View Single Post
  #3  
Old 9th August 2012, 20:14
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 388
Thanks: 28
Thanked 58 Times in 50 Posts
Default

Thank you for the reply, Pititis.

I am already doing exactly as you suggested; the problem is the messages that score below the "kill level" ($sa_kill_level_deflt), but are likely to be spam. These messages are not quarantined, so I do not have a chance to inspect them. (To be clear, messages are not quarantined until their scores are >= $sa_kill_level_deflt, if a quarantine is configured.)

Part of the challenge is that we have set the following directive in /etc/amavis/conf.d/50-user

Code:
$final_spam_destiny = D_DISCARD;
which means that messages scoring over the "kill level" (set at 13 within ISPConfig) are discarded entirely.

Your kill level (6) is quite low, but one has to assume that you are using

Code:
$final_spam_destiny = D_PASS;
so as not to discard legitimate email accidentally.

In other words, the strategy that you describe will work well, but only as long as the final destiny is D_PASS (and not D_DISCARD).

Upon double-checking my policy settings in ISPConfig, I did notice that the "SPAM quarantine cutoff level" is set to zero, however. Is this a problem?

I'm a little confused because the ISPConfig manual states:

Quote:
SPAM quarantine cutoff level: This is the spam score beyond which quarantine is off. Use a low score (e.g. 0) if you don't want quarantine.
Yet, a different resource ( http://www200.pair.com/mecham/spam/a...-settings.html ) states:

Quote:
If you quarantine spam, but you would like to delete high scoring spam (therefore reducing the number of items in the quarantine) this setting allows you to discard quarantined spam at this level and above.
So, what is the effect of setting this value to zero?

It doesn't seem to be that quarantine is disabled, because I still receive quarantined messages. Perhaps using zero means, "Send all qualifying emails to quarantine (don't discard them, no matter how high their scores)," in which case the ISPConfig manual should be corrected.

Two other points of note:

1.) Quarantined messages have the following in the basic header information:

Code:
Subject: Many languages can be learned very quickly
Not quarantined.
Why does the quarantined message say "Not quarantined"? This makes no sense; the message is obviously quarantined, as it is coming to the mailbox specified for quarantined messages.

2.) Quarantined messages also contain the following:

Code:
Content analysis details:   (16.8 points, 5.0 required)
From where is the "5.0 required" coming? I am not using the score 5.0 anywhere. I realize that this is Spam Assassin's default delineation point for "ham" vs. "spam", so it must be defined somewhere (even if as the default), but my question is, "Why is this value not being overridden somewhere [e.g., from within ISPConfig]?"

Thanks again.
Attached Images
 
Reply With Quote