Results 1 to 4 of 4

Thread: amavisd is not blocking

  1. #1
    Join Date
    Mar 2011
    Posts
    4
    Rep Power
    4

    Exclamation amavisd is not blocking

    sir,

    our mail server is running in Release 6.0.2_GA_1912.DEBIAN5_64 DEBIAN5_64 FOSS edition , using amavid as spam filter , we are hitting huge spams in our mail box

    mail patter lik follows

    *********

    From : Blowout Auctions" <amy_dryer70@plasstosy.com>

    Department stores are over priced - See how you can ride the Wavee for less.

    Buy top selling brands for far less than retail. Wavee's patent pending auction bidding begins at a penny.
    View Here:
    [url removed]
    ****************

    I have checked logs

    Mar 30 19:58:07 mail amavis[16113]: (16113-02) FWD via SMTP: <info@plasstosy.com > -> <amarjith@our server>,ENVID=172477239 BODY=7BIT 250 2.0.0 Ok, id=161 13-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 940AC87E68D
    Mar 30 19:58:07 mail amavis[16113]: (16113-02) Passed CLEAN

    its not filtering I am getting 50 such mail in may of my mailboxes please help mee............. to solve this


    The orginal message of same type spam
    ***************8
    X-Spam-Flag: NO
    X-Spam-Score: 5.87
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.87 tagged_above=-10 required=10
    tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13,
    FH_DATE_PAST_20XX=3.188, RCVD_IN_SBL=1.551] autolearn=no
    Received: from mail.xxx.com ([127.0.0.1])
    by localhost (mail.xxx.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id O1FLto-2S4D5; Thu, 31 Mar 2011 19:22:55 +0530 (IST)
    Received: from guio.flowkhasid.com (updates.dealerinnovationprograms.com [74.82.198.183])
    by mail.xxx.com (Postfix) with ESMTP id 7521B87E56F
    for <brijesh@xxx.com>; Thu, 31 Mar 2011 19:22:54 +0530 (IST)
    Subject: Lower Cholesterol
    Mime-Version: 1.0
    To: <brijesh@xxx.com>
    Date: Thu, 31 Mar 2011 09:52:35 -0400
    From: "Syntra-5 15 Day Trial" <suri@flowkhasid.com>
    Message-ID: <1517361701794041496@guio.flowkhasid.com>
    User-Agent: Cert - OutMode/2.0 tigww/2.2196
    X-Mailer: Opera / 10.0
    Accept-Language: en - us
    Content-Language: en -us
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 8bit
    Content-Disposition: inline

    Syntra-5

    Start to lower blood sugar naturally - View How to start your trial today

    [url removed]


    - Fasting Blood Sugar from 196 to 89
    - A1c from 7.7 to 4.6
    - Increased Energy!
    Last edited by amarjith_s@hotmail.com; 04-05-2011 at 04:03 AM. Reason: more details

  2. #2
    Join Date
    Feb 2011
    Posts
    82
    Rep Power
    4

    Default

    Can you post the headers too?

  3. #3
    Join Date
    Mar 2011
    Posts
    4
    Rep Power
    4

    Exclamation amavid fail to bolck spam

    orginal spam message is given below,,, please do help me to solve this problem...


    **********

    Return-Path: info@whuztulsa.com
    Received: from capstocksindia.com (LHLO mail.capstocksindia.com)
    (111.93.140.180) by mail.capstocksindia.com with LMTP; Sun, 3 Apr 2011
    19:29:58 +0530 (IST)
    Received: from localhost (localhost [127.0.0.1])
    by mail.capstocksindia.com (Postfix) with ESMTP id 3DD7B87E689
    for <brijesh@capstocksindia.com>; Sun, 3 Apr 2011 19:29:58 +0530 (IST)
    X-Virus-Scanned: amavisd-new at mail.capstocksindia.com
    X-Spam-Flag: NO
    X-Spam-Score: 7.568
    X-Spam-Level: *******
    X-Spam-Status: No, score=7.568 tagged_above=-10 required=10 tests=[AWL=0.250,
    BAYES_95=3, DNS_FROM_OPENWHOIS=1.13, FH_DATE_PAST_20XX=3.188]
    autolearn=no
    Received: from mail.capstocksindia.com ([127.0.0.1])
    by localhost (mail.capstocksindia.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id ZR02S2C+WEcA; Sun, 3 Apr 2011 19:29:55 +0530 (IST)
    Received: from hgru.whuztulsa.com (visiportal.visualconnectionport.net [76.164.226.164])
    by mail.capstocksindia.com (Postfix) with ESMTP id D65ED87E56D
    for <brijesh@capstocksindia.com>; Sun, 3 Apr 2011 19:29:54 +0530 (IST)
    From: "Auto Repairs" <info@whuztulsa.com>
    Date: Sun, 3 Apr 2011 06:45:41 -0700
    Message-ID: <8243348967084533674697549@hgru.whuztulsa.com>
    Mime-Version: 1.0
    To: <brijesh@capstocksindia.com>
    Subject: Car Warranties
    User-Agent: Cert - OutMode/2.0 tigww/3.5bd
    X-Mailer: Firefox / 3.2
    Accept-Language: en - us
    Content-Language: en - us
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 8bit
    Content-Disposition: inline

    Get Your Extended Auto Warranty Direct From The Source

    View Here:
    [url removed]


    -Roadside Assistance Benefits
    -Car Rental
    -Nationwide Coverage
    -Unlimited Number of Claims
    -Lost Key/Lockout Assistance
    -And Much, Much More

    ---------------------------------------------
    Auto Warranty Quote Center 2805 E. Oakland Park Blvd #336 Ft. Lauderdale FL 33306
    End future emails here: [url removed]
    Last edited by phoenix; 04-04-2011 at 01:22 AM.

  4. #4
    Join Date
    Feb 2011
    Posts
    82
    Rep Power
    4

    Default

    X-Spam-Status: No, score=7.568tagged_above=-10 required=10 tests=[AWL=0.250
    Your Tag percentage seems too high. It look like it is set to 50 now, change it to 33.

    On The other hand, the two rules:
    DNS_FROM_OPENWHOIS=1.13, FH_DATE_PAST_20XX=3.188
    are buggy. They will always hit and it is false positive. You should consider upgrade zimbra or look in forum to update spamassassin rules. It is possible that whoever administer your zimbra server rise the tag percentage as a quick fix for them.
    Last edited by John Siu; 04-04-2011 at 08:36 AM.

Similar Threads

  1. Did I miss something? (Zimbra GA 6.0.8 on Ubuntu 10.04)
    By vpetersson in forum Installation
    Replies: 2
    Last Post: 10-26-2010, 07:29 AM
  2. Replies: 12
    Last Post: 02-24-2008, 12:16 AM
  3. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  4. Replies: 5
    Last Post: 12-04-2007, 05:40 PM
  5. Building SVN for CentOS 4.4 (mysql)
    By GrepACE in forum Developers
    Replies: 3
    Last Post: 12-29-2006, 10:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •