主题: spam 通知的訊息不一樣

手機 在外網 使用域内帳號test@Mydomain.com 寄給 aaaaa@outlook.com 及 bbbbb@gmail.com
附件為一個excel 檔
主旨: Q

在主控臺設定:test@Mydomain
Spam Policy :設為偵測,但不隔離
有啟動 bcc 給admin@Mydomain.com

amavisd.conf:
spam_admin_maps  => ["spam\@Mydomain\.com"],
virus_admin_maps => ["spam\@Mydomain\.com"],

/var/www/iredadmin/settings.py:
AMAVISD_SPAM_SUBJECT_PREFIX = '[ iRedAdmin,垃圾郵件 ** IS Spam ? ** ]'

/etc/mail/spamassassin/local.cf
rewrite_header      subject [ SPAM ]


1).收到的主旨
a).aaaaa@outlook.com 及 bbbbb@gmail.com
主旨:***Spam*** Q
b).admin@Mydoamin.com
主旨:[ iRedAdmin,垃圾郵件 ** IS Spam ? ** ]Q
c).spam@Mydomain.com
主旨:Spam FROM LOCAL [219.xx.yy.zz]:28203 <test@Mydomain.com>


2).log 及 spam@Mydomain.com和admin@Mydomain.com的內容
a).maillog

Mar  4 09:07:18 mail postfix/submission/smtpd[13963]: connect from 219-xx-yy-zz.static.tfn.net.tw[219.xx.yy.zz]
Mar  4 09:07:18 mail postfix/submission/smtpd[13963]: Anonymous TLS connection established from 219-xx-yy-zz.static.tfn.net.tw[219.xx.yy.zz]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Mar  4 09:07:18 mail postfix/submission/smtpd[13963]: F2F3BC00048B6: client=219-xx-yy-zz.static.tfn.net.tw[219.xx.yy.zz], sasl_method=PLAIN, sasl_username=test@Mydomain.com
Mar  4 09:07:19 mail postfix/cleanup[13934]: F2F3BC00048B6: message-id=<6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
Mar  4 09:07:19 mail postfix/qmgr[22554]: F2F3BC00048B6: from=<test@Mydomain.com>, size=48800, nrcpt=3 (queue active)
Mar  4 09:07:20 mail postfix/10025/smtpd[13938]: connect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail opendmarc[31754]: ignoring connection from mail.Mydomain.com
Mar  4 09:07:20 mail postfix/10025/smtpd[13938]: 4D3A4C00048B9: client=mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/cleanup[13934]: 4D3A4C00048B9: message-id=<6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: connect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail opendmarc[31754]: ignoring connection from mail.Mydomain.com
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: 5138FC00048BA: client=mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/cleanup[13983]: 5138FC00048BA: message-id=<6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
Mar  4 09:07:20 mail postfix/10025/smtpd[13986]: connect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail opendmarc[31754]: ignoring connection from mail.Mydomain.com
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: disconnect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/10025/smtpd[13938]: disconnect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/qmgr[22554]: 4D3A4C00048B9: from=<test@Mydomain.com>, size=49619, nrcpt=1 (queue active)
Mar  4 09:07:20 mail postfix/10025/smtpd[13986]: 66CC8C00048BB: client=mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/smtp-amavis/smtp[13935]: F2F3BC00048B6: to=<bbbbb@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.5, delays=0.61/0/0/0.86, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5138FC00048BA)
Mar  4 09:07:20 mail postfix/qmgr[22554]: 5138FC00048BA: from=<test@Mydomain.com>, size=49621, nrcpt=1 (queue active)
Mar  4 09:07:20 mail postfix/cleanup[13983]: 66CC8C00048BB: message-id=<SAGhR7i8TFJMkN@mail.Mydomain.com>
Mar  4 09:07:20 mail postfix/smtp-amavis/smtp[13969]: F2F3BC00048B6: to=<aaaaa@outlook.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.5, delays=0.61/0.01/0/0.88, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4D3A4C00048B9)
Mar  4 09:07:20 mail postfix/qmgr[22554]: 66CC8C00048BB: from=<postmaster@mail.Mydomain.com>, size=3358, nrcpt=1 (queue active)
Mar  4 09:07:20 mail postfix/10025/smtpd[13986]: disconnect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: connect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail opendmarc[31754]: ignoring connection from mail.Mydomain.com
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: 7435CC00048BD: client=mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/cleanup[13988]: 7435CC00048BD: message-id=<6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
Mar  4 09:07:20 mail postfix/10025/smtpd[13981]: disconnect from mail.Mydomain.com[127.0.0.1]
Mar  4 09:07:20 mail postfix/qmgr[22554]: 7435CC00048BD: from=<test@Mydomain.com>, size=49700, nrcpt=1 (queue active)
Mar  4 09:07:20 mail postfix/smtp-amavis/smtp[13970]: F2F3BC00048B6: to=<admin@Mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.6, delays=0.61/0.01/0/0.95, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7435CC00048BD)
Mar  4 09:07:20 mail postfix/qmgr[22554]: F2F3BC00048B6: removed
Mar  4 09:07:20 mail postfix/pipe[13941]: 66CC8C00048BB: to=<spam@Mydomain.com>, relay=dovecot, delay=0.23, delays=0.1/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  4 09:07:20 mail postfix/qmgr[22554]: 66CC8C00048BB: removed
Mar  4 09:07:20 mail postfix/pipe[13993]: 7435CC00048BD: to=<admin@Mydomain.com>, relay=dovecot, delay=0.19, delays=0.02/0.01/0/0.16, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  4 09:07:20 mail postfix/qmgr[22554]: 7435CC00048BD: removed
Mar  4 09:07:21 mail postfix/smtp[13990]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[108.177.97.27]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar  4 09:07:22 mail postfix/smtp[13989]: Untrusted TLS connection established to outlook-com.olc.protection.outlook.com[104.47.9.33]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Mar  4 09:07:23 mail postfix/smtp[13990]: 5138FC00048BA: to=<bbbbb@gmail.com>, relay=gmail-smtp-in.l.google.com[108.177.97.27]:25, delay=2.9, delays=0.1/0.01/1.4/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1520125643 u21si7596563pfl.176 - gsmtp)
Mar  4 09:07:23 mail postfix/qmgr[22554]: 5138FC00048BA: removed
Mar  4 09:07:23 mail postfix/smtp[13989]: 4D3A4C00048B9: to=<aaaaa@outlook.com>, relay=outlook-com.olc.protection.outlook.com[104.47.9.33]:25, delay=3.4, delays=0.11/0.01/2/1.3, dsn=2.6.0, status=sent (250 2.6.0 <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com> [InternalId=5012226843504, Hostname=VE1EUR03HT003.eop-EUR03.prod.protection.outlook.com] 55541 bytes in 0.248, 218.630 KB/sec Queued mail for delivery)
Mar  4 09:07:23 mail postfix/qmgr[22554]: 4D3A4C00048B9: removed
Mar  4 09:07:28 mail postfix/verify[13933]: cache btree:/var/lib/postfix/verify_cache full cleanup: retained=5 dropped=1 entries
Mar  4 09:07:29 mail postfix/postscreen[13927]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=16 dropped=0 entries
Mar  4 09:11:39 mail postfix/submission/smtpd[13963]: disconnect from 219-xx-yy-zz.static.tfn.net.tw[219.xx.yy.zz]

b).amavisd.log

Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180304T063245-08498-3hGpzMsk: <test@Mydomain.com> -> <bbbbb@gmail.com> Received: from mail.Mydomain.com ([127.0.0.1]) by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <bbbbb@gmail.com>; Sun,  4 Mar 2018 09:07:19 +0800 (CST)
Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180304T060040-08495-ZtCpIF7D: <test@Mydomain.com> -> <admin@Mydomain.com> Received: from mail.Mydomain.com ([127.0.0.1]) by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <admin@Mydomain.com>; Sun,  4 Mar 2018 09:07:19 +0800 (CST)
Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180304T090719-08531-_swyPbyz: <test@Mydomain.com> -> <aaaaa@outlook.com> Received: from mail.Mydomain.com ([127.0.0.1]) by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <aaaaa@outlook.com>; Sun,  4 Mar 2018 09:07:19 +0800 (CST)
Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) Checking: x6WNkemiNXnj ORIGINATING [219.xx.yy.zz] <test@Mydomain.com> -> <bbbbb@gmail.com>
Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) Checking: azhkBl5BcCVN ORIGINATING [219.xx.yy.zz] <test@Mydomain.com> -> <aaaaa@outlook.com>
Mar  4 09:07:19 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) Checking: GhR7i8TFJMkN ORIGINATING [219.xx.yy.zz] <test@Mydomain.com> -> <admin@Mydomain.com>
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) x6WNkemiNXnj FWD from <test@Mydomain.com> -> <bbbbb@gmail.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5138FC00048BA
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL [219.xx.yy.zz]:28203 [219.xx.yy.zz] ESMTP/ESMTP <test@Mydomain.com> -> <bbbbb@gmail.com>, (ESMTPSA://[219.xx.yy.zz]:28203), Queue-ID: F2F3BC00048B6, Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>, mail_id: x6WNkemiNXnj, b: NZ8hAuUhw, Hits: 6.042, size: 48761, queued_as: 5138FC00048BA, Subject: "Q", From: <test@Mydomain.com>, helo=[192.168.66.111], Tests: [ALL_TRUSTED=-1,DKIM_ADSP_DISCARD=1.8,DKIM_ADSP_MY1=1,HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=1.105,TVD_SPACE_RATIO=0.001,TVD_SPACE_RATIO_MINFP=2.5], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=7.042, rss=247396, 813 ms
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) Passed SPAMMY, <test@Mydomain.com> -> <bbbbb@gmail.com>, Hits: 6.042, tag=-999, tag2=5, kill=6.9, queued_as: 5138FC00048BA, L/Y/Y/0
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) azhkBl5BcCVN FWD from <test@Mydomain.com> -> <aaaaa@outlook.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4D3A4C00048B9
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8498]: (08498-02) extra modules loaded: unicore/To/Cf.pl, unicore/lib/Gc/Nd.pl
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL [219.xx.yy.zz]:28203 [219.xx.yy.zz] ESMTP/ESMTP <test@Mydomain.com> -> <aaaaa@outlook.com>, (ESMTPSA://[219.xx.yy.zz]:28203), Queue-ID: F2F3BC00048B6, Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>, mail_id: azhkBl5BcCVN, b: NZ8hAuUhw, Hits: 6.042, size: 48761, queued_as: 4D3A4C00048B9, Subject: "Q", From: <test@Mydomain.com>, helo=[192.168.66.111], Tests: [ALL_TRUSTED=-1,DKIM_ADSP_DISCARD=1.8,DKIM_ADSP_MY1=1,HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=1.105,TVD_SPACE_RATIO=0.001,TVD_SPACE_RATIO_MINFP=2.5], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=7.042, rss=246060, 858 ms
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) Passed SPAMMY, <test@Mydomain.com> -> <aaaaa@outlook.com>, Hits: 6.042, tag=-999, tag2=5, kill=6.9, queued_as: 4D3A4C00048B9, L/Y/Y/0
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8531]: (08531-01) extra modules loaded: unicore/To/Cf.pl, unicore/lib/Gc/Nd.pl
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) YXIBTlytbV0v(GhR7i8TFJMkN) SEND from <postmaster@mail.Mydomain.com> -> <spam@Mydomain.com>, ENVID=AM.YXIBTlytbV0v.20180304T010720Z@mail.Mydomain.com 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 66CC8C00048BB
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) GhR7i8TFJMkN FWD from <test@Mydomain.com> -> <admin@Mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7435CC00048BD
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) Passed SPAM {RelayedTaggedInternal}, ORIGINATING LOCAL [219.xx.yy.zz]:28203 [219.xx.yy.zz] ESMTP/ESMTP <test@Mydomain.com> -> <admin@Mydomain.com>, (ESMTPSA://[219.xx.yy.zz]:28203), Queue-ID: F2F3BC00048B6, Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>, mail_id: GhR7i8TFJMkN, b: NZ8hAuUhw, Hits: 6.042, size: 48761, queued_as: 7435CC00048BD, Subject: "Q", From: <test@Mydomain.com>, helo=[192.168.66.111], Tests: [ALL_TRUSTED=-1,DKIM_ADSP_DISCARD=1.8,DKIM_ADSP_MY1=1,HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=1.105,TVD_SPACE_RATIO=0.001,TVD_SPACE_RATIO_MINFP=2.5], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=7.042, rss=246272, 925 ms
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) Passed SPAM, <test@Mydomain.com> -> <admin@Mydomain.com>, Hits: 6.042, tag=-999, tag2=5, kill=5, queued_as: 7435CC00048BD, L/Y/Y/Y
Mar  4 09:07:20 mail.Mydomain.com /usr/sbin/amavisd[8495]: (08495-02) extra modules loaded: unicore/To/Cf.pl, unicore/lib/Gc/Nd.pl

c).spam@Mydomain.com 信件內容:

Content type: Spam
Internal reference code for the message is 08495-02/GhR7i8TFJMkN

First upstream SMTP client IP address: [219.xx.yy.zz]:28203
  219-xx-yy-zz.static.tfn.net.tw

Received trace: ESMTPSA://[219.xx.yy.zz]:28203

Return-Path: <test@Mydomain.com>
From: test <test@Mydomain.com>
Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
Subject: Q
Not quarantined.

The message WILL BE relayed to:
<admin@Mydomain.com>

Spam scanner report:
Spam detection software, running on the system "mail.Mydomain.com",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  發自我的小米手機 [...] 

Content analysis details:   (6.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 1.8 DKIM_ADSP_DISCARD      No valid author signature, domain signs all mail
                            and suggests discarding the rest
 1.0 DKIM_ADSP_MY1          No description available.
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.6 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
 0.0 TVD_SPACE_RATIO        No description available.
 2.5 TVD_SPACE_RATIO_MINFP  Space ratio


header.hdr

Return-Path: <test@Mydomain.com>
Received: from [192.168.66.111] (219-xx-yy-zz.static.tfn.net.tw [219.xx.yy.zz])
    by mail.Mydomain.com (Postfix) with ESMTPSA id F2F3BC00048B6;
    Sun,  4 Mar 2018 09:07:18 +0800 (CST)
Date: Sun, 04 Mar 2018 09:07:16 +0800
Subject: Q
Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
From: test <test@Mydomain.com>
To: "aaaaa" <aaaaa@outlook.com>
Cc: bbbbb@gmail.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--_com.android.email_531982708327960"

