How to block some whitelisted in spamassassin
I'm having a problem blocking a spammer. The original sender is acgnyc.org. I have this sender listed in my blacklist_from, but it continues to make it through. The problem is that this message is forwarded from a domain that is white_listed, ohprs.org. It seems that the white_list takes precedent over the black_list.
I've also set "shortcircuit ALL_TRUSTED off" hoping that would help, but it does not (assuming plugin Mail::SpamAssassin::Plugin::Shortcircuit is loaded. How would I check that?) "shortcircuit USER_IN_WHITELIST" is still "on". Below is the header from the offending email. Do I have any way of solving this? Is there a way of specifying blacklist-before-whitelist? Code:
From hprsadmin@ohprs.org Wed Feb 17 10:10:32 2021 |
Have you tried putting "blacklist_from *@acgnyc.org" in you /etc/spamassassin/local.cf at the end of the file?
|
Quote:
Here's something I am trying: The whitelist_from simply adds -100 to the overall spam score. I've added this rule: Code:
header LOCAL_HPRS_PORTAL From =~ /\@acgnyc.org/i |
I can honestly say that I don't know if putting it at the end of the file has any effect or not, but I have all the spammers that go through all other filters at the very end of /etc/spamassassin/local.cf and it has worked great for me.
Another possible solution is add the acgnyc.org domain to the /etc/postfix/header_checks and run 'postmap /etc/postfix/header_checks' to block the emails before even reaching spamassassin. While I have never been able to fully comprehend regular exressions ( despite my 25+ years with Linux ) the line would look something like ( and please correct me if I am wrong ) : "/From:.*\@acgnyc.org>/ REJECT" Let us know how it went, would you? |
jdrosales: Thanks for your suggestions. I've never used /etc/postfix/header_checks and don't even have an /etc/postfix directory. I use sendmail, so perhaps postfix configs don't apply. In sendmail I can put that domain in /etc/mail/access.db, however the problem with that is the message is forwarded by a trusted domain, not directly from the spammer, so access.db doesn't catch it.
Nevertheless, the thing I tried with the Spamassassin score (setting to 150.0) did work! The overall score ended up being 52.6, which is well above my rejection threshold. The message was completely rejected (by spamass-milter) and never even arrived in my spam folder. So, problem solved! Thanks for playing! |
Good riddance my friend.
I am saving the way you solved this for future reference. :) |
All times are GMT -5. The time now is 11:44 PM. |