6 Replies Latest reply: Jul 27, 2009 5:09 PM by davidh
David_x Level 4 Level 4 (3,010 points)
Just noticed this...

I have an explicitly blacklisted sender in local.cf which correctly applies a 100 point score to incoming email from that sender. However, they then get a DSN bounce from the server daemon despite the sadsn_cutofflevel = 12.

I'll change to using a recipient access file (and DISCARD action) but the question remains...

Do messages with an explicit blacklist_from command bypass amavisd.conf settings for DSN notices?
  • pterobyte Level 6 Level 6 (10,910 points)
    Hi David,

    no they should not bypass it. Is finalspamdestiny set to D_DISCARD?

    Alex
  • David_x Level 4 Level 4 (3,010 points)
    Thanks, Alex,

    finalspamdestiny = D_REJECT

    I'll do some more testing to make sure I've not missed something stoopid
  • pterobyte Level 6 Level 6 (10,910 points)
    David,

    you should set it to D_DISCARD. You really do not want to send spam back to inexistent senders.

    Alex
  • David_x Level 4 Level 4 (3,010 points)
    I know Alex, but unfortunately I get a 'real' email every couple of months or so that gets quarantined, usually due to something wrong at sender's server or DNS. Although the last one (3 days ago) got quarantined because the sender misspelt "meetting" in the subject line - that gets a FSBROKENMEETING=10.3 + FRT_MEETING=2.7 ! If it was discarded then no-one would know it had not been delivered (and I'm not going to read through quarantine every few days!).

    I do have the sadsn_cutofflevel set to 3 points above kill_level (which luckily just missed the "meetting" one) and rejection notices only get the one outgoing attempt before they expire from retry queue so that will have to be the limit of my contribution to reducing backscatter

    -david
  • pterobyte Level 6 Level 6 (10,910 points)
    David,

    if you need some form of quarantine, use a mailbox instead of /var/virusmails.

    This way, mail between kill_level and quarantine_cutoff will go into the quarantine mailbox and not be rejected/bounces. You can share this mailbox if needed.

    If you keep D_REJECT, you will always have bad bounces.

    HTH,
    Alex

    P.S. A good overview of settings can be found here: http://www200.pair.com/mecham/spam/amavisd-settings.html

    Message was edited by: pterobyte
  • davidh Level 4 Level 4 (1,890 points)
    Further, I recommend you use amavisd (as you already are for the $sadsn_cutofflevel settings, etc.)
    for whitelising, since it is amavisd that is calling spamassassin.

    There's plenty of info on/for amavisd and whitelisting.

    That said, what works for some is NOT right for others/everyone, but after long having used proper Postfix anti-spam configuration, I have amavisd.conf set to
    $satag_leveldeflt = -999; # add spam info headers if at, or above that level
    $satag2_leveldeflt = 2.1; # add 'spam detected' headers at that level
    $sakill_leveldeflt = 5.5; # triggers spam evasive actions (e.g. blocks mail)
    $sadsn_cutofflevel = 7;

    and have not once in the past several years had any word of false rejection(s) or any lost/mishandled incoming messages.
    There have been other problems at the external emailer(s)' mailserver, and they have used
    - for example - a gmail account to complain to my mail users, only to have it turn out to be botched DNS or mailserver settings at their end (Symantec AV's mailserver... offering, completely mangling mail-headers before sending it out, as just one example. It may have been misconfigured).

    But what matters far more than wrangling amavisd and/or spamassassin in regards to otherwise legitimate mail traffic, is proper configuration of postfix. Run, don't walk to see Pterobyte's Front-Line defense tutorial at http://osx.topicdesk.com/

    If you use it, I recommend making a contribution (and I have no official affiliation with Pterobyte or that site).

    Next stop I strongly recommend reading up at the Postfix site,
    and http://www.postfix-book.com/

    Point being, handle spam vs. legitimate mail earlier via Postfix, rather than wasting server resources.
    It's not hard to adjust Postfix (via custom rules) to accommodate for problems for some users (at their end), although one should not have to