Hello all I am running Spamassassin 3.4 on an Ubuntu 14.04 build. The server installation is working as a spam\ email Gateway. It does not host mail at all, but simply forwards email to exchange server. It serves pretty much as a prefilter for exchange.
The problem with them having is that I cannot seem to get rules followed or directives followed properly. For instance, I want each email message that passes through to have a X-SPAM added to the header that shows exactly what score the email message obtained as it went through Spamassassin. Clam AV is inserting a X virus header correctly. In addition, I have specific rules as well as the sought rule set that I want followed. That's not happening at this point the rules are in the/var/lib/spamassassin/3.00400 folder but they are simply not being applied. It would be really great to have these rules followed as we are getting such a tremendous amount of spam at the mail gateway I need to figure out how to block these things before they get into exchange. We are blocking some but there is an awful lot still getting through. I am going to include the local CF and let's see where were going to go from there. I really need to get this resolved today as I'm being audited on Monday so any help would greatly be appreciated. [LOCAL.CF] # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ########################################################################### # Add *****SPAM***** to the Subject header of spam e-mails rewrite_header Subject *****SPAM***** header LOCAL_CHARSET_BLOCKED Subject:raw =~/\=\?(koi8-r|windows-1251)\?/i score LOCAL_CHARSET_BLOCKED 5 describe LOCAL_CHARSET_BLOCKED Contains charsets that are not acceptable # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # trusted_networks 10.173.0.0/23 10.173.4.0/24 # Set file-locking method (flock is not safe over NFS, but is faster) lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # required_score 4.0 # Use Bayesian classifier (default: 1) # use_bayes 1 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1 use_bayes_rules 1 # Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status # Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # # shortcircuit USER_IN_WHITELIST on # shortcircuit USER_IN_DEF_WHITELIST on # shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on # the opposite; blacklisted mails can also save CPU # # shortcircuit USER_IN_BLACKLIST on # shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on # if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on # and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham endif # Mail::SpamAssassin::Plugin::Shortcircuit body lcl_BODY_05 /(facelift|face lift)/i score lcl_BODY_05 0.5 body lcl_BODY_30 /(Public Records Now Available|Hollywood celebrity|Celeb Gossip|auto warranty|Pet stores are so -overpriced|monthly AutoInsurance payments were just-reduced|Dealers have teamed up and are offering a special Clearance |Score-Report Team|Score Report Team|Your Pre-Approved Card|weight gain|no workout needed|lose weight rapidly)/i score lcl_BODY_30 3.0 header lcl_SUBJECT_30 Subject =~ /(Belly Bulge|Restore Vision loss|Look Years-Younger|Someone has run a background|background-check on you|background check on you)/i score lcl_SUBJECT_30 3.0 body lcl_BODY_35 /(Ondemand Research|\bICANCiANCg==\b)/i score lcl_BODY_35 3.5 header lcl_SUBJECT_35 Subject =~ /(slim-fast|Home Depot Replacement Windows|Cigars|Satellite Internet|High Speed Internet)/i score lcl_SUBJECT_35 3.5 header lcl_FROM_35 From =~ /spammer/i score lcl_FROM_35 3.5 body lcl_BODY_40 /(losing( |-)pound|Transform Your Body|melt fat|melt away fat|melting fat|need cash fast|free profit|Profit Maker|easy trick to save you|To YOUR Success|per day part-time|weird food|never eat this food|DocOz|Doc Oz|D rOz|Dr Oz|Dr. Oz|Dr-Oz)/i score lcl_BODY_40 7.0 header lcl_SUBJECT_40 Subject =~ /(DocOz|Doc Oz|DrOz|Dr Oz|Dr. Oz|Dr-Oz)/i score lcl_SUBJECT_40 7.0 body lcl_BODY_45 /dirty little/i score lcl_BODY_45 4.5 body lcl_BODY_50 /(ashleymadison|ashley madison|eHarmony|Fountain of Youth)/i score lcl_BODY_50 5.0 header lcl_FROM_50 From =~ /(ashleymadison|ashley madison|eHarmony)/i score lcl_FROM_50 5.0 body HARP_RULE /\HARP_v2.0\b/i score HARP_RULE 9.0 rewrite_header subject [probable spam] dns_available yes required_score 4.0 blacklist_from usps_shipping_servi...@usps.com blacklist_from usps_shipping_i...@usps.com blacklist_from reservati...@myusairways.com # user_scores_dsn # SpamAssassin TextCat (Language Guesser Plugin) # http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Plugin_TextCat.html ok_languages en # I can't understand anything else than english inactive_languages '' # Enable all languages score UNWANTED_LANGUAGE_BODY 7 # Increase score add_header all Languages _LANGUAGES_ # Write the detected langs in X-Spam-Languages #dcc use_dcc 1 dcc_path /usr/local/bin/dccproc #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf thanks dave
