Die obigen Beispiele kann ich so bestätigen testemails mit entsprechender signatur sehen im log so aus:
Code: Select all
Oct 1 17:03:26 panel amavis[235542]: (235542-01) Passed SPAM {RelayedOpenRelay,Quarantined}, [209.85.221.43]:46835 [92.201.6.204] <yy@gmail.com> -> <xxx@xxx.de>, quarantine: r/spam-r2Ang-BYTzwH.gz, Queue-ID: 477BE500AA7, Message-ID: <5997ca8d-76ba-91ca-4cd9-d6ad0b187ae7@gmail.com>, mail_id: r2Ang-BYTzwH, Hits: 998.701, size: 3243, queued_as: 4D5C9500CF6, 4918 ms
Im Email Header ist der Spamheader nicht sichtbar.
Code: Select all
Return-Path: <yyy@gmail.com>
Delivered-To: xxx@xxx.de
Received: from panel.xxx.de
by panel.xxx.de with LMTP
id j+ypFj4jV2HVmwMAT9OSiA
(envelope-from <yyy@gmail.com>)
for <xxx@xxx.e>; Fri, 01 Oct 2021 17:03:26 +0200
Received: from localhost (localhost [127.0.0.1])
by panel.andre-jenderny.de (Postfix) with ESMTP id 4D5C9500CF6
for <privat@andre-jenderny.de>; Fri, 1 Oct 2021 17:03:26 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at panel.xxx.de
Received: from panel.xxx.de ([127.0.0.1])
by localhost (panel.xxx.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id r2Ang-BYTzwH for <xxx@xxx.de>;
Fri, 1 Oct 2021 17:03:21 +0200 (CEST)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.43; helo=mail-wr1-f43.google.com; envelope-from=yyy@gmail.com; receiver=<UNKNOWN>
Authentication-Results: panel.xxx.de;
dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=gMhakLtr;
dkim-atps=neutral
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43])
by panel.xxx.de (Postfix) with ESMTPS id 477BE500AA7
for <xxx@xxx.de>; Fri, 1 Oct 2021 17:03:20 +0200 (CEST)
Received: by mail-wr1-f43.google.com with SMTP id k7so15850331wrd.13
for <xxxt@xxxx.de>; Fri, 01 Oct 2021 08:03:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:from:message-id:date:user-agent:mime-version
:content-transfer-encoding;
bh=id84uDPa9SMZAVd+g2pYg3Hl9aPfnapoGlOygxrIuV4=;
b=gMhakLtrGELJ9vLLI/h4FSEqDwuRj7Fk3fy9/V7qxaqGIAez25Nl6qeNrMvHP15P65
xeS2dxwm+WkT8GYeQgiuTyf28ThjxAXn+QQyOb/QutO7p89p/yNEsOLJNOVK7VImN5uF
MS7HPCrkYsSXN576YIf194yIZaSqKkliP7rxGp+0XoaYvRDVKuco0zsakDtHDQD5BA0X
G+BWQQOco4xgWXpwlSC3O+hLSWMmIHYoH/i4B0EWmM+Q09oBjsVlXQ0BDkSCTWYX9dK9
9H16O5sh05z9aok0wPmbHFdz3Gg2KVxpZOqoGETLpoizAa4FVkbuWYZN4dfMJB6kMUlG
Cs9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:to:from:message-id:date:user-agent:mime-version
:content-transfer-encoding;
bh=id84uDPa9SMZAVd+g2pYg3Hl9aPfnapoGlOygxrIuV4=;
b=IOz+WzC/CDVCpwBfgFgWbP8AZkpQlLWE7Amex59lw2WqqR7Tw1/yeOn4nODdpooV70
2bHi6KFfA+Yu+3imGhg2Iial3jvbrtv9wmzM4PVmu96wC78oXzAjTbybDfulKz7lwcQR
hND7dUv2W7yaeOCquKp1riFCuAqfzMNaRWIshWsPqc8mKWUGGKV2UBuUm+mWZZfZ+hyS
PQfYHPdetafJjvHeTdOvz/6BsT+T/9JJ6xq3cVmnqOalgaR5grpl4Z5LPIJvNWeauKJG
a68v/qK3xXN6Px+BHNe8irUYEcYdmVwYCI21xF8Z+h7/eBclpGsOcgKUCdqeF+tHmHdE
cNHg==
X-Gm-Message-State: AOAM533m15WPgdpBXDtlb5yGxACoIlMMBcVViPkzPGRyTbO0+g5f02vB
ciibJwAbwmubVs9A04YQiij4YtHInpo=
X-Google-Smtp-Source: ABdhPJy5sgNeCF957VFyDWcJ3Ec4pRXQIhPNexwQyd9qB6ss+gQZ7cO7dyAsMbi3sDQ2F/ind3fMtA==
X-Received: by 2002:adf:e742:: with SMTP id c2mr13052430wrn.18.1633100599415;
Fri, 01 Oct 2021 08:03:19 -0700 (PDT)
Received: from [192.168.178.52] (port-92-201-6-204.dynamic.as20676.net. [92.201.6.204])
by smtp.gmail.com with ESMTPSA id l2sm7290547wmi.1.2021.10.01.08.03.18
for <xxxt@xxx.de>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Fri, 01 Oct 2021 08:03:18 -0700 (PDT)
To: "xxx@xxx.de" <xxx@xxx.de>
From: Andre Jenderny <yyy@gmail.com>
Message-ID: <5997ca8d-76ba-91ca-4cd9-d6ad0b187ae7@gmail.com>
Date: Fri, 1 Oct 2021 17:03:14 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.14.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
in einer vor dem Upgrade als Spam getaggten Mail stand im Header noch zusätzlich der X-Spam header nach dem Virusscan (beispielhaft):
Code: Select all
X-Spam-Flag: YES
X-Spam-Score: 6.468
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.468 tagged_above=1 required=5 tests=[BAYES_50=0.8,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=1.886, RAZOR2_CHECK=0.922,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_KAM_HTML_FONT_INVALID=0.01, URIBL_ABUSE_SURBL=1.25, URIBL_BLACK=1.7]
autolearn=no autolearn_force=no
Dies ist die letzte Email die als Spam getaggt wurde vom 28.09.2021, an dem Tag habe ich dann das Update angestoßen.
Spamassassin läuft... hatte ihn vorher zu sicherheit nochmal neugestartet:
Code: Select all
● spamassassin.service - Perl-based spam filter using text analysis
Loaded: loaded (/lib/systemd/system/spamassassin.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-10-01 16:59:55 CEST; 10min ago
Inhalt von /etc/amavis/conf.d/50-user scheint auch zu passen:
Code: Select all
## SpamAssassin Settings
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 20; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent