Solved

Can i block words in Amavisd-new?

Posted on 2014-11-26
4
587 Views
Last Modified: 2014-12-03
Hello,

I want to block certain words in emails in Amavis, is it possible?
Also i lowered the score to stop spam to 1.5 but we still receive newsletters and some spam mails.

$bad_header_quarantine_to = undef;

# Spam gets the Subject line prepended with:
#$sa_spam_subject_tag = 'Spam> ';

# We tag all headers (for 'local' domains) with X-Spam info:
$sa_tag_level_deflt = undef;

# This is the system default spam tag level
$sa_tag2_level_deflt = 1.5;

# The default is to not quarantine any spam
$sa_kill_level_deflt = 1.7;

I have Debian Wheezy
Amavisd-New
Spamassassin
Clam-AV
Postfix
etc.
0
Comment
Question by:tommyrihu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40467793
My limited user experience with Spamassassin was to use the regular tests for spam and set them with high scores (to score as spam), use a lower overall score as you have done. and then whitelist those addresses I needed to receive email from using the whitelist_from rule.  

I do my spam filtering differently now but whitelist was my primary form of ensuring I would receive email.

Here is a spamassassin reference to assist you.

https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
0
 
LVL 64

Accepted Solution

by:
btan earned 250 total points
ID: 40468204
The amavis has this below but it doesn't seems to drill into word blocking per se.
e.g. $banned_filename_re: carefully check this list because these patterns tell AMaViS when to bounce an email because it contains data that you do not like to receive in an email
https://workaround.org/ispmail/lenny/amavis-filtering-spam-and-viruses

So maybe can consider instead add rules to detect keywords to SpamAssassin rules, and associate a very low (such as near-zero) score with them. And set $sa_tag_level_deflt at undef which will cause X-Spam-Status header fields to be unconditionally inserted. This header field lists all matching rule names, so your downstream blocker could check for presence of particular rule names in that header field.

Below are basic rule in Spamassassin to block word in email content
http://wiki.zimbra.com/wiki/Improving_Anti-spam_system#Basic_Rules
0
 

Author Closing Comment

by:tommyrihu
ID: 40480195
Thank you for your help. I´ve also noticed that it sometimes doesn't quarantined the spam when getting score thats high enough, instead of receiving ***spam*** how do i quarantine it?
0
 
LVL 64

Expert Comment

by:btan
ID: 40480212
From forum stated e.g. Still configure Spam level to required confidence level and have options on your /etc/amavis/conf.d/50-user file:
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_spam_subject_tag = '**Spam**';
If dont want score levels, then as mentioned, can also define quarantine folder e.g. look into "$spam_quarantine_to" which will indicate  where to send quarantined spam email to. As spam emails are just tagged and then passed through they should not be quarantined. So the recommended setting is typically undef.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question