Re: Increase spamassassin bayes99 score

Fri, 14 Oct 2016 09:33:50 -0700 

Thank you Dino and Kai,

I have:

   $sa_tag2_level_deflt =  5.5;  # add 'spam detected' headers at that
   level
   $sa_kill_level_deflt =  7.5;  # triggers spam evasive actions (e.g.
   blocks mail)
We do use RBLs at the SMTP level, greylisting, RBLs with spamassassin, but still we have been getting a lot of spam. 

Here is a blocked spamas an example:

X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5
        tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
        RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
        RAZOR2_CHECK=0.922, RP_MATCHES_RCVD=-1.509, SPF_HELO_PASS=-0.1,
SPF_PASS=-0.1, SUBJ_ALL_CAPS=1.506, URIBL_BLACK=1.7, URIBL_RED=0.001] 
        autolearn=disabled

I decided to configure:

   score BAYES_99  4.5 # was 3.5
   score BAYES_999 2.0 # was 0.2
because I noticed a lot of spam was correctly identified using BAYES_99 and BAYES_999, but was not getting blocked due to low scoring.
I have been monitoring spam and I think that I have a lot more blocks and thereare no false positives at this point. 

Any ideas and suggestions will be greatly appreciated!

Thanks (Efharisto!) again,
Nick

On 14/10/2016 3:06 μμ, Dino Edwards wrote:


Yasou NiKo,
There are a few things that might be going on here. What is the average score of the ham e-mails that you are getting through. The reason I’m asking is can you possibly bring down your required=5.5 score? Every installation is different but our required= score is set to 3.6 and that seems to work very well. The required = score would be set in your amavis config file as follows (the parameter below is probably how it’s set in your amavis): 

$sa_tag2_level_deflt = 3.6;
If your spam filter is trained properly, you should be able to bring that score down and not have to worry about false positives. Alternatively, if you really want to raise the bayes_99 score you would set it in /etc/spamasassain/local.cf as follows: 

#override bayes default scores

score BAYES_99 5
But, in the grand scheme of things, your spamfilter is your very last line of defense against spam. Are you doing all you can to prevent spam from ever reaching your spam filter? Things like RBL blocking on the MTA level, graylisting etc?

Reply via email to