Today I got a spam message which seems, at least for a newbie like me,
succeeded in passing SA for some reason!
I'm calling SA through amavisd-new and have my Rules Du Jour updated
(manual updates so far)
I would like to block such messages therefore, I'm seeking your kind
assistance in determining how it passed the "tests" and what am I
supposed to do in order to prevent these messages?
Yousef Raffah
If you have only received one spam so far, you have either done a very good
job of setting up your system or your spam threshold is set too low. Do you
really think it is possible to stop every single piece of spam (without a
lot of false positives)? Don't you think spammers know about blacklists and
SpamAssassin? They work very hard at composing messages that will not get
blocked by SpamAssassin. If you are one of the first to receive a spam
mailer from them, their mail may not yet be in any network based blacklists.
You should use sa-learn to feed this message to Bayes. If you get the same
message a number of times, you should consider learning how to create custom
rules (which involves some basic understanding of regex). Without the entire
message I don't think anyone can determine if there is some problem with
your system, or if this particular spam simply scored low because the
spammer is good at what they do. BTW, it is helpful to see what rules hit.
Since you don't have the X-Spam-Status report, it will be difficult to
diagnose. There is no way to know on our end if the sender was whitelisted
or auto-whitelisted. In amavisd-new you should lower $sa_tag_level_deflt so
both spam and ham get the X-Spam-Status header.
$sa_tag_level_deflt = undef; # add spam info headers if at, or above that
level;
# undef is interpreted as lower than any spam level
and make sure .royah.com is included in your @local_domains_maps because the
headers will only get written if the domain is considered local.
Gary V
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
