Daily Logwatch (Postfix) email being reported as spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi All!!!

This issue is a bit beyond my knowledge level/area.

Spamassassin is tagging my logwatch emails as spam. The emails range in scores from 3.53 to 6.728.  Amavisd is set to 'kill/quarantine'
spam that scores 3.14 or higher, and I receive several each day.  Note: all other emails that are scored at 3.14 or higher ARE true SPAM.
I've checked this out.

I know this is caused by the the blacklist checks shown below. What I don't know 'exactly' how to do, is solve this.

Example header from one of my emails:
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <root@xxxxxxxxx>
X-Envelope-To: <jhart@xxxxxxxxx>
X-Envelope-To-Blocked: <jhart@xxxxxxxxx>
X-Quarantine-ID: <NnUN20KoPwXR>
X-Spam-Flag: YES
X-Spam-Score: 4.731
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.731 tag=2 tag2=3.14 kill=3.14
        tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7, URIBL_GREY=1.084] autolearn=no autolearn_force=no

What I have done to resolve:

I whitelisted the following email addresses/servers:
# more /etc/postfix/rbl_allow
kevla.org OK  # this is the server
root@xxxxxxxxx OK
jhart@xxxxxxxxx OK

Modified the following in main.cf:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/rbl_allow, permit_mynetworks, permit_sasl_authenticated,
reject_unknown_client, permit
smtpd_sender_restrictions = check_client_access hash:/etc/postfix/rbl_allow

ran 'postmap /etc/postfix/rbl_allow' and restarted the postfix and amavisd services.  I was hoping this would resolve but it didn't.

For the above URIBL scores, I can see the following scores set in 50_scores.cf.
score URIBL_GREY 0 1.084 0 0.424 # n=0 n=2
score URIBL_ABUSE_SURBL 0 1.948 0 1.250 # n=0 n=2
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

Since the URIBL list could be used to detect true legitimate spam, I don't think I want to commit those checks out, at least that doesn't
make sense to me.

I am at a loss as what the next step is.  Should/Could I modify the scores for these associated BLs in 50_scores, and if so, how does one
go about setting those?  I have been looking to determine how to do this.  This would possibly help me without just blocking those BL
checks.

Also, in Centos 8, what 'runs' the logwatch summary?  Assume this is pflogsumm. Does this have a config file for options to tweak the
output?  I do not have Logwatch analyzer package installed. I have the postfix-perl-scripts package installed.  I can't see what kicks
this off at night...

Lastly, those 'autolearn' and 'autolearn_force' options mentioned in the email header above. Are those configurable to setup (ie set to
yes) and again, how to do that, and why would I?

Thank you for your time.

Jay










_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux