Solved

Can i block words in Amavisd-new?

Posted on 2014-11-26
4
561 Views
Last Modified: 2014-12-03
Hello,

I want to block certain words in emails in Amavis, is it possible?
Also i lowered the score to stop spam to 1.5 but we still receive newsletters and some spam mails.

$bad_header_quarantine_to = undef;

# Spam gets the Subject line prepended with:
#$sa_spam_subject_tag = 'Spam> ';

# We tag all headers (for 'local' domains) with X-Spam info:
$sa_tag_level_deflt = undef;

# This is the system default spam tag level
$sa_tag2_level_deflt = 1.5;

# The default is to not quarantine any spam
$sa_kill_level_deflt = 1.7;

I have Debian Wheezy
Amavisd-New
Spamassassin
Clam-AV
Postfix
etc.
0
Comment
Question by:tommyrihu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40467793
My limited user experience with Spamassassin was to use the regular tests for spam and set them with high scores (to score as spam), use a lower overall score as you have done. and then whitelist those addresses I needed to receive email from using the whitelist_from rule.  

I do my spam filtering differently now but whitelist was my primary form of ensuring I would receive email.

Here is a spamassassin reference to assist you.

https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 40468204
The amavis has this below but it doesn't seems to drill into word blocking per se.
e.g. $banned_filename_re: carefully check this list because these patterns tell AMaViS when to bounce an email because it contains data that you do not like to receive in an email
https://workaround.org/ispmail/lenny/amavis-filtering-spam-and-viruses

So maybe can consider instead add rules to detect keywords to SpamAssassin rules, and associate a very low (such as near-zero) score with them. And set $sa_tag_level_deflt at undef which will cause X-Spam-Status header fields to be unconditionally inserted. This header field lists all matching rule names, so your downstream blocker could check for presence of particular rule names in that header field.

Below are basic rule in Spamassassin to block word in email content
http://wiki.zimbra.com/wiki/Improving_Anti-spam_system#Basic_Rules
0
 

Author Closing Comment

by:tommyrihu
ID: 40480195
Thank you for your help. I´ve also noticed that it sometimes doesn't quarantined the spam when getting score thats high enough, instead of receiving ***spam*** how do i quarantine it?
0
 
LVL 63

Expert Comment

by:btan
ID: 40480212
From forum stated e.g. Still configure Spam level to required confidence level and have options on your /etc/amavis/conf.d/50-user file:
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_spam_subject_tag = '**Spam**';
If dont want score levels, then as mentioned, can also define quarantine folder e.g. look into "$spam_quarantine_to" which will indicate  where to send quarantined spam email to. As spam emails are just tagged and then passed through they should not be quarantined. So the recommended setting is typically undef.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question