Spamassassin user specific settings

cp51 · 09-23-2013, 07:33 PM

Hi Everyone,

I have a server with a bunch of email accounts using the standard dovecot/postfix setup with spamassassin monitoring for spam.

I have one account that just recently has been getting hammered with spam. Like 50 messages an hour. All from different domains.

In the past I have had problems with valid emails getting labeled as spam so I reduced the threshold for labeling an email as spam.

I am not that experienced with spamassassin settings and I was wondering if there is a way to decrease the threshold for that one user account, while leaving the other accounts at the higher threshold?

I know I can add some rules to a file in the ~/.spamassassin folder of the user. But I havent found a way to catch all the spam without adding a ton of single word rules. And even with those rules, some of the messages are too short to break the threshold for spam.

Does anyone have any suggestions? Or perhaps instructions on how to change the spam threshold for this one user?

Also, the server is running Ubuntu 10.04

Thank you for any help,
-Cp51

unSpawn · 09-24-2013, 07:53 PM

Quote:

Originally Posted by cp51

In the past I have had problems with valid emails getting labeled as spam so I reduced the threshold for labeling an email as spam.

That contradicts your earlier statement that you use a "standard setup". IMHO you should fix that problem first.

Quote:

Originally Posted by cp51

I know I can add some rules to a file in the ~/.spamassassin folder of the user. But I havent found a way to catch all the spam without adding a ton of single word rules.

Lack of convenience really isn't an excuse: it's your MTA sending spam. So IMHO you should at least do that until you find the right way. And at least tell us if you configured Postfix for outbound rate limiting and RBL usage and show us the SA rule customizations in place and a few of the rules you would like to add.

Quote:

Originally Posted by cp51

And even with those rules, some of the messages are too short to break the threshold for spam.

Same here: SA has debug mode for analyzing messages. Showing that says more than talking about any messages.

cp51 · 09-24-2013, 08:12 PM

Ok, I'm a little confused by your suggestions.

Quote:

Quote:
Originally Posted by cp51 View Post
In the past I have had problems with valid emails getting labeled as spam so I reduced the threshold for labeling an email as spam.
That contradicts your earlier statement that you use a "standard setup". IMHO you should fix that problem first.

By the above, I meant that incoming emails from say: user@example.com get labeled as spam because something in the message coming into my server triggered SA.

Quote:

Lack of convenience really isn't an excuse: it's your MTA sending spam.

Does this mean you are suggesting it is my server sending the spam? Because my server is the one receiving the spam... Sorry for the naive questions, like I said, im not very experienced with mail servers.

In any event, I will do some keyword analysis on the spam messages and add some more rules to SA as you suggested.

unSpawn · 09-24-2013, 08:56 PM

Quote:

Originally Posted by cp51

By the above, I meant that incoming emails from say: user@example.com get labeled as spam because something in the message coming into my server triggered SA.

Ah, OK, me reading things wrong.

Quote:

Originally Posted by cp51

In any event, I will do some keyword analysis on the spam messages and add some more rules to SA as you suggested.

Please do and post some results. Isolate a single message with all headers then running it as:

Code:

]$ spamassassin --test-mode < your_spam_message.txt

should result in lots of nfo (good to chek which rules it reads) and end with a content analysis:

Code:

Content analysis details:   (7.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 1.0 MISSING_HEADERS        Missing To: header
 1.5 BAYES_60               BODY: Bayes spam probability is 60 to 80%
                            [score: 0.6744]
 0.5 MISSING_MID            Missing Message-Id: header
 1.8 MISSING_SUBJECT        Missing Subject: header
 1.0 MISSING_FROM           Missing From: header
-0.0 NO_RECEIVED            Informational: message has no Received headers
 0.0 TVD_SPACE_RATIO        TVD_SPACE_RATIO
 1.4 MISSING_DATE           Missing Date: header
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers

Usually it involves tweaking a combination of rules using small increments.