Re: Spam way above SA threshold getting delivered
On Mon, 6 Jul 2015, ch...@antennex.com wrote: As I state in the subject, for some unknown reason spam is getting through in excess of the required threshold, in some cases WAY above like this: spam=YES score=103.60 required=6.00 I've been using spamassassin on freebsd ever since it first came out and quite familiar with how to set it up. My OS platform and SA version: freebsd-9.3px and spamassassin-3.4 with sendmail-8.15 Hrm. Not to be snarky, but if you're that experienced with SA then you should already know SA is only a *scoring* tool. Something else needs to take that score and decide what to do with the message. There are many possible interfaces (glue layers) between your mail delivery system (MTA) and SA. How you configure quarantine or discard of messages depends on which interface you're using. What is your glue? (IOW, how are messages getting from your MTA to SA?) I need to get control somehow and wondering if I could get some help on a small script that would force any incoming message showing a score above the required=6.00 threshold to be dropped into the spam folder? There are many possibilities. spamass-milter as Harald recommended is just one. Custom procmail scripting is another. Amavis is a third. Etc. Since messages *are* getting scored, you already have *some* kind of glue in place. You need to figure out what that glue is, and figure out how to configure its (presumably existing) delivery options. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson --- Tomorrow: Robert Heinlein's 108th birthday
Re: Spam way above SA threshold getting delivered
Am 06.07.2015 um 22:37 schrieb ch...@antennex.com: As I state in the subject, for some unknown reason spam is getting through in excess of the required threshold, in some cases WAY above like this: spam=YES score=103.60 required=6.00 if you want high score mail *not delivered* you need just to use spamass-milter and configure -r 8.0 or whatever score you want to REJECT mails spamassassin itself just flags mails and adds headers for filter with sieve or client rules - that's it with a milter reject score you have two different choices: * score above X - flag and add headers * score above Y - reject the message signature.asc Description: OpenPGP digital signature
Spam way above SA threshold getting delivered
As I state in the subject, for some unknown reason spam is getting through in excess of the required threshold, in some cases WAY above like this: spam=YES score=103.60 required=6.00 I've been using spamassassin on freebsd ever since it first came out and quite familiar with how to set it up. My OS platform and SA version: freebsd-9.3px and spamassassin-3.4 with sendmail-8.15 I need to get control somehow and wondering if I could get some help on a small script that would force any incoming message showing a score above the required=6.00 threshold to be dropped into the spam folder? In other words, something like required=6.00 compared to emails with the reported score that exceeds the 6.00 Some syntax that looks for a score 6.00 = spam. If I could get the /bin/sh shell scripting for that comparision and condition I would be greatful. Alas, I am script-challenged but can understand them once I see the proper syntax. Have written many useful ones but am stuck on this small aspect. Would appreciate any help! Warmest regards, Mark Chino --
Classifying mail as unsolicited
Hi, We have a system with a few hundred users, many of which forward their mail off the server to their gmail or yahoo account. Lately I've started to notice quite a few messages are being tagged by gmail and delayed being received as unsolicited. I know the KAM rules contain a marketing rule, and razor helps too, but too many of these marketing messages are not being tagged. I'm referring to warnings such as this: Jul 6 22:54:20 bwipropemail postfix/smtp[25057]: C09F4885EA2BC: to=44...@gmail.com, orig_to=44...@example.com, relay=alt1.gmail-smtp-in.l.google.com[173.194.208.26]:25, delay=38223, delays=38220/1.3/1/0.22, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.208.26] said: 421-4.7.0 [66.XXX.XXX.100 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126 to review our Bulk Email 421 4.7.0 Senders Guidelines. 5si23309629qks.82 - gsmtp (in reply to end of DATA command)) Here is an example message: http://pastebin.com/kaD3AQMz I realize bayes may be a problem on this one, but do you have any suggestions for blocking these more effectively before they're forwarded on to gmail? Thanks, Alex