL_SBL_A=0.1] autolearn=no
What's happening here is that SA is picking-up spammer domains in the text. SA is seeing no Received headers so whitelist_from_rcvd isn't going to work and your internal/trusted networks are irrelevant. What you could do is meta NO_RELAYS with a rule that's a suitable identifier for this kind of mail. Check that you aren't seeing NO_RELAYS in any spam.
