Spam - whitelist Spamassasin

Similar Messages

• EPrint SPAM whitelist

  1. I have set my hp ePrint only accept and print email from specific address.
  2. I have forward emails to ePrint from 3 email account, from PC and iPhone. Sometimes it will print out, but sometimes it cannot because spam detected.
  I hope HP can program the allowed email address list as spam filter whitelist, that means any address on allowed email address list will direct bypass spam filter so we can always print from those email address without any problem.
  Your help are mostly appreciated.

  The "spam/virus" message often occurs because the email did not contain any text in the subject line. Please try re-sending an email to your printer and adding text in the email's subject line.
  mails are mostly forward, I can confirm no subject issue
  1. Are there any attachments being sent? If so, which attachment file type is being used (PDF or Word documents, JPG photos, etc)?
  Some got attachment, some did not got attachment. PDF type, excel type and jpg photo type is the types of attachments that I attached when send print job.
  2. Which email address/addresses are used to send ePrint emails?
  [email protected], [email protected]
  3. The results of a test email (success/fail) which will help isolate the source of the issue. Please follow the instructions below:
  The result of test email is successful print out, but the purpose we use eprint center is for print out document we need on the way back to office then we can save time as the documents already standby there for us. But this spam issue has make this feature no user friendly, most of the time when we reach office the ducuments no print out then we have to reprint and it wasted our time.
  I suggest it is best to let the allowed email address list equal to spam white list, so your spam engine would not filter out our email. All those email I forward to print are no verify by yahoo and gmail as spam, hope your server also do not. Thanks.

• SPAM WhiteList creation

  Emails to my Verizon account are approximately 95% SPAM. Even though I have SPAM Detector activated, I rarely see more than 15% of the messages in the SpamDetector folder correctly trapped. By contrast, my work email SPAM (Cisco IronPort) correctly traps over 99+% SPAM messages.
  I want to configure my Verizon webmail account with a “WhiteList” feature that directs all emails from senders NOT in my contacts directly to the SpamDetector folder. To date, I have not found any guidance from Verizon on this capability. Though a WhiteList feature exists for Verizon webmail, its purpose is to permit emails from senders that would otherwise be considered SPAM to go to my inbox. I don’t mind manually configuring that option. What I haven’t found is a process to explicitly state all email not in my WhiteList goes to the SpamDetector folder. Does Verizon offer such a feature?
  Any guidance from those who read / monitor this forum is most appreciated. What I would really like to do is initiate a Chat discussion with someone at Verizon. Unfortunately, I haven’t found such a link. This forum was pretty much the closest.

  The "spam/virus" message often occurs because the email did not contain any text in the subject line. Please try re-sending an email to your printer and adding text in the email's subject line.
  mails are mostly forward, I can confirm no subject issue
  1. Are there any attachments being sent? If so, which attachment file type is being used (PDF or Word documents, JPG photos, etc)?
  Some got attachment, some did not got attachment. PDF type, excel type and jpg photo type is the types of attachments that I attached when send print job.
  2. Which email address/addresses are used to send ePrint emails?
  [email protected], [email protected]
  3. The results of a test email (success/fail) which will help isolate the source of the issue. Please follow the instructions below:
  The result of test email is successful print out, but the purpose we use eprint center is for print out document we need on the way back to office then we can save time as the documents already standby there for us. But this spam issue has make this feature no user friendly, most of the time when we reach office the ducuments no print out then we have to reprint and it wasted our time.
  I suggest it is best to let the allowed email address list equal to spam white list, so your spam engine would not filter out our email. All those email I forward to print are no verify by yahoo and gmail as spam, hope your server also do not. Thanks.

• Help with Spam Whitelist

  I manage a mailing list for a non-profit organization and recently, Verizon started rejecting e-mails being sent to verizon.net addresses, returning an error message indicating they were spam messages.  I submitted the online whitelist request form 2 weeks ago and have have verizon.net members submit the form as well, to no avail!  There has been no change nor has there even been a message received indicating if the matter is being investigated.  The domain isn't on any domain block lists and I have a SPF record in DNS!  Please Help!!

  Since we haven't heard back from you or have received a form submission as requested in your private support case, it appears assistance is no longer required. If you need any future help with your Verizon service, please make a post here on the forums so we can assist.
  Anthony_VZ
  **If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
  Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan

• Problems with spam filtering (specific and general)

