Hi guys. Here is my Spamfilter policy settings: SPAM tag level 3 SPAM tag2 level 3.4 SPAM kill level 5 SPAM dsn cutoff level 0 SPAM quarantine cutoff level 0 SPAM modifies subject yes SPAM subject tag ***SPAM*** SPAM subject tag2 ***SPAM*** And anyway i'm receiving some spam sometimes marked with ***SPAM***, sometimes no. My blacklist: zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,combined.rbl.msrbl.net Mailserver is corporate, so without spam filtering there will be mass of spam. Maybe we should use more aggressive filtering? At Domain level spamfilter setting is Not Enabled. Modified Trigger happy settings are enabled for each mailbox. Thanks.
You can see in the mail header which rules got applied and which score the email has got. Then you can adjust the tag 2 level and kill level according to your needs.
OK, i got another spam. Header: Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by server.modilinos.com (Postfix) with ESMTP id 35B9C5025BA for <---@modilinos.com>; Tue, 1 Mar 2016 16:31:34 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at server.modilinos.com Received: from server.modilinos.com ([127.0.0.1]) by localhost (server.modilinos.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ie7wyCcv7RQ for <[email protected]>; Tue, 1 Mar 2016 16:31:26 +0200 (EET) Received: from web102.logicatorino.it (web102.logicatorino.it [178.255.72.190]) by server.modilinos.com (Postfix) with ESMTPS id 2D23950212E for <[email protected]>; Tue, 1 Mar 2016 16:31:25 +0200 (EET) Received: from web3 by web102.logicatorino.it with local (Exim 4.80) (envelope-from <[email protected]>) id 1aal8s-00087e-RO for [email protected]; Tue, 01 Mar 2016 15:19:14 +0100 To: [email protected] Subject: Why Not F5cking Me? X-PHP-Originating-Script: 1004:utf.php(1974) : eval()'d code Date: Tue, 1 Mar 2016 15:19:14 +0100 From: Cindy Haynes <[email protected]> Message-ID: <[email protected]> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_3ecf6df4568a1519196b600653c78f88" Content-Transfer-Encoding: 8bit
Now received spam with marked subject: Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by server.modilinos.com (Postfix) with ESMTP id 3C338502A74 for <[email protected]>; Tue, 1 Mar 2016 20:18:50 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at server.modilinos.com X-Spam-Flag: NO X-Spam-Score: 3.303 X-Spam-Level: *** X-Spam-Status: No, score=3.303 tagged_above=3 required=3.4 tests=[BAYES_50=0.8, DIET_1=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.7] autolearn=no autolearn_force=no Received: from server.modilinos.com ([127.0.0.1]) by localhost (server.modilinos.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5f66u-RW8zot for <[email protected]>; Tue, 1 Mar 2016 20:18:42 +0200 (EET) Received: from denmatop.xyz (unknown [185.132.126.114]) by server.modilinos.com (Postfix) with ESMTP id C9A58502A73 for <[email protected]>; Tue, 1 Mar 2016 20:18:40 +0200 (EET) From: "Oz-Online" <[email protected]> Date: Tue, 01 Mar 2016 13:00:04 -0500 MIME-Version: 1.0 Subject: ***SPAM***Dr_Oz reveals obesity reversal method To: <[email protected]> Message-ID: <S3cStXRq64QH5gdmNLPw9bkcjRuzbP-96xO9lFltfjA.MIyfXlzx9XOIcTTbaEauqHnbfoHtPBtbwc2ErB0nbQQ@denmatop.xyz> Content-Type: multipart/alternative; boundary="------------87736373769188743763762"
Please do not post spam emails incl. real email addresses here. This will just get you more spam as spam bots grab email addresses from forums. Did you select the spamfilter policy for the whole domain (in the email domain settings) or did you set it just for the agency@ mailbox?
Thanks Till for your answers. At Domain level spamfilter setting is Not Enabled. Modified (3-3.4-5) Trigger happy settings are enabled for each mailbox.
ok, next not marked spam Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by server.modilinos.com (Postfix) with ESMTP id 19E9B502AD1 for <[email protected]>; Tue, 1 Mar 2016 20:45:03 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at server.modilinos.com Received: from server.modilinos.com ([127.0.0.1]) by localhost (server.modilinos.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rjj4S22FTQGd for <[email protected]>; Tue, 1 Mar 2016 20:44:58 +0200 (EET) Received: from danielghoffman.info (unknown [185.132.126.106]) by server.modilinos.com (Postfix) with ESMTP id 19D51502AD0 for <[email protected]>; Tue, 1 Mar 2016 20:44:57 +0200 (EET) From: "CNN-Breaking" <[email protected]> Date: Tue, 01 Mar 2016 13:20:18 -0500 MIME-Version: 1.0 Subject: My hips shrank from 51 to 34 inches in 7 days To: <[email protected]> Message-ID: <IvDXjli006x6mDgj_fojrwe2hErda5Q-PR34ICA1zd0.U_vBgE220LCQZcJIcneh1sbIoIGCT-Wp1mW6Msxgj2U@danielghoffman.info> Content-Type: multipart/alternative; boundary="------------35820088190528313835174"
Thats only nescessary if one mailbox shall have a different level compared to the one set for the domain. That's ok.
OK, i did that. Now i have -100,3.4,5 policy at domain level only. Let's test it, thanks Till one more time.
Last news: inside users messages was markes as spam. Here is header: Return-Path: <user1@modilinos.com> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by server.modilinos.com (Postfix) with ESMTP id 228A3502E0A for <[email protected]>; Tue, 1 Mar 2016 22:52:36 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at server.modilinos.com X-Spam-Flag: NO X-Spam-Score: -2.898 X-Spam-Level: X-Spam-Status: No, score=-2.898 tagged_above=-100 required=3.4 tests=[AC_DIV_BONANZA=0.001, ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no Received: from server.modilinos.com ([127.0.0.1]) by localhost (server.modilinos.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joLevSkM0gPq for <[email protected]>; Tue, 1 Mar 2016 22:52:29 +0200 (EET) Received: from jolantathink (78-56-111-190.static.zebra.lt [78.56.111.190]) (Authenticated sender: [email protected]) by server.modilinos.com (Postfix) with ESMTPSA id C4A7B502E09 for <[email protected]>; Tue, 1 Mar 2016 22:52:29 +0200 (EET) From: "Jolanta MODILINOS" <[email protected]> To: =?UTF-8?Q?'Modilinos_modeli=C5=B3_agent=C5=ABra'?= <[email protected]> Subject: ***SPAM***FW: JUSTE option in May! Date: Tue, 1 Mar 2016 22:52:30 +0200 Message-ID: <03af01d173fc$45d64c40$d182e4c0$@com> MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_03B0_01D1740D.095F1C40" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AdFzqacQgrJTUdOkRqqdJ35BLskeagAUpjxw Content-Language: lt Now i set Tag lever to 1