Request for advice from Linux sysadmins with Postfix-based mail stack experience:

I've set up a new mail stack on Ubuntu Server 24.04, with Postfix, Dovecot, OpenDMARC, OpenDKIM, Postscreen, Postgrey and Postwhite, and it's all working fine. Now I want to add on virus scanning with ClamAV and spam checking.

In the past, I used Amavis and SpamAssassin.

Now, ChatGPT claims that Amavis is getting old and deprecated, and SpamAssassin in getting very little support now.

So, ChatGPT recommends Rspamd instead, which it says is much faster, is well maintained, and is a whole lot more up to date in design and functionality.

Advice, thoughts and recommendations?

Please boost!

#postfix #dovecot #linux #sysadmin #amavis #rspamd

@blindcoder
Have a look at
/etc/spamassassin/local.cf
whitelist_from *@anymail.com

If spamassassin works with amavis you will find more settings in
/etc/amavis/conf.d/20-debian_defaults

Search for $whitelist_sender or @whitelist_sender_maps. These entries are self-explanatory.

In the same file search for
ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

This allows you to control the scoring. (NOTE: positive: black, negative: white)

Go to the array definition an add something like the following to the whitelist part:

'.foo.example.com' => -6.0,
'[email protected]' => -3.0,

Then restart your services like #amavis, #spamassassin, #postfix, #dovecot ...

Hop, reconfiguration de mon serveur de courriel personnel pour me passer d'Amavis qui n'est plus maintenu depuis 2018.

Comme souvent, aide trouvée sur le wiki de « L'Internet Rapide et Permanent » : https://irp.nain-t.net/doku.php/200messagerie:020postfix2:065_plus_simple

#Linux #Courriel #Postfix #ClamAV #Amavis #AdminSys

So, apparently I can't inspect the `Authentication-Results` in Amavis/SpamAssassin rules. Presumably because it isn't written when the rules are evaluated.

So I can see the DKIM_SIGNED and DKIM_INVALID rules, but I don't seem to be able to see _why_ it is invalid (e.g. it timed out) in other rules. Which is annoying when one server keeps getting DNS timeouts in the lookup even though it's legit 😐

#SpamAssassin #Amavis #SysadminProblems

I've had an inbound email fail DKIM checks because the DNS lookup timed out.
But the Amavis log entry says 8943ms. Which is ~9s. Which isn't (normally) long enough for something to time out. And if I restart Unbound (to clear the cache) and do a `dig` then it still gets the DKIM TXT record almost instantly.

Is there a way to increase the DNS lookup time for DKIM in Amavis? I'm not finding anything in the docs or Arch wiki.

#SysAdmin #email #Amavis #SpamAssassin #Postfix