  I I am getting messages coming through that are OBVIOUS spam (phishing attempts from [email protected] and 
  [email protected] saying the at the account was frozen). The address is wrong in the bottom, the domains are obviously wrong, and we've seen these repeatedly. And yet they keep coming through. I was actually told that because it was marked as
  NSPM by the filter it should have been delivered, but I'm appalled that it isn't getting marked as spam at all. 
  I was given a few options for creating manual rules (well, I can do that all day, but then why have a service?) and then reset my SPF and other content delivery conditions for future monitoring. But really what I want is a definite answer as to why something
  that any person can look at and recognize is not getting picked up. It's pretty embarrassing to have moved to Office 365 and had spam protection get notably worse than it was under Postini. And then to have support tell me that it got delivered because
  it was marked as NSPM ("I know it got marked that, but how in the world did that happen?"). We've been getting these off and on for months.
  My more general complaint is how spam whitelists and blacklists are maintained. They are one step up from having to manually edit text files (which would actually be easier to do since I could search those easily). Again- this can't be the best Microsoft
  has to offer, and given the global issue that spam has become I can't believe they aren't making this better more quickly.
  Received: from BY2PR01MB107.prod.exchangelabs.com (10.242.43.19) by
  CO1PR01MB109.prod.exchangelabs.com (10.242.164.146) with Microsoft SMTP
  Server (TLS) id 15.0.934.12 via Mailbox Transport; Sun, 4 May 2014 22:42:34
  +0000
  Received: from BY2PR01CA002.prod.exchangelabs.com (10.255.247.32) by
  BY2PR01MB107.prod.exchangelabs.com (10.242.43.19) with Microsoft SMTP Server
  (TLS) id 15.0.934.12; Sun, 4 May 2014 22:42:30 +0000
  Received: from BL2FFO11FD018.protection.gbl (2a01:111:f400:7c09::198) by
  BY2PR01CA002.outlook.office365.com (2a01:111:e400:2c16::32) with Microsoft
  SMTP Server (TLS) id 15.0.934.12 via Frontend Transport; Sun, 4 May 2014
  22:42:29 +0000
  Received: from ios7supp0rt.com (176.58.88.173) by
  BL2FFO11FD018.mail.protection.outlook.com (10.173.161.36) with Microsoft SMTP
  Server id 15.0.929.8 via Frontend Transport; Sun, 4 May 2014 22:42:28 +0000
  DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=ios7supp0rt.com;
  h=To:Subject:Date:From:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; [email protected];
  bh=txKF8WnwFM/0C4YId7Ij73YddMc=;
  b=ZNL5MeSkubrD8iqoHfwWvIkob+rT9t9OOB4tcYymj2oN6S6u9DvavgjAgzhD06ENEUtOJy+X/AG3
  Ttdm6MVp+Qw85SqQIdu9aDO0yvs4SE2jwtLdWq0Rv6ynhqulRFsUKdfrlf+rIUrAgH9ovGmtjBdg
  e68KX3Prx0j+6Yqe9H8=
  DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=ios7supp0rt.com;
  b=lUMpjXXTRnieJEsqhu5oDBmNOyNKRNAZ4jzlmeOK51AaGmbtZy7WKaEp2i0/Wmwrzn41EeDDqba3
  5Cv3CYXOGg77SvVATHTL4IGlr8taesMd66PkcMMnhAqTa9XqZPo66Aq2nWotZILvjKFzs8kEtmfJ
  QstWULOZADNps03bb1c=;
  To: [email protected]
  Subject: Apple/iCloud Account Frozen
  Return-Path: [email protected]
  Date: Sun, 4 May 2014 22:42:25 +0000
  From: "Apple Europe" <[email protected]>
  Reply-To: [email protected]
  MIME-Version: 1.0
  Content-Type: text/html; charset="UTF-8"
  Content-Transfer-Encoding: 8bit
  Message-ID: <[email protected]>
  X-EOPAttributedMessage: 0
  X-MS-Exchange-Organization-MessageDirectionality: Incoming
  X-Forefront-Antispam-Report: CIP:176.58.88.173;CTRY:GB;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(428001)(199002)(189002)(25786004)(31696002)(23846002)(40036003)(74316001)(20776003)(50466002)(85852003)(46102001)(80022001)(99396002)(19617315010)(18206015023)(4396001)(19300405004)(15975445006)(21056001)(83072002)(50986999)(64706001)(77982001)(80976001)(92726001)(79362001)(76482001)(946001)(79102001)(956001)(43066001)(575854001)(19580395003)(81342001)(44976005)(71816001)(70736001)(101416001)(74502001)(83322001)(53806999)(87836001)(19580405001)(33646001)(15202345003)(74662001)(81542001)(54356999)(23676002)(551544002)(307094003)(467094002)(8886004)(575514002)(18016003)(435084004);DIR:INB;SFP:;SCL:1;SRVR:BY2PR01MB107;H:ios7supp0rt.com;FPR:;MLV:nov;PTR:orders.ios7supp0rt.com;A:1;MX:1;LANG:en;
  X-MS-Exchange-Organization-Network-Message-Id: 517b8afa-807f-489c-e9f2-08d136014419
  X-MS-Exchange-Organization-AVStamp-Service: 1.0
  Received-SPF: None (: ios7supp0rt.com does not designate permitted sender
  hosts)
  Authentication-Results: spf=none (sender IP is 176.58.88.173)
  [email protected];
  X-MS-Exchange-Organization-SCL: 1
  X-MS-Exchange-Organization-AuthSource: BL2FFO11FD018.protection.gbl
  X-MS-Exchange-Organization-AuthAs: Anonymous

  Hi,
  Do you mean your client is list in the spam list by your Exchange Server?
  If so, I think the most efficient way is to contact the Exchange Administrator to check the spam list.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Spamassassin, auto whitelist, backscatter and spam problems.

