Michael Robinson wrote: > Okay Postfix people... If greylisting isn't doing it and > spam assassin is missing a lot of junk, what do you do? >
First, make sure you are training SA with sa-learn. Next, I would look at the scores that spamassassin assigns to the "false negatives". If they are close to your spam threshold you might be able to tweak the required score. I also use the local.cf config file's "rewrite header" feature so that the spam score shows up in the subject for those that SA catches. "rewrite_header Subject *****SPAM(_SCORE_)*****" this makes it easy to see/sort/examine how the spam is being scored. I have also found that many spammers are really stupid and put easily identifiable words, links or praises in their messages. There was one a while back that was offering "bacheelor" degrees, for instance. Some simple filters in the local.cf file can take care of those: rawbody FHH_NO_BACHEELOR /\bbacheelor|bachellor\b/i score FHH_NO_BACHEELOR 5.0 describe FHH_NO_BACHEELOR Fake Bachelor Degree or header FHH_12 Subject =~ /\bBrazil Land Rush\b/i score FHH_12 6.0 describe FHH_12 Contains reference to Brazil Land Scam If your volume of mail is high, searching the message body can impose a significant load on the server so use these carefully. Also look at header_checks, body_checks in /etc/postfix Using these methods, I was able to cut my spam volume down to one or two per month from literally hundreds. -- frank hunt (L0F) R0B-ZAR1 befuddled linux admin erstwhile photographer hillsboro oregon _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
