Just a warning, I'm a bit of an SA newbie, so I'm half expecting to get a bunch of RTFM's back (but I have read the docs too.. maybe just missed something...)
I've been using SA with qmail-scanner for about a month now and it's been working great. With the default rules and settings, it blocks about 20k messages a day (company with about 4400 email addresses). There's about a 2% false positive rate which I am trying to get rid of. The biggest being email from aol. When a normal honest aol user sends an email, SA sometimes catches it with a rating of 5-6. My default rating right now is 5.5 since 40% of the spam coming through is getting a rating of 5-5.3. So to stop that, I have whitelisted aol.com. which is bad since anyone who forges an aol address gets right through.
I have run the following test on a test server: in /etc/mail/spamassassin/local.cf I have:
score FAKE_HELO_AOL 50.0
then I telnet to port 25 and do a HELO aol.com
However, looking through the debug logs, SA does not catch this. Am I doing something wrong here? Or maybe I just dont understand the rule..
Also, is there a way to take points away from someone coming in from aol? Instead of whitelisting them, maybe take away 3 points then beef up some other rules like the fake_helo_aol or rcvd_in_dynablock
Any help, pointers, or redirects to custom rules would be greatly appreciated!
Thanks
--- Joe Topjian email: [EMAIL PROTECTED] web: http://zaven.us
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
