[CentOS] RE: Logwatch / spamassassin

Thu Sep 11 15:15:00 UTC 2008
RobertH <roberth at abbacomm.net>

Take a logwatch email with lots of "bad ips etc" and run it through
spamassassin as the same user that spamassassin runs under on that machine
and it will give you some info you need to make better decisions

You will actually see how it is getting eval'd and scored...

The best answer(s), and what you use to solve the issue may not be the same
thing.

Once you do that, you could actually create a rule called
ADMIN_LOGWATCH_LOCAL and have it score appropriately.

Whitelisting is a kludge.

Possibly your trust path could be messed up too.

Many people would say don't allow the MTA to hand to SA, yet if all email
must be handed to SA by policy.... you get the idea...

 - rh