Re: Lots of spam getting thru

[Philip Prindeville <ph...@redfish-solutions.com>]

On Jun 30, 2014, at 1:49 PM, Robert Fitzpatrick <ro...@webtent.org> wrote:

> John Hardin wrote:
>> On Mon, 30 Jun 2014, Robert Fitzpatrick wrote:
>> 
>>> I have been experiencing a huge amount of spam getting through to some big target addresses, mainly from .eu and .info addresses, and would like to see if someone can find something wrong with my setup. I recently upgraded to 3.4, but still the same issue. I am using Postfix with Maia Mailguard (a forked version of amavisd-new). Here is one example, could someone test this on their own config and see how the scores compare?
>> 
>> Are you doing URIBL lookups? 
> Thanks, the only one I am using my our postfix setup is spamhaus, we discontinued spamcop after an issue with false positives. Can I ask which most of you are using with good results? I have skip_rbl_checks in SA set to zero, is there more to add?
> 
> -- 
> Robert
> 

I have:

  score URIBL_BLACK			4.95

in my /etc/mail/spamassassin/sa-scores.cf file (this rule is defined in:

/var/lib/spamassassin/3.004000/updates_spamassassin_org/25_uribl.cf

if that’s on your system), and:

loadplugin Mail::SpamAssassin::URIDNSBL

in my /etc/mail/spamassassin/init.pre file (this is on Fedora 20).

If you were doing it from scratch, you might try:

  loadplugin Mail::SpamAssassin::URIDNSBL

  skip_rbl_checks 0

  urirhssub L_URIBL_BLACK        multi.uribl.com. A 2
  body L_URIBL_BLACK             eval:check_uridnsbl('L_URIBL_BLACK')
  describe L_URIBL_BLACK         Contains a URL listed in the URIBL blacklist
  tflags L_URIBL_BLACK           net
  score L_URIBL_BLACK            4.95

But like I said, the canned rules should already include URIBL_BLACK.

-Philip