This is not a spamassassin on my server. This caused by ClamAv update. i updated the ClamAv yesterday. And all of my mail did not go to user. i think all the my mail assigned infected and sent to tmp/clamav... Or what else? Because when i remove the clamav from the system. all thing are normal. But then whrn i reinstall it, same problem continue again.

Please help..

This is not a spamassassin on my server. This caused by ClamAv update.

First piece of advice: Start a thread about your problem. This thread is about spam and spam delivery. So, all of the advice doesn't apply to your case at all.

I have seen your multiple other threads about your clamav issues...how about picking one of those threads, and follow up on it with reasonable information (like log entries) so we can help you solve the problem? Don't chime in on completely unrelated threads. It confuses everybody (me, especially, as I'm trying to answer dozens of posts every day, on top of a couple hundred emails and another couple dozen tickets in the tracker). Take pity on poor, easily confused, old me. ;-)

ok. you are right
i apologize.

Thank you.

The biggest spam problem occurring at the moment (for about the past 2 months) is NDRs (Non-Delivery Receipts) -- 554 (service unavailable) or 550 (user unknown) "bounce" errors. These are legitimate responses from mailservers which have been hit using reply-to addresses harvested from your web users.

Although this sort of attack has been used sporadically in the past, it now seems to be commonplace. We have 2 or 3 users per day complaining about it. It appears to actually be a tactic to get users to actually open and investigate, and click the links inside the NDR's if they copy the message text back to the reply-to recipient.

Load on our mailservers is higher than it has been since we started using Postini to filter the majority of our mail and mailservers.

More info:
http://www.chattanooga.net/20080407112/faqs/web-hosting/email-cloaking.html

(yes, I wrote that FAQ so I could easily reply to the hundreds of customers who are complaining about this very issue).

So I'm having this issue also, that I don't think spamassasin is doing anything. I've restarted it and checked maillog and procmail.log. procmail.log has stuff in but in neither log file can I see any mention of spam checking.

This is my procmailrc file:

Code:

LOGFILE=/var/log/procmail.log TRAP=/usr/libexec/webmin/virtual-server/procmail-logger.pl :0wi VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME :0 * ?test  $VIRTUALMIN  != { INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN } DROPPRIVS=yes DEFAULT=$HOME/Maildir/ ORGMAIL=$HOME/Maildir/ :0 $DEFAULT :0 * ^X-Spam-Status: Yes /dev/null

That also doesn't look like it's doing anything spam related aside from the X-Spam-Status line.

Help would be appreciated.

spam is still getting through... it's not getting scored correctly by spamassassin.. there is a score applied to 'some' of the emails but tno all of them.. and the score that is applied is VERY low like 0.5 or less

so now what?

Any ideas guys on what could be up? Is it a problem in the procmailrc file?

Any ideas guys on what could be up? Is it a problem in the procmailrc file?

You've actually got two different (and incompatible) rulesets there. Remove these lines:

:0
$DEFAULT
:0
* ^X-Spam-Status: Yes
/dev/null


The last two, in particular, aren't the right way to go--it takes control out of the hands of Virtualmin (and your users).

But, neither of these things has any impact on spam filtering.. All of the spam filtering happens in the VIRTUALMIN section, and the behavior of procmail is determined by the configuration (per-domain and possibly per-user).

You'll want to look in the procmail.log to see if there are any clues.

You'll also want to be sure Postfix is actually delivering to procmail-wrapper. Check the maillog/mail.log for this.