On 16.08.19 13:51, Lambert Rots wrote:
>Did you get a solution for the issue about spam sneaking in? I think I
>have the same issue about spam being scored differently between
>spamassassin and amavisd-new.
Op zo 18 aug. 2019 om 11:59 schreef Matus UHLAR - fantomas <
uh...@fantomas.sk>:
did you also change the DKIM_VERIFIED score to -3?
If not, you don't have the same issue.
On 26.08.19 11:22, Lambert Rots wrote:
Sorry for the delayed response, I was first debugging/fetching logs for a
few days...
No I did not change the DKIM_VERIFIED score so apparently I have a
different issue ;-)
>It looks like DNS blacklist checks are not scored as most spam is found
>on blacklists when parsing the mail through spamassassin but debugging
>amavisd-new shows that DNS checks are being performed.
this is also a different issue. Many sites and webs get into blacklist
after the spam starte spreading, so first (early) recipients don't see
the mail in blacklist, while late recipients or later checks shows
blacklists.
Comparing debug logs between Amavisd-new (debug-sa) and spamassassin
directly shows that blacklist checks score 0 with NXDOMAIN replies when the
mail arrives the first time where spamassassin scores +3 with several hits
on blacklist checks.
this shows early recipient issue. What's the time difference
between amavis and spamassassin checks?
Are there any differences in rules hit than blacklits?
I just cannot imagine that all spam I receive is early recipient based,
do you reject any spam?
besides, postfix is already taking care of most blacklist checking.
postfix does only check blacklists on direct sending machine. SA does deep
header checks, which is why SA blacklist checks have more hits than postfix.
Most spam mail is coming from the same email domains, share the same
subject and a lot of other stuff on which amavisd-new should be able to
identify it as spam. Bayes scores some mail but not all.
train what you can. bayes training is one the best antispam tools available.
Spam senders try a lot to bypass anti spam but in my opinion amavisd-new
should be able to do better than marking less than 1 percent of spam mail
as spam.
what does ~amavis/.spamassassin contain?
what does /etc/amavis/conf.d/ contain?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
