Hello,
I receive a lot of spam emails that are obvious spam (like just html with a big photo with some product) and they get a pass from spamassassin because they pass the SPFCheck/ReverseDNS check as you can see below.
So because ReverseDNS is ok it gets -10 score, and because SPF is ok another -30 score.
so I edited the file vim /home/***username***/.spamassassin/user_prefs
add the lines:
Score SPF_PASS -2.0
Score RDNS_PASS -3.0
between the safe areas like that:
#SAFE AREA start
Score SPF_PASS -2.0
Score RDNS_PASS -3.0
#SAFE AREA end
and restarted the services:
# systemctl restart spamassassin
# systemctl restart spamassassin
and then I was waiting to receive a new spam email and I received the one below.
Still they get -10 and -30 Score .. like the rules I've added do not exist.
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 145.249.115.52, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "z***.pr*******.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content analysis details: (2.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: s.sonhub.pila.pl]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-2.0 SPF_PASS SPF: sender matches SPF record
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8520]
0.0 T_TVD_MIME_EPI BODY: No description available.
2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
SpamTally: Final spam score: -19
Any ideas?
I receive a lot of spam emails that are obvious spam (like just html with a big photo with some product) and they get a pass from spamassassin because they pass the SPFCheck/ReverseDNS check as you can see below.
So because ReverseDNS is ok it gets -10 score, and because SPF is ok another -30 score.
so I edited the file vim /home/***username***/.spamassassin/user_prefs
add the lines:
Score SPF_PASS -2.0
Score RDNS_PASS -3.0
between the safe areas like that:
#SAFE AREA start
Score SPF_PASS -2.0
Score RDNS_PASS -3.0
#SAFE AREA end
and restarted the services:
# systemctl restart spamassassin
# systemctl restart spamassassin
and then I was waiting to receive a new spam email and I received the one below.
Still they get -10 and -30 Score .. like the rules I've added do not exist.
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 145.249.115.52, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "z***.pr*******.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content analysis details: (2.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[URI: s.sonhub.pila.pl]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-2.0 SPF_PASS SPF: sender matches SPF record
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8520]
0.0 T_TVD_MIME_EPI BODY: No description available.
2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
SpamTally: Final spam score: -19
Any ideas?
