求助！SA没有在Header中添加标记，也没有修改Subject.！！！[已解决]

deanetg

我的SA无法在垃圾邮件的Header中标记，并且没有修改Subject。我按照 michaelbibby 昨天给的回复修改了配置文件。但仍然不行。目前的情况是，如果发送病毒测试代码可以修改Subject，发送SPAM代码，没有修改Header和Subject，我在日志中已经看到了SA的检查信息给出了1000分，并且有：Passed SPAM的内容。但是收到的邮件却和正常邮件一样，没有办法用Maildrop来区分。请问高手我是哪里的问题？
我运行spamassassin -t < sample-spam.txt的结果如下：

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on ss004.testdomain.net
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.4 required=5.0 tests=EMPTY_MESSAGE,MISSING_DATE,
        MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
        NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.4
X-Spam-Report:
        *  0.0 MISSING_MID Missing Message-Id: header
        *  0.0 MISSING_DATE Missing Date: header
        * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
        *  1.6 MISSING_HEADERS Missing To: header
        *  2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
        *  1.3 MISSING_SUBJECT Missing Subject: header
        *  0.6 EMPTY_MESSAGE Message appears to have no textual parts and no
        *      Subject: text
        * -0.0 NO_RECEIVED Informational: message has no Received headers
        *  0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
        *      headers
Subject: *****SPAM(6.4)*****
X-Spam-Prev-Subject: (nonexistent)

Spam detection software, running on the system "ss004.testdomain.net", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
admin@testdomain.net for details.

Content preview:  [...]

Content analysis details:   (6.4 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 MISSING_MID            Missing Message-Id: header
0.0 MISSING_DATE           Missing Date: header
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
1.6 MISSING_HEADERS        Missing To: header
2.9 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
1.3 MISSING_SUBJECT        Missing Subject: header
0.6 EMPTY_MESSAGE          Message appears to have no textual parts and no
                            Subject: text
-0.0 NO_RECEIVED            Informational: message has no Received headers
0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers

[ 本帖最后由 deanetg 于 2008-3-21 22:44 编辑 ]

deanetg

......
$max_servers = 15;
$daemon_user  = 'amavis';
$daemon_group = 'amavis';
......
$log_level = 1;

$sa_tag_level_deflt  = 2.0;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 10;
$sa_dsn_cutoff_level = 10;

$final_virus_destiny      = D_PASS;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;
......

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;
$defang_banned = 1;

deanetg

rewrite_header Subject *****SPAM(_SCORE_)*****

add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_

report_safe 0
ok_locales      all

lock_method flock

required_score 5.0

use_bayes 1

bayes_auto_learn 1

deanetg

Mar 21 11:51:25 ss004 postfix/pickup[2689]: E7A5C1888092: uid=0 from=<root>
Mar 21 11:51:25 ss004 postfix/cleanup[3506]: E7A5C1888092: message-id=<20080321025125.E7A5C1888092@ss004.testdomain.net>
Mar 21 11:51:26 ss004 postfix/qmgr[2688]: E7A5C1888092: from=<root@testdomain.net>, size=366, nrcpt=1 (queue active)
Mar 21 11:51:26 ss004 amavis[3377]: (03377-04) ESMTP::10024 /var/amavis/tmp/amavis-20080321T113244-03377: <root@testdomain.net> -> <admin@testdomain.net> SIZE=366 Received: from ss004.testdomain.net ([127.0.0.1]) by localhost (ss004.testdomain.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <admin@testdomain.net>; Fri, 21 Mar 2008 11:51:26 +0900 (JST)
Mar 21 11:51:26 ss004 amavis[3377]: (03377-04) Checking: 6FKDMcALX+Tp <root@testdomain.net> -> <admin@testdomain.net>
Mar 21 11:51:26 ss004 amavis[3377]: (03377-04) cached 0fca00f17d26a0b7bf2f91aed000ec3b from <root@testdomain.net> (1,0)
Mar 21 11:51:32 ss004 amavis[3377]: (03377-04) local delivery: <> -> <spam-quarantine>, mbx=/var/virusmails/spam-6FKDMcALX+Tp.gz
Mar 21 11:51:32 ss004 postfix/smtpd[3510]: connect from ss004.testdomain.net[127.0.0.1]
Mar 21 11:51:32 ss004 postfix/smtpd[3510]: DCA3B1888094: client=ss004.testdomain.net[127.0.0.1]
Mar 21 11:51:32 ss004 postfix/cleanup[3506]: DCA3B1888094: message-id=<20080321025125.E7A5C1888092@ss004.testdomain.net>
Mar 21 11:51:32 ss004 postfix/qmgr[2688]: DCA3B1888094: from=<root@testdomain.net>, size=850, nrcpt=1 (queue active)
Mar 21 11:51:32 ss004 postfix/smtpd[3510]: disconnect from ss004.testdomain.net[127.0.0.1]
Mar 21 11:51:32 ss004 amavis[3377]: (03377-04) FWD via SMTP: <root@testdomain.net> -> <admin@testdomain.net>,BODY=7BIT 250 2.6.0 Ok, id=03377-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DCA3B1888094
Mar 21 11:51:32 ss004 amavis[3377]: (03377-04) Passed SPAM, <root@testdomain.net> -> <admin@testdomain.net>, quarantine: spam-6FKDMcALX+Tp.gz, Message-ID: <20080321025125.E7A5C1888092@ss004.testdomain.net>, mail_id: 6FKDMcALX+Tp, Hits: 1004.098, size: 366, queued_as: DCA3B1888094, 6972 ms
Mar 21 11:51:32 ss004 postfix/smtp[3509]: E7A5C1888092: to=<admin@testdomain.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.2, delays=0.18/0/0/7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DCA3B1888094)
Mar 21 11:51:32 ss004 postfix/qmgr[2688]: E7A5C1888092: removed
Mar 21 11:51:33 ss004 postfix/pipe[3514]: DCA3B1888094: to=<admin@testdomain.net>, relay=maildrop, delay=0.19, delays=0.08/0/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)
Mar 21 11:51:33 ss004 postfix/qmgr[2688]: DCA3B1888094: removed

