0

I'm trying to create a special mail account to collect all incoming spam with the purpose to later on be able to train the SA more easily for the whole domain.

We're using Zimbra, but as far as I can see the problem is not zimbra related, because it's "almost" working.

The setting I have are: 

$quarantine_method_by_ccat{+CC_SPAMMY}     = 'smtp:127.0.0.1:10025'; 
$quarantine_method_by_ccat{CC_SPAMMY.",1"} = 'smtp:127.0.0.1:10025'; 
$quarantine_method_by_ccat{+CC_SPAM}       = 'smtp:127.0.0.1:10025'; 
$quarantine_to_maps_by_ccat{+CC_SPAMMY}     = ['spam@domain']; 
$quarantine_to_maps_by_ccat{CC_SPAMMY.",1"} = ['spam@domain']; 
$quarantine_to_maps_by_ccat{+CC_SPAM}       = ['spam@domain']; 

@spam_lovers_maps = @bypass_spam_checks_maps = ( [ qw('spam@domain',) ], ); 
$final_virus_destiny      = D_BOUNCE; 
$final_banned_destiny     = D_BOUNCE; 
$final_bad_header_destiny = D_PASS; 
$final_spam_destiny       = D_DISCARD; 
$final_destiny_by_ccat{+CC_SPAMMY} = $final_spam_destiny;

So far so good, most of the time as spam-admin I receive messages like:

http://pastebin.com/fqaCsZR8

But some mails will be discarded and not even send to spamasassin (I think) and it doesn't matter if it's spam or not.

http://pastebin.com/2Uh34gBT

And this was even just an autoresponder from the user himself. Issued by the server.

Or http://pastebin.com/bePUrEtf for more or less spam mails. Just no report and this is neither an autoresponder nor a mail-daemon message.

Any Ideas?

Thanks!

Meiko Watu
  • 334
  • 3
  • 14
  • How do you pass the emails to amavisd-new, postfix? – NickW May 03 '13 at 10:06
  • sorry for the late response, yes postfix is passing the mails there – Meiko Watu May 08 '13 at 11:29
  • No problems, do you accept mail on multiple ports? 465/587 and 25? – NickW May 08 '13 at 11:32
  • yes, to the outside world 465 and 25 are open. in the master.cf to port 465 `-o smtpd_tls_wrappermode=yes` and `-o smtpd_sasl_auth_enable=yes`. submission (587) is not open to the outside world. – Meiko Watu May 09 '13 at 13:21
  • You are discarding spam mails as the default policy, it might be the fact that your spam lovers user is spam@domain and not the user who should be receiving the spam, and also your final spam destiny for CC_SPAMMY is DISCARD, CC_SPAM is kill, CC_SPAMMY is tag2 level (if you look at spamassassin it has multiple actions based upon spam level, you can trash at a certain level, change subject at a lower one, and just add the headers normally) .. – NickW May 09 '13 at 13:34
  • Basically, what my comment above here is saying is that 1. you may not have the correct user in the spam lovers. 2. you may not have the same destiny for spam depending on the tag level. – NickW May 09 '13 at 13:43
  • You're right, the spam@domain account is in the spam lovers. The really strange thing is, that it mostly happens with Autoresponders or the one mail I quoted above. All the "normal" spam is delivered to the quarantine mailbox without any problem or tagged as probably spam correctly. But these mails are getting discarded and not quarantines. And there is no spamassassin report which indicates its above spam kill level (`$sa_quarantine_cutoff_level = 99999;` – Meiko Watu May 09 '13 at 13:56
  • I wonder if it is because they are short circuiting something somewhere, are they coming from machines in your local network? You can configure amavisd with a very similar parameters to postfix, to not do further checks on mail coming from trusted networks. – NickW May 09 '13 at 14:03
  • How can I identify which is missing? I don't have any spamassassin informations, because the mail I get as spam_admin leaves the spamassassin report part empty. So I thought I'm save with discard and setting the cutoff level that high. So no mail actually gets rejected, everything goes into the spam@domain account. – Meiko Watu May 09 '13 at 14:03
  • That sounds like a good first step, set final_spam_destiny to D_PASS, and at least see if they are scanned or not (it could just be they are not getting enough hits). – NickW May 09 '13 at 14:05
  • `@local_domains_maps` contains all local domains as well as the two relay servers, where usually bounces are coming from. The discarded mails are coming from multiple domains which don't belong to us. Even the last link in the question is some kind of a newsletter and there is no spamassassin report or something – Meiko Watu May 09 '13 at 14:06
  • Instead of enable it for the whole domain, would it be enough to add the person who receives the discarded newsletter to spam_lovers ? Because as an institution in africa we have like quite a lot of spam. – Meiko Watu May 09 '13 at 14:08
  • Yeah, which is why I was suggesting the spam_lovers needs to be the user who you are testing, not the mailbox where the spam should end up. – NickW May 09 '13 at 14:09
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/8697/discussion-between-nickw-and-meiko-watu) – NickW May 09 '13 at 14:09

1 Answers1

2

You may want to check that the users in the @spam_lovers_maps correspond to the user who needs to receive any and all spam, and that messages to him do not get caught in the $final_spam_destiny = D_DISCARD; trap. You may also want to ensure that the user does not have any .procmail files, or similar delivery time scripts that may discard the mail after amavisd decided to pass it.

NickW
  • 10,183
  • 1
  • 18
  • 26
  • thanks Nick, for the help and pointing me in the right direction! The users had for some reason an empty entry in their per user blacklist, which caused mails with REturn Part <> to be rejected. Thanks! – Meiko Watu May 13 '13 at 09:26
  • Thank you for spending the time troubleshooting with me! – NickW May 13 '13 at 09:34