> > I have: > > $sa_tag2_level_deflt = 5.5; # add 'spam detected' headers at that > level > $sa_kill_level_deflt = 7.5; # triggers spam evasive actions (e.g. > blocks mail)
I think it is quite high. Pls see my config ( 3.5 and 3.8 ) $sa_tag_level_deflt = undef; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 3.5; # add 'spam detected' headers at that level $sa_kill_level_deflt = 3.8; > We do use RBLs at the SMTP level, greylisting, RBLs with spamassassin, but > still we have been getting a lot of spam. Do you use postfix? then, you can have below in mail.cf under smtpd_recipient_restrictions. Anyway Be VERY careful since it REJECTS mails. reject_unknown_client_hostname, from - http://www.postfix.org/postconf.5.html reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem. > Here is a blocked spamas an example: > > X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5 Did you receive this mail since score = 8.3? Pls set final_spam_destiny to D_DISCARD in this way. $final_spam_destiny = D_DISCARD; It is worth to have below 2 lines to D_DISCARD as well. $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; > tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, > HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, > RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886, > RAZOR2_CHECK=0.922, RP_MATCHES_RCVD=-1.509, SPF_HELO_PASS=-0.1, > SPF_PASS=-0.1, SUBJ_ALL_CAPS=1.506, URIBL_BLACK=1.7, > URIBL_RED=0.001] > autolearn=disabled > > I decided to configure: > > score BAYES_99 4.5 # was 3.5 > score BAYES_999 2.0 # was 0.2 I do NOT conceder the above stuffs so much. I go with defaults. anyway, keep on monitoring mail log and add spam assassin rules to quarantine mail. if you need help, you may write to the mailing list. > because I noticed a lot of spam was correctly identified using BAYES_99 and > BAYES_999, but was not getting blocked due to low scoring. > > I have been monitoring spam and I think that I have a lot more blocks and > thereare no false positives at this point. > > Any ideas and suggestions will be greatly appreciated! > > Thanks (Efharisto!) again, > Nick > > > On 14/10/2016 3:06 μμ, Dino Edwards wrote: > >> Yasou NiKo, >> >> There are a few things that might be going on here. What is the average >> score of the ham e-mails that you are getting through. The reason I’m asking >> is can you possibly bring down your required=5.5 score? Every installation >> is different but our required= score is set to 3.6 and that seems to work >> very well. The required = score would be set in your amavis config file as >> follows (the parameter below is probably how it’s set in your amavis): >> >> $sa_tag2_level_deflt = 3.6; >> >> If your spam filter is trained properly, you should be able to bring that >> score down and not have to worry about false positives. Alternatively, if >> you really want to raise the bayes_99 score you would set it in >> /etc/spamasassain/local.cf as follows: >> >> #override bayes default scores >> >> score BAYES_99 5 >> >> But, in the grand scheme of things, your spamfilter is your very last line >> of defense against spam. Are you doing all you can to prevent spam from ever >> reaching your spam filter? Things like RBL blocking on the MTA level, >> graylisting etc? >> > > -- cat /etc/motd Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts