Improving filtering of SPAM...

[Noel Jones]

On 6/20/2013 2:15 PM, Christopher Koeber wrote:
> Hello,
> 
> I have AmavisD with the following software running on Gentoo Linux
> (Kernel Version 3.8.13):
> 
>  1. Postfix (Version 2.10.)
>  2. SpamAssassin (Version 3.3.2-r1)
>  3. ClamAV (Version 0.97.7)
>  4. DCC (Version 1.3.140-r1)
>  5. Razor (Version 2.85-r1)
> 
> There are perhaps quite a few other packages I have installed; I
> just know these are the major ones I have installed.
> 
> Anyway, everything works but quite frankly my users still get a
> significant amount of spam coming through (no viruses whatsoever, so
> the ClamAV aspect works great.)
> 
> The core problem is that, from what I see from the logs the score
> for the spam messages gets rated lower than zero so the system is
> learning these messages as ham and as such the filter becomes less
> effective as time goes on.
> 
> Now, the current install isn't completely ineffective; it catches a
> great deal of spam messages but my question stems from asking what
> can I do to greatly increase the accuracy.

The single most important thing to do is feed "missed" spam back
into spamassassin with "spamassassin -r" or "sa-learn".  See the
spamassassin docs for details.

Also consider using the Sanesecurity addon signatures for clamav.
These catch a lot of spam with extremely low false positives. I
consider these safe and effective.
http://sanesecurity.com

> 
> Is there a guide somewhere on improving detection of spam with
> AmavisD? I couldn't find such a guide. Much of the items mentioned
> for improving SpamAssassin was within the "local.cf
> <http://local.cf>" file but I know AmavisD ignores that (from what I
> read). I also know I can lower the tag/tag2/etc. numbers but then
> valid mail gets caught.

While there are some limitations, amavisd does not ignore local.cf.
In particular, you can adjust rule scores and add local rules. Note
that changes to local.cf require a restart of amavisd to read the
new file.


  -- Noel Jones