Jay Hart
2021-Dec-09 11:27 UTC
[CentOS] Daily Logwatch (Postfix) email being reported as spam
Hi All!!! This issue is a bit beyond my knowledge level/area. Spamassassin is tagging my logwatch emails as spam. The emails range in scores from 3.53 to 6.728. Amavisd is set to 'kill/quarantine' spam that scores 3.14 or higher, and I receive several each day. Note: all other emails that are scored at 3.14 or higher ARE true SPAM. I've checked this out. I know this is caused by the the blacklist checks shown below. What I don't know 'exactly' how to do, is solve this. Example header from one of my emails: Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: <root at kevla.org> X-Envelope-To: <jhart at kevla.org> X-Envelope-To-Blocked: <jhart at kevla.org> X-Quarantine-ID: <NnUN20KoPwXR> X-Spam-Flag: YES X-Spam-Score: 4.731 X-Spam-Level: **** X-Spam-Status: Yes, score=4.731 tag=2 tag2=3.14 kill=3.14 tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7, URIBL_GREY=1.084] autolearn=no autolearn_force=no What I have done to resolve: I whitelisted the following email addresses/servers: # more /etc/postfix/rbl_allow kevla.org OK # this is the server root at kevla.org OK jhart at kevla.org OK Modified the following in main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/rbl_allow, permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, permit smtpd_sender_restrictions = check_client_access hash:/etc/postfix/rbl_allow ran 'postmap /etc/postfix/rbl_allow' and restarted the postfix and amavisd services. I was hoping this would resolve but it didn't. For the above URIBL scores, I can see the following scores set in 50_scores.cf. score URIBL_GREY 0 1.084 0 0.424 # n=0 n=2 score URIBL_ABUSE_SURBL 0 1.948 0 1.250 # n=0 n=2 score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2 Since the URIBL list could be used to detect true legitimate spam, I don't think I want to commit those checks out, at least that doesn't make sense to me. I am at a loss as what the next step is. Should/Could I modify the scores for these associated BLs in 50_scores, and if so, how does one go about setting those? I have been looking to determine how to do this. This would possibly help me without just blocking those BL checks. Also, in Centos 8, what 'runs' the logwatch summary? Assume this is pflogsumm. Does this have a config file for options to tweak the output? I do not have Logwatch analyzer package installed. I have the postfix-perl-scripts package installed. I can't see what kicks this off at night... Lastly, those 'autolearn' and 'autolearn_force' options mentioned in the email header above. Are those configurable to setup (ie set to yes) and again, how to do that, and why would I? Thank you for your time. Jay
Kevin M. Hill
2021-Dec-09 16:33 UTC
[CentOS] Daily Logwatch (Postfix) email being reported as spam
Hi, What I've done before is add a negative boost to logwatch emails by adding the following to my /etc/mail/spamassassin/local.cf file: header MY_LOGWATCH Subject =~ /Logwatch for/ describe MY_LOGWATCH Logwatch emails score MY_LOGWATCH -99.0 -kevin