Am 30.11.2015 um 18:30 schrieb Sebastian Arcus:
spamassassin -D < /path/to/spam-example.emlThank you Harald. I did - and it looks like SA does contact lots of DNSBL's and it receives various messages in reply. Nothing that looks like failures or errors. I can attach the output here - but it is a lot. Would this mean that the DNSBL's are working correctly in my setup - but spammers somehow manage to keep on sending from "clean" domains all the time - and I should look into some other way of stopping this type of spam? The messages I'm talking about are typical spam, with one or two sentences in the email body and one or two links - usually advertising life insurance, solar panels and similar. None of them are from proper companies or entities I have ever dealt with
you main problem is that bayes is not working because there are no BAYES_xx tags in your headers - collect as many as possible clear spam *and* clear ham samples, you need at least 200 ham samples to start bayes used
only DNSBL/URIBL and standard rules are not enough for a proper filterafter yor bayes is trained well watch the results and consider to adjust the scores for both ham/spam, the defaults are low by intention to not produce too much false positives for not well enough maintained bayes
at the results below only a small amount of spam makes it through postscreen, spf-policyd, sender-verify and a lot of other well weighted stuff running before SA through spamass-milter
[root@localhost~]$ bayes-stats.sh 0 53232 SPAM 0 21038 HAM 0 2342167 TOKEN insgesamt 72M -rw------- 1 sa-milt sa-milt 10M 2015-11-30 18:54 bayes_seen -rw------- 1 sa-milt sa-milt 81M 2015-11-30 18:54 bayes_toks BAYES_00 31951 74.25 % BAYES_05 832 1.93 % BAYES_20 1068 2.48 % BAYES_40 840 1.95 % BAYES_50 3346 7.77 % BAYES_60 516 1.19 % BAYES_80 466 1.08 % BAYES_95 345 0.80 % BAYES_99 3664 8.51 % BAYES_999 3336 7.75 % DELIVERED 57856 92.91 % DNSWL 55597 89.28 % SPF 39967 64.18 % SPF/DKIM WL 18244 29.29 % SHORTCIRCUIT 19187 30.81 % BLOCKED 5654 9.07 % SPAMMY 4991 8.01 % 88.27 % (OF TOTAL BLOCKED) _________________________________________crap killed long before SA by 43 combined DNSBL/DNSWL and most bots have a timeout of 10 seconds and so are killed by postscreen_greet_wait = ${stress?1}${stress:11}s
spamhaus.org 151446 thelounge.net 61747 inps.de 48915 sorbs.net 37782 barracudacentral.org 26921 psbl.org 536 junkemailfilter.com 449 manitu.net 418 spamcop.net 43 mailspike.net 24 swinog.ch 6 ================================= Total DNSBL rejections: 328287
signature.asc
Description: OpenPGP digital signature
