Results 1 to 6 of 6

Thread: Spam Require Score

  1. #1
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default Spam Require Score

    We notice and increase of spam lately

    Even tho i think i have done my homework some of my coworkers are getting about 40 spam this weekend only (which could be worst but... you guys know how its is )

    here some example of the x spam status of some emails spam that gets thru

    X-Spam-Status: No, score=4.515 tagged_above=-10 required=5.6
    tests=[AWL=-8.137, BAYES_95=3, MISSING_MID=0.001,
    RCVD_IN_NIX_SPAM=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SEMBLACK=0.5,
    RCVD_IN_SPAMRATS_DYNA=2, RDNS_NONE=0.1, SPF_FAIL=0.693,
    URIBL_BLACK=1.955, URIBL_SBL=1.499, URIBL_WS_SURBL=1.5] autolearn=no

    X-Spam-Status: No, score=5.505 tagged_above=-10 required=5.6
    tests=[BAYES_60=1, MISSING_MID=0.001, RCVD_IN_JMF_BL=1.5,
    RCVD_IN_PBL=0.905, RCVD_IN_SEMBLACK=0.5, RDNS_NONE=0.1,
    URIBL_SBL=1.499] autolearn=no

    X-Spam-Status: No, score=4.357 tagged_above=-10 required=5.6
    tests=[BAYES_50=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SPAMRATS_NOPTR=2,w
    RDNS_NONE=0.1, TVD_RCVD_SINGLE=1.351] autolearn=no

    X-Spam-Status:
    No, score=5.489 tagged_above=-10 required=5.6 tests=[AV:Sanesecurity.Spam.10765.UNOFFICIAL=0, AWL=-9.318, BAYES_99=3.5, CLAM_SS=2.5, MISSING_DATE=0.001, MISSING_MID=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_JMF_BL=1.5, RCVD_IN_NIX_SPAM=0.5, RCVD_IN_SEMBLACK=0.5, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SPF_FAIL=0.693] autolearn=spam

    Now I know I could just lower my required scored... but I don't know how low is to much... so that we could be getting false positive.?


    What do you guys use for your requirement score???
    Do you guys sugest me something else i could do...

    Thanks
    Last edited by Plurnay; 08-09-2010 at 12:12 PM.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    On two of those AWL (Auto White List) has driven down the score
    Code:
    AWL=-9.318
    Have a look at /opt/zimbra/data/amavisd/.spamassassin as the files auto-whitelist*. You should be able to view them, and if not use strings on them, and see if you have some rogue addresses in there. If you do you can either strip them out or remove the polluted database all together using
    Code:
    zmamavisdctl stop
    rm -f /opt/zimbra/data/amavisd/.spamassassin/auto-whitelist*
     zmamavisdctl start

  3. #3
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    I seem to recall reading that AWL is removed altogether in the SA install included in 6.0.7. So an upgrade might be another way to go. The new SA also adjusts a number of other scores.

    Have you run sa-update? Might help.

    You could also increase the scoring for some of the blacklists. Personally I use a very high score for nixspam, and I'm thinking of increasing the score for uceprotect as well. (If you don't use uceprotect, do a search on the forum.)

    You could also use b.barracudacentral.org either to score or (as I do) to block at the mta.

    I use 4.4 as the required score.

  4. #4
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    thanks guys i will look at the AWL...
    so do you guys think 5.6 is a bit high?

  5. #5
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Yes, I chose 4.4 based on observation. I could probably have gone lower. The nice thing about the Junk folder of course is that you can lower your required score without causing too much trouble if you overdo it. Just make sure your users understand how to unjunk email.

    That said, the SA included in 6.0.7 has revised a number of scores quite a bit, and based on forum reports it seems to produce higher scores all by itself. Just something to keep in mind when you upgrade.

  6. #6
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    By the way, this is where I read that AWL is disabled by default (not removed altogether) in the newer SA: Bug 44281 – Upgrade SpamAssassin to 3.3.1

    According to the link, it can be enabled/disabled via a preference. I haven't investigated to see if Zimbra changes the preference to enable AWL.

Similar Threads

  1. zmtrainsa not functioning
    By brainocide in forum Administrators
    Replies: 36
    Last Post: 03-25-2010, 08:32 AM
  2. Mail delivery is very slow
    By chandu in forum Administrators
    Replies: 23
    Last Post: 09-04-2009, 12:05 AM
  3. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 09:26 AM
  4. Spam weirdness
    By dwmtractor in forum Administrators
    Replies: 7
    Last Post: 01-29-2008, 11:55 AM
  5. Some more simple tips for cutting spam. . .
    By dwmtractor in forum Administrators
    Replies: 14
    Last Post: 11-21-2007, 05:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •