Skip to content

[BUG] SA_KILL does not delete spam #3165

Closed
#3360
Closed
[BUG] SA_KILL does not delete spam#3165
#3360
Labels
kind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainersmeta/staleThis issue / PR has become stale and will be closed if there is no further activitypriority/mediumservice/security/spamassassin
@christianhubmann

Description

@christianhubmann
christianhubmann
opened on Mar 7, 2023

Miscellaneous first checks

  • I checked that all ports are open and not blocked by my ISP / hosting provider.
  • I know that SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself. I'm confident my setup is correct.

Affected Component(s)

SpamAssassin

What happened and when does this occur?

ENABLE_SPAMASSASSIN=1
SPAMASSASSIN_SPAM_TO_INBOX=1
ENABLE_SPAMASSASSIN_KAM=0
MOVE_SPAM_TO_JUNK=1
SA_TAG=2.0
SA_TAG2=6.31
SA_KILL=10
SA_SPAM_SUBJECT=***SPAM(_SCORE_)*****

All spam mails are moved to the junk folder, even those with a spam score over 10 (SA_KILL), as seen in the screenshot.

As a side note, most of the spam I receive is fetched from other mail servers by fetchmail. Does this make a difference in the way SA_KILL is handled?

grafik

What did you expect to happen?

I would expect mails with a spam score of over 6.31 (SA_TAG2) to be marked as spam and moved to the junk folder, and mails with a spam score of over 10 (SA_KILL) to get deleted immediately.

How do we replicate the issue?

  1. configure SpamAssassin as above
  2. configure fetchmail
  3. receive spam

DMS version

11.3.1

What operating system is DMS running on?

Linux

Which operating system version?

Debian 11

What instruction set architecture is DMS running on?

AMD64 / x86_64

What container orchestration tool are you using?

Docker Compose

docker-compose.yml

services:
  mailserver:
    image: docker.io/mailserver/docker-mailserver:latest
    container_name: mailserver
    hostname: ******
    domainname: ******
    env_file: mailserver.env
    ports:
      - "5025:25"  # SMTP  (explicit TLS => STARTTLS)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
      - 4190:4190  # managesieve
    volumes:
      - ./mail-data/:/var/mail/
      - ./mail-state/:/var/mail-state/
      - ./mail-logs/:/var/log/mail/
      - ./config/:/tmp/docker-mailserver/
    restart: unless-stopped
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

Relevant log output

This is the log output of receiving the first three mails in the screenshot above:

Mar  7 13:19:48 mail fetchmail[825]: 3 messages for ********** at ********** (46682 octets).
Mar  7 13:19:48 mail postfix/postscreen[11017]: CONNECT from [127.0.0.1]:40366 to [127.0.0.1]:25
Mar  7 13:19:48 mail postfix/postscreen[11017]: PASS OLD [127.0.0.1]:40366
Mar  7 13:19:48 mail postfix/smtpd[11018]: connect from localhost[127.0.0.1]
Mar  7 13:19:48 mail opendmarc[789]: ignoring connection from localhost
Mar  7 13:19:48 mail postfix/trivial-rewrite[11021]: warning: do not list domain ********** in BOTH mydestination and virtual_mailbox_domains
Mar  7 13:19:48 mail policyd-spf[11023]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=**********; envelope-from=; receiver=<UNKNOWN>
Mar  7 13:19:48 mail postfix/smtpd[11018]: A15B5116BB8: client=localhost[127.0.0.1]
Mar  7 13:19:48 mail postfix/cleanup[11025]: A15B5116BB8: message-id=<[email protected]>
Mar  7 13:19:48 mail opendkim[780]: A15B5116BB8: no signing table match for '[email protected]'
Mar  7 13:19:48 mail opendkim[780]: A15B5116BB8: no signature data
Mar  7 13:19:48 mail fetchmail[825]: reading message **********@**********:1 of 3 (5718 octets) flushed
Mar  7 13:19:48 mail postfix/qmgr[1542]: A15B5116BB8: from=<>, size=6223, nrcpt=1 (queue active)
Mar  7 13:19:48 mail policyd-spf[11023]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=**********; envelope-from=; receiver=<UNKNOWN>
Mar  7 13:19:48 mail postfix/smtpd[11018]: E56CF116E88: client=localhost[127.0.0.1]
Mar  7 13:19:48 mail postfix/cleanup[11025]: E56CF116E88: message-id=<[email protected]>
Mar  7 13:19:48 mail opendkim[780]: E56CF116E88: no signing table match for '[email protected]'
Mar  7 13:19:48 mail opendkim[780]: E56CF116E88: no signature data
Mar  7 13:19:48 mail fetchmail[825]: reading message **********@**********:2 of 3 (5603 octets) flushed
Mar  7 13:19:48 mail postfix/qmgr[1542]: E56CF116E88: from=<>, size=6108, nrcpt=1 (queue active)
Mar  7 13:19:49 mail policyd-spf[11023]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=**********; envelope-from=; receiver=<UNKNOWN>
Mar  7 13:19:49 mail postfix/smtpd[11018]: 36DB4116D5C: client=localhost[127.0.0.1]
Mar  7 13:19:49 mail postfix/cleanup[11025]: 36DB4116D5C: message-id=<[email protected]>
Mar  7 13:19:49 mail opendkim[780]: 36DB4116D5C: no signing table match for '[email protected]'
Mar  7 13:19:49 mail opendkim[780]: 36DB4116D5C: no signature data
Mar  7 13:19:49 mail fetchmail[825]: reading message **********@**********:3 of 3 (35361 octets) flushed
Mar  7 13:19:49 mail postfix/qmgr[1542]: 36DB4116D5C: from=<>, size=35875, nrcpt=1 (queue active)
Mar  7 13:19:49 mail postfix/smtpd[11018]: disconnect from localhost[127.0.0.1] ehlo=1 mail=3 rcpt=3 data=3 quit=1 commands=11
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11043]: connect from localhost[127.0.0.1]
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11043]: 3475F116B50: client=localhost[127.0.0.1]
Mar  7 13:19:50 mail postfix/cleanup[11025]: 3475F116B50: message-id=<[email protected]>
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11044]: connect from localhost[127.0.0.1]
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11043]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11044]: 36D82116D60: client=localhost[127.0.0.1]
Mar  7 13:19:50 mail postfix/qmgr[1542]: 3475F116B50: from=<>, size=6789, nrcpt=1 (queue active)
Mar  7 13:19:50 mail postfix/cleanup[11025]: 36D82116D60: message-id=<[email protected]>
Mar  7 13:19:50 mail amavis[1567]: (01567-08) Passed SPAM {RelayedTaggedInbound,Quarantined}, [127.0.0.1]:40366 [199.217.115.132] <> -> <**********>, quarantine: W/spam-Wp90JQTA_Fy9.gz, Queue-ID: A15B5116BB8, Message-ID: <[email protected]>, mail_id: Wp90JQTA_Fy9, Hits: 10.765, size: 6007, que>
Mar  7 13:19:50 mail postfix/smtp-amavis/smtp[11026]: A15B5116BB8: to=<**********>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.12/0.01/0/1.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3475F116B50)
Mar  7 13:19:50 mail postfix/qmgr[1542]: A15B5116BB8: removed
Mar  7 13:19:50 mail postfix/smtpd-amavis/smtpd[11044]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar  7 13:19:50 mail postfix/qmgr[1542]: 36D82116D60: from=<>, size=6608, nrcpt=1 (queue active)
Mar  7 13:19:50 mail amavis[1566]: (01566-08) Passed SPAM {RelayedTaggedInbound,Quarantined}, [127.0.0.1]:40366 [199.217.115.132] <> -> <**********>, quarantine: U/spam-U-g5duz0qIQK.gz, Queue-ID: E56CF116E88, Message-ID: <[email protected]>, mail_id: U-g5duz0qIQK, Hits: 9.765, size: 5892, queu>
Mar  7 13:19:50 mail postfix/smtp-amavis/smtp[11033]: E56CF116E88: to=<**********>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.05/0.01/0/1.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 36D82116D60)
Mar  7 13:19:50 mail postfix/qmgr[1542]: E56CF116E88: removed
Mar  7 13:19:50 mail postfix/qmgr[1542]: 3475F116B50: removed
Mar  7 13:19:50 mail postfix/qmgr[1542]: 36D82116D60: removed
Mar  7 13:19:51 mail postfix/smtpd-amavis/smtpd[11043]: connect from localhost[127.0.0.1]
Mar  7 13:19:51 mail postfix/smtpd-amavis/smtpd[11043]: 9FF9C116570: client=localhost[127.0.0.1]
Mar  7 13:19:51 mail postfix/cleanup[11045]: 9FF9C116570: message-id=<[email protected]>
Mar  7 13:19:51 mail postfix/qmgr[1542]: 9FF9C116570: from=<>, size=36581, nrcpt=1 (queue active)
Mar  7 13:19:51 mail amavis[1567]: (01567-09) Passed SPAM {RelayedTaggedInbound,Quarantined}, [127.0.0.1]:40366 [89.163.155.94] <> -> <**********>, quarantine: 6/spam-6WQ_t6ov5bgA.gz, Queue-ID: 36DB4116D5C, Message-ID: <[email protected]>, mail_id: 6WQ_t6ov5bgA, Hits: 17.399, size: 35650, qu>
Mar  7 13:19:51 mail postfix/smtp-amavis/smtp[11026]: 36DB4116D5C: to=<**********>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.4, delays=0.05/0.96/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9FF9C116570)
Mar  7 13:19:51 mail postfix/qmgr[1542]: 36DB4116D5C: removed
Mar  7 13:19:51 mail postfix/qmgr[1542]: 9FF9C116570: removed

Other relevant information

No response

What level of experience do you have with Docker and mail servers?

  • I am inexperienced with docker
  • I am rather experienced with docker
  • I am inexperienced with mail servers
  • I am rather experienced with mail servers
  • I am uncomfortable with the CLI
  • I am rather comfortable with the CLI

Code of conduct

Improvements to this form?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainersmeta/staleThis issue / PR has become stale and will be closed if there is no further activitypriority/mediumservice/security/spamassassin

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions