Mail doesn't end up i Spam folder

[marra87]

Hi!

I have set up my mailserver so spam from amavis/spamassassin should be delivered to the users SPAM folder via maildrop.
It worked for 3 domains, but when I was adding a new one the spam remains in the Inbox folder.

I sent the GTUBE string to my own mail and the new mail (new domain), my mail ended up in Spam (user+spam@domain.com), but not the new domain.

OS: Debian
Apps: Postfix, amavis, courier

Mailaddress that works: ok@test.com
Mailaddress that now works: not@test.com

Any idea where to start troubleshooting?
Is it amavis or postfix, which config-files?

Log:

Code:

Jan 11 14:36:03 mail amavis[17995]: (17995-02) Passed SPAMMY, LOCAL [127.0.0.1] [127.0.0.1] <ok@test.com> -> <not@test.com>,<ok@test.com>, Message-ID: <77756ed7a856f4b78c6ea0f9a18f880c@127.0.0.1>, mail_id: Rdn1sEvd3VaS, Hits: 998.921, queued_as: 65C6847ED3/8D69E47ED5, 5837 ms
Jan 11 14:36:03 mail postfix/pipe[18744]: 65C6847ED3: to=<not@test.com>, relay=maildrop, delay=0.37, delays=0.1/0.04/0/0.24, dsn=2.0.0, status=sent (delivered via maildrop service)
Jan 11 14:36:03 mail postfix/qmgr[23171]: 65C6847ED3: removed
Jan 11 14:36:03 mail postfix/smtp[18738]: B4F2A47ECB: to=<not@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.06/0.1/0.03/5.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=17995-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65C6847ED3)
Jan 11 14:36:03 mail postfix/smtp[18738]: B4F2A47ECB: to=<ok@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.06/0.1/0.03/5.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=17995-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65C6847ED3)
Jan 11 14:36:03 mail postfix/qmgr[23171]: B4F2A47ECB: removed
Jan 11 14:36:03 mail postfix/pipe[18759]: 8D69E47ED5: to=<ok+spam@test.com>, relay=maildrop, delay=0.39, delays=0.14/0.09/0/0.17, dsn=2.0.0, status=sent (delivered via maildrop service)
Jan 11 14:36:03 mail postfix/qmgr[23171]: 8D

[falko]

Seems to be a maildrop problem. How does your maildrop configuration look?

[marra87]

Code:

# Global maildrop filter file

# Uncomment this line to make maildrop default to ~/Maildir for
# delivery- this is where courier-imap (amongst others) will look.
#DEFAULT="$HOME/Maildir"

HOME_DIR="/vmail"
logfile "/var/log/maildroprc.log"
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER="$3"
HOST="$4"
SENDER="$5"

# make the domain's mail directory if it doesn't exist
`test -e $HOME_DIR/$HOST`
if ($RETURNCODE != 0)
{
 `mkdir $HOME_DIR/$HOST`
# `chown vmail:vmail $HOME_DIR/$HOST`
# `chmod 755 $HOME_DIR/$HOST`
}

# make the user's mail directory if it doesn't exist
`test -e $HOME_DIR/$HOST/$USER`
if ($RETURNCODE != 0)
{
 `maildirmake $HOME_DIR/$HOST/$USER`
# `maildirmake $HOME_DIR/$HOST/$USER`
 `maildirmake -f Drafts $HOME_DIR/$HOST/$USER`
 `maildirmake -f Trash $HOME_DIR/$HOST/$USER`
 `maildirmake -f Sent $HOME_DIR/$HOST/$USER`
 `maildirmake -f Spam $HOME_DIR/$HOST/$USER`
 `echo INBOX >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Drafts >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Trash >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Sent >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Spam >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
}

if ( $EXTENSION eq "spam" )
{
   # Change 'spam' to 'Spam' since folder names are typically capitalized
   EXTENSION = "Spam"

   # Autocreate extension maildir
   #
   # See if the user exists
   `test -e $HOME_DIR/$HOST/$USER`
   #log "Testing for $HOME_DIR/$HOST/$USER subdirectory: result=$RETURNCODE"

   # Only continue if user is valid
   if ( $RETURNCODE == 0 )
   {
      # See if the spam directory already exists
      `test -e $HOME_DIR/$HOST/$USER/.$EXTENSION`
      #log "Testing for $EXTENSION subdirectory: result=$RETURNCODE"

      if ( $RETURNCODE != 0 ) # spam directory does not exist - so we create it
      {

         # Create the subdirectory
         `maildirmake -f $EXTENSION $HOME_DIR/$HOST/$USER`
         log "Ran \"maildirmake -f $EXTENSION $HOME_DIR/$HOST/$USER\""

         # Auto-subscribe the subdirectory
         `if ! grep -q INBOX.$EXTENSION $HOME_DIR/$HOST/$USER/courierimapsubscribed; then echo INBOX.$EXTENSION >> $HOME_DIR/$HOST/$USER/courierimapsubscribed; fi`
         # Set permissions on the mailbox
         `chmod -R 0700 $HOME_DIR/$HOST/$USER`
         log " Ran \"chmod -R 0700 $HOME_DIR/$HOST/$USER\""
      }

      # Deliver the message to the mailbox
      exception {
      # for those who unsubscribed themselves - subscribe them
     `if ! grep -q INBOX.$EXTENSION $HOME_DIR/$HOST/$USER/courierimapsubscribed; then echo INBOX.$EXTENSION >> $HOME_DIR/$HOST/$USER/courierimapsubscribed; fi`
      to "$HOME_DIR/$HOST/$USER/.$EXTENSION"
      }
   }
}

log "Extension: $EXTENSION"

[falko]

Did you compare the permissions of the Maildirs of the working and the not-working accounts?

