EDIT: I have fixed this problem by rasing the score for BAYES_99 from 4.3 to 6.5, this way it will exceed the minimum score required to be classified as spam and is not too invasive for other messages too.
I have enabled Pyzor, Razor and SPF into spamassassin by following the wiki (however I don't know how to look to see if they are indeed configured and working) and everything is all good until yesterday I am receiving spam from my domain emails. When I look into logs it seems a clear spam however zimbra doesn't mark it as a spam.
Here is a message:
Received: from email.mydomain.com (LHLO email.mydomain.com) (18.104.22.168)
by email.mydomain.com with LMTP; Mon, 30 Jul 2012 17:21:29 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by email.mydomain.com (Postfix) with ESMTP id 766A92A22C8
for <firstname.lastname@example.org>; Mon, 30 Jul 2012 17:21:29 +0200 (CEST)
X-Virus-Scanned: amavisd-new at email.mydomain.com
X-Spam-Status: No, score=6.551 tagged_above=-10 required=6.6
tests=[BAYES_99=4.3, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_NONE=0.793,
SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from email.mydomain.com ([127.0.0.1])
by localhost (email.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6wdqRzHitSrg for <email@example.com>;
Mon, 30 Jul 2012 17:21:28 +0200 (CEST)
Received: from [22.214.171.124] (unknown [126.96.36.199])
by email.mydomain.com (Postfix) with ESMTP id D22F32A19B4
for <firstname.lastname@example.org>; Mon, 30 Jul 2012 17:21:27 +0200 (CEST)
Date: Mon, 30 Jul 2012 12:21:23 -0300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:188.8.131.52) Gecko/20101027 Thunderbird/3.1.6
Subject: Manager Customer Service
Content-Type: text/plain; charset=UTF-8; format=flowed
Large American company which engaged in IT development and investment, looking for representatives in Europe to
cooperate with international holdings and distribution of investment in IT.
Since intercontinental bank transfers take a lot of time company needs staff to handle the funds of the company,
it is assumed either part time or full time.
Salary - 4000 EUR monthly for 3 - 4 working hours a day.
However, your earnings may increase depending on the time you'll spend on quests, severity and loyalty to the company.
If you are interested in the prospect of a possible employment is presented below the job description
- Receive payments from our customers all over the world and treat them with banking schemes and cash transfers
- When processing each payment you receive an immediate bonus of 5% of the payment amount
- Maintain reporting and any necessary preparations to receive payments
- Be confident in the accuracy of the correctness and delivering them on time.
This position does not involve a change of residence,
and you will be able to work in the city and even in my area and you do not need to move anywhere.
This listing does not include fixed working hours and absolutely suitable for all sectors and age groups in our society.
You do not need to invest or spend their money, all the costs come at the expense of the company.
1. Elementary knowledge of the banking system and money transfer systems.
2. Ability to accept payments on your bank account at your bank.
3. Speed of processing tasks (send and receive payments) for a given system of money transfers.
4. Ability to check your email on the Internet at least once a day.
It is forbidden:
1. Breach of confidentiality and corporate ethics of our customers.
2. Deliberate delay in payment processing (already immediately after the receipt of funds in the account, in most cases, the company requires the fulfillment of tasks on the same day when you received a bank transfer to the account).
3. The statement about the impossibility to process the payment after receiving it.
If you breach any of the above paragraph will cease our cooperation.
If you are interested in this proposal, we suggest that you go through a trial period. For this purpose send your information to us.
1. Your full name
2. Your Age
3. Contact phone number with international format
4. Contact email address:
Send the data to the email address of company Derrick@top10jobbs.com,and before sending check address. (Do not click button to answer.)
The emails are not only targetting my admin account, a part of the message changes with each email, and it's never coming back from the same IP address. Any ideas how to put an end to this?
Jul 30 17:21:29 email postfix/qmgr: 766A92A22C8: from=<email@example.com>, size=3891, nrcpt=1 (queue active)
Jul 30 17:21:29 email amavis: (28167-01) FWD via SMTP: <firstname.lastname@example.org> -> <email@example.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 766A92A22C8
Jul 30 17:21:29 email amavis: (28167-01) Passed CLEAN, [184.108.40.206] [220.127.116.11] <firstname.lastname@example.org> -> <email@example.com>, Message-ID: <5016A274.firstname.lastname@example.org>, mail_id: 6wdqRzHitSrg, Hits: 6.551, size: 3189, queued_as: 766A92A22C8, 1183 ms
Jul 30 17:21:29 email postfix/smtp: D22F32A19B4: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.49/0/0.01/1.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 766A92A22C8)
Jul 30 17:21:29 email postfix/qmgr: D22F32A19B4: removed
Jul 30 17:21:29 email amavis: (28167-01) extra modules loaded: /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm, Net/LDAP/Extension.pm, Net/SSLeay.pm, unicore/lib/gc_sc/Alnum.pl, unicore/lib/gc_sc/Alpha.pl
Jul 30 17:21:29 email postfix/lmtp: 766A92A22C8: to=<firstname.lastname@example.org>, relay=email.mydomain.com[18.104.22.168]:7025, delay=0.25, delays=0.04/0/0.03/0.17, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jul 30 17:21:29 email postfix/qmgr: 766A92A22C8: removed