« previous next »
Pages: [1]

Author Topic: Amavis + SpamAssassin not tagging spam emails on server  (Read 106 times)

0 Members and 1 Guest are viewing this topic.

Offline
evandroph
*
Amavis + SpamAssassin not tagging spam emails on server
« on: April 16, 2025, 05:23:49 PM »
Hello,

I'm facing an issue where Amavis is not tagging suspected SPAM messages correctly on one of my servers, even though everything appears to be configured identically to another server that is working fine.

I have two servers running: CWPpro version: 0.9.8.1201 on AlmaLinux 8.10 (Cerulean Leopard)

The configuration files are nearly identical across both:

main.cf and master.cf (Postfix)

amavisd.conf (Amavis)

local.cf (SpamAssassin)

Both servers are set with the correct hostname, local adjustments, and same SpamAssassin thresholds ($sa_tag_level_deflt = 0, $sa_tag2_level_deflt = 5, etc.).

On Server A (older one), everything works perfectly: Spam emails are tagged with:

*** SPAM ***
X-Virus-Scanned: amavis at xxxxx.com.br
X-Spam-Flag: YES
X-Spam-Score: 5.845
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.845 tagged_above=2 required=5...
On Server B (newer one), no emails are tagged, and the X-Spam-* headers are completely missing, even though Amavis is correctly delivering mail and SpamAssassin appears to be running without error.

The only difference I notice is that Server B is constantly triggering LFD alerts like this:

lfd on server.xxxxx.com.br: Suspicious process running under user amavis

Code: [Select]
Time:    Wed Apr 16 12:07:34 2025 -0300
PID:     2075822 (Parent PID:1942762)
Account: amavis
Uptime:  128 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

/usr/sbin/amavisd (ch1-avail)


Network connections by the process (if any):

tcp: 127.0.0.1:46506 -> 127.0.0.1:10025


Files open by the process (if any):

/dev/null
/dev/null
/dev/null

It seems Amavis is calling SpamAssassin and forwarding the message, but not tagging or modifying headers in any way. I also confirmed that log_level = 2 and SpamControl: init_child on SpamAssassin done appears in the logs.

If anyone has suggestions or insights into why the tagging is silently failing (even with identical config files and packages), I would really appreciate the help.

Thanks in advance!
Logged
Pages: [1]
« previous next »