Some obvious spam gets through to my inbox on woodpecker and checking the headers shows it has not been processed by spamassassin. It all seems to be for the forum-mods alias, but some f-mods mail does get processed correctly and that could just because that's where most of the spam I get is delivered to.
Created attachment 234519 [details] Example spam e-mail header
I've noticed that they all have a forged FROM address of forums-mods@g.o so maybe there's some whitelist that means that mail that's apparently from you doesn't get scanned?
Added potential solution to URL, seems it could be amavisd rather than spamassassin that needs its config tweaked.
I've changed @local_domains_maps in amavisd.conf now, please see if it works.
(In reply to comment #4) > I've changed @local_domains_maps in amavisd.conf now, please see if it works. > Previous qa@g.o emails were not checked by SA, now they are.
(In reply to comment #5) > (In reply to comment #4) > > I've changed @local_domains_maps in amavisd.conf now, please see if it works. > > > > Previous qa@g.o emails were not checked by SA, now they are. > Strike that comment. That was *my* SA instance. Sorry.
(In reply to comment #4) > I've changed @local_domains_maps in amavisd.conf now, please see if it works. > Nope :( Just got some spam through that hadn't been scanned by spamassassin or amavisd.
Ok, i've tweaked the amavis config that it should hopefully add a header to every message it's seeing. Then we can figure out if some mail is bypassing amavis maybe.
Created attachment 248950 [details] spam_header2 (In reply to comment #8) > Then we can figure out if some mail is bypassing amavis maybe. > This is the header of one that's bypassed amavis.
tove pointed me at /etc/postfix/sender_access_control-aliases.pcre which says that mail from /^forum-mods@gentoo.org$/ gets an OK. Maybe this needs to be DUNNO so that the mails with a forged 'From: forum-mods' get scanned?
Return-Path: <bugzilla@gentoo.org> X-Original-To: bugzilla@gentoo.org Delivered-To: bugzilla@gentoo.org Received: from gprs5e1bdf6d.pool.t-umts.hu (gprs5e1bdf6d.pool.t-umts.hu [94.27.223.109]) by smtp.gentoo.org (Postfix) with ESMTP id ED6BA1B414D for <bugzilla@gentoo.org>; Wed, 29 Sep 2010 19:41:29 +0000 (UTC) Content-Return: allowed X-Mailer: CME-V6.5.4.3; MSN Message-Id: <20100929194112.3020.qmail@gprs5e1bdf6d.pool.t-umts.hu> To: <bugzilla@gentoo.org> Subject: Dear bugzilla@gentoo.org LOVE YOU! From: <bugzilla@gentoo.org> Reply-to: MSN Featured Offers <qwnmd@mail.msadcenter.msn.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Find Your Love Now bugzilla@gentoo.org http://groups.yahoo.com/group/xajidhgxrteh/message
/^bugzilla@gentoo.org$/ is in /etc/postfix/sender_access_control-aliases.pcre too which would explain why isn't not been scanned either. Doesn't explain qa@ which isn't in the file but maybe that's been solved by the actions in comment 8.
Ok, I've revamped the whitelist code that generates that list, please check for new spam that's not marked.
(In reply to comment #12) Ignore the qa noise, I was incorrect. Sorry.
Looks like it's working, no spam in my inbox this morning and there's one in my spam folder 'from' forum-mods with an X-Spam-Score: 18.778. Marking as fixed.