Category Archives: spamassassin

linux, mail, postfix, spamassassin

more spam improvements

Over the last couple of weeks I have made the following improvements in spam checking for mail handling on tarragon. Tarragon handles mail for about 20 domains, although only about a dozen have any mail to speak of.

I used to have entries in the amavis whitelist file, but this is/was a weakness. It is easy to fake sender addresses. Use of the amavis sendermaps feature is preferable as that way one can give a spamassassin bump to a known address or domain, but the value of the bump can be small enough not to overcome other attributes of the message. So egregious spam that claims to come from my own domain will still be caught. Also, I can have sendermaps for each separate email domain, instead of a whitelist applying to everyone. The file /etc/amavis/conf.d/56-sendermaps now has all the sendermaps.

Continue reading more spam improvements
linux, mail, postfix, spamassassin

Spamassassin change

I seemed to have more spam getting through. When I look at those messages which I think should have been caught, I observe that many/most/almost all of them contain in the X-Spam-Status the value: RCVD_IN_DNSWL_HI=-5. Spamassassin is giving them a whopping -5 whole points if the dns source of the message appears in the High Reliability list of the site DNSWL.org, which according to what I read, is one of those sites that maintains reputation lists, and says of the High list:

“Recommended Usage: Skip spam filtering for medium and high ranked IPs. These are trusted to send spam rarely enough that they are not worth filtering.”

There is some discussion on the net, others too seem to think they are getting a lot of spam because of this, suggesting that a site on the dnswl high list can be induced to forward spam. I know little of all of this, but I have added a rule to /etc/spamassassin/local.cf: 

score RCVD_IN_DNSWL_HI 0 -0.1 0 -0.1

This changes the value from -5 to -0.1. If I set it to 0 (as I originally did) then I can’t tell in X-Spam-Status whether the rule applied or not. Now I see the rule in X-Spam-Status with a small value.

So far this seems to have helped. Encouraged by this, I’ve added another couple of specifications to /etc/spamassassin/local.cf, to wit:

ok_languages en fr
ok_locales en fr

Which should act to increase the “spaminess” score of emails in other languages and character sets. A couple of mail users are French speakers, but AFAIK nobody using tarragon for mail speaks any other language or/and receives mail in another language.