Hello everyone, We've been target for spammers for a while now. Most of this spam has been blocked which I'm happy with the result (around 700 spams blocked per week). Our last problem is that we're receiving a lot of spam from AOL.com services. Which I can't simply block their network as some customers might use that service. So I saw something similar on this spam. All the spam comes from @aol.de / @aim.com & @mail.fr, and it always starts in the same way. So I thought creating a spamassassin custom rule to detect these and give them an enough spam score to get it rejected. Here is my spamassassin code (/etc/spamassassin/loca.rc): Code: header __check_CONTENT From =~ /\@aim\.com/i body __check_CONTENT /btest/ meta check_SPAM (__check_FROM && __check_CONTENT) score check_SPAM 65.0 But for some reason this isn't getting picked up. At first I thought my code had a typo somewhere so I made a simpler one: Code: header TIVI_SUBJ_TEST Subject =~ /^mysubjectspamtest/ score TIVI_SUBJ_TEST 20.0 But again this isn't being picked up as the spam score doesn't show at all on my email header. My question is, do I need to create any specific rule with amavis-new? I'm new to spamassassin as I never did a custom rule before, so I don't know if I need to add something extra to my amavis-new config. I also did spamassassin --lint & restarted spamassassin, amavis & postfix and it doesn't seem to work. Thank you,
If you are using amavis on your server, then amavis must be restarted. If its an ispconfig server, then SpamAssassin should be stopped as it is not used anyway, the scanning happens within amavis which loads the SpamAssassin library without the need for the SpamAssassin daemon.
So you're saying that I should disabled spamassassin daemon? But do I need to add these rules to somewhere else? I've been reading for a while about these $sa_rules but I still didn't understood where should I exacly use them
But the file for custom spamassasins ettings is named local.cf and not rc.local. /etc/spamassassin/local.cf
Correct, I did a typo in the main topic my bad. In the meantime I tried once again running spamassassin --lint and then service amavisd-new restart but the rules aren't still being picked up. Is there anything that I might need to activate in the amavis configuration?
Maybe @florian030 might give you some more details as he maintains a SpamAssassin ruleset used in many ISPConfig system here: https://www.schaal-it.com/server/current-rules-for-spamassassin-from-schaal-it/
rules put in local.cf will be read and used, likely you simply have errors in them. Perhaps a description is mandatory? I'll try to test the above subject rule.
I did a quick test, and you do not need a description or score for the rule, I cut & pasted your TIVI_SUBJ_TEST rule into my local.cf, restarted amavis, then sent a message with 'Subject: mysubjectspamtest' and the rule hit.
I don't understand then why my rules aren't being picked. I'll do more research maybe I did a change in the past? It could be. But it's good to know that at least the rule is working
Hi, Did you find a solution on why your rule was not hit? I have the same sittuation on my ISPConfig mail server.
Have you verified that the syntax of your rule is correct? You can check your rules with: Code: spamassassin --lint With debug mode: Code: spamassassin -D --lint If you don't get any error then you might have to restart amavisd. btw, in which file and location did you save your rule?
Thanks for the reply. Later I have found out that I can change the TagLevel1 to -100 to see the message headers. In the headers it turned out that my email was whitelisted so the rules didn't apply.
