Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[AMaViS-user] Normal, that ham gets in quarantine folder?

36 views
Skip to first unread message

Claudio Kuenzler

unread,
Jun 22, 2009, 6:28:04 AM6/22/09
to
Hello,

I'm new to Amavisd-new and I have a question about the incoming ham-mails.
Is the following procedure normal?

Incoming (ham) e-mail:
-------------------------------------
Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) ESMTP::10024
/var/spool/amavis/tmp/amavis-20090621T042001-27260: <sen...@example.com> ->
<rece...@example.com> Received: SIZE=3924 from
mx1.example.com([127.0.0.1]) by localhost (mx1 [127.0.0.1])
(amavisd-new, port 10024) with
ESMTP id 27260-05 for <rece...@example.com>; Mon, 22 Jun 2009 10:27:11
+0200 (CEST)
Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) Checking: lN6GbpoYXYus
[123.123.123.123] <sen...@example.com> -> <rece...@example.com>
Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) local delivery: <> ->
<spam-quarantine>, mbx=/var/spool/amavis/virusmails/spam-lN6GbpoYXYus.gz
-------------------------------------
The incoming mail gets obviously transferred into the quarantine-folder ...

Then there is the result coming back from amavis:
-------------------------------------
Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) Passed CLEAN,
[123.123.123.123] [98.0.0.70] <sen...@example.com> -> <rece...@example.com>,
quarantine: spam-lN6GbpoYXYus.gz, Message-ID: <
OFE122D591.83A7A75B-ONC12575...@example.com>,
mail_id: lN6GbpoYXYus, Hits: 0.644, 491 ms
Jun 22 10:27:11 mx1 postfix/smtp[9996]: 01CD26BBFB: to=<rece...@example.com>,
relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 2.6.0 Ok, id=27260-05,
from MTA([127.0.0.1]:10025): 250 Ok: queued as 844136BBFC)
-------------------------------------
After delivering the e-mail to the final recipient, the quarantines mail
stays in the quarantine-folder as
/var/spool/amavis/virusmails/spam-lN6GbpoYXYus.gz.

Is it normal, that a ham e-mail stays quarantined even that it was delivered
correctly?

Thank you in advance for some information.

Regards,
Claudio
------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
AMaViS-user mailing list
AMaVi...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Daniel Luttermann

unread,
Jun 22, 2009, 6:59:37 AM6/22/09
to
Claudio,

> Hello,

as far as I know this could happen if you use D_PASS as
final_*_destiny and you use quarantaine.

So if you've configured

$final_spam_destiny = D_PASS;

and "$spam_quarantine_to=" is not empty than the mail gets stored into
quarantaine and will be delivered to the recipient.

Same for bad header, banned files and viruses...

The score 0.644 is a bit low for classify the mail as spam but if you
use D_PASS it should be OK.


--
Daniel

Claudio Kuenzler

unread,
Jun 22, 2009, 7:12:52 AM6/22/09
to
Thx, Daniel, for your fast response,

I'm not using the param $spam_quarantine_to=. In fact when I try to use it,
amavis is giving me an error when I restart amavisd:
-------------------------
Starting virus-scanner (amavisd-new):Error in config file
"/etc/amavisd.conf": syntax error at /etc/amavisd.conf line 106, near "=;"
-------------------------

I think I left out some important information: I'm using
amavisd-new-2.3.3-17.2 on SLES 10. Maybe this version doesn't have this
parameter?

About the low spam score: I figured that out too, SpamAssassin itself is
giving a very different score than Amavis but I haven't figured out how to
"adapt" that.

cheers,
Claudio

Mark Martinec

unread,
Jun 22, 2009, 7:17:11 AM6/22/09
to
Claudio,

> Is the following procedure normal?
>
> Incoming (ham) e-mail:
> -------------------------------------
> Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) ESMTP::10024
> /var/spool/amavis/tmp/amavis-20090621T042001-27260: <sen...@example.com> ->
> <rece...@example.com> Received: SIZE=3924 from
> mx1.example.com([127.0.0.1]) by localhost (mx1 [127.0.0.1])
> (amavisd-new, port 10024) with
> ESMTP id 27260-05 for <rece...@example.com>; Mon, 22 Jun 2009 10:27:11
> +0200 (CEST)
> Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) Checking: lN6GbpoYXYus
> [123.123.123.123] <sen...@example.com> -> <rece...@example.com>
> Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) local delivery: <> ->
> <spam-quarantine>, mbx=/var/spool/amavis/virusmails/spam-lN6GbpoYXYus.gz

> Jun 22 10:27:11 mx1 amavis[27260]: (27260-05) Passed CLEAN,
> [123.123.123.123] [98.0.0.70] <sen...@example.com> ->
> <rece...@example.com>, quarantine: spam-lN6GbpoYXYus.gz, Message-ID: <
> OFE122D591.83A7A75B-ONC12575...@example.com>,
> mail_id: lN6GbpoYXYus, Hits: 0.644, 491 ms
> Jun 22 10:27:11 mx1 postfix/smtp[9996]: 01CD26BBFB:
> to=<rece...@example.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent
> (250 2.6.0 Ok, id=27260-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as
> 844136BBFC)
> -------------------------------------

> The incoming mail gets obviously transferred into the quarantine-folder ...

> After delivering the e-mail to the final recipient, the quarantines mail


> stays in the quarantine-folder as
> /var/spool/amavis/virusmails/spam-lN6GbpoYXYus.gz.
>
> Is it normal, that a ham e-mail stays quarantined even that it was
> delivered correctly?

Well, yes and no. Quarantining has its own settings, which is independent
from decision whether to deliver mail or not. E.g. spam gets quarantined
even for spam lovers, even though they do receive their mail. For spam
all it matters is that spam level is at or above kill level, and that spam
quarantine is enabled.

But in your case (judging from 'Passed CLEAN') it seems you have
quarantining also enabled for clean messages - which may be perfectly
valid and desired (e.g. archiving), but is not a default setting.

Check your settings %quarantine_method_by_ccat, %quarantine_to_maps_by_ccat,
$clean_quarantine_method, @clean_quarantine_to_maps, $clean_quarantine_to.

Mark

Claudio Kuenzler

unread,
Jun 22, 2009, 7:17:33 AM6/22/09
to
Hi Daniel and Mark,

Argh, I have made a wrong setting of the param $spam_quarantine_to.

Have set it to
$spam_quarantine_to = "";

now and it seems to work. Just sent a test mail which passed as CLEAN and
was not quarantined.

Thanks a lot for all your hints.

Claudio


On Mon, Jun 22, 2009 at 12:50 PM, Mark Martinec
<Mark.Marti...@ijs.si<Mark.Martinec%2Bam...@ijs.si>

Mark Martinec

unread,
Jun 22, 2009, 9:28:31 AM6/22/09
to
Claudio,

> About the low spam score: I figured that out too, SpamAssassin itself is
> giving a very different score than Amavis but I haven't figured out how
> to "adapt" that.

See
http://www.ijs.si/software/amavisd/#faq-spam
-> SpamAssassin returns different score ...

0 new messages