[ILUG] Amavisd / SA question

Niall O Broin niall at linux.ie
Mon Jul 26 16:01:35 IST 2004 

I'm configuring amavisd-new + clamav + SpamAssassin on a server. clamav 
appears to work, but I am having some issues with SA. I have a local.cf for 
SA which, amongst other things, gives 5 points if the subject matches 
"vicodin" and 2.5 points if the subject matches "í" (that's i fada, in case 
of encoding issue)

So, doing some tests with telnet to 10024, I got this:

MAIL FROM:<niall at magicgoeshere.com>
250 2.1.0 Sender niall at magicgoeshere.com OK
RCPT TO:<postmaster>
250 2.1.5 Recipient postmaster OK
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test4 for amavis - vicodin vícodín
test4 for amavis - vicodin vícodín
SA should catch this
.
250 2.5.0 Ok, id=28754-01-6, BOUNCE

and postmaster got no mail, but my sending address didn't get a bounce. What 
should have happened there?


However, when I do a slightly more real test, with telnet to 25, I get:

MAIL MAIL FROM:<niall at magicgoeshere.com>
250 Ok
RCPT TO:<postmaster>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test for amavis - vicodin vícodín
test for amavis - vicodin vícodín
SA should catch this
.
250 Ok: queued as 0026DE4D0


and sure enough when I look in postmaster's mail there it is, in all its 
glory, with an  X-Virus-Scanned: by amavisd-new  header.

Having done this with amavisd in debug mode, I have LOTS of debug info from 
which the following look relevant

(31053-01) CALLING SA check
(31053-01) spam_scan: hits=6 tests=ALL_TRUSTED,DRUGS_PAIN,LOCAL_DRUGS
(31053-01) lookup (bypass_spam_checks) => undef, 
"postmaster at localhost.mydomain.com" does not match
(31053-01) lookup (spam_tag_level) => true,
 "postmaster at localhost.mydomain.com" matches, result="2", 
matching_key="(constant:2)"
(31053-01) headers CLUSTERING: NEW CLUSTER
<postmaster at localhost.mydomain.com>: hits=6, tag=0, tag2=0, subj=0, subj_u=0, 
local=0, bl=
(31053-01) headers CLUSTERING: done all 1 recips in one go
(31053-01) FWD via SMTP: [127.0.0.1]:10025
<root at mail.mydomain.com> -> <postmaster at localhost.mydomain.com>



>From which it appears to me that amavisd DOES scan the mail with SA, which 
does find it to be spam (LOCAL_DRUGS is a local rule which gives +5 to 
vicodin in the Subject) but yet it doesn't add a header. I don't know what on 
earth the  headers CLUSTERING:  lines are about.

Can any of you shed some light here?



--
Niall

More information about the ILUG mailing list