d).admin@Mydomain.com 信件表頭

From - Mon Mar  5 07:56:48 2018
X-Account-Key: account125
X-UIDL: 0000024958db0a80
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <test@Mydomain.com>
Delivered-To: admin@Mydomain.com
Received: from mail.Mydomain.com (mail.Mydomain.com [127.0.0.1])
    by mail.Mydomain.com (Postfix) with ESMTP id 7435CC00048BD
    for <admin@Mydomain.com>; Sun,  4 Mar 2018 09:07:20 +0800 (CST)
X-Virus-Scanned: By Mydomain MailServer
X-Spam-Flag: YES
X-Spam-Score: 6.042
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.042 tagged_above=-999 required=5
    tests=[ALL_TRUSTED=-1, DKIM_ADSP_DISCARD=1.8, DKIM_ADSP_MY1=1,
    HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=1.105,
    TVD_SPACE_RATIO=0.001, TVD_SPACE_RATIO_MINFP=2.5]
    autolearn=no autolearn_force=no
Received: from mail.Mydomain.com ([127.0.0.1])
    by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id GhR7i8TFJMkN for <admin@Mydomain.com>;
    Sun,  4 Mar 2018 09:07:19 +0800 (CST)
Received: from [192.168.66.111] (219-xx-yy-zz.static.tfn.net.tw [219.xx.yy.zz])
    by mail.Mydomain.com (Postfix) with ESMTPSA id F2F3BC00048B6;
    Sun,  4 Mar 2018 09:07:18 +0800 (CST)
Date: Sun, 04 Mar 2018 09:07:16 +0800
Subject: [ =?UTF-8?Q?iRedAdmin,=E5=9E=83=E5=9C=BE=E9=83=B5=E4=BB=B6?= ** IS
    Spam ? ** ]Q
Message-ID: <6oaam8kpr3ubi3s61276niph.1520125636195@email.android.com>
From: test <test@Mydomain.com>
To: "aaaaa" <aaaaa@outlook.com>
Cc: bbbbb@gmail.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--_com.android.email_531982708327960"

----_com.android.email_531982708327960
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

請問版主:
1).spam 訊息何以會不一樣? 正確是否以iRedAdmin-Pro 的設定為主 ,如何修正.

2). 但實際上我有設定 "隔離信件通知" ,設定如下:
何以沒有啟動此功能? 還是此功能只針對incoming 信件,未針對內網帳號?

# SMTP server address, port, username, password used to send notification mail.
NOTIFICATION_SMTP_SERVER = 'localhost'
NOTIFICATION_SMTP_PORT = 587
NOTIFICATION_SMTP_STARTTLS = True

#NOTIFICATION_SMTP_USER = 'no-reply@localhost.local'
#NOTIFICATION_SMTP_PASSWORD = ''
NOTIFICATION_SMTP_USER = 'spam@Mydomain.com'
NOTIFICATION_SMTP_PASSWORD = 'xxxxxxxxxx'
NOTIFICATION_SMTP_DEBUG_LEVEL = 1

# The short description or full name of this smtp user. e.g. 'No Reply'
#NOTIFICATION_SENDER_NAME = 'No Reply'
NOTIFICATION_SENDER_NAME = 'spam'

#NOTIFICATION_IREDADMIN_URL = 'https://mail.l.Mydomain.com/iredadmin/'
#NOTIFICATION_URL_SELF_SERVICE = 'https://mail.Mydoamin.com/iredadmin/'

#NOTIFICATION_QUARANTINE_MAIL_SUBJECT = '[Attention] You have emails quarantined and not delivered to mailbox'
NOTIFICATION_QUARANTINE_MAIL_SUBJECT = "[注意] 隔離信件通知"

MAIL_ERROR_TO_WEBMASTER = True

回复: spam 通知的訊息不一樣

rain6966 写道:

1).spam 訊息何以會不一樣? 正確是否以iRedAdmin-Pro 的設定為主 ,如何修正.

修改了 iRedAdmin-Pro 的设置后是否重启了 Apache 或 uwsgi 服务?
因为这个 subject 已经保存在 SQL 里,所以你可能要重新更新一下 Global Spam Policy 页面(不做任何修改直接 submit 应该就够了,或者保守一点,先 delete 再重新设置。最好能进入 SQL 数据库检查一下是否 subject 被设置为正确的内容了。

3 最后由 rain6966 (2018-03-07 23:50:45) 编辑

回复: spam 通知的訊息不一樣

ZhangHuangbin 写道:

所以你可能要重新更新一下 Global Spam Policy 页面(不做任何修改直接 submit 应该就够了,或者保守一点,先 delete 再重新设置

1).重新設置 Global Spam Policy : 4個 item ;皆設為 偵測 且隔離 .
再重新發送郵件,主旨為Q ;
結果 除了spam@ 沒有收到訊息外,其餘3個admin@ , aaaaa@outlook.com,bbbbb@gmail.com 皆收到主旨為 ***Spam*** R 的信件.
admin@ 倒沒收的 **iRedAdmin,垃圾郵件 ** IS Spam ? **

2).使用phpMyAdmin 查看 amavisd資料庫, @Mydomain.com 其 policy table 的 spam_subject_tag ,tag1,tag2 皆為 NULL;
原先3欄位值為 : NULL , [**iRedAdmin,垃圾郵件 ** IS Spam ? **],[**iRedAdmin,垃圾郵件 ** IS Spam ? **]

3). "隔離信件通知"功能已設定啟用,有一段時間了.

4 最后由 rain6966 (2018-03-14 15:53:24) 编辑

回复: spam 通知的訊息不一樣

英文論壇有人提問 :"Fake Emails" ; 連結測試網址 https://emkei.cz/

我這裡測試如下:

1).寄給有啟動 bcc 帳戶: (test@) 不會收到 ,但 admin 會收到emkei.cz 寄來的信 ;但主旨是: *** Spam ***   ,非我設定 "**iRedAdmin,垃圾郵件 ** IS Spam ? **" 的主旨.
過一些時間,會收 spam@ 寄出的 "隔離信件通知".

amavisd.log:

Mar 14 13:39:21 mail.Mydomain.com /usr/sbin/amavisd[9705]: (09705-02) Blocked SPAM {DiscardedInbound,Quarantined}, [46.167.245.205]:35108 [46.167.245.205] ESMTP/ESMTP<aaa@gmail.com> -> <test@Mydomain.com>,(ESMTPS://[46.167.245.205]:35108), quarantine: sM7yzJVDZ9iA, Queue-ID: 5AAE7C0000121,Message-ID:<20180314053900.6FFCCD5A86@emkei.cz>, mail_id:sM7yzJVDZ9iA, b: aLMp2piT4,Hits:10.12, size: 1082, Subject: "test fake", From:<aaa@gmail.com>, helo=emkei.cz, Tests:[DKIM_ADSP_CUSTOM_MED=0.001,FREEMAIL_FROM=0.001,FROMNAME_SPOOF=1,FROMNAME_SPOOF_FREEMAIL=2,F_DM=5,NML_ADSP_CUSTOM_MED=1.2,SPF_FAIL=0.919,SPF_HELO_PASS=-0.001], shortcircuit=no, autolearn=no autolearn_force=no,autolearnscore=10.12,relaycountry=CZ, rss=244744, 2660 ms
Mar 14 13:39:21 mail.Mydomain.com /usr/sbin/amavisd[9705]: (09705-02) Blocked SPAM,<aaa@gmail.com> -> , Hits: 10.12, tag=-999, tag2=5, kill=6.9, L/Y/Y/Y
Mar 14 13:39:21 mail.Mydomain.com /usr/sbin/amavisd[9714]: (09714-01) Be-WdexruIYN FWD from <aaa@gmail.com> -> <admin@Mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9E7EBC000013E
Mar 14 13:39:21 mail.Mydomain.com /usr/sbin/amavisd[9714]: (09714-01) Passed SPAM {RelayedTaggedInbound}, [46.167.245.205]:35108 [46.167.245.205] ESMTP/ESMTP <aaa@gmail.com> -> <admin@Mydomain.com>, (ESMTPS://[46.167.245.205]:35108), Queue-ID: 5AAE7C0000121, Message-ID: <20180314053900.6FFCCD5A86@emkei.cz>, mail_id: Be-WdexruIYN, b: aLMp2piT4, Hits: 10.12, size: 1082, queued_as: 9E7EBC000013E, Subject: "test fake", From: <aaa@gmail.com>, helo=emkei.cz, Tests:[DKIM_ADSP_CUSTOM_MED=0.001,FREEMAIL_FROM=0.001,FROMNAME_SPOOF=1,FROMNAME_SPOOF_FREEMAIL=2,F_DM=5,NML_ADSP_CUSTOM_MED=1.2,SPF_FAIL=0.919,SPF_HELO_PASS=-0.001], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=10.12, relaycountry=CZ, rss=241548, 2702 ms
Mar 14 13:39:21 mail.Mydomain.com /usr/sbin/amavisd[9714]: (09714-01) Passed SPAM,<aaa@gmail.com> -> <admin@Mydomain.com>, Hits: 10.12, tag=-999, tag2=5, kill=6.9, queued_as: 9E7EBC000013E, L/Y/Y/Y 

2).未啟動 bcc 的帳戶: (test4@) : 可阻檔並隔離 ,過一些時間, 會收到 spam@ 寄出的 隔離信件通知.

amavisd.log:

Mar 14 14:05:56 mail.main.com /usr/sbin/amavisd[9684]: (09684-02) Blocked SPAM {DiscardedInbound,Quarantined}, [46.167.245.205]:53282 [46.167.245.205] ESMTP/ESMTP <a@gmail.com> -> <test4@Mydomain.com>, (ESMTPS://[46.167.245.205]:53282), quarantine: ZfKqLkP1OisB, Queue-ID: C6ECDC0000121, Message-ID: <20180314060527.B457BD589C@emkei.cz>, mail_id: ZfKqLkP1OisB, b: FU34Nu1Ga, Hits: 11.357, size: 1090, Subject: "test fake 2", From: <a@gmail.com>, helo=emkei.cz, Tests:[DKIM_ADSP_CUSTOM_MED=0.001,FREEMAIL_FROM=0.001,F_DM=5,HTML_MESSAGE=0.001,HTML_MIME_NO_HTML_TAG=0.635,KAM_NUMSUBJECT=0.5,MIME_HEADER_CTYPE_ONLY=1.996,MIME_HTML_ONLY=1.105,NML_ADSP_CUSTOM_MED=1.2,SPF_FAIL=0.919,SPF_HELO_PASS=-0.001], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=11.357, relaycountry=CZ, rss=244100, 1494 ms
Mar 14 14:05:56 mail.Mydomain.com /usr/sbin/amavisd[9684]: (09684-02) Blocked SPAM, <a@gmail.com> -> , Hits: 11.357, tag=-999, tag2=5, kill=6.9, L/Y/Y/Y

3).在 spamassassin 我是有另外加入其他rule ;但有些問題還是不懂:

a).spamassassin 未自己加入一些規則, 上面測試網址, 應該是擋不到.

此為admin@ 收到主旨為 "***Spam***" 的表頭內容:

X-Spam-Flag: YES
X-Spam-Score: 10.12
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.12 tagged_above=-999 required=5
    tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001,
    FROMNAME_SPOOF=1, FROMNAME_SPOOF_FREEMAIL=2, F_DM=5,
    NML_ADSP_CUSTOM_MED=1.2, SPF_FAIL=0.919, SPF_HELO_PASS=-0.001]
    autolearn=no autolearn_force=no 

b). 上面2). 因我有啟動 "隔離信件通知" ; test4@ 有收到 ,所以 iRedAdmin-Pro 正常 ;
     但1). 測試 test@ 有啟用 bcc 功能 則未收到"隔離信件通知" ,而admin@ 收到amavisd 的 spam訊息.

     過一些時間才收到spam@ 寄出的"隔離信件通知",在3/4時是收不到通知(第一po文時) .

c). iRedMail 正常對spamassassin 手動加入rule ,會影響其運作?
     前一po文  ,皆針對test@ (啟用bcc), " *** Spam *** " 經查此為 amavisd.conf 內的設定 .

回复: spam 通知的訊息不一樣

rain6966 写道:

請問版主:
1).spam 訊息何以會不一樣? 正確是否以iRedAdmin-Pro 的設定為主 ,如何修正.

2). 但實際上我有設定 "隔離信件通知" ,設定如下:
何以沒有啟動此功能? 還是此功能只針對incoming 信件,未針對內網帳號?

iRedMail amavisd :
預設值為 6.2 , 如下 , 當我更改為 5.0時 ,
#$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_tag2_level_deflt = 5.0;

在iRedAdmin-Pro裡:
/var/www/iredadmin/libs/amavisd/spampolicy.py
DEFAULT_SPAM_TAG_LEVEL = 2
DEFAULT_SPAM_TAG2_LEVEL = 6

請問版主 iRedmail-Pro 會有動作?
是會以amavisd 新值5.0, 還是 iRedAmin-pro 的 6 為優先?

amavisd 的預設值,新安裝是否要設高一點 ,如10 ,
避免iRedAdmin-Pro 主控台設定高於amavisd 的6.2時,
或像我不小心調降Amavisd 的預設值,造成iRedAdmin-pro 的動作異常.

PS:
在英文論壇有人提問 "Set spam deliver vs. bounce threshold?"
此為我這邊的設定值, 和版主的值是不一樣:這會有影響?

(iRedAdmin-Pro-LDAP-3.0)

        # Update spam policy
        updates = {}
        updates['spam_lover'] = 'Y'
        updates['bypass_spam_checks'] = 'N'
        updates['virus_lover'] = 'N'
        updates['bypass_virus_checks'] = 'N'
        updates['banned_files_lover'] = 'Y'
        updates['bypass_banned_checks'] = 'N'
        updates['bad_header_lover'] = 'Y'
        updates['bypass_header_checks'] = 'N'

        if 'enable_spam_checks' not in form:
            updates['bypass_spam_checks'] = 'Y'

        if 'enable_virus_checks' not in form:
            updates['bypass_virus_checks'] = 'Y'

        if 'enable_banned_checks' not in form:
            updates['bypass_banned_checks'] = 'Y'

        if 'enable_header_checks' not in form:
            updates['bypass_header_checks'] = 'Y'

回复: spam 通知的訊息不一樣

這是封為無此帳號的信件,因有啟用 cath-all 功能.
所以會寄給我這設定的spam@Mydomain.com帳號.
但仍出現 ***spam*** 的主旨.
經看其分數為 5.075, 在amavisd 我是設為 5.0 ,iRedAdmin-Pro 使用預設值6.0 ,
所以應是 amavisd 的動作造成的.

