Increase spamassassin bayes99 score

Mon Oct 17 11:32:32 CEST 2016

> 
> reject_unknown_client_hostname (with Postfix < 2.3:
> reject_unknown_client)Reject the request when 1) the client IP
> address->name mapping fails, 2) the name->address mapping fails, or 3)
> the name->address mapping does not match the client IP address.
> This is a stronger restriction than the
> reject_unknown_reverse_client_hostname feature, which triggers only
> under condition 1) above.
> The unknown_client_reject_code parameter specifies the response code for
> rejected requests (default: 450). The reply is always 450 in case the address-
> >name or name->address lookup failed due to a temporary problem.
> 

If you are using Postfix, the following smtpd_recipient_restrictions work well for us. Note that you need to install policy-spf-python before you can use the last directive.:

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf

policy-spf-python in Ubuntu is installed as follows:

sudo apt-get install postfix-policyd-spf-python

Then in your postfix master.cf you add the following:

# ==== PYTHON SPF POLICY BELOW THIS LINE. ENABLE IF YOU WISH TO USE
policy-spf  unix  -       n       n       -       -       spawn
     user=nobody argv=/usr/bin/policyd-spf
# === PYTHON SPF POLICY ABOVE THIS LINE ===

I'm also guessing you are using postscreen

> 
> > Here is a blocked spamas an example:
> >
> > X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5
> 
> Did you receive this mail since score = 8.3?
> 
> Pls set final_spam_destiny to D_DISCARD in this way.
> 
> 
>  $final_spam_destiny       = D_DISCARD;
> 
> It is worth to  have below 2 lines to D_DISCARD as well.
> 
>  $final_virus_destiny      = D_DISCARD;
>  $final_banned_destiny     = D_DISCARD;
> 

I would like to add that you should NEVER block your customers email. You don't have to pass them to their mailbox necessarily but you should dump them to a quarantine directory and release if needed. I have seen many situation where the system has marked a message as spam or a virus for that matter even though it was not and your customers are looking for that e-mail so you don't want to be that guy. You accomplish that like as follows in your amavis conf file:

$QUARANTINEDIR = "/path/to/quarantine/directory";
$virus_quarantine_method = 'local:virus/%m';
$spam_quarantine_method = 'local:spam/%m';
$banned_files_quarantine_method = 'local:banned/%m';
$bad_header_quarantine_method = 'local:bad_header/%m';

> >
> >    score BAYES_99  4.5 # was 3.5
> >    score BAYES_999 2.0 # was 0.2
> 
> I do NOT conceder the above stuffs so much. I go with defaults.
> 

I agree with above. Keeping with defaults is usually best. You should concentrate on doing everything else before you start messing around with the scores. 

--

Hermes Secure Email Gateway
Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS support, built-in email archiving, end-user self-service web gui.

Download the free open-source appliance at:
http://www.deeztek.com/hermes-secure-email-gateway/