Default SpamAssassin Scores

[flamewalker]

Hello,

I have been getting a lot of spam on my system lately... like just the last couple weeks, and it seemed to start on a Monday...

I have tried the suggestions in this thread: http://forum.directadmin.com/showthread.php?t=46371 but it didn't seem to help.

I use SpamBlocker 4.

I have noticed a lot of the spam email is hitting on rules like LOTS_OF_MONEY, URIBL_BLOCKED, T_FILL_THIS_FORM, etc, but are being scored really low. My spam filter is set to 2.6, and the spam is negative or low (less than 2). They are hitting on rules, but not being filtered.

My thought is to up the scores of those rules a bit to push them over the edge. For the life of me, I can't figure out where those rules are (they aren't in /etc/mail/spamassassin/local.cf or any of the cf files in that folder). Anyone know where I can manually modify them for system-wide email?

Or anything else I should look for?

Thanks in advance.
Jamey

 

[zEitEr]

Just add them into /etc/mail/spamassassin/local.cf with your scores and restart exim/spamd.
By the way you might want to run

sa-update

daily with cron in order to have all rules updated. Note to-restart exim/spamd every time you update rules.

Related: http://spamassassin.apache.org/tests_3_3_x.html

 

[flamewalker]

Thanks. Already do sa-update through cron.

It seems one of the rbl's went offline... not sure when. combined.rbl.msrbl.net... perhaps that is why I'm seeing some more spam come through?

It now forwards to graceandpeace.org or something similar :?

 

[zEitEr]

Check this http://forum.directadmin.com/showthread.php?t=46496

 

[nobaloney]

combined.rbl.msrbl.net may be used by SpamAssassin, but it's not used by SpamBlocker, so I'm not sure if zEitEr's link is germaine to this discussion.

As zEitEr does oint out in his earlier reply, just add new rules as local rules; otherwise they could be overwritten by SpamAssassin rule updates.

If you find some SpamAssassin rules using blocklists are catching a lot of emails but the default scores for them aren't high enough to trigger SpamAssassin classification, and you want those rules alone to block emails, you could add them to your SpamBlocker exim.conf file.

If you do, then please keep the rest of us informed by posting them here. Perhaps I'll add them to the next version, which I'm starting on now.

Jeff

 

[zEitEr]

The link http://forum.directadmin.com/showthread.php?t=46496 was posted for this part:

It seems one of the rbl's went offline

 

[flamewalker]

Thanks for the help guys. Turns out my web server host, in attempting to fix an FTP issue, dumped our IP blacklist. I have been gradually building it back up from constant spammers, and have gotten the spam under moderate control again!