  My Mail is handled by an XServe with Mac OS X Server 10.5.5.
  I have many email problems. One of them is an email backscatter problem. Sometimes, but not always, when email is identified as spam, an email gets sent back to the "From" address saying it is spam. This email seems to come directly from my servers, which is bad as spammers usually spoof the From addresses. I have modified amavisd.conf as per below. I changed all the D_BOUNCE instances to D_REJECT, yet still emails seeming to come from my server gets sent back to the From address. This is the relevant bit out of amavisd.conf:
  $finalvirusdestiny = D_REJECT;
  $finalbanneddestiny = D_REJECT;
  $finalspamdestiny = D_REJECT;
  $finalbad_headerdestiny = D_PASS;
  I tried testing this by sending lots of emails that with keywords in them that rules are set up for to add enough points so that such emails get blocked, however, these emails seem to come through. At first I thought this was the AWL's doing, but by examining the headers of the email, there is no X-SPAM header as I'd expect, which makes me believe Spamassassin has not checked the email?? What can cause emails to bypass spamassassin and how do I get spamassassin to check every email? This seems to be a cause of my other problem of a lot of SPAM passing through the spam filter.
  I am also having a lot of trouble understanding the SA AWL.
  Is there any way I can change the scores in the AWL database?
  I have tried:
  spamassassin --remove-addr-from-whitelist=[email protected]
  This outputs a message saying it removed an address from the whitelist, but in reality does absolutely nothing. Way I can tell is by using this script which still shows the same entries for the relevant email address:
  http://spamassassin.apache.org/full/3.0.x/dist/tools/check_whitelist
  I'm stumped. Any answers/thoughts/suggestions would be much appreciated. Please help!

  postfix receives the mail, then passes it to amavisd.
  amavisd decides what scanners to use (clamav/spamassassin and possibly others) and performs the scan
  amavisd might not scan the messages if certain criteria are met (size too large, white list, etc), this is all configurable in amavisd.conf. For example, the size threshold by default may be too small, so messages with large graphics may not be scanned.
  after amavis processes the message, depending on the config of amavis, certain actions are performed (add headers, discard, reject, bounce, etc).
  then amavisd passes the mail back to postfix
  postfix delivers any deliverable mail to cyrus/dovecot and/or processes and bounce/rejection.
  a rejection doesn't work in the above scenario because it's already been accepted by postfix.
  best to discard.
  if you would like to learn more about the flow and logic, look at the amavisd config file
  /etc/amavisd.conf
  and check out the docs
  http://www.ijs.si/software/amavisd/
  Jeff

• Spam Filtering Key words or Whitelisting

  I would appreciate any help.
  We are running a mail server on an Intel xserve with 10.4.11 server.
  Spam trainer and RBL's are set up to block spam.
  Is there a way to block key words and Whitelist domains?
  I would like to customize some of the parameters for filtering.
  Thanks

  For information on whitelisting see here
  Keywords can be blocked through curstom rules. That said, this is a lost battle, you'll never catch all iterations of a word and will just waste time. Make sure you add some generic rules ("spamtrainer -a" will do this for you) and fine tune your postfix and amavis settings. You will have much better results.

• Feature Request: Whitelist shouldn't discard messages that "appear" to be spam

  In testing ePrint functionality by sending emails from my phone, my gmail, and my work addresses sometimes the messages are listed as "Discarded" because they appear to be spam or are simply ignored even though I receive the "ePrint Job Received" message.  If a sender is listed on the whitelist there should be no reason to block it as spam.
  Also, I've setup a simpler email address that forwards to my printer's @hpeprint.com address.  Messages sent to my simple custom address either bounce back, are discarded because of "too many recipients", or are ignored all together.
  Again, if my simple custom forwarding address is listed as an approved sender the messages should just be processed and printed normaly.
  I've also tried opening up ePrint settings to allow everyone but the messages are stil discarded or ignored.
  Thank you,
  DSKYZD

  I am not an expert on this matter but I can speculate why your email is getting blocked or treated as spam.  You said that you forward your email to unique email address that you created which in turn sends that off to the HP e-print email you have.  The HP servers probably use a method of spam by sending back a request to the server/box of where the email address is sending from.  Because you have a forwarder set HP thinks that your email could be spam.  For example, if you use [email protected] and forward your email with attachment to 123.com, which gets forwarded to [email protected], HP is looking at 123.com and sending back a validation request to 123.com to check and see if it is a real email address.  If you have only a forwarder set and not an actual email address this is mostly the reason why your emails are not going through.  Another reason for this might be that 123.com is forwarding your email along as if it is coming from [email protected] but in actuality it is coming from the server/box where your forwarder is which is 123.com.
  In my opinion I think that you would be better off creating an actual email account where you set a rule to forward a copy of the email to your unique eprint address.  If you whitelist this email address each time the eprint service sees this email it will know that it is coming from a whitelisted email rather than being forwarded.  Most emails that you set up this way to forward to other email accounts work just fine.  However, using advanced advanced techniques to send a validation request back for verification of a real email address is more likely what is going on.  Try this method out and let us know what happens.
  Good luck!

• Spam engine to help Spamassasin in SL Mail Server

  Hello folks,
  I'd like to know if you can recommend a good spam engine/app to help spamassasin that's built-in Snow Leopard Mail Server.
  What do you network admins use against spam? Do you rely only on Spamassasin?
  Thanks,
  Andrei D.

  SpamAssassin/amavisd works fine and can block spam effectively. It will however need some under the hood tuning as the Server Admin settings for it are very limited.
  For a description of the available parameters, see here:
  http://www200.pair.com/mecham/spam/amavisd-settings.html
  It is also important to improve on the Postfix configuration as it makes sense to block as much spam as possible before it even hits the spam filter. For a how-to see here:
  http://osx.topicdesk.com/content/view/38/62/
  (works for 10.6 as well).
  HTH,
  Alex

• Silent Spam Filtering - No NDR to Sender / No Notification to Recipient / No Option to Release Blocked Emails / No Support Document to request for Whitelisting of Sender

  Silent Spam Filtering used by iCloud is currently affecting us and our Customers. Our Customer, when sending us emails from their business domain (no presence on Global Spam Blacklists), is not able to reach us on our iCloud account and there is absolutely no sign of the email within the Inbox / Junk Folder and surprisingly no NDR to the Sender
  Symantec MessageLabs used for Outbound Mail Frittering by our customer confirms the emails to be delivered to MAC Servers, but not being forwarded to us or other end users using *@icloud.com account
  Delivery Report Extract:
  2014-10-15 03:56:39 PM SMTP Status: OK
  2014-10-15 03:56:44 PM Delivery attempt #1  (final)
  2014-10-15 03:56:44 PM Recipient server: 17.158.8.68 (mx1.mail.icloud.com)
  2014-10-15 03:56:44 PM Response: 250 2.5.0 Ok, envelope id [email protected]
  There should be a convenient way to request Apple Support Team, for addition of the Sender to an approved list or there should definitely be a Notification to the recipient of a Blocked Email address, which should help them to identify and release such emails, at will into their Inbox and not land up losing critical Customer Communications
  Cloud based Spam Filtering Solution Providers(Symantec, Microsoft and others to name a few) allows such options, as an email is now  a Business Essential Document and should be securely delivered to recipients

  This issue has become increasing prevalent over the last year and a half and has been covered by a number of reputable websites doing their own testing:
  http://www.macworld.com/article/2029570/silent-email-filtering-makes-icloud-an-u nreliable-option.html
  http://www.macworld.co.uk/news/mac/apple-censoring-icloud-emails-attachments-343 2561/
  http://www.mcelhearn.com/apples-silent-email-filtering-is-just-plain-wrong/
  No bounces are sent - messages are being accepted by Apple's mail servers and then filtered before they reach users inboxes. This is a pretty big deal.
  dgb

• How difficult would it be to implement an iMessage whitelist..?

  iMessage spam is a really big problem to me and my family members.  And getting worse by the week.
  Blocking individual senders is ludicrously ineffective and Apple seems to be reluctant to allow us to block entire domains (which would really help).
  So how difficult would it be to implement a whitelist?  (For example... I don't want any iMessages from anybody not in my Contacts list!)
  I'm really close to disabling iMessage altogether.  It is barely worth the effort now.

  The difficulty and time to do it depends on the learning
  capability of the new programmer. Patience and a drive to learn is
  what all is needed. Accomplishing one step at a time is probably
  the best approach, whether you're new or well-versed.

• Ironport Whitelist and related questions

  Hi all,
  I have recently started at a new position for a company that is utilising ironport as the email spam filtering/virus checking appliance.
  Almost immediately after starting in my position issues were being discussed, where the senderbase reputation scoring was marking a sister companies mail as spam - obviously due to a bad reputation.
  It was important that these mails were delivered and the obvious answer seemed to be to whitelist the domains, which was implemented by another support person. After the whitelist setting was applied though the mails were still be rejected due to being suspected spam - there is no quarantine setup.
  Today I logged into the boxes to see if I could syslog the mail logs to a seperate linux server and suddenly got wrapped up in this problem. I had a look and could see the domains in the whitelist section within the HAT, after doing some reading I can confirm the whitelist section was ordered as being number 1 in the list and by looking further it looks like the whitelist domains were via the 'add to sender group' button within the monitoring overview screens (this is assumed as both .sistercompany.com and sistercompany.com were appended to the whitelist).
  After a few hours of reading up I couldn't understand why the whitelist wasn't working, I even did a lookup of the domain in the monitoring overview search section for mail recieved by sistercompany.com and could see that it belonged in the whitelist group. I got further confused when reading the help and support guide - it had screenshots that looked very similar to our setup [within the HAT overview and Mail Policies], however it had an sbrs for the whitelist set between 6 and 10, where as that was blank on our system, nowhere in the document would it describe why this sbrs value was set. Bearing in mind I have only had a few hours of experience with this product, so these maybe silly questions but:
  Why would you add an sbrs value to the whitelist - I would have thought whitelists would ignore any score presented.
  If number 1 has nothing to do with why these domains were still being flagged as spam, has anyone got any suggestions as to what the issue maybe?
  For a small bit of information we have the C660 appliances installed.
  Any help would be much appreciated

  I'm taking a wild guess here since there are a lot of missing details. Forgive me if I'm covering ground you've already trod.
  Remember that the HAT controls how incoming SMTP connections are handled, so entries in the HAT must correspond to the remote SMTP servers that are connecting to you. You don't put the "domain" part of "user@domain" in the HAT ("sistercompany.com" in your case), you put in the the domain names of the actual remote SMTP servers or a wildcard that matches them all. In your case, this might be ".sistercompay.com" (note the leading "." indicating that this will match any domain name ending with ".sistercompany.com"), but only if their SMTP servers have host names in that domain.
  Whitlisting by domain name requires that the IP addresses of those remote SMTP servers have correct rDNS. If they don't, you'll have to list them in the HAT by IP address. FYI, we never put anything in the HAT by IP address unless it is unavoidable. Using domain names and requiring correct rDNS forces good DNS hygiene, and also provides a layer of abstraction. The server's address can change, but so long as the DNS is kept up to date we don't have to change our HAT entries.
  You can see from the mail logs what sender group is being applied on each SMTP connection. Find one of the rejected messages in the log and see what sender group its connection landed in. If it didn't land in the whitelist (which will almost certainly be the case, given that the message was not in fact whitelisted), then you know the HAT entry is wrong. You can also use the log to determine the actual domain name of the remote server, assuming the rDNS for its IP address is correct.
  The example screenshot in the manual showing SBRS between 6 and 10 being whitelisted is demonstrating that you can whitelist by SBRS as well as by explicit listing in the sender group. Your whitelist simply isn't doing this, which is fine. In this age of rampant spamming from stolen accounts on reputable servers, whitelisting by SBRS can let spam in. We raised the lower limit from 6 to 8 several years ago after getting hit in this exact way.
  ++Don

• How to whitelist a specific email address

  We are trying out an ironport C350. I am looking for a way to whitelist a specific email address ex. [email protected] The whitlist appears to onlyl let you add a whole domain or i.p. range and not a specific address. Is there a way to do this or would I need to build some kind of incomming content filter by sender name?

  A Content Filter would be the easiest but it is processed after the SBRS check.. Remember you can have a one content filter with multiple checks just make sure you use OR and not AND.
  So if you want to make sure a specific email is not spammed check you would need to create a Message Filter (regX expression) but then every single inbound email would be checked againest this filter.
  So the best way might be to create a whole new policy and place it before your normal or default policy. Have the policy only apply for sender = [email protected] You can turn off the spam check for this policy.

• Verizon's WhiteList of email senders won't work unless you know who they are blocking

  I have Verizon FIOS with a POP3 email account, which is configured on several PCs and my smartphone. Monday I contacted support by phone about lost incoming emails on all the systems. Four of them were emails that I bcc'ed to myself earlier that day and never received. There was also one that my sister-in-law sent the day before that was never received on any system. The support tech told me that sometimes Verizon decides to block some incoming emails for various reasons. The tech then told me how to "whitelist" the senders that were being blocked. I did whitelist the senders that I knew I has lost emails from. What I don't understand, is how I am supposed to know what important emails I didn't get? If Verizon is going to do this, they should email me a list of the senders they decided to block, so I can review the list and add important ones to my Verizon whitelist.
  That said, evidently Verizon doesn't realize that their subscribers depend on email for important communication, and should act more responsibly. If their servers are too busy at a given time, they should queue the messages for future delivery. If messages are dropped because they suspect spam they should allow the subscriber to see what was blocked, and have a chance to retrieve the messages.

  Punchcard wrote:
  I have Verizon FIOS with a POP3 email account, which is configured on several PCs and my smartphone. Monday I contacted support by phone about lost incoming emails on all the systems. Four of them were emails that I bcc'ed to myself earlier that day and never received. There was also one that my sister-in-law sent the day before that was never received on any system. The support tech told me that sometimes Verizon decides to block some incoming emails for various reasons. The tech then told me how to "whitelist" the senders that were being blocked. I did whitelist the senders that I knew I has lost emails from. What I don't understand, is how I am supposed to know what important emails I didn't get? If Verizon is going to do this, they should email me a list of the senders they decided to block, so I can review the list and add important ones to my Verizon whitelist.
  That said, evidently Verizon doesn't realize that their subscribers depend on email for important communication, and should act more responsibly. If their servers are too busy at a given time, they should queue the messages for future delivery. If messages are dropped because they suspect spam they should allow the subscriber to see what was blocked, and have a chance to retrieve the messages.
  Verizon has several different blocking systems in place. The SpamDetector can be set to save spam to your Spam folder for review, but you have to set it to do so (default behavior is to delete the messages). The Blocked Senders list is the same way. These can both be set from within your Email Settings.
  Verizon's Black List on the other hand, is a server-level block on the IP/server of the sender. These messages are not allowed into Verizon's email system at all, and the sender will receive a bounceback message directing them to the White List form.
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
  "All knowledge is worth having."

