Amavisd-new acts as a connecting point between Spamassassin, Clamav and Postfix.  This is important to  remember because much of the configuration that would seem to be done on Spamassasin directly, actually occurs in the amavisd-new configuration file.

When amavisd detects spam using Spamassassin it will log it to the log file and it also is able to perform several other actions.  It is possible to send it to a quarantine.  The quarantine will be where you placed it but typically it will be /var/virusmails.  Here is a sample of the spam messages that get collected there.

spam-bKry7jNBnpNH.gz
spam-FHXfz6-3XiuU.gz
spam-JGlrlfOV5Nwg.gz

The quarantine directory is set in /etc/amavisd.conf

$QUARANTINEDIR = ‘/var/virusmails’;  # -Q

You can see from above that when mail is placed in the quarantine directory it  will tag it and compress it.  So to view it run gunzip -d and then review the email.

This example shows Spamassassin tagged this email with a score of 17.454.  It also shows that the email was delivered to the spam-quarantine.  Notice that the Spam-Status shows yo exactly why it was tagged with such a high score.

# gunzip -d /home/spam-FY4ONy4piwUl.gz
# cat /home/spam-FY4ONy4piwUl
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <boldindianwife@rediffmail.com>
X-Envelope-To: <user@example.com>
X-Quarantine-ID: <FY4ONy4piwUl>
X-Spam-Flag: YES
X-Spam-Score: 17.454
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.454 tag=2 tag2=6.2 kill=6.9
tests=[DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_WHOIS=0.879,
HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.512, MIME_HTML_ONLY=0.001,
SUBJ_ALL_CAPS=1.166, URIBL_AB_SURBL=3.306, URIBL_JP_SURBL=3.36,
URIBL_OB_SURBL=2.617, URIBL_SC_SURBL=3.6, URIBL_WS_SURBL=1.533]
Received: from ns.example.com([127.0.0.1])
by localhost (ns.example.com[127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FY4ONy4piwUl for <user@example.com>;
Tue, 23 Sep 2008 01:18:23 -0700 (PDT)
Received: from cardservice22.fiberop.matgnet.com (unknown [82.117.207.22])
by ns.example.com(Postfix) with SMTP id 08584207D90
for <user@example.com>; Tue, 23 Sep 2008 01:18:21 -0700 (PDT)
Message-Id: <20080923114546.8474.qmail@cardservice22.fiberop.matgnet.com>
To: <user@example.com>
Subject: RE: SALE 89% OFF
From: VIAGRA INC <user@example.com>
MIME-Version: 1.0
Content-Type: text/html
Date: Tue, 23 Sep 2008 01:18:21 -0700 (PDT)

Here are the settings fro Spamassassin found in /etc/amavisd.conf.  You can see that with a tag score of 6.9 or more an email is sent to the quarantine, blocked from the user.

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)

$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

Delivery Status Notification (DSN) Messages
Delivery Status Notification refers to OUTBOUND emails that get a return status that it was not deliverable.   You can see that at or above level 10 no messages will be sent back to the sender.

# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off

If users are complaining about mail that is marked Spam in their mailboxes, you can drop the numbers.  For example if users are getting email that is marked as Spam and has a number of 5, then you could change to this configuration to put those email in quarantine instead of the user’s mailbox.

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.8;  # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 5.0;  # triggers spam evasive actions (e.g. blocks mail)

Of course any time that you adjust these you need to verify that you are not losing mail that is not Spam, but it should be in your quarantine.