Increase spamassassin bayes99 score

Indunil Jayasooriya indunil75 at gmail.com
Mon Oct 17 05:20:52 CEST 2016 

>
> I have:
>
>    $sa_tag2_level_deflt =  5.5;  # add 'spam detected' headers at that
>    level
>    $sa_kill_level_deflt =  7.5;  # triggers spam evasive actions (e.g.
>    blocks mail)


I think it is quite high. Pls see my config ( 3.5 and 3.8 )


$sa_tag_level_deflt  = undef;  # add spam info headers if at, or above
that level
$sa_tag2_level_deflt = 3.5;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 3.8;



> We do use RBLs at the SMTP level, greylisting, RBLs with spamassassin, but
> still we have been  getting a lot of spam.

Do you use postfix? then,


you can have below  in mail.cf under smtpd_recipient_restrictions.
Anyway Be VERY  careful since it REJECTS mails.

reject_unknown_client_hostname,


from - http://www.postfix.org/postconf.5.html

reject_unknown_client_hostname (with Postfix < 2.3:
reject_unknown_client)Reject the request when 1) the client IP
address->name mapping fails, 2) the name->address mapping fails, or 3)
the name->address mapping does not match the client IP address.
This is a stronger restriction than the
reject_unknown_reverse_client_hostname feature, which triggers only
under condition 1) above.
The unknown_client_reject_code parameter specifies the response code
for rejected requests (default: 450). The reply is always 450 in case
the address->name or name->address lookup failed due to a temporary
problem.



> Here is a blocked spamas an example:
>
> X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5

Did you receive this mail since score = 8.3?

Pls set final_spam_destiny to D_DISCARD in this way.


 $final_spam_destiny       = D_DISCARD;

It is worth to  have below 2 lines to D_DISCARD as well.

 $final_virus_destiny      = D_DISCARD;
 $final_banned_destiny     = D_DISCARD;





>         tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
>         HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
>         RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
>         RAZOR2_CHECK=0.922, RP_MATCHES_RCVD=-1.509, SPF_HELO_PASS=-0.1,
>         SPF_PASS=-0.1, SUBJ_ALL_CAPS=1.506, URIBL_BLACK=1.7,
> URIBL_RED=0.001]
>         autolearn=disabled
>
> I decided to configure:
>
>    score BAYES_99  4.5 # was 3.5
>    score BAYES_999 2.0 # was 0.2

I do NOT conceder the above stuffs so much. I go with defaults.

anyway, keep on monitoring mail log and add spam assassin rules to
quarantine mail.

if you need help,  you may write to the mailing list.





> because I noticed a lot of spam was correctly identified using BAYES_99 and
> BAYES_999, but was not getting blocked due to low scoring.
>
> I have been monitoring spam and I think that I have a lot more blocks and
> thereare no false positives at this point.
>
> Any ideas and suggestions will be greatly appreciated!
>
> Thanks (Efharisto!) again,
> Nick
>
>
> On 14/10/2016 3:06 μμ, Dino Edwards wrote:
>
>> Yasou NiKo,
>>
>> There are a few things that might be going on here. What is the average
>> score of the ham e-mails that you are getting through. The reason I’m asking
>> is can you possibly bring down your required=5.5 score? Every installation
>> is different but our required= score is set to  3.6 and that seems to work
>> very well. The required = score would be set in your amavis config file as
>> follows (the parameter below is probably how it’s set in your amavis):
>>
>> $sa_tag2_level_deflt = 3.6;
>>
>> If your spam filter is trained properly, you should be able to bring that
>> score down and not have to worry about false positives. Alternatively, if
>> you really want to raise the bayes_99 score you would set it in
>> /etc/spamasassain/local.cf as follows:
>>
>> #override bayes default scores
>>
>> score BAYES_99 5
>>
>> But, in the grand scheme of things, your spamfilter is your very last line
>> of defense against spam. Are you doing all you can to prevent spam from ever
>> reaching your spam filter? Things like RBL blocking on the MTA level,
>> graylisting etc?
>>
>
>



-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts

More information about the amavis-users mailing list