deanetg

RFC822 Message body
Return-Path: <root@testdomain.net>
Delivered-To: admin@testdomain.net
Received: from localhost (ss004.testdomain.net [127.0.0.1])
by ss004.testdomain.net (Postfix) with ESMTP id DCA3B1888094
for <admin@testdomain.net>; Fri, 21 Mar 2008 11:51:32 +0900 (JST)
X-Quarantine-ID: <6FKDMcALX+Tp>
X-Virus-Scanned: amavisd-new at testdomain.net
Received: from ss004.testdomain.net ([127.0.0.1])
by localhost (ss004.testdomain.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6FKDMcALX+Tp for <admin@testdomain.net>;
Fri, 21 Mar 2008 11:51:26 +0900 (JST)
Received: by ss004.testdomain.net (Postfix, from userid 0)
id E7A5C1888092; Fri, 21 Mar 2008 11:51:25 +0900 (JST)
To: admin@testdomain.net
Subject: test
Message-Id: <20080321025125.E7A5C1888092@ss004.testdomain.net>
Date: Fri, 21 Mar 2008 11:51:25 +0900 (JST)
From: root@testdomain.net (root)

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

deanetg

Mar 21 12:09:55 ss004 authdaemond: modules="authmysql", daemons=10
Mar 21 12:09:55 ss004 authdaemond: Installing libauthmysql
Mar 21 12:09:56 ss004 authdaemond: Installation complete: authmysql
Mar 21 12:10:05 ss004 clamd[2573]: clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Mar 21 12:10:06 ss004 clamd[2573]: Running as user amavis (UID 1003, GID 1003)
Mar 21 12:10:06 ss004 clamd[2573]: Log file size limited to 1048576 bytes.
Mar 21 12:10:06 ss004 clamd[2573]: Reading databases from /usr/local/share/clamav
Mar 21 12:10:06 ss004 clamd[2573]: Not loading PUA signatures.
Mar 21 12:10:11 ss004 clamd[2573]: Loaded 232444 signatures.
Mar 21 12:10:13 ss004 clamd[2573]: Unix socket file /var/run/clamav/clamd
Mar 21 12:10:13 ss004 clamd[2573]: Setting connection queue length to 15
Mar 21 12:10:13 ss004 clamd[2573]: Listening daemon: PID: 2573
Mar 21 12:10:14 ss004 clamd[2573]: Archive: Archived file size limit set to 10485760 bytes.
Mar 21 12:10:14 ss004 clamd[2573]: Archive: Recursion level limit set to 8.
Mar 21 12:10:13 ss004 spamd[2587]: logger: removing stderr method
Mar 21 12:10:14 ss004 clamd[2573]: Archive: Files limit set to 1000.
Mar 21 12:10:14 ss004 clamd[2573]: Archive: Compression ratio limit set to 250.
Mar 21 12:10:14 ss004 clamd[2573]: Archive support enabled.
Mar 21 12:10:14 ss004 clamd[2573]: Algorithmic detection enabled.
Mar 21 12:10:14 ss004 clamd[2573]: Portable Executable support enabled.
Mar 21 12:10:14 ss004 clamd[2573]: ELF support enabled.
Mar 21 12:10:14 ss004 clamd[2573]: Mail files support enabled.
Mar 21 12:10:15 ss004 clamd[2573]: Mail: Recursion level limit set to 64.
Mar 21 12:10:15 ss004 clamd[2573]: OLE2 support enabled.
Mar 21 12:10:15 ss004 clamd[2573]: PDF support disabled.
Mar 21 12:10:15 ss004 clamd[2573]: HTML support enabled.
Mar 21 12:10:15 ss004 clamd[2573]: Self checking every 1800 seconds.
Mar 21 12:10:18 ss004 amavis[2603]: starting.  /usr/local/sbin/amavisd at ss004.testdomain.net amavisd-new-2.5.3 (20071212), Unicode aware, LANG="en_US.UTF-8"
Mar 21 12:10:18 ss004 amavis[2603]: user=, EUID: 0 (0);  group=, EGID: 0 (0)
Mar 21 12:10:18 ss004 amavis[2603]: Perl version               5.010000
Mar 21 12:10:22 ss004 amavis[2603]: SpamControl: init_pre_chroot done
Mar 21 12:10:22 ss004 amavis[2632]: Net::Server: Process Backgrounded
Mar 21 12:10:22 ss004 amavis[2632]: Net::Server: 2008/03/21-12:10:22 Amavis (type Net::Server:reForkSimple) starting! pid(2632)
Mar 21 12:10:22 ss004 amavis[2632]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
Mar 21 12:10:22 ss004 amavis[2632]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Mar 21 12:10:22 ss004 spamd[2589]: spamd: server started on port 783/tcp (running version 3.2.4)
Mar 21 12:10:23 ss004 amavis[2632]: Net::Server: Setting gid to "1003 1003"
Mar 21 12:10:23 ss004 amavis[2632]: Net::Server: Setting uid to "1003"
Mar 21 12:10:23 ss004 amavis[2632]: Module Amavis::Conf        2.093
Mar 21 12:10:23 ss004 spamd[2589]: spamd: server pid: 2589
Mar 21 12:10:23 ss004 amavis[2632]: Module Archive::Zip        1.23
Mar 21 12:10:23 ss004 amavis[2632]: Module BerkeleyDB          0.33
Mar 21 12:10:23 ss004 amavis[2632]: Module Compress::Zlib      2.008
Mar 21 12:10:23 ss004 amavis[2632]: Module Convert::TNEF       0.17
Mar 21 12:10:23 ss004 amavis[2632]: Module Convert::UUlib      1.09
Mar 21 12:10:23 ss004 amavis[2632]: Module DBI                 1.602
Mar 21 12:10:23 ss004 spamd[2589]: spamd: server successfully spawned child process, pid 2654
Mar 21 12:10:23 ss004 amavis[2632]: Module DB_File             1.816_1
Mar 21 12:10:23 ss004 amavis[2632]: Module Digest::MD5         2.36_01
Mar 21 12:10:24 ss004 amavis[2632]: Module Digest::SHA         5.45
Mar 21 12:10:23 ss004 spamd[2589]: spamd: server successfully spawned child process, pid 2673
Mar 21 12:10:24 ss004 amavis[2632]: Module Digest::SHA1        2.11
Mar 21 12:10:24 ss004 amavis[2632]: Module IO::Socket::INET6   2.54
Mar 21 12:10:24 ss004 amavis[2632]: Module MIME::Entity        5.425
Mar 21 12:10:24 ss004 amavis[2632]: Module MIME:arser        5.425
Mar 21 12:10:24 ss004 spamd[2589]: prefork: child states: II
Mar 21 12:10:24 ss004 amavis[2632]: Module MIME::Tools         5.425
Mar 21 12:10:24 ss004 amavis[2632]: Module Mail:KIM          0.301
Mar 21 12:10:24 ss004 amavis[2632]: Module Mail::Header        2.02
Mar 21 12:10:24 ss004 amavis[2632]: Module Mail::Internet      2.02
Mar 21 12:10:24 ss004 amavis[2632]: Module Mail::SPF           v2.005
Mar 21 12:10:24 ss004 amavis[2632]: Module Mail::SPF:uery    1.999001
Mar 21 12:10:25 ss004 amavis[2632]: Module Mail::SpamAssassin  3.002004
Mar 21 12:10:25 ss004 amavis[2632]: Module Net:NS            0.63
Mar 21 12:10:25 ss004 amavis[2632]: Module Net::Server         0.97
Mar 21 12:10:25 ss004 amavis[2632]: Module NetAddr::IP         4.007
Mar 21 12:10:25 ss004 amavis[2632]: Module Razor2::Client::Version 2.84
Mar 21 12:10:25 ss004 amavis[2632]: Module Time::HiRes         1.9711
Mar 21 12:10:25 ss004 amavis[2632]: Module URI                 1.35
Mar 21 12:10:25 ss004 postfix/postfix-script[2699]: starting the Postfix mail system
Mar 21 12:10:25 ss004 amavis[2632]: Module Unix::Syslog        1.0
Mar 21 12:10:25 ss004 postfix/master[2700]: daemon started -- version 2.5.1, configuration /etc/postfix
Mar 21 12:10:25 ss004 amavis[2632]: Amavis:B code      loaded
Mar 21 12:10:25 ss004 amavis[2632]: Amavis::Cache code   loaded
Mar 21 12:10:25 ss004 amavis[2632]: SQL base code        NOT loaded
Mar 21 12:10:25 ss004 amavis[2632]: SQLg code        NOT loaded
Mar 21 12:10:26 ss004 amavis[2632]: SQL:uarantine      NOT loaded
Mar 21 12:10:26 ss004 amavis[2632]: Lookup::SQL code     NOT loaded
Mar 21 12:10:26 ss004 amavis[2632]: LookupAP code    NOT loaded
