Improving filtering of SPAM...

Christopher Kurtis Koeber ckoeber at gmail.com
Fri Jun 21 02:56:40 CEST 2013 

Thank you. I will try the two suggestions you laid out here.

Regards,

Christopher Kurtis Koeber

-----Original Message-----
From: amavis-users
[mailto:amavis-users-bounces+ckoeber=gmail.com at amavis.org] On Behalf Of Noel
Jones
Sent: Thursday, June 20, 2013 4:31 PM
To: amavis-users at amavis.org
Subject: Re: Improving filtering of SPAM...

On 6/20/2013 2:15 PM, Christopher Koeber wrote:
> Hello,
> 
> I have AmavisD with the following software running on Gentoo Linux 
> (Kernel Version 3.8.13):
> 
>  1. Postfix (Version 2.10.)
>  2. SpamAssassin (Version 3.3.2-r1)
>  3. ClamAV (Version 0.97.7)
>  4. DCC (Version 1.3.140-r1)
>  5. Razor (Version 2.85-r1)
> 
> There are perhaps quite a few other packages I have installed; I just 
> know these are the major ones I have installed.
> 
> Anyway, everything works but quite frankly my users still get a 
> significant amount of spam coming through (no viruses whatsoever, so 
> the ClamAV aspect works great.)
> 
> The core problem is that, from what I see from the logs the score for 
> the spam messages gets rated lower than zero so the system is learning 
> these messages as ham and as such the filter becomes less effective as 
> time goes on.
> 
> Now, the current install isn't completely ineffective; it catches a 
> great deal of spam messages but my question stems from asking what can 
> I do to greatly increase the accuracy.

The single most important thing to do is feed "missed" spam back into
spamassassin with "spamassassin -r" or "sa-learn".  See the spamassassin
docs for details.

Also consider using the Sanesecurity addon signatures for clamav.
These catch a lot of spam with extremely low false positives. I consider
these safe and effective.
http://sanesecurity.com

> 
> Is there a guide somewhere on improving detection of spam with 
> AmavisD? I couldn't find such a guide. Much of the items mentioned for 
> improving SpamAssassin was within the "local.cf <http://local.cf>" 
> file but I know AmavisD ignores that (from what I read). I also know I 
> can lower the tag/tag2/etc. numbers but then valid mail gets caught.

While there are some limitations, amavisd does not ignore local.cf.
In particular, you can adjust rule scores and add local rules. Note that
changes to local.cf require a restart of amavisd to read the new file.


  -- Noel Jones

More information about the amavis-users mailing list