Fine-tune SpamAssassin
HI
I would like to know some tips on fine-tuing SpamAsassin / MailScanner to block more spam.
I've used pretty much "out the box" settings up to now, and it only marks all the messages as spam. I activated SBL+XBL checks yet, I still receive e-mail from such sources, although I have the setting to mark such messages as "High Scoring" and have "delete" as the action for high scoring spam...
Also, I noticed in the config that you can quarantine spam and virus infected messages, however, how do users access these for revision?
I would like to know some tips on fine-tuing SpamAsassin / MailScanner to block more spam.
I've used pretty much "out the box" settings up to now, and it only marks all the messages as spam. I activated SBL+XBL checks yet, I still receive e-mail from such sources, although I have the setting to mark such messages as "High Scoring" and have "delete" as the action for high scoring spam...
Also, I noticed in the config that you can quarantine spam and virus infected messages, however, how do users access these for revision?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Guys
I'm still battling with this darn MailScanner.
I changed the required SBL/XBL list hits to 2 , then made it so my high scoring spam score is 6, and made it so that if the message hits at least 2 SBL /XBL lists, it would be marked as high scoring, ie, 6. Then I have the action for messages of more than 6 set to delete.
However, I still get messages that clearly stats in the headers that it has hit at least 2 SBL/XBL lists, AND it gave the message a spam score in total of 7, even though the action for >6 = delete...
Am I using sane values for high scoring spam?
I'm still battling with this darn MailScanner.
I changed the required SBL/XBL list hits to 2 , then made it so my high scoring spam score is 6, and made it so that if the message hits at least 2 SBL /XBL lists, it would be marked as high scoring, ie, 6. Then I have the action for messages of more than 6 set to delete.
However, I still get messages that clearly stats in the headers that it has hit at least 2 SBL/XBL lists, AND it gave the message a spam score in total of 7, even though the action for >6 = delete...
Am I using sane values for high scoring spam?
Eh, do these messages really get _delivered_? Or are you using MailWatch (or similar) to look at 'em? If the latter, the HS spamaction (noted a bit down in the details page) should be delete... making the database log entry all that remains:-).
-- Glenn
-- Glenn
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But just to show that I'm not consequent in my thinking... I _will_ swear by the effectiveness of Razor (http://razor.sf.net), Pyzor (pyzor.sf.net) and DCC (http://www.rhyolite.com/anti-spam/dcc/) ... And some "intelligent" whitelisting;).
I also use the excellent MailWatch (http://mailwatch.sourceforge.net/) to visualize the scanning process... Makes it real easy to find problems with the current config ... and fix them.
My guess about the RBLs would be that you don't get enough hits (or even test against enough RBLs to be able) to reach the "High scoring spam" level. ISTR you need 3 (or was it 5) "hits" to mark a message as highscoring. Thus you'd just invoke the usual spam action, which likely is "deliver".
-- Glenn