Hi, I think of enabling Spamassassin on my relay. With a bit of tuning for Russian specifics (e.g., disabling of 8bit header checks, which, so far, are commonly used here), seems, it works well, with a bit of exceptions...
As I see, FORGED_MUA_* header check is regarded as very severe sin, according to the assigned points. But, seems, there is a problem with its estimation, at least for some mail lists. E.g.: --------------------------------------------------------------------- Content analysis details: (6.50 points, 6.3 required) REFERENCES (-0.5 points) Has a valid-looking References header MSG_ID_ADDED_BY_MTA_2 (1.0 points) 'Message-Id' was added by a relay FORGED_MUA_THEBAT (4.3 points) Forged mail pretending to be from The Bat! PLING_PLING (1.7 points) Subject has lots of exclamation marks ------------------------- BEGIN HEADERS ----------------------------- X-ListServer: CommuniGate Pro LIST 4.0.6 List-Unsubscribe: <mailto:[EMAIL PROTECTED]> List-ID: <Fishka.soobcha.org> List-Archive: <http://soobcha.org:80/Lists/Fishka/List.html> Message-ID: <[EMAIL PROTECTED]> Reply-To: "Group Fishka from SoobCha project" <[EMAIL PROTECTED]> Precedence: list X-Mailer: The Bat! (v1.63 Beta/8) X-Original-Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> [snip] -------------------------- END HEADERS ------------------------------ And there're several other mailing lists, which give the similar catch. As it can be seen above, they rename the "Message-Id" field with "X-Original-Message-ID" and insert their own field insteed. Harmless enough thing, more, as CommuniGate Pro is widely used as ListServer, I expect big enough number of similar false matches. What can be done here, with except of zero scoring of the checks? Another question, do there exist a way to whitelist all incoming messages, if they seemingly go from a mailing list (i.e., have corresponding List- header fields). I understand, these fields could be forged, there is possible spam on a list itself. But I don't want to filter any spam on mailing lists -- it's a problem of moderators and end users. As I use Spamassassin Perl module together with amavisd-new, I'll be thankful for any workable solution as for Spamassassin, so for amavisd-new. PS: With accept of the described, a week of filter's work in PASS-mode have shown good efficiency of the filter. Together with DNS blacklists, which filter in my case about 50% of incoming spam (~1000 msgs per day), Spamassassin covers almost unfailingly near the remaining half. -- Regards, Andrey ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
