On Fri, Aug 19, 2016 at 04:30:38PM +0300, Nikolaos Milas wrote: > <SNIP> > We are already using postscreen, many RBLs, the fqrdns.pcre, amavis, > spamassassin with scamp and we are filtering about 60-70% of total incoming > mail as spam, but there is still much more that should be filtered out. > > Any additional suggestions? > > Thanks, > Nick
I have personally found SpamAssassin to work very well, filtering out over 95% of my spam. That said, it does not work perfectly out of the box. The main alterations I have made are: - Enable & configure per-user bayesan filtering - Increase allowed storage space for bayesan databases - Update a particular perl package to make SPF work (CentOS / RHEL specific bug) - Add some custom rules based on specific addresses being targeted (e.g. we don't have a sales dept., but we get spam sent to sa...@domain.tld) - Add custom rule to detect suspicious attachments (e.g. .exe, .docm) - Re-weight a bunch of internal rules, in particular the bayes, SPF, and mailspike rules Another thing I did was enable the spam report to be added to all messages, that way I could more easily debug why spam that was getting past the filter didn't trigger it. Note that by default, SpamAssassin has a pretty conservative ruleset that is much more happy to allow false negatives than false positives. In my opinion this is a good thing, as users will be more unhappy to see legitimate messages in spam than the other way around. My approach to tuning SpamAssassin was also rather conservative: I slowly ramped up rule weights and waited to see what would happen. I would also test new rules by giving them a very small weight at first, just to make sure they trigger correctly, then giving them an appropriate real weight. Hope this is helpful, --Sean
