Handling spam, which is not yet on blacklists

Frank de Bot (lists) lists at searchy.net
Wed Mar 15 20:35:33 CET 2017


Hi,

Lately one of my e-mailadresses is receiving a fair amount of spam. I
use amavis for spam and virus filtering.

The spamscore at first of a message is about 3 or 4, too little to
discard as spam. But when I do a second scan it easily matches spam.

An example:

First 3.5 points : BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_SBL=0.141,
	RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
	T_REMOTE_IMAGE=0.01, URIBL_SBL=1.623, URIBL_SBL_A=0.1

Second 13.6 points : BAYES_50,HTML_MESSAGE, PYZOR_CHECK, RCVD_IN_SBL,
RCVD_IN_SBL_CSS, RDNS_NONE, SPF_FAIL, SPF_HELO_PASS, T_REMOTE_IMAGE,
URIBL_ABUSE_SURBL, URIBL_BLACK, URIBL_DBL_SPAM, URIBL_SBL,
URIBL_SBL_A

Notacible is that blacklist and pyzor tests are matching the second
time, it looks like my address is some of the first that is being spammed.
The difference between the first and second check was less than 5 minutes.

Is there a good way to deal with this? Every day I need to remove dozens
of spam messages from my inbox.
If I would delay a message at my incoming server it could do the trick
to better detect spam, but I don't feel this is a good solution.
I've noticed that some e-mailproviders are stalling a first message
coming from an unknown source, this whould be a better solution. Is this
something amavis can do?

Frank de Bot


More information about the amavis-users mailing list