Am 24.03.2016 um 18:50 schrieb Yves Goergen:
I'm getting more and more spam every day and SpamAssassin can't handle it. Most of it looks very similar but it isn't filtered out. I've set up clamav-unofficial-sigs recently by installing the Ubuntu package. My MTA is configured so that anything detected by clamav is declared a virus and rejected immediately. I also get a report of virus-rejected mails. But it doesn't catch a single message. Maybe one out of a hundred in a week. How can I verify that the clamav-unofficial-sigs package is set up properly? Or is it not useful in these situations with today's spam?
a well trained SA (bayes) and custom body/subject rules kill most to all spam - in fact a proper setup is using many RBL balcklists with scoring and combined DNSWL also socred and so most unk don't make it to the smtpd daemin
What other solutions are there to improve the detection rate of SpamAssassin? My current spam-to-useful ratio in some mailboxes is somewhere around 10:1. That's close to the point of abandoning e-mail and reverting to telephone and snailmail. The rate of spam phone calls is a lot lower, and that's not considering the filter.
train your bayes proper
Examples of the subjects from the recent days:
FW: Order RF#391032
Document2
FW: Payment Receipt
Sixt Invoice: 6502444876 from 24.03.2016
Attached document(s)
FW: Payment Details - [223434]
Image9876411149045.pdf
Voicemail from 07730881627 <07730881627> 00:00:24
FW: Order Status #022412
FW: Payment #092161
FW: Confirmation #388194
train your bayes and write scored subject rules
All of the messages have attachments, but I can't block all attachments completely. Does grey-listing still work today? Is there an easy way to enable it in either SpamAssassin or Exim? I don't want to fiddle around with databases and such for days in a running system
get rid auf exim, with postfix and the config below 99% of all junk don't make it to a smtpd process at all, a large part hangs up after 10 seconds and is killed by "postscreen_greet_wait" and the rest hits enough dnsbl to get a score of 8 while backed with enough whitelists
postscreen_dnsbl_ttl = 90s
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:11}s
postscreen_dnsbl_sites =
dnsbl.sorbs.net=127.0.0.10*9
dnsbl.sorbs.net=127.0.0.14*9
zen.spamhaus.org=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.5*7
zen.spamhaus.org=127.0.0.[4..7]*7
b.barracudacentral.org=127.0.0.2*7
dnsbl.inps.de=127.0.0.2*7
zen.spamhaus.org=127.0.0.3*6
dnsbl.sorbs.net=127.0.0.7*4
hostkarma.junkemailfilter.com=127.0.0.2*4
bl.spamcop.net=127.0.0.2*4
bl.spameatingmonkey.net=127.0.0.[2;3]*4
dnsrbl.swinog.ch=127.0.0.3*4
ix.dnsbl.manitu.net=127.0.0.2*4
psbl.surriel.com=127.0.0.2*4
bl.mailspike.net=127.0.0.[10;11;12]*4
bl.mailspike.net=127.0.0.2*4
zen.spamhaus.org=127.0.0.2*3
dnsbl.sorbs.net=127.0.0.6*3
dnsbl.sorbs.net=127.0.0.8*2
hostkarma.junkemailfilter.com=127.0.0.4*2
score.senderscore.com=127.0.4.[0..20]*2
dnsbl.sorbs.net=127.0.0.9*2
bl.spamcannibal.org=127.0.0.2*2
dnsbl-1.uceprotect.net=127.0.0.2*2
score.senderscore.com=127.0.4.[0..69]*2
all.spamrats.com=127.0.0.38*2
dnsbl-2.uceprotect.net=127.0.0.2*1
dnsbl.sorbs.net=127.0.0.2*1
dnsbl.sorbs.net=127.0.0.4*1
dnsbl.sorbs.net=127.0.0.3*1
bl.nszones.com=127.0.0.[2;3]*1
hostkarma.junkemailfilter.com=127.0.1.2*1
ips.backscatterer.org=127.0.0.2*1
bl.nszones.com=127.0.0.5*-1
score.senderscore.com=127.0.4.[90..100]*-1
wl.mailspike.net=127.0.0.[18;19;20]*-2
hostkarma.junkemailfilter.com=127.0.0.1*-2
ips.whitelisted.org=127.0.0.2*-2
list.dnswl.org=127.0.[0..255].0*-2
dnswl.inps.de=127.0.[0;1].[2..10]*-2
list.dnswl.org=127.0.[0..255].1*-3
list.dnswl.org=127.0.[0..255].2*-4
list.dnswl.org=127.0.[0..255].3*-5
signature.asc
Description: OpenPGP digital signature
