On 9/20/2016 9:46 AM, Thomas Barth wrote:
Am 20.09.2016 um 15:27 schrieb Bowie Bailey:
X-Spam-Status: Yes, score=14.009 tag=2 tag2=6.31 kill=6.31
tests=[HTML_MESSAGE=0.001, MESSAGEID_LOCAL=8,
MIME_HTML_ONLY=1.105,
PYZOR_CHECK=1.985, RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274]
autolearn=no autolearn_force=no
The base SA ruleset is optimized to detect spam with a score of 5.0. If
you raise that score, you will allow more spam to come through. If you
lower that score, you will see more legitimate messages blocked as
spam. Make sure you know what you are doing before you change this
score.
I read that 5.0 is aggressive and suitable for single user setup,
conservative values are 8.0 or 11.0.
required_score n.nn (default: 5)
https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
Depends on your situation. I've been using 5.0 for years in a
tag-and-deliver setup. I delete spam messages at a score of 10 - 15 for
a few users who receive large amounts of spam.
Also, as I said before, remember that SA's required_score setting is
ignored in an Amavis setup. You should use Amavis's tag_level,
tag2_level, and kill_level settings instead. According to the header
shown above, you currently appear to be blocking spam at a score of 6.31.
I ve checked most of the mails recognized as spam. The lowest score
was 8.6x so far.
It is impossible to block all spam. There will always be some that
slips through. The objective of a spam blocker such as SA is to block
the most spam possible while keeping false positives near zero. Users
will complain about a few spam that get through -- they will scream
about a single important message that gets blocked.
Here is another mail from ...local. It definitely was spam with zip
attachment. Common is a sender address with digits.
<wynn.54...@allfromboats.com> -> <tba...@txbweb.de>, quarantine:
l/spam-lEHVGcheLkyq.gz, Message-ID:
<20160920202635.6b90ec7...@allfromboats.com.local>, mail_id:
lEHVGcheLkyq, Hits: 19.118
May be I also should block sender adresses with more than 2 digits in
the name?
VERY bad idea. Especially if you deal with the general public. There
are tons and tons of people who have emails like jim...@gmail.com. You
might get away with a low scoring rule for messages with 4 or more
digits, but I would give it a very low score to start with and watch it
for a week or so to see how many hams vs spams it hits.
--
Bowie