• Auto-whitelist

  Greetings,
  not sure how many people still run 10.4 mail systems. but what the heck
  I have a mail server that has been running spammassassin for years. pumping SA learn and running spamtrainer.
  recently i received OS and postfix error messages regarding insufficient storage space although i had 30gig of room on the drive.
  During a clone operation i discovered a very large Auto-whitelist file in /var/clamav/.spamassassin
  i don't remember setting Auto-Whitelist 1
  mylocal.cf doesn't mention AutoWhitelist
  and my amavisd.conf has it commented out .
  #$saautowhitelist = 0; # turn on AWL (default: false)
  # Bayesian Auto Learn
  auto_learn 1
  # Safe Reporting
  safe_reporting 0
  # Full/Terse Reporting
  usetersereport 0
  # Subject Tag
  subject_tag * Warning: Junk Mail *
  # Rewrite the Subject
  rewrite_subject 0
  # Use Bayesian Filtering
  use_bayes 1
  # OK locals
  ok_locales en
  # OK languages
  ok_languages en fr de ja
  # Required hits to be marked as spam
  required_hits 5
  I ran a test message through SA, i did not see anything referencing Auto-Whitelist.
  here is debug ::: ::
  }mx1:/var/clamav root# spamassassin -D < /private/var/root/Documents/Message1.rtf
  debug: SpamAssassin version 3.0.1
  debug: Score set 0 chosen.
  debug: running in taint mode? yes
  debug: Running in taint mode, removing unsafe env vars, and resetting PATH
  debug: PATH included '/bin', keeping.
  debug: PATH included '/sbin', keeping.
  debug: PATH included '/usr/bin', keeping.
  debug: PATH included '/usr/sbin', keeping.
  debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
  debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
  debug: config: read file /etc/mail/spamassassin/init.pre
  debug: using "//usr/share/spamassassin" for default rules dir
  debug: config: read file //usr/share/spamassassin/10_misc.cf
  debug: config: read file //usr/share/spamassassin/20antiratware.cf
  debug: config: read file //usr/share/spamassassin/20bodytests.cf
  debug: config: read file //usr/share/spamassassin/20_compensate.cf
  debug: config: read file //usr/share/spamassassin/20dnsbltests.cf
  debug: config: read file //usr/share/spamassassin/20_drugs.cf
  debug: config: read file //usr/share/spamassassin/20fake_helotests.cf
  debug: config: read file //usr/share/spamassassin/20headtests.cf
  debug: config: read file //usr/share/spamassassin/20htmltests.cf
  debug: config: read file //usr/share/spamassassin/20metatests.cf
  debug: config: read file //usr/share/spamassassin/20_phrases.cf
  debug: config: read file //usr/share/spamassassin/20_****.cf
  debug: config: read file //usr/share/spamassassin/20_ratware.cf
  debug: config: read file //usr/share/spamassassin/20uritests.cf
  debug: config: read file //usr/share/spamassassin/23_bayes.cf
  debug: config: read file //usr/share/spamassassin/25body_testses.cf
  debug: config: read file //usr/share/spamassassin/25body_testspl.cf
  debug: config: read file //usr/share/spamassassin/25_hashcash.cf
  debug: config: read file //usr/share/spamassassin/25head_testses.cf
  debug: config: read file //usr/share/spamassassin/25head_testspl.cf
  debug: config: read file //usr/share/spamassassin/25_spf.cf
  debug: config: read file //usr/share/spamassassin/25_uribl.cf
  debug: config: read file //usr/share/spamassassin/30textde.cf
  debug: config: read file //usr/share/spamassassin/30textes.cf
  debug: config: read file //usr/share/spamassassin/30textfr.cf
  debug: config: read file //usr/share/spamassassin/30textit.cf
  debug: config: read file //usr/share/spamassassin/30textnl.cf
  debug: config: read file //usr/share/spamassassin/30textpl.cf
  debug: config: read file //usr/share/spamassassin/30textsk.cf
  debug: config: read file //usr/share/spamassassin/50_scores.cf
  debug: config: read file //usr/share/spamassassin/60_whitelist.cf
  debug: using "//etc/mail/spamassassin" for site rules dir
  debug: config: read file //etc/mail/spamassassin/local.cf
  debug: using "/private/var/root/.spamassassin" for user state dir
  debug: using "/private/var/root/.spamassassin/user_prefs" for user prefs file
  debug: config: read file /private/var/root/.spamassassin/user_prefs
  debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
  debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840)
  debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
  debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70)
  debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
  debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4)
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parse_config'
  debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70) implements 'parse_config'
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
  debug: config: SpamAssassin failed to parse line, skipping: auto_learn 1
  debug: config: SpamAssassin failed to parse line, skipping: safe_reporting 0
  debug: config: SpamAssassin failed to parse line, skipping: usetersereport 0
  debug: config: SpamAssassin failed to parse line, skipping: subject_tag * Warning: Junk Mail *
  debug: config: SpamAssassin failed to parse line, skipping: rewrite_subject 0
  debug: using "/private/var/root/.spamassassin" for user state dir
  debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
  debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
  debug: bayes: found bayes db version 3
  debug: using "/private/var/root/.spamassassin" for user state dir
  debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
  debug: bayes: 17114 untie-ing
  debug: bayes: 17114 untie-ing db_toks
  debug: bayes: 17114 untie-ing db_seen
  debug: Score set 1 chosen.
  debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
  debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
  debug: bayes: found bayes db version 3
  debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
  debug: bayes: 17114 untie-ing
  debug: bayes: 17114 untie-ing db_toks
  debug: bayes: 17114 untie-ing db_seen
  debug: metadata: X-Spam-Relays-Trusted:
  debug: metadata: X-Spam-Relays-Untrusted:
  debug: ---- MIME PARSER START ----
  debug: main message type: text/plain
  debug: parsing normal part
  debug: added part, type: text/plain
  debug: ---- MIME PARSER END ----
  debug: decoding: no encoding detected
  debug: Loading languages file...
  debug: Can't determine language uniquely enough
  debug: metadata: X-Languages:
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parsed_metadata'
  debug: is Net::DNS::Resolver available? yes
  debug: Net::DNS version: 0.66
  debug: trying (3) sun.com...
  debug: looking up NS for 'sun.com'
  debug: NS lookup of sun.com succeeded => Dns available (set dns_available to hardcode)
  debug: is DNS available? 1
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: URIDNSBL: domains to query: beth.k12.pa.us hetnet.nl aim.com
  debug: all '*From' addrs:
  debug: Running tests for priority: 0
  debug: running header regexp tests; score so far=0
  debug: registering glue method for checkhashcash_doublespend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
  debug: registering glue method for checkfor_spf_helopass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
  debug: SPF: message was delivered entirely via trusted relays, not required
  debug: registering glue method for checkhashcashvalue (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
  debug: all '*To' addrs:
  debug: registering glue method for checkfor_spfsoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
  debug: SPF: message was delivered entirely via trusted relays, not required
  debug: registering glue method for checkfor_spfpass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
  debug: registering glue method for checkfor_spf_helosoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
  debug: registering glue method for checkfor_spf_helofail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
  debug: running body-text per-line regexp tests; score so far=-2.801
  debug: running uri tests; score so far=-2.801
  debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840))
  debug: Razor2 is not available
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'check_tick'
  debug: URIDNSBL: query for hetnet.nl took 1 seconds to look up (multi.surbl.org.:hetnet.nl)
  debug: URIDNSBL: query for aim.com took 1 seconds to look up (multi.surbl.org.:aim.com)
  debug: URIDNSBL: query for beth.k12.pa.us took 1 seconds to look up (multi.surbl.org.:beth.k12.pa.us)
  debug: URIDNSBL: queries completed: 6 started: 8
  debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
  debug: running raw-body-text per-line regexp tests; score so far=-2.801
  debug: running full-text regexp tests; score so far=-2.801
  debug: Razor2 is not available
  debug: Current PATH is: /bin:/sbin:/usr/bin:/usr/sbin
  debug: Pyzor is not available: pyzor not found
  debug: DCCifd is not available: no r/w dccifd socket found.
  debug: DCC is not available: no executable dccproc found.
  debug: Running tests for priority: 500
  debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'checkpostdnsbl'
  debug: URIDNSBL: queries completed: 8 started: 8
  debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
  debug: waiting 2 seconds for URIDNSBL lookups to complete
  debug: URIDNSBL: queries completed: 0 started: 0
  debug: URIDNSBL: queries active: DNSBL=8 at Mon Mar 8 18:06:35 2010
  debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:132.51.12.64)
  debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:2.96.96.209)
  debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:80.73.200.207)
  debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:107.1.236.64)
  debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:34.63.75.213)
  debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:69.63.75.213)
  debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:232.157.188.205)
  debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:20.3.172.207)
  debug: URIDNSBL: queries completed: 8 started: 0
  debug: URIDNSBL: queries active: at Mon Mar 8 18:06:36 2010
  debug: done waiting for URIDNSBL lookups to complete
  debug: running meta tests; score so far=-2.801
  debug: running header regexp tests; score so far=-1.231
  debug: running body-text per-line regexp tests; score so far=-1.231
  debug: running uri tests; score so far=-1.231
  debug: running raw-body-text per-line regexp tests; score so far=-1.231
  debug: running full-text regexp tests; score so far=-1.231
  debug: Running tests for priority: 1000
  debug: running meta tests; score so far=-1.231
  debug: running header regexp tests; score so far=-1.231
  debug: running body-text per-line regexp tests; score so far=-1.231
  debug: running uri tests; score so far=-1.231
  debug: running raw-body-text per-line regexp tests; score so far=-1.231
  debug: running full-text regexp tests; score so far=-1.231
