>From: frede...@ofb.net <frede...@ofb.net> >Sent: Thursday, December 15, 2016 9:33 AM >To: users@spamassassin.apache.org >Subject: recent increase in spam getting through > X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE, > RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no >version=3.4.1
> Date: Thu, 15 Dec 2016 02:09:18 -0700 > From: %GIRL_NAME Lyon <lyon_%girl_n...@feuz.com> > To: frede...@ofb.net > Subject: Re: Healthy soul in healthy body. Order Celexa now. > X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,BODY_URI_ONLY, > HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG, > MIME_HTML_ONLY,RDNS_NONE,T_SPF_HELO_TEMPERROR,T_SPF_TEMPERROR >autolearn=no > autolearn_force=no version=3.4.1 Need to see the received headers to check RBLs. Make sure you are doing RBL checks at the MTA. If you are using Postfix, then enable Postscreen and use it's postscreen_dnsbl_sites for weighting reliable RBLs high and unreliable RBLs low. There is a long thread on this in the archives. http://marc.info/?l=spamassassin-users&m=146590518212907&w=2 Start with a short list like zen.spamhaus.org and mailspike then add new ones slowly over time until the email that hits SpamAssassin is mostly clean. RBLs block 95% of the spam at the MTA level so my SpamAssassin only has to block a very small percentage of spam based on content (Subject, body, AV, etc.) and Bayes. I offset some of the RBLs with postwhite for major mail providers that are often listed on RBLs but can't be blocked due to their size like comcast.net. In this case, I have to let them on to SpamAssassin for scoring. As long as they update their SPF record, then these will be let through but spoofers could be blocked by RBLs: https://github.com/stevejenkins/postwhite Remember that it is very important to use you own recursive DNS server and not point to other DNS servers that will combine your DNS queries with others which can be over the free usages limits set by the RBLs and cause URIBL_BLOCKED hits. http://marc.info/?l=spamassassin-users&m=147498536120314&w=2 Hope this helps, Dave
