Understanding Amavis's tagging

Discussion in 'Server Operation' started by Ovidiu, Nov 4, 2013.

  1. Ovidiu

    Ovidiu Active Member

    I have a customer asking why some mails where tagged as ***Possible SPAM*** so I checked my settings and this is what they look like:

    SPAM tag level 3
    SPAM tag2 level 6
    SPAM kill level 9
    SPAM dsn cutoff level 9
    SPAM quarantine cutoff level 15
    SPAM modifies subject YES
    SPAM subject tag ***POSSIBLE SPAM***
    SPAM subject tag2 ***SPAM***

    Now that explains why thus particular email that had a score of 3.4 was tagged as it was but I'm now struggling to find out WHY Amavis tagged it with this particular score and I have no idea what RelayedTaggedInbound means as I guess that would be the explanation?

  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    You would have to look at the mail's source code to find this out.
    There should be an explanation in the mails source what spam-checks and scores were applied.
    It's mostly impossible to see the reason when only looking at the mail log.
  3. Ovidiu

    Ovidiu Active Member

    Ah, thanks. I checked and found:

    Then I went and checked what RCVD_ILLEGAL_IP means, found explanations here: http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP

    I'm just not sure which IP the check has a problem with. The only possible problem I see is in a hello: HELO ? And there is a somewhere in the middle of the chain!?

    Can you see something that I don't see?
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    The really looks strange to me, might be the reason for this spam-tag.
  5. Ovidiu

    Ovidiu Active Member

    Possibly, just curious, does Amavis check for RCVD_ILLEGAL_IP inside the whole email chain? I assumed it just checked the last step, i.e. where the destination mail server received the email from...

    Thanks for your help!
  6. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    It's not amavis, that checks this. Amavis pipes the message through spamassassin and this checks all the lines, not only the last "received".

Share This Page