  debug: auto-learn: currently using scoreset 1.
  debug: auto-learn: message score: -1.231, computed score for autolearn: -1.231
  debug: auto-learn? ham=0.1, spam=12, body-points=0, head-points=-2.801, learned-points=0
  debug: auto-learn? yes, ham (-1.231 < 0.1)
  debug: Learning Ham
  debug: all '*From' addrs:
  debug: all '*To' addrs:
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: uri found: mailto:[email protected]
  debug: lock: 17114 created /private/var/root/.spamassassin/bayes.lock.mx1.beth.k12.pa.us.17114
  debug: lock: 17114 trying to get lock on /private/var/root/.spamassassin/bayes with 0 retries
  debug: lock: 17114 link to /private/var/root/.spamassassin/bayes.lock: link ok
  debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_toks
  debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_seen
  debug: bayes: found bayes db version 3
  debug: ebd3a443815ae7214b74ef30dfb2c5524e3adf7a@sa_generated: already learnt correctly, not learning twice
  debug: bayes: 17114 untie-ing
  debug: bayes: 17114 untie-ing db_toks
  debug: bayes: 17114 untie-ing db_seen
  debug: bayes: files locked, now unlocking lock
  debug: unlock: 17114 unlink /private/var/root/.spamassassin/bayes.lock
  debug: is spam? score=-1.231 required=5
  debug: tests=ALLTRUSTED,MISSING_DATE,MISSINGSUBJECT
  debug: subtests=_UNUSABLEMSGID
  X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mx1.beth.k12.pa.us
  X-Spam-Level:
  X-Spam-Status: No, score=-1.2 required=5.0 tests=ALLTRUSTED,MISSINGDATE,
  MISSING_SUBJECT autolearn=unavailable version=3.0.1
  \f0\fs24 \cf0 Return-Path: <[email protected]>\
  Received: from murder ([unix socket]) by bragg.beth.k12.pa.us (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Sun, 07 Mar 2010 22:32:43 -0500\
  Received: from smtp3.beth.k12.pa.us (smtp3.beth.k12.pa.us [10.135.1.13]) by bragg.beth.k12.pa.us (Postfix) with ESMTP id 3D3F02CE4B19 for <[email protected]>; Sun, 7 Mar 2010 22:32:43 -0500 (EST)\
  Received: from localhost (mx1.beth.k12.pa.us [10.135.1.6]) by smtp3.beth.k12.pa.us (Postfix) with ESMTP id 7E5EB2425D0C for <[email protected]>; Sun, 7 Mar 2010 22:32:07 -0500 (EST)\
  Received: from mx1.beth.k12.pa.us ([127.0.0.1]) by localhost (mx1.beth.k12.pa.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11329-05 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
  Received: from mail2.beth.k12.pa.us (mail2.beth.k12.pa.us [192.227.0.10]) by mx1.beth.k12.pa.us (Postfix) with ESMTP id 9DDDFCF9E5 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
  Received: from cpsmtpb-ews07.kpnxchange.com (cpsmtpb-ews07.kpnxchange.com [213.75.39.10]) by mail2.beth.k12.pa.us (Postfix) with ESMTP id 36E83E51479 for <[email protected]>; Sun, 7 Mar 2010 22:32:05 -0500 (EST)\
  Received: from cpbrm-ews29.kpnxchange.com ([10.94.84.160]) by cpsmtpb-ews07.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:05 +0100\
  Received: from CPSMTPM-EML04.kpnxchange.com ([213.75.39.74]) by cpbrm-ews29.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:04 +0100\
  Received: from localhost ([10.94.77.199]) by CPSMTPM-EML04.kpnxchange.com with Microsoft SMTPSVC(7.0.6001.18000); Mon, 8 Mar 2010 04:32:04 +0100\
  X-Sieve: CMU Sieve 2.2\
  Content-Class: urn:content-classes:message\
  Mime-Version: 1.0\
  Content-Type: multipart/alternative; boundary="----=_NextPart_00101CABE6F.E8E7FFDB"\
  X-Mimeole: Produced By Microsoft Exchange V6.5\
  Message-Id: <[email protected]>\
  X-Ms-Has-Attach: \
  X-Ms-Tnef-Correlator: \
  Thread-Topic: EU INT LOTTO\
  Thread-Index: Acqbc/3PXjmnUcQsGeSny2PogEEg==\
  X-Originalarrivaltime: 08 Mar 2010 03:32:04.0493 (UTC) FILETIME=[EC150BD0:01CABE6F]\
  X-Recipientdomain: beth.k12.pa.us\
  X-Spam-Status: No, hits=4.117 tagged_above=-999 required=5 tests=BAYES_50, HTML5060, HTML_MESSAGE, MIMEQP_LONGLINE, NOREALNAME, SUBJALLCAPS, UNDISC_RECIPS, UPPERCASE5075\
  X-Spam-Level: **\
  EU INT LOTTO\
  YOUR EMAIL ID HAS WON \'db1,000,000.00, IN THE FIRST CATEGORY, ALL THE E-MAIL ADDRESSES WERE SELECTED THROUGH ELECTRONIC BALLOTING SYSTEM OF INTERNET E-MAIL USERS, FROM WHICH YOUR E-MAIL ADDRESS CAME OUT AS THE WINNING COUPON.\
  Clarification and procedure Contact: [email protected]\
  Tel:\'ca\'ca\'ca\'ca +31-630-861-292\'ca\'ca\'ca\'ca\'ca\'ca\'ca\'ca \
  Miss. Gillian Rowland \
  Qualification winning Number [EU/ILO-564/003/008] \
  Expiring date is 19th of March, 2010.\
  All response should be send Via Email: [email protected]\
  }mx1:/var/clamav root#

  postfix receives the mail, then passes it to amavisd.
  amavisd decides what scanners to use (clamav/spamassassin and possibly others) and performs the scan
  amavisd might not scan the messages if certain criteria are met (size too large, white list, etc), this is all configurable in amavisd.conf. For example, the size threshold by default may be too small, so messages with large graphics may not be scanned.
  after amavis processes the message, depending on the config of amavis, certain actions are performed (add headers, discard, reject, bounce, etc).
  then amavisd passes the mail back to postfix
  postfix delivers any deliverable mail to cyrus/dovecot and/or processes and bounce/rejection.
  a rejection doesn't work in the above scenario because it's already been accepted by postfix.
  best to discard.
  if you would like to learn more about the flow and logic, look at the amavisd config file
  /etc/amavisd.conf
  and check out the docs
  http://www.ijs.si/software/amavisd/
  Jeff