Mar 21 12:10:26 ss004 amavis[2632]: AM.PDP-in proto code loaded
Mar 21 12:10:26 ss004 amavis[2632]: SMTP-in proto code   loaded
Mar 21 12:10:26 ss004 amavis[2632]: Courier proto code   NOT loaded
Mar 21 12:10:27 ss004 amavis[2632]: SMTP-out proto code  loaded
Mar 21 12:10:27 ss004 amavis[2632]: Pipe-out proto code  NOT loaded
Mar 21 12:10:27 ss004 amavis[2632]: BSMTP-out proto code NOT loaded
Mar 21 12:10:27 ss004 amavis[2632]: Local-out proto code loaded
Mar 21 12:10:27 ss004 amavis[2632]: OS_Fingerprint code  NOT loaded
Mar 21 12:10:27 ss004 amavis[2632]: ANTI-VIRUS code      loaded
Mar 21 12:10:28 ss004 amavis[2632]: ANTI-SPAM code       loaded
Mar 21 12:10:28 ss004 amavis[2632]: ANTI-SPAM-SA code    loaded
Mar 21 12:10:28 ss004 amavis[2632]: Unpackers code       loaded
Mar 21 12:10:28 ss004 amavis[2632]: Found $file            at /usr/bin/file
Mar 21 12:10:28 ss004 amavis[2632]: No $dspam,             not using it
Mar 21 12:10:28 ss004 amavis[2632]: No $altermime,         not using it
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .mail
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .asc
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .uue
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .hqx
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .ync
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .Z    at /usr/bin/gzip -d
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .gz   at /usr/bin/gzip -d
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .lzo  tried: lzop -d
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .cpio at /usr/bin/pax
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .tar  at /usr/bin/pax
Mar 21 12:10:28 ss004 amavis[2632]: Found decoder for    .deb  at /usr/bin/ar
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .zip
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .7z   tried: 7zr, 7za, 7z
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .rar  tried: rar, unrar
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .arj  tried: arj, unarj
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .arc  tried: nomarch, arc
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .zoo  tried: zoo, unzoo
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .lha  tried: lha
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .cab  tried: cabextract
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .tnef tried: tnef
Mar 21 12:10:28 ss004 amavis[2632]: Internal decoder for .tnef
Mar 21 12:10:28 ss004 amavis[2632]: No decoder for       .exe  tried: rar, unrar; lha; arj, unarj
Mar 21 12:10:28 ss004 amavis[2632]: Using primary internal av scanner code for ClamAV-clamd
Mar 21 12:10:28 ss004 amavis[2632]: Creating db in /var/amavis/db/; BerkeleyDB 0.33, libdb 4.3
Mar 21 12:10:29 ss004 amavis[2632]: SpamControl: initializing Mail::SpamAssassin
Mar 21 12:10:31 ss004 amavis[2632]: SpamControl: init_pre_fork done

deanetg

折腾一天终于找到原因了，原来是amavisd-new的配置文件中需要设置
@local_domains_maps= ( [".mydomain.net",".mydomain.com"] );
如果保留默认值或者注释的话，那么只能做到检查不会添加SPAM标记，仔细查看了amavisd-new的文档实验出来了。
而且还以用hash表的方式保存虚拟域，如：
read_hash(\%local_domains, '/etc/amavis/local_domains')；

#/etc/amavis/local_domains
mydomain.net
mydomain.com

本人是新手，可能对于高手不算什么问题，不过仍然希望对向我一样的新手朋友们有所帮助！

lxq007

不错，这个问题，我搞了快两天了，终于找到原因了。谢谢楼主了