amavisd is not blocking

[amarjith_s@hotmail.com]

sir,

our mail server is running in Release 6.0.2_GA_1912.DEBIAN5_64 DEBIAN5_64 FOSS edition , using amavid as spam filter , we are hitting huge spams in our mail box

mail patter lik follows

*********

From : Blowout Auctions" <amy_dryer70@plasstosy.com>

Department stores are over priced - See how you can ride the Wavee for less.

Buy top selling brands for far less than retail. Wavee's patent pending auction bidding begins at a penny.
View Here:
[url removed]
****************

I have checked logs

Mar 30 19:58:07 mail amavis[16113]: (16113-02) FWD via SMTP: <info@plasstosy.com > -> <amarjith@our server>,ENVID=172477239 BODY=7BIT 250 2.0.0 Ok, id=161 13-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 940AC87E68D
Mar 30 19:58:07 mail amavis[16113]: (16113-02) Passed CLEAN

its not filtering I am getting 50 such mail in may of my mailboxes please help mee............. to solve this


The orginal message of same type spam
***************8
X-Spam-Flag: NO
X-Spam-Score: 5.87
X-Spam-Level: *****
X-Spam-Status: No, score=5.87 tagged_above=-10 required=10
tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13,
FH_DATE_PAST_20XX=3.188, RCVD_IN_SBL=1.551] autolearn=no
Received: from mail.xxx.com ([127.0.0.1])
by localhost (mail.xxx.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id O1FLto-2S4D5; Thu, 31 Mar 2011 19:22:55 +0530 (IST)
Received: from guio.flowkhasid.com (updates.dealerinnovationprograms.com [74.82.198.183])
by mail.xxx.com (Postfix) with ESMTP id 7521B87E56F
for <brijesh@xxx.com>; Thu, 31 Mar 2011 19:22:54 +0530 (IST)
Subject: Lower Cholesterol
Mime-Version: 1.0
To: <brijesh@xxx.com>
Date: Thu, 31 Mar 2011 09:52:35 -0400
From: "Syntra-5 15 Day Trial" <suri@flowkhasid.com>
Message-ID: <1517361701794041496@guio.flowkhasid.com>
User-Agent: Cert - OutMode/2.0 tigww/2.2196
X-Mailer: Opera / 10.0
Accept-Language: en - us
Content-Language: en -us
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline

Syntra-5

Start to lower blood sugar naturally - View How to start your trial today

[url removed]


- Fasting Blood Sugar from 196 to 89
- A1c from 7.7 to 4.6
- Increased Energy!

[John Siu]

Can you post the headers too?

[amarjith_s@hotmail.com]

orginal spam message is given below,,, please do help me to solve this problem...


**********

Return-Path: info@whuztulsa.com
Received: from capstocksindia.com (LHLO mail.capstocksindia.com)
(111.93.140.180) by mail.capstocksindia.com with LMTP; Sun, 3 Apr 2011
19:29:58 +0530 (IST)
Received: from localhost (localhost [127.0.0.1])
by mail.capstocksindia.com (Postfix) with ESMTP id 3DD7B87E689
for <brijesh@capstocksindia.com>; Sun, 3 Apr 2011 19:29:58 +0530 (IST)
X-Virus-Scanned: amavisd-new at mail.capstocksindia.com
X-Spam-Flag: NO
X-Spam-Score: 7.568
X-Spam-Level: *******
X-Spam-Status: No, score=7.568 tagged_above=-10 required=10 tests=[AWL=0.250,
BAYES_95=3, DNS_FROM_OPENWHOIS=1.13, FH_DATE_PAST_20XX=3.188]
autolearn=no
Received: from mail.capstocksindia.com ([127.0.0.1])
by localhost (mail.capstocksindia.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZR02S2C+WEcA; Sun, 3 Apr 2011 19:29:55 +0530 (IST)
Received: from hgru.whuztulsa.com (visiportal.visualconnectionport.net [76.164.226.164])
by mail.capstocksindia.com (Postfix) with ESMTP id D65ED87E56D
for <brijesh@capstocksindia.com>; Sun, 3 Apr 2011 19:29:54 +0530 (IST)
From: "Auto Repairs" <info@whuztulsa.com>
Date: Sun, 3 Apr 2011 06:45:41 -0700
Message-ID: <8243348967084533674697549@hgru.whuztulsa.com>
Mime-Version: 1.0
To: <brijesh@capstocksindia.com>
Subject: Car Warranties
User-Agent: Cert - OutMode/2.0 tigww/3.5bd
X-Mailer: Firefox / 3.2
Accept-Language: en - us
Content-Language: en - us
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline

Get Your Extended Auto Warranty Direct From The Source

View Here:
[url removed]


-Roadside Assistance Benefits
-Car Rental
-Nationwide Coverage
-Unlimited Number of Claims
-Lost Key/Lockout Assistance
-And Much, Much More

---------------------------------------------
Auto Warranty Quote Center 2805 E. Oakland Park Blvd #336 Ft. Lauderdale FL 33306
End future emails here: [url removed]

[John Siu]

Quote:

X-Spam-Status: No, score=7.568tagged_above=-10 required=10 tests=[AWL=0.250

Your Tag percentage seems too high. It look like it is set to 50 now, change it to 33.

On The other hand, the two rules:

Quote:

DNS_FROM_OPENWHOIS=1.13, FH_DATE_PAST_20XX=3.188

are buggy. They will always hit and it is false positive. You should consider upgrade zimbra or look in forum to update spamassassin rules. It is possible that whoever administer your zimbra server rise the tag percentage as a quick fix for them.