(yea yea, I know, it’s been going on for a while 🙂
Okay, the Spam fight is back on. My spam filters have dropped down as spammers are taking screaming advantage of the problems inherent in Bayesian filters, so I’m starting to do some tuning.
Setup: ‘amavisd-new’ runs attached to Postfix on ‘seawall’ , which is our firewall. All inbound mail to all our internal domains (and a bunch of relays) flows through this machine – traffic is 200-400 messages an hour.
First problem – I want to turn on the X-Spam-Status: line in -every- inbound message that amavisd/sa scans. In the amavisd.conf file, I have:
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scannedalone #$remove_existing_x_scanned_headers= 1; # remove existing headers # (defaults to false) $remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone # $remove_existing_spam_headers = 1; # remove existing spam headers if # spam scanning is enabled (default)
# default values, can be overridden by more specific lookups, e.g. SQL $sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop,
As far as I know, those should turn on the header in all inbound messages.
Second problem – how do I make the filters more effective? The number of domains / users here is pretty limited (perhaps 15-25 targets), so I’ve been considering putting in an SA rule that either whitelists or lowers the scoring if the mail is ‘well formed’ (To: firstname.lastname@example.org),
ala Bcc’es don’t get boosted, Received lines that go through China get bumped down, all the normal tunings.
Any suggestions of where this can best be done? I’ve looked at a couple SA rules sites, such as:
I’m also thinking of implementing this ruleset:
(specifically targeted at spam that has bayesian random text in it).