On 9/26/2014 11:26 AM, Reindl Harald wrote:
Am 26.09.2014 um 17:03 schrieb Bowie Bailey:
On 9/26/2014 10:53 AM, motty cruz wrote:
Hello,
I am getting tons of spam with very low score:
X-Virus-Scanned: amavisd-new at fqdn.com <http://fqdn.com/>
X-Spam-Flag: NO
X-Spam-Score: 4.712
X-Spam-Level: ****
X-Spam-Status: No, score=4.712 tagged_above=-999 required=6.1
tests=[AWL=-0.001, BAYES_99=4.5, BAYES_999=0.2,
HTML_EXTRA_CLOSE=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001,
T_REMOTE_IMAGE=0.01] autolearn=no
Received: from maria.fqdn.com <http://maria.fqdn.com/> ([127.0.0.1])
I wouldn't call 4.7 a "very low score" considering that the scores are
optimized to mark spam a 5.0.
I don't see any network rules there. If you have disabled them, it may be
worthwhile to turn them back on. The
blacklist rules as well as Razor, Pyzor, and DCC can be quite useful. (Razor,
Pyzor and DCC require extra
configuration -- see the SA install docs for more info)
If you aren't doing it already, I would recommend setting the zen.spamhaus.org
blacklist in
your MTA as a direct block. It blocks lots of spam and has a very low false
positive rate
only if you use it correctly - zen is a "aggregate list" and
i would not block because "sbl.spamhaus.org" with 127.0.0.2
as response code - i saw too much legit mail there
I haven't had a problem with legitimate mail hitting SBL. The only
issue I'm aware of with Zen is that you have to be careful not to block
your own users with the PBL portion of it.
--
Bowie
