Junk Mail Sreening dosn't flag spam

Hello,
I'm trying to get "Junk Mail Sreening" (as they call it in the manual) to work but having little or no success.
We're running on a 10.4.6 Server and configuration chnages have been made with "Server Admin".
First thing I did was enabling virus scanning which worked right out of the box, wih one single exception:
Infected mails won't get deleted as configered in SA but rather will be quarantined in /var/virusmails.
However what doesn't seen to work is junk mail screening.
Here are the relevant settings from within Server Admin in SA's plist format:
<key>required_hits</key>
<integer>5</integer>
<key>spam_action</key>
<string>deliver</string>
<key>spam_enabled</key>
<true/>
<key>spamloglevel</key>
<string>warn</string>
<key>spamnotifyadmin</key>
<false/>
<key>spamnotify_adminemail</key>
<string>[email protected]</string>
<key>spamoklanguages</key>
<string>en fr de</string>
<key>spamoklocales</key>
<string>en</string>
<key>spam_quarantine</key>
<string>[email protected]</string>
<key>spamrewritesubject</key>
<true/>
<key>spamscanenabled</key>
<true/>
<key>spamsubjecttag</key>
<string>* JUNK MAIL *</string>
which result in the folling settings within /etc/amavisd.conf
$satag_leveldeflt = -999;
$satag2_leveldeflt = 5.0;
$sakill_leveldeflt = 22.0;
$saspam_subjecttag = '* JUNK MAIL *';
$saspam_modifiessubj = 1;
I then sent myself ([email protected] in the following log) a GTUBE junk mail (see http://spamassassin.apache.org/gtube/) from a mail account in a different domain (here: mail.sender.org) which should trigger the recognition of that particular mail being spam and to take the appropriate action as defined in SA.
Here's what's in /var/log/amavisd.log:
Jun 16 12:10:58 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) ESMTP::10024 /var/amavis/amavis-20060616T121058-21817: <[email protected]> -> <[email protected]> Received: SIZE=1660 from mail.receiver.com ([127.0.0.1]) by localhost (mail.receiver.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21817-01 for <[email protected]>; Fri, 16 Jun 2006 12:10:58 +0200 (CEST)
Jun 16 12:10:58 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) Checking: [IP_of_sender] <[email protected]> -> <[email protected]>
Jun 16 12:10:59 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) p001 1 Content-Type: text/plain, size: 504 B, name:
Jun 16 12:10:59 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) WARN: all primary virus scanners failed, considering backups
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) local delivery: <[email protected]> -> <spam-quarantine>, mbx=/var/virusmails/spam-a2740fd1baff60a1aa0bfb88a79036d6-20060616-121058-21817 -01.gz
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) SPAM, <[email protected]> -> <[email protected]>, Yes, hits=1000.124 tag=-999 tag2=5 kill=22 tests=GTUBE, NOREALNAME, quarantine spam-a2740fd1baff60a1aa0bfb88a79036d6-20060616-121058-21817-01 (spam-quarantine)
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) FWD via SMTP: [127.0.0.1]:10025 <[email protected]> -> <[email protected]>
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) Passed, <[email protected]> -> <[email protected]>, quarantine spam-a2740fd1baff60a1aa0bfb88a79036d6-20060616-121058-21817-01, Message-ID: <20060616101057.8DB8556A84@web2>, Hits: 1000.124
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) Passed SPAM, <[email protected]> -> <[email protected]>, Hits: 1000.124, tag=-999, tag2=5, kill=22, 0/Y/Y/Y
Jun 16 12:11:02 mail.receiver.com /usr/bin/amavisd[21817]: (21817-01) TIMING [total 3276 ms] - SMTP EHLO: 15 (0%), SMTP pre-MAIL: 2 (0%), mkdir tempdir: 1 (0%), create email.txt: 1 (0%), SMTP pre-DATA-flush: 6 (0%), SMTP DATA: 1 (0%), body_hash: 2 (0%), mkdir parts: 2 (0%), mime_decode: 23 (1%), get-file-type1: 20 (1%), decompose_part: 2 (0%), parts_decode: 0 (0%), AV-scan-1: 2830 (86%), spam-wb-list: 4 (0%), SA msg read: 1 (0%), SA parse: 5 (0%), SA check: 211 (6%), update_cache: 1 (0%), write-header: 23 (1%), save-to-local-mailbox: 76 (2%), post-do_spam: 3 (0%), fwd-connect: 16 (0%), fwd-mail-from: 2 (0%), fwd-rcpt-to: 3 (0%), write-header: 5 (0%), fwd-data: 0 (0%), fwd-data-end: 3 (0%), fwd-rundown: 2 (0%), mainlogentry: 13 (0%), update_snmp: 0 (0%), unlink-1-files: 2 (0%), rundown: 1 (0%)
As ar as I see, SpamAssassin gets called and rates the mail as spam with a hit-rate of 1000.124 using its buil-in rule GTUBE (see line 6 of the log)
Since the hit rate is far above $sakill_leveldeflt, I would expect both addition of X-Spam-Deteced headers and modification of the mail's subject line, but not even spam-info-headers are added to the mail. The only header that gets added (and the only proof that makes me believe the mail really has gone through amavisd screening) is
X-Virus-Scanned: by amavisd-new at mail.receiver.com
Curently this looks like a major problem in amavisd but I have no clue what to do now.
horst

