Re: [AMaViS-user] How to manage spam scores?
Justin Kim wrote: Gary wrote: Justin wrote: Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin One way would be to use @score_sender_maps. If you don't have this in amavisd.conf then look for it in amavisd.conf-sample under the heading: # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING Look at both the per-recipient and site-wide examples and place your entries in the appropriate position(s). Another possibly method is to determine exactly what particular rule is causing the false positive and then zero out the score of that rule in local.cf. score SOME_YAHOO_RULE 0 What version of SA? Gary V Thanks Gary, My SA version is 3.1.8 on redhat. Amavisd-new version 2.4.5 I couldn't find the yahoo score on /usr/share/spamassassin/50_scores.cf Spam scores are: X-Spam-Flag: YES X-Spam-Score: 6.116 X-Spam-Level: ** X-Spam-Status: Yes, score=6.116 tagged_above=-999 required=5 tests=[BIZ_TLD=1.169, DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879, HTML_10_20=0.945, HTML_MESSAGE=0.001, MAILTO_TO_SPAM_ADDR=0.276, MSGID_FROM_MTA_ID=0.927] I do not know if I am on the right track to 0 out yahoo scores. MSGID_FROM_MTA_ID is intriguing. are you sure the mail came from yahoo? consider enabling Bayes and training on errors. You can lower the scores of DNS_FROM_RFC_* just enough so that the score gets below 5. Or you can write meta rules to cancel these if the sending domain is yahoo and the like (maybe too much work though). if you get enough legitimate mail related to .biz domains, you may consider lowering the score of BIZ_TLD. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] How to manage spam scores?
Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to manage spam scores?
Gary wrote: Justin wrote: Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin One way would be to use @score_sender_maps. If you don't have this in amavisd.conf then look for it in amavisd.conf-sample under the heading: # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING Look at both the per-recipient and site-wide examples and place your entries in the appropriate position(s). Another possibly method is to determine exactly what particular rule is causing the false positive and then zero out the score of that rule in local.cf. score SOME_YAHOO_RULE 0 What version of SA? Gary V - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to manage spam scores?
Justin wrote: Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin One way would be to use @score_sender_maps. If you don't have this in amavisd.conf then look for it in amavisd.conf-sample under the heading: # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING Look at both the per-recipient and site-wide examples and place your entries in the appropriate position(s). Gary V - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to manage spam scores?
Gary wrote: Justin wrote: Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin One way would be to use @score_sender_maps. If you don't have this in amavisd.conf then look for it in amavisd.conf-sample under the heading: # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING Look at both the per-recipient and site-wide examples and place your entries in the appropriate position(s). Another possibly method is to determine exactly what particular rule is causing the false positive and then zero out the score of that rule in local.cf. score SOME_YAHOO_RULE 0 What version of SA? Gary V Thanks Gary, My SA version is 3.1.8 on redhat. Amavisd-new version 2.4.5 I couldn't find the yahoo score on /usr/share/spamassassin/50_scores.cf Spam scores are: X-Spam-Flag: YES X-Spam-Score: 6.116 X-Spam-Level: ** X-Spam-Status: Yes, score=6.116 tagged_above=-999 required=5 tests=[BIZ_TLD=1.169, DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879, HTML_10_20=0.945, HTML_MESSAGE=0.001, MAILTO_TO_SPAM_ADDR=0.276, MSGID_FROM_MTA_ID=0.927] I do not know if I am on the right track to 0 out yahoo scores. Thanks again. Justin - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to manage spam scores?
Justin wrote: Thanks Gary, My SA version is 3.1.8 on redhat. Amavisd-new version 2.4.5 I couldn't find the yahoo score on /usr/share/spamassassin/50_scores.cf Spam scores are: X-Spam-Flag: YES X-Spam-Score: 6.116 X-Spam-Level: ** X-Spam-Status: Yes, score=6.116 tagged_above=-999 required=5 tests=[BIZ_TLD=1.169, DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879, HTML_10_20=0.945, HTML_MESSAGE=0.001, MAILTO_TO_SPAM_ADDR=0.276, MSGID_FROM_MTA_ID=0.927] I do not know if I am on the right track to 0 out yahoo scores. Thanks again. Justin Hmm. It looks like 3.2.0 removed these three DNS_FROM_RFC_* rules. If I recall, Yahoo will trigger these. You might consider: score DNS_FROM_RFC_POST 0 It's the the fact that the message had a dot biz URL in it that sent this one over the top - but still, if this really is from Yahoo then it would score pretty high regardless - seems not fair. Senders can help by not using HTML. I would also look in maillog and determine who the envelope sender was and put the sender in @score_sender_maps with a negative score (like -3). Gary V - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/