CentOS - Dec 2021 - Daily Logwatch (Postfix) email being reported as spam

Hi All!!!

This issue is a bit beyond my knowledge level/area.

Spamassassin is tagging my logwatch emails as spam. The emails range in scores
from 3.53 to 6.728.  Amavisd is set to 'kill/quarantine'
spam that scores 3.14 or higher, and I receive several each day.  Note: all
other emails that are scored at 3.14 or higher ARE true SPAM.
I've checked this out.

I know this is caused by the the blacklist checks shown below. What I don't
know 'exactly' how to do, is solve this.

Example header from one of my emails:
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <root at kevla.org>
X-Envelope-To: <jhart at kevla.org>
X-Envelope-To-Blocked: <jhart at kevla.org>
X-Quarantine-ID: <NnUN20KoPwXR>
X-Spam-Flag: YES
X-Spam-Score: 4.731
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.731 tag=2 tag2=3.14 kill=3.14
        tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7,
URIBL_GREY=1.084] autolearn=no autolearn_force=no

What I have done to resolve:

I whitelisted the following email addresses/servers:
# more /etc/postfix/rbl_allow
kevla.org OK  # this is the server
root at kevla.org OK
jhart at kevla.org OK

Modified the following in main.cf:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/rbl_allow,
permit_mynetworks, permit_sasl_authenticated,
reject_unknown_client, permit
smtpd_sender_restrictions = check_client_access hash:/etc/postfix/rbl_allow

ran 'postmap /etc/postfix/rbl_allow' and restarted the postfix and
amavisd services.  I was hoping this would resolve but it didn't.

For the above URIBL scores, I can see the following scores set in 50_scores.cf.
score URIBL_GREY 0 1.084 0 0.424 # n=0 n=2
score URIBL_ABUSE_SURBL 0 1.948 0 1.250 # n=0 n=2
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

Since the URIBL list could be used to detect true legitimate spam, I don't
think I want to commit those checks out, at least that doesn't
make sense to me.

I am at a loss as what the next step is.  Should/Could I modify the scores for
these associated BLs in 50_scores, and if so, how does one
go about setting those?  I have been looking to determine how to do this.  This
would possibly help me without just blocking those BL
checks.

Also, in Centos 8, what 'runs' the logwatch summary?  Assume this is
pflogsumm. Does this have a config file for options to tweak the
output?  I do not have Logwatch analyzer package installed. I have the
postfix-perl-scripts package installed.  I can't see what kicks
this off at night...

Lastly, those 'autolearn' and 'autolearn_force' options
mentioned in the email header above. Are those configurable to setup (ie set to
yes) and again, how to do that, and why would I?

Thank you for your time.

Jay

Hi,
What I've done before is add a negative boost to logwatch emails by 
adding the following to my /etc/mail/spamassassin/local.cf file:

header MY_LOGWATCH Subject =~ /Logwatch for/
describe MY_LOGWATCH Logwatch emails
score MY_LOGWATCH -99.0

-kevin