On 9/20/2016 9:46 AM, Thomas Barth wrote:



Am 20.09.2016 um 15:27 schrieb Bowie Bailey:

X-Spam-Status: Yes, score=14.009 tag=2 tag2=6.31 kill=6.31
        tests=[HTML_MESSAGE=0.001, MESSAGEID_LOCAL=8,
MIME_HTML_ONLY=1.105,
        PYZOR_CHECK=1.985, RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274]
        autolearn=no autolearn_force=no

The base SA ruleset is optimized to detect spam with a score of 5.0.  If
you raise that score, you will allow more spam to come through. If you
lower that score, you will see more legitimate messages blocked as
spam. Make sure you know what you are doing before you change this score.


I read that 5.0 is aggressive and suitable for single user setup, conservative values are 8.0 or 11.0.

required_score n.nn (default: 5)
https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html

Depends on your situation. I've been using 5.0 for years in a tag-and-deliver setup. I delete spam messages at a score of 10 - 15 for a few users who receive large amounts of spam.

Also, as I said before, remember that SA's required_score setting is ignored in an Amavis setup. You should use Amavis's tag_level, tag2_level, and kill_level settings instead. According to the header shown above, you currently appear to be blocking spam at a score of 6.31.

I ve checked most of the mails recognized as spam. The lowest score was 8.6x so far.

It is impossible to block all spam. There will always be some that slips through. The objective of a spam blocker such as SA is to block the most spam possible while keeping false positives near zero. Users will complain about a few spam that get through -- they will scream about a single important message that gets blocked.

Here is another mail from ...local. It definitely was spam with zip attachment. Common is a sender address with digits. <wynn.54...@allfromboats.com> -> <tba...@txbweb.de>, quarantine: l/spam-lEHVGcheLkyq.gz, Message-ID: <20160920202635.6b90ec7...@allfromboats.com.local>, mail_id: lEHVGcheLkyq, Hits: 19.118

May be I also should block sender adresses with more than 2 digits in the name?

VERY bad idea. Especially if you deal with the general public. There are tons and tons of people who have emails like jim...@gmail.com. You might get away with a low scoring rule for messages with 4 or more digits, but I would give it a very low score to start with and watch it for a week or so to see how many hams vs spams it hits.

--
Bowie

Reply via email to