Handling spam, which is not yet on blacklists

Dino Edwards dino.edwards at mydirectmail.net
Wed Mar 15 22:45:07 CET 2017


You mean like graylisting?

-----Original Message-----
From: amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of Frank de Bot (lists)
Sent: Wednesday, March 15, 2017 3:36 PM
To: amavis-users at amavis.org
Subject: Handling spam, which is not yet on blacklists

Hi,

Lately one of my e-mailadresses is receiving a fair amount of spam. I use amavis for spam and virus filtering.

The spamscore at first of a message is about 3 or 4, too little to discard as spam. But when I do a second scan it easily matches spam.

An example:

First 3.5 points : BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_SBL=0.141,
	RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
	T_REMOTE_IMAGE=0.01, URIBL_SBL=1.623, URIBL_SBL_A=0.1

Second 13.6 points : BAYES_50,HTML_MESSAGE, PYZOR_CHECK, RCVD_IN_SBL, RCVD_IN_SBL_CSS, RDNS_NONE, SPF_FAIL, SPF_HELO_PASS, T_REMOTE_IMAGE, URIBL_ABUSE_SURBL, URIBL_BLACK, URIBL_DBL_SPAM, URIBL_SBL, URIBL_SBL_A

Notacible is that blacklist and pyzor tests are matching the second time, it looks like my address is some of the first that is being spammed.
The difference between the first and second check was less than 5 minutes.

Is there a good way to deal with this? Every day I need to remove dozens of spam messages from my inbox.
If I would delay a message at my incoming server it could do the trick to better detect spam, but I don't feel this is a good solution.
I've noticed that some e-mailproviders are stalling a first message coming from an unknown source, this whould be a better solution. Is this something amavis can do?

Frank de Bot


More information about the amavis-users mailing list