Does it help if you have this?
dfwserver1:~ root# postconf -n
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps =
luser_relay = keith
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 12582912
mydestination = $myhostname,localhost.$mydomain,localhost,mail.dfwdesignsource.com,dfwdesignsou rce.com
mydomain = dfwdesignsource.com
mydomain_fallback = localhost
myhostname = mail.dfwdesignsource.com
mynetworks = 127.0.0.1/32,71.154.29.157/32,192.168.31.8/32,mail.allarycorp.com,allarycorp.co m,12.226.175.43,66.106.197.244,67.155.157.2,66.106.197.242,dfwdesignsource.com,m ail.dfwdesignsource.com,67.155.157.3,66.106.197.245
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org rejectrblclient relays.ordb.org permit
smtpdpw_server_securityoptions = login,plain,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_keyfile =
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp

Similar Messages

  • Is there a comprehensive list of what X-Spam headers Apple Mail will look at when determining junk mail status?

    Apple Mail has a preference to 'Trust junk mail headers in messages' but I can not find a list of what those headers are.  By trial and error I've learned the "X-Spam-Flag: YES" will work (exactly that, no extra info), but I'd like to know what other options there are... particularly if I can send a score/rating back and have it look at that.
    But I can't find a list of supported headers.  The Internet is full of "common spam headers" and yet none of them actually seem to work -- and lots of people who can't get it working with spamassassin which is incredibly common...
    So... is there such a list?

    I'm in the process of trying to get this information for a client. Even with a paid AppleCare agreement, the only answer I'm getting is "look in the forums" and "look on the developer site" (although I have to give credit to the Tier-1 rep who's trying to help me.) The impression I'm getting is that they consider an exact list of header names to be proprietary information for some reason, and are going to great pains to try not to give out the information, but also to not create ill will amongst their customers by explicitly saying "that's proprietary".

  • Junk Mail colour changing, but not being flagged

    I installed Tiger a couple of days ago and updated to 10.4.4. I'm noticing that particularly when I recieve several junk emails together the colour of them is changed as per my junk mail preferences, however, they are not always actually flagged as junk mail as well.
    I report all of my spam through Spamcop.net, so I open all of my junk mail, however, if I see the colour has changed I know it's spam, but if I don't notice it's not actually flagged then the images load upon opening ... which is obviously not what I want.
    I'm still trying to figure out a pattern for when this happens as I'm sure it's not happening all of the time - and it does seem related to receiving a batch of spam, such as first thing in the morning. I will do more attention paying, but if anyone has any clues about what the problem might be I'd be most grateful.
    Thanks!

