[CentOS] Daily Logwatch (Postfix) email being reported as spam

Thu Dec 9 11:27:34 UTC 2021
Jay Hart <jhart at kevla.org>

Hi All!!!

This issue is a bit beyond my knowledge level/area.

Spamassassin is tagging my logwatch emails as spam. The emails range in scores from 3.53 to 6.728.  Amavisd is set to 'kill/quarantine'
spam that scores 3.14 or higher, and I receive several each day.  Note: all other emails that are scored at 3.14 or higher ARE true SPAM.
I've checked this out.

I know this is caused by the the blacklist checks shown below. What I don't know 'exactly' how to do, is solve this.

Example header from one of my emails:
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <root at kevla.org>
X-Envelope-To: <jhart at kevla.org>
X-Envelope-To-Blocked: <jhart at kevla.org>
X-Quarantine-ID: <NnUN20KoPwXR>
X-Spam-Flag: YES
X-Spam-Score: 4.731
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.731 tag=2 tag2=3.14 kill=3.14
        tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7, URIBL_GREY=1.084] autolearn=no autolearn_force=no

What I have done to resolve:

I whitelisted the following email addresses/servers:
# more /etc/postfix/rbl_allow
kevla.org OK  # this is the server
root at kevla.org OK
jhart at kevla.org OK

Modified the following in main.cf:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/rbl_allow, permit_mynetworks, permit_sasl_authenticated,
reject_unknown_client, permit
smtpd_sender_restrictions = check_client_access hash:/etc/postfix/rbl_allow

ran 'postmap /etc/postfix/rbl_allow' and restarted the postfix and amavisd services.  I was hoping this would resolve but it didn't.

For the above URIBL scores, I can see the following scores set in 50_scores.cf.
score URIBL_GREY 0 1.084 0 0.424 # n=0 n=2
score URIBL_ABUSE_SURBL 0 1.948 0 1.250 # n=0 n=2
score URIBL_BLACK 0 1.7 0 1.7 # n=0 n=2

Since the URIBL list could be used to detect true legitimate spam, I don't think I want to commit those checks out, at least that doesn't
make sense to me.

I am at a loss as what the next step is.  Should/Could I modify the scores for these associated BLs in 50_scores, and if so, how does one
go about setting those?  I have been looking to determine how to do this.  This would possibly help me without just blocking those BL

Also, in Centos 8, what 'runs' the logwatch summary?  Assume this is pflogsumm. Does this have a config file for options to tweak the
output?  I do not have Logwatch analyzer package installed. I have the postfix-perl-scripts package installed.  I can't see what kicks
this off at night...

Lastly, those 'autolearn' and 'autolearn_force' options mentioned in the email header above. Are those configurable to setup (ie set to
yes) and again, how to do that, and why would I?

Thank you for your time.