More info in case it helps.
I have exim/dkim, clam and spamassassin enabled on all mail domains, and spamassassin enabled on all mailboxes.
local.conf
Code:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
score USER_IN_WHITELIST_TO -5000
bayes_path /var/spamassassin/bayes
This should rewrite the mail header on detected spam.
Excert from my mail log
Code:
Jun 24 04:55:45 svr1 postgrey[12346]: action=pass, reason=recipient whitelist, client_name=mail13.currentstore.cc, client_address=103.205.5.74, sender=www-19-1219133.LmhvdHNhbGU4LmNsdWI-pm-1-1-330-22-ktcddd9337@currentstore.cc, recipient=billing@********.co.uk
Jun 24 04:55:46 svr1 spamd[19877]: spamd: connection from localhost [127.0.0.1] at port 38000
Jun 24 04:55:46 svr1 spamd[19877]: spamd: setuid to root succeeded
Jun 24 04:55:46 svr1 spamd[19877]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jun 24 04:55:46 svr1 spamd[19877]: spamd: checking message <741669cd496fb794c4e24f020b3172aa@currentstore.cc> for root:99
Jun 24 04:55:48 svr1 spamd[19877]: spamd: identified spam (7.9/5.0) for root:99 in 1.7 seconds, 9147 bytes.
Jun 24 04:55:48 svr1 spamd[19877]: spamd: result: Y 7 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RP_MATCHES_RCVD,TO_IN_SUBJ,URIBL_BLOCKED,URIBL_DBL_SPAM scantime=1.7,size=9147,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38000,mid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>,autolearn=no
Jun 24 04:55:48 svr1 spamd[19869]: prefork: child states: II
Jun 24 04:55:49 svr1 dovecot: lda(billing@********.co.uk): msgid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>: saved mail to INBOX
As you can see, the message is being detected as spam and then transferred to the inbox.
Message header
Code:
Subject: The crisis has finished! Work with us!
Message-ID: <741669cd496fb794c4e24f020b3172aa@currentstore.cc>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.52)
Content-type: multipart/alternative; boundary="Alt-Boundary-00298.6444300"
X-Scanned-By: ClamAV 0.99.1; Fri, 24 Jun 2016 09:42:26 +0100
X-Spam_score: 11.3
X-Spam_score_int: 113
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "svr1.********.co.uk", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Here you can plainly see that the header is not being re-written for spam. I would like eventually to be able to set spamassassin to delete spam over a certain level but cannot risk that until I can verify that spamassassin is reading the correct configuration file.
Or is it reading the user.pref in the root .spamassassin folder?
ANY help would be good.