    You would need to tell us what your various rules are doing, and what chaes you hve made to the junk rule.
    AK

  • Junk mail confusion - is this spam?

    I have long been confused by certain behaviour of Mac Mail.
    When Mail identifies spam (on my Mac, at least), it marks it by changing the text colour in the preview pane brown and moves it to the Junk folder, as per my preferences.
    However, I get some mail which does not qualify as Junk Mail or Spam as, according to the rules, it is from a previous recipient but Mail leaves it in the Inbox (or moves it, depending on my custom rules) and marks it by making the background of the preview pane brown but the text is still black.
    If I click on this mail and mark it as spam, it then moves to the Junk folder. If I then click on it and mark it as not spam, it changes to the normal black text on white background in the preview pane - so there is something which makes me think that this is related to Junk/Spam. I have messed around with flags but they do not seem to have anything to do with this.
    I really don't have a clue why this happens and have searched for years to find out without any success.
    Any ideas?

    In addition to Corky's suggestion on the right hand side of your profile page is this box:
    Click  Manage email notifications.  This manages any current email notifications you are receiving.

  • Junk mail filter in yosemite doesn't work. i can't find the 'mark as junk' selection or 'remove from previous recipients' which would help to filter out spam.

    junk mail filter in yosemite doesn't work. from the flags, i can't find the 'mark as junk' selection. Formerly clicking on the email address in question would allow one to 'remove from previous recipients' which would help to filter out spam. I've adjusted all the settings under mail preferences, but that is not helping.

    Hello Diane162,
    Welcome to the Apple Support Communities!
    I understand that you would like to be able to filter some of the junk mail that you are receiving in Mail. The attached article has a lot of great information on junk mail filtering, including how to mark as junk and adjust the junk filter.
    Mail (Yosemite): Reduce junk mail in your inbox
    Cheers,
    Joe

  • Spam fighting Idea for Email Users-Beyond Junk Mail

    I get so much junk mail I was hoping there was a way to automatically bounce back anything that got classified as junk. Then the important person who sent the email could use the old telephone for contact if they found they weren't getting their communication through. There would be an added bonus of all the emails that were junk would look the same (Mail Delivery System) and faster to delete.
    Does anyone else think this is a good idea or is it just stupid.

    Do you use this email address for public purposes, such as for online purchases, or for website access if an email address is required for access, or provide it for anything and everything when an email address is requested or required?
    Do you automatically render all HTML received? If so, and a spammer includes embedded images or objects with HTML formatting that must be rendered from a remote server to be viewed, you are notifying the spammer that your email address is valid or "known good" causing even more spam to be received. When the Mail.app's Junk Mail filter correctly marks a message as junk when received, and the spammer includes embedded images or objects that must be rendered from a remote server to be viewed, these will not be rendered when such a message is marked as junk as a security measure. But this does not apply if such a junk message is not marked as junk when received, which is why automatically rendering all HTML when received is not a good idea.
    Have you ever selected a link included with a spam message - any link, and especially a remove your address from the circulation list link? If so, you have done nothing but notify the spammer that your email address is valid or "known good" causing even more spam to be received.
    Spammers sell/trade their "known good" email address lists to each other, causing even more spam.
    If you have done any or all of these things, you have inadvertently and unknowingly added to the amount of spam you are receiving.
    Once an email address is so badly compromised, it is impossible to get the cat back in the bag.
    The best thing to do is to have a personal email address that is used to exchange email with family and friends only. Do not use this email address for online purchases, or for any other public consumption. Get a free Hotmail account that is accessed via webmail only using a browser to be used for online purchases and for public consumption.
    A Gmail account is free, can be accessed as an IMAP or POP account with an email client on your computer, has webmail access, has an authenticated SMTP server so you can send messages with the account regardless the ISP being used for your internet connection, and Gmail has a good spam filter at their incoming mail server.
    You don't want to reply to, bounce back, select any links, or render any HTML for spam for a number of reasons.

  • Junk Mail Flagging Issue

    I was trying to correct an error I made with Mail and I clicked reset in the junk mail pane. Now it no longer marks anything as junk. I have junk filtering enabled. It's set to mark as junk but leave it in my inbox. I know this is training mode and I am marking the spam as junk but I thought it would still mark the messages that didn't conform to the default rules of the sender not being in address book, or in previous recipients, etc. but it's not. Prior to my clicking on reset it was marking them correctly.
    Does the filter start picking these up after a certain period of time or is there something I need to correct?

    You should set the junk mail filter to move the mail to the junk folder.
    Mail / Junk will eventually 'learn' what is and not junk.
    Until you have a large amount of mail in the junk it would be advisable to check through once in a while for messages that you actually need.
    Spamsieve gives you the oppotunity to create rules to keep the messages from known address's. Download the 30 day trial to give a go, if you prefer mail junk filtering you can revert back after 30 days.
    For your information, I get between 70-100 spam messages per day, I now trust spamsieve to filter them out - it does a great job.

  • Junk mail and spam - learning mode?

    Have been receiving unsolicited stock picks and viagara offers and move them to junk email folder that I created. Someone mentioned on a forum that a .mail account has a learning mode to help filter spam. I can't locate it. Any suggestions? Thank you.

    Look up the topic "Changing the junk mail filter" in Mail's Help to learn about Mail's built-in junk filter.

  • Spam/Junk mail--am I "sending" spam?

    I have been receiving a large amount of junk mail lately--50+ messages a day. I also have been receiving a large amount of "rejection" messages from accounts that I don't even know from places all over the world.
    From reading some threads here, it seems that an infected Windows machine somewhere that has my email address may be sending these rogue messages....
    This morning I got a message from my mail provider stating that I have exceeded my "daily limit" on outgoing messages...I'm not sure if this was an issue with their server (an hour later it worked fine) or if my Mac is actually sending some rogue messages or if an infected machine is actually using my mail server/account to send messages.
    Thanks!

    Infected or not, no machine can actually send spam through your email account unless it has that account's password. The fact that you are receiving both lots of spam & lots of rejection notices indicates that your email address (but not your password) is probably on one or more spammer's "known good" address lists. These lists provide not just target addresses for spam but also forged sender ones to make spam look more legitimate to others.
    Your provider probably imposes limits on the number of messages you can send, the size of each message, the number of recipients per message or per day, or some combination of these. If you are sure you know the limits for your account & have not exceeded any of them, you should contact the provider to find out why the notice was sent, since this may mean that someone does have your account password.

  • Junk mail-why don't I have an option for Is junk mail in messages flag not junk mail

    I have a brown coloured email which has been accurately diagnosed as junk mail, but when I go to Messages>flag>...the only two options I have are "not junk mail" and "mark as unread"  yet in the help support it says that it should have "junk mail" there too.  So far I cant mark it as junk mail - so I usually just delete them. Any advice please? Thank you.

    Have you studied Mail prefernces?   If not, go to Mail > preferences > Junk mail and check out the options there. Alternately, click on the 'info' question mark and follow up anything you are currently unsure of.

  • I am getting bombarded  with spam. I mark it as junk mail , but it does not stop!, I am getting bombarded  with spam. I mark it as junk mail , but it does not stop!

    How do I get rid of all the spam? I have been marking it as junk mail, but to no avail.

    You simply cannot do that, you must ignore it and delete it on daily basis.

