Show which rule a PASSED SPAMMY message hit

(Stefano) #1

regarding mail logs, I’d love to see which rule a PASSED SPAMMY message hit…

in my daily job, searching/grepping the logs file is a ordinary task.

and another thing I miss is the possibility to have a full mail transaction (either incoming or outgoing) about a specific mail address…

finally, out there (internet) there are many script to parse dovecot/postfix logs…

Improve Mail Log Viewer and Query
Spam logging verbosity
(Stefano) #2

I already asked this question (about rules in spammy msg) and the answer was "you’ll find them into the message headers"
sometimes I don’t have the message and it could be deleted…

(Davide Principi) #3

Perhaps it can come out by increasing amavisd log verbosity…

I find useful the postfix queue ID (like 10FBD8C0226); it is a backward search in /var/log/maillog from the delivery action to the original SMTP client.

(Artem Fedai) #4

use Amavis to send report to Admin in which it Shows by what rule and by what Bed Header mail PASSED to User!

$mailfrom_notify_admin = “root@$mydomain”;
$mailfrom_notify_spamadmin = “root@$mydomain”;

$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

(Stefano) #5

no, I don’t want any kind of report sent via mail…
I need to see, in maillog file, which rules a SPAMMY message (passed or not) had hit…

just for comparison, in SME server I read:

2015-06-22 16:43:51.860269500 12952 spamassassin plugin (data_post): check_spam: No, hits=4.2, required=5.0, tests=HTML_MESSAGE,MIME_HTML_ONLY,TVD_FW_GRAPHIC_NAME_LONG,URIBL_BLOCKED,URI_NO_WWW_BIZ_CGI

so it’s easy for me to grep, for example for “URIBL_BLOCKED”

another thing maybe I miss (I’m not alreary confortable with postfix’s logs) is the way to identify denied messages like this one:

2015-06-22 15:40:16.008486500 11174 logging::logterse plugin (deny): ` ypfgcgzqwq dnsbl 903 Blocked - see msg denied before queued


(Alessio Fattorini) #6

@filippo_carletti has made some test on amavis log verbosity, I don’t know if there an open issue or it’s in testing