Amavisd Not Scoring from Soft blacklist
Gary V
mr88talent at gmail.com
Sun Jun 19 21:30:10 CEST 2011
On 6/19/11, jason hirsh wrote:
> I am running
>
>> amavisd-new 2.6.4_10.1
>> Postfix 2.9
>> Mysql server 5..5
> Freebsd 8.1
>
>
> I am trying to find a way to blacklist specified domains and email address..
>
>
> Mu current effort was tp try to block one of my own webmail accounts
> captcurrent at hotmail.com
>
>
> This is what I put in amavisd.conf
>
> @score_sender_maps = ({ # a by-recipient hash lookup table
>
> # # per-recipient personal tables (NOTE: positive: black, negative: white)
> # 'user1 at example.com' => [{'bla-mobile.press at example.com' => 10.0}],
> # 'user3 at example.com' => [{'.ebay.com' => -3.0}],
> # 'user4 at example.com' => [{'cleargreen at cleargreen.com' => -7.0,
> # '.cleargreen.com' => -5.0}],
>
> # site-wide opinions about senders (the '.' matches any recipient)
> '.' => [ # the _first_ matching sender determines the score boost
>
> new_RE( # regexp-type lookup table, just happens to be all
> soft-blacklist
> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
> 5.0],
> [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
> 5.0],
> [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
> 5.0],
> [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
> 5.0],
> [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
> 5.0],
> [qr'^(your_friend|greatoffers)@'i =>
> 5.0],
> [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
> 5.0],
> ),
>
> # read_hash("/var/amavis/sender_scores_sitewide"),
>
> { # a hash-type lookup table (associative array)
> 'nobody at cert.org' => -3.0,
> 'cert-advisory at us-cert.gov' => -3.0,
> 'owner-alert at iss.net' => -3.0,
> 'slashdot at slashdot.org' => -3.0,
> 'securityfocus.com' => -3.0,
> 'ntbugtraq at listserv.ntbugtraq.com' => -3.0,
> 'security-alerts at linuxsecurity.com' => -3.0,
> 'mailman-announce-admin at python.org' => -3.0,
> 'amavis-user-admin at lists.sourceforge.net'=> -3.0,
> 'amavis-user-bounces at lists.sourceforge.net' => -3.0,
> 'spamassassin.apache.org' => -3.0,
> 'notification-return at lists.sophos.com' => -3.0,
> 'owner-postfix-users at postfix.org' => -3.0,
> 'owner-postfix-announce at postfix.org' => -3.0,
> 'owner-sendmail-announce at lists.sendmail.org' => -3.0,
> 'sendmail-announce-request at lists.sendmail.org' => -3.0,
> 'donotreply at sendmail.org' => -3.0,
> 'ca+envelope at sendmail.org' => -3.0,
> 'noreply at freshmeat.net' => -3.0,
> 'owner-technews at postel.acm.org' => -3.0,
> 'ietf-123-owner at loki.ietf.org' => -3.0,
> 'cvs-commits-list-admin at gnome.org' => -3.0,
> 'rt-users-admin at lists.fsck.com' => -3.0,
> 'clp-request at comp.nus.edu.sg' => -3.0,
> 'surveys-errors at lists.nua.ie' => -3.0,
> 'emailnews at genomeweb.com' => -5.0,
> 'yahoo-dev-null at yahoo-inc.com' => -3.0,
> 'returns.groups.yahoo.com' => -3.0,
> 'clusternews at linuxnetworx.com' => -3.0,
> lc('lvs-users-admin at LinuxVirtualServer.org') => -3.0,
> lc('owner-textbreakingnews at CNNIMAIL12.CNN.COM') => -5.0,
> #blacklist test
> # soft-blacklisting (positive score)
> 'captcurrent at hotmail.com' => 4.0,
> '.example.net' => 1.0,
>
> },
> ], # end of site-wide tables
> });
>
> I went this approach to try to keep me from messing up to far
>
> with the other checks this should be anough an email from this address into
> spam
> but the score remains at 2.092
>
> i can any one tell from this info what I am doing wrong?
Did you remember to reload amavisd-new? I would look at the headers of
the message to see what rules did hit. I would also set:
$sa_tag_level_deflt = undef;
so that all messages address to local domaions will have the X-Spam
headers inserted, which can be useful when trying to debug which rules
hit.
You may also choose to set:
# If sender matches ACL, turn debugging fully up, just for this one message
@debug_sender_maps = ( ['captcurrent at hotmail.com'] );
so you get full debugging for a message sent from captcurrent at hotmail.com.
--
Gary V
More information about the amavis-users
mailing list