  • I am received spam email in my inbox not Junk-mail

    Hello ,
     i have exchange 2010 and outlook 2010
    i am facing problem ,all users received spam email in inbox not Junk mail
    what to do to avoid this ?
    I want when the user receives a spam I want to go to junk-email not inbox.
    thanks

    Hi,
    Thanks for your detailed configuration steps.
    As the Anti-Spam workflow article, I suggest double check whether the “spamhuas” in the IP Allow List.
    1. Connection Filtering
    IP Allow List -> IP Block List -> Safe Provider List -> IP Block Provider’s RBL
      1) If sender IP in IP Alllow List, the message flow to Sender filtering directly. If not, it flows to IP Block List.
      2) If sender IP in IP Block List, the message is rejected and applied no other filters. If not, it flows to Safe Provider List.
      3) If spamhaus in Safe Provider List, the message flow to Sender filtering directly. If not, it flows to IP Block Provider List.
      4) If in IP Block Provider’s RBL, the message is rejected and applied no other filters. If not, it flows to Sender filtering.
    2. Sender Filtering
    Please add spam senders into Blocked Sender and select “Reject message” action.
    3. Content Filtering
    Please configure the Custom Words, “Allow messages containing these words or phrases:” and “Block messages containing these words or phrases (messages containing words or phrases listed above will not be blocked):”.
    Thanks
    Mavis Huang
    TechNet Community Support

  • HT4865 Spam/junk mail

    How can keep spam/junk mail from getting in to my inbox? Lately I've been inundated (on a daily) with spam.

    Add your contacts to VIP folder. Quickly go through regular folder and if you see anything that you need move to VIP as well, delete the rest. Using VIP for contacts allows to concentrate on important. I have been using Hotmail like that, they allow to use inbox for contacts only and everything else goes to junk. Takes me one minute a day to purge through 50 emails, pull two or three that I need and delete the rest.

  • SPAM/JUNK MAIL

    hi,
    We are using exchange 2013 and office 365. all the configurations have been done well and we are up and running, however users complain they receive junk mails. i have enabled the policy in the content filtering i.e. apply sensitive word list and SPF record,
    but still get junk emails. 
    i do not wish to apply policies, that will be block genuine mails as well.
    kindly help me on this.
    K.R

    Hi,
    I suggest double check the content filtering configuration if you sure the issue is caused by the content filtering feature.
    I also find an article on Anti-Spam and Antivirus mail flow for your reference:
    Understanding Anti-Spam and Antivirus Mail Flow
    http://technet.microsoft.com/en-us/library/aa997242.aspx
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Spam/Junk mail button

    So where exactly are the "Spam" or "Junk Mail" buttons in iPhone OS

    The iPhone's mail client does not include a junk mail filter.
    With an IMAP account, you can leave the email client on your computer that is used for accessing the account launched and running, which includes a spam filter. You can store the account's junk mailbox on the server with an IMAP account. Any message received that is marked as junk with the email client used on your computer for accessing the account (and moved to the account's junk mailbox stored on the server) will be reflected automatically when accessing the account with the iPhone's mail client. All server stored mailboxes with an IMAP account are kept synchronized with the server automatically with each email client used to access the account.

Maybe you are looking for

  • TimeStampDiff

    Hello experts, I want to know How to use TimeStampDiff function appropriately. My requirement is I have a column in the physical layer say time. It is of datatype varchar(5). It stores the values in HH:MM format. I want to have the difference between

  • Bapi?

    How to Develope an interface program to upload the Purchase Requisition from legacy system to SAP using BAPI for Transaction ME51N.?

  • What is reflection used for in RMI

    hi, I have a doubt regarding the use of reflection in RMI. why it is used and for what purpose?

  • Still having problems with Yahoo's Music Service and my Zen Mi

    I think I did a pretty good job searching the forums for a solution to my issue, so please don't flame me if I missed something I'm having major licensing issues with Yahoo's Unlimited Music Service, even after doing the following: . I'm running Wind

  • How do I open jpg files in camera raw?

    I have read in numerous articles that I can open jpg files in ACR from within Elements 11. They all state to go File>Open, then browse to the jpg you wish to open, select Camera Raw from the file type and select the jpg. When I select the Camera Raw