 
From - Wed Mar 28 08:02:00 2018
X-Account-Key: account71
X-UIDL: 0000008758db0a80
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <bounces13@thecentsiblelife.com>
Delivered-To: spam@Mydomain.com
Received: from mail.Mydomain.com (mail.Mydomain.com [127.0.0.1])
    by mail.Mydomain.com (Postfix) with ESMTP id A529CC0000F46
    for <spam@Mydomain.com>; Wed, 28 Mar 2018 04:20:55 +0800 (CST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.Mydomain.com A529CC0000F46
Authentication-Results: mail.Mydomain.com/A529CC0000F46; dmarc=none (p=none dis=none) header.from=thecentsiblelife.com
Authentication-Results: mail.Mydomain.com; spf=pass smtp.mailfrom=bounces13@thecentsiblelife.com
X-Virus-Scanned: By Mydomain MailServer
X-Spam-Flag: YES
X-Spam-Score: 5.075
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.075 tagged_above=-999 required=5
    tests=[HTML_MESSAGE=0.001, KAM_LAZY_DOMAIN_SECURITY=1,
    RCVD_IN_SENDERSCORE_0_29=2.8, RDNS_NONE=1.274]
    autolearn=no autolearn_force=no
Received: from mail.Mydomain.com ([127.0.0.1])
    by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id W5ZYRu4xm6V2 for <spam@Mydomain.com>;
    Wed, 28 Mar 2018 04:20:53 +0800 (CST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.Mydomain.com 4B0B0C0000F45
Received: from filter1.selecthosting.com (unknown [185.224.76.28])
    by mail.Mydomain.com (Postfix) with SMTP id 4B0B0C0000F45
    for <onestone@Mydomain.com>; Wed, 28 Mar 2018 04:20:43 +0800 (CST)
Received: from filter1.selecthosting.com ([127.0.0.1]) by filter1.selecthosting.com ([127.0.0.1]) with SMTPSVC;
     Tue, 27 Mar 2018 22:22:07 +0200
Message-ID: <b9aa875ceb93729b8f10ee0039956865@thecentsiblelife.com>
Reply-To: <reg@world-business-list.org>
From: "World Business Registry" <general.business@thecentsiblelife.com>
To: <onestone@Mydomain.com>
Subject: ***Spam*** Pending - World Business Registration 2018-2019
    [REF:PDI-13698]
Date: Tue, 27 Mar 2018 22:22:07 +0200

回复: spam 通知的訊息不一樣

這是另一封得分 12.985 的信件,iRedAdmin-Pro 可正常阻隔,可收到隔離信件通知.
test4@ 可收到通知 , (因未啟用 bcc ,故admin@未收到通知)

但此和上一封 5.075 的信件令人不解! 怎不是amavisd 在動作? (主旨未有 "***spam***" )

From - Wed Mar 28 17:28:57 2018
X-Account-Key: account127
X-UIDL: 0000325958db0a8f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <sb+s1065346u6240@n5.nabble.com>
Delivered-To: test4@Mydoamin.com
Received: from mail.Mydomain.com (mail.Mydomain.com [127.0.0.1])
    by mail.Mydomain.com (Postfix) with ESMTP id B5B61C0000F4A
    for <test4@Mydomain.com>; Wed, 28 Mar 2018 17:26:05 +0800 (CST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.Mydomain.com 5B61C0000F4A
Authentication-Results: mail.Mydomain.com/B5B61C0000F4A; dmarc=none (p=none dis=none) header.from=n5.nabble.com
Authentication-Results: mail.Mydomain.com; spf=pass  smtp.mailfrom=sb+s1065346u6240@n5.nabble.com
Resent-From: "Content-filter at mail.Mydomain.com" 
    <postmaster@mail.Mydomain.com>
Resent-To: <test4@Mydomain.com>
Resent-Date: Wed, 28 Mar 2018 17:26:05 +0800 (CST)
Resent-Message-ID: <VQczWXQJh2pP- Lpbuugp5LgNg@mail.Mydomain.com>
Received: from unknown ([127.0.0.1])
    by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 9998)
    id Lpbuugp5LgNg for <test4@Mydomain.com>;
    Wed, 28 Mar 2018 17:26:05 +0800 (CST)
Received: from mail.Mydomain.com ([127.0.0.1]) by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VQczWXQJh2pP for <test4@Mydomain.com>; Wed, 28 Mar 2018 16:31:16 +0800 (CST)
Authentication-Results: mail.Mydomain.com; spf=pass (sender SPF authorized) smtp.mailfrom=n5.nabble.com (client-ip=162.253.133.81; helo=n5.nabble.com; envelope-from=sb+s1065346u6240@n5.nabble.com;  receiver=test4@Mydomain.com)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.Mydomain.com     8FDC9C0000F4A
Authentication-Results: mail.Mydomain.com/8FDC9C0000F4A; dmarc=none (p=none dis=none) header.from=n5.nabble.com
Authentication-Results: mail.Mydomain.com; spf=pass smtp.mailfrom=sb+s1065346u6240@n5.nabble.com
Received: from n5.nabble.com (n5.nabble.com [162.253.133.81])
    by mail.Mydomain.com (Postfix) with ESMTP id 8FDC9C0000F4A
    for <test4@Mydomamin.com>; Wed, 28 Mar 2018 16:31:10 +0800 (CST)
Received: from n5.nabble.com (localhost [127.0.0.1])
    by n5.nabble.com (Postfix) with ESMTP id 66CFB5179D0E
    for <test4@Mydomain.com>; Wed, 28 Mar 2018 01:31:07 -0700 (MST)
Date: Wed, 28 Mar 2018 01:31:07 -0700 (MST)
From: "Rules Report Cron-2 [via SpamAssassin]" <ml+s1065346n150995h8@n5.nabble.com>
To: test4 <test4@Mydomain.com>
Message-ID: <20180328083043.6AA1AA0B17@sa-vm1.apache.org>
Subject: [auto] bad sandbox rules report
MIME-Version: 1.0
Content-Type: multipart/alternative; 

此在主控台可看到, spam的分數; 在release 信件下來,則沒有spam 的分數(這是什麼原因?);
故抓amavisd.log的資料.

40687:Mar 28 16:31:16 mail.Mydomain.com /usr/sbin/amavisd[6344]: (06344-01) ESMTP [127.0.0.1]:10024 /var/spool/amavisd/tmp/amavis-20180328T163116-06344-yr6uZ0Lb: <sb+s1065346u6240@n5.nabble.com> -> <test4@Mydomain.com> SIZE=471554 Received: from mail.Mydomain.com ([127.0.0.1]) by mail.Mydomain.com (mail.Mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <test4@Mydomain.com>; Wed, 28 Mar 2018 16:31:16 +0800 (CST)

40688:Mar 28 16:31:16 mail.Mydomain.com /usr/sbin/amavisd[6344]: (06344-01) Checking: VQczWXQJh2pP [162.253.133.81] <sb+s1065346u6240@n5.nabble.com> -> <test4@Mydomain.com>

40689:Mar 28 16:31:48 mail.Mydomain.com /usr/sbin/amavisd[6344]: (06344-01) delivering to sql:, SEND via SQL (DBI:mysql:database=amavisd;host=127.0.0.1;port=3306): <sb+s1065346u6240@n5.nabble.com> -> <test4@Mydomain.com>, mail_id VQczWXQJh2pP

40690:Mar 28 16:31:48 mail.Mydomain.com /usr/sbin/amavisd[6344]: (06344-01) Blocked SPAM {DiscardedInbound,Quarantined}, [162.253.133.81]:62508 [162.253.133.81] ESMTP/ESMTP <sb+s1065346u6240@n5.nabble.com> -> <test4@Mydomain.com>, (ESMTP://[162.253.133.81]:62508), quarantine: VQczWXQJh2pP, Queue-ID: 8FDC9C0000F4A, Message-ID: <20180328083043.6AA1AA0B17@sa-vm1.apache.org>, mail_id: VQczWXQJh2pP, b: JkMRCJE3R, Hits: 12.984, size: 471493, Subject: "[auto] bad sandbox rules report", From: <ml+s1065346n150995h8@n5.nabble.com>, helo=n5.nabble.com, Tests: [AD_PREFS=0.28,HTML_MESSAGE=0.001,KAM_LOTTO1=0.5,KAM_SEX=7,KAM_VIAGRA6=3.1,LOTS_OF_MONEY=0.001,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_SENDERSCORE_90_100=-1.2,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001,THIS_AD=1.199,UPPERCASE_50_75=0.791,URIBL_BLOCKED=0.001,URI_HEX=1.313], shortcircuit=no, autolearn=no autolearn_force=no, autolearnscore=12.985, relaycountry=US_**, rss=281140, 31909 ms

40691:Mar 28 16:31:48 mail.Mydomain.com /usr/sbin/amavisd[6344]: (06344-01) Blocked SPAM, <sb+s1065346u6240@n5.nabble.com> -> , Hits: 12.984, tag=-999, tag2=5, kill=6.9, L/Y/Y/Y

是大於6.2 , iRedAdmin-Pro 優先? 小於 6.2到5.0 時, amavisd 優先?

版主我好像在寫推理小說, 但結果好像還在叢林裡!!!!

此topic 我想把它砍掉,實在浪費版主和大家時間.

回复: spam 通知的訊息不一樣

这个问题有助于搞清楚 SQL table (amavisd.policy) 里的各个 column 的用法。
在此我想说声抱歉,最近因为到了另外一个国家,这几天还没有时间仔细测试你反馈的问题,可能还要再拖几天甚至几个星期。非常抱歉。