2911 Views 6 Replies Latest reply: Jul 27, 2009 5:09 PM by davidh
I know Alex, but unfortunately I get a 'real' email every couple of months or so that gets quarantined, usually due to something wrong at sender's server or DNS. Although the last one (3 days ago) got quarantined because the sender misspelt "meetting" in the subject line - that gets a FSBROKENMEETING=10.3 + FRT_MEETING=2.7 ! If it was discarded then no-one would know it had not been delivered (and I'm not going to read through quarantine every few days!).
I do have the sadsn_cutofflevel set to 3 points above kill_level (which luckily just missed the "meetting" one) and rejection notices only get the one outgoing attempt before they expire from retry queue so that will have to be the limit of my contribution to reducing backscatter
if you need some form of quarantine, use a mailbox instead of /var/virusmails.
This way, mail between kill_level and quarantine_cutoff will go into the quarantine mailbox and not be rejected/bounces. You can share this mailbox if needed.
If you keep D_REJECT, you will always have bad bounces.
P.S. A good overview of settings can be found here: http://www200.pair.com/mecham/spam/amavisd-settings.html
Message was edited by: pterobyte
Further, I recommend you use amavisd (as you already are for the $sadsn_cutofflevel settings, etc.)
for whitelising, since it is amavisd that is calling spamassassin.
There's plenty of info on/for amavisd and whitelisting.
That said, what works for some is NOT right for others/everyone, but after long having used proper Postfix anti-spam configuration, I have amavisd.conf set to
$satag_leveldeflt = -999; # add spam info headers if at, or above that level
$satag2_leveldeflt = 2.1; # add 'spam detected' headers at that level
$sakill_leveldeflt = 5.5; # triggers spam evasive actions (e.g. blocks mail)
$sadsn_cutofflevel = 7;
and have not once in the past several years had any word of false rejection(s) or any lost/mishandled incoming messages.
There have been other problems at the external emailer(s)' mailserver, and they have used
- for example - a gmail account to complain to my mail users, only to have it turn out to be botched DNS or mailserver settings at their end (Symantec AV's mailserver... offering, completely mangling mail-headers before sending it out, as just one example. It may have been misconfigured).
But what matters far more than wrangling amavisd and/or spamassassin in regards to otherwise legitimate mail traffic, is proper configuration of postfix. Run, don't walk to see Pterobyte's Front-Line defense tutorial at http://osx.topicdesk.com/
If you use it, I recommend making a contribution (and I have no official affiliation with Pterobyte or that site).
Next stop I strongly recommend reading up at the Postfix site,
Point being, handle spam vs. legitimate mail earlier via Postfix, rather than wasting server resources.
It's not hard to adjust Postfix (via custom rules) to accommodate for problems for some users (at their end), although one should not have to