[marra87]

Working:

mail:~# ls -l /vmail/domain.com/
total 20
drwx------ 75 vmail daemon 4096 2009-01-14 00:30 mailaccount
mail:~# ls -l /vmail/domain.com/mailaccount/
total 120
drwx------ 2 vmail vmail 32768 2009-01-14 18:58 courierimapkeywords
-rw-r--r-- 1 vmail vmail 2138 2009-01-14 00:30 courierimapsubscribed
-rw-r--r-- 1 vmail vmail 6108 2009-01-14 18:28 courierimapuiddb
drwx------ 2 vmail daemon 45056 2009-01-14 18:28 cur
drwx------ 2 vmail daemon 28672 2009-01-14 18:28 new
drwx------ 2 vmail daemon 4096 2009-01-14 20:28 tmp

NOT working:
mail:~# ls -l /vmail/domain.com/
total 8
drwx------ 10 vmail daemon 4096 2009-01-08 07:32 mailaccount
mail:~# ls -l /vmail/domain.com/mailaccount/
total 100
drwx------ 2 vmail vmail 28672 2009-01-14 15:35 courierimapkeywords
-rw-r--r-- 1 vmail vmail 178 2009-01-08 10:50 courierimapsubscribed
-rw-r--r-- 1 vmail vmail 18462 2009-01-14 16:45 courierimapuiddb
drwx------ 2 vmail daemon 40960 2009-01-14 16:54 cur
drwx------ 2 vmail daemon 4096 2009-01-14 20:31 new
drwx------ 2 vmail daemon 4096 2009-01-14 20:31 tmp

[marra87]

I have now set exactly the same permissions on the not working mailfolder as the one who worked. Still doesn't work.

But heres the log:
Both are passed SPAMMY, but one postfix/pipe doesn't put "+spam" on the not working.

Code:

Jan 14 21:20:25 mail amavis[2459]: (02459-07) Passed SPAMMY, [84.17.192.138] [84.17.192.138] <marius.eriksrud@telecomputing.no> -> <not@domain.com>, Message-ID: <AFDBE539A2CA8244B45DBECF9336A62B0155ED32310E@E12AR1CE1VS1.e12.tconet.net>, mail_id: a234XXY29Gm3, Hits: 998.869, queued_as: 887E947ED5, 4895 ms
Jan 14 21:20:25 mail postfix/smtp[6253]: A7F7F47E03: to=<not@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.4, delays=0.47/0.04/0.02/4.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=02459-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 887E947ED5)
Jan 14 21:20:25 mail postfix/pipe[6261]: 887E947ED5: to=<not@domain.com>, relay=maildrop, delay=0.36, delays=0.14/0.1/0/0.13, dsn=2.0.0, status=sent (delivered via maildrop service)

Jan 14 21:20:26 mail amavis[3220]: (03220-07) Passed SPAMMY, [84.17.192.138] [84.17.192.138] <marius.eriksrud@telecomputing.no> -> <ok@domain.com>, Message-ID: <AFDBE539A2CA8244B45DBECF9336A62B0155ED32310E@E12AR1CE1VS1.e12.tconet.net>, mail_id: 9w3OXzjq2Ej2, Hits: 998.868, queued_as: 9874647E03, 5285 ms
Jan 14 21:20:26 mail postfix/smtp[6254]: DA22947ED3: to=<ok@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.9, delays=0.13/0.07/0.41/5.3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=03220-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9874647E03)
Jan 14 21:20:27 mail postfix/pipe[6261]: 9874647E03: to=<ok+spam@domain.com>, relay=maildrop, delay=0.5, delays=0.11/0.07/0/0.32, dsn=2.0.0, status=sent (delivered via maildrop service)

[marra87]

I have found out that it is the amavis process that doesn't mark it as spam.

I have not put anything in spam_lovers or whitelist/blacklist...
I have followed one of the howtoforge tutorials...

Mail to:
user@ok.com is marked as spam
user@not.org is not marked as spam

/etc/amavis/conf.d/15-content_filter_mode

Code:

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

/etc/amavis/conf.d/20-debian_defaults

Code:

use strict;

# ADMINSTRATORS:
# Debian suggests that any changes you need to do that should never
# be "updated" by the Debian package should be made in another file,
# overriding the settings in this file.
#
# The package will *not* overwrite your settings, but by keeping
# them separate, you will make the task of merging changes on these
# configuration files much simpler...

#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
#       a list of all variables with their defaults;
#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
#       a traditional-style commented file
#   [note: the above files were not converted to Debian settings!]
#
#   for more details see documentation in /usr/share/doc/amavisd-new
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$LOGFILE = "/var/log/amavis.log";
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

#$X_HEADER_TAG = 'X-Virus-Scanned';
#$X_HEADER_LINE = "Konsept-IT SPAM gateway";

$recipient_delimiter = '+';
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$addr_extension_spam   = 'spam';

#$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 1024; # triggers spam evasive actions
$sa_dsn_cutoff_level = 1024;   # spam level beyond which a DSN is not sent
$final_spam_destiny = D_PASS;
$final_virus_destiny = D_PASS;

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

# You should:
#   Use D_DISCARD to discard data (viruses)
"/etc/amavis/conf.d/20-debian_defaults" 223 lines, 9803 characters
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});

1;  # insure a defined return

Any ideas?
Debug of amavis (the two emails) is attached as .txt

[marra87]

it seems that it only check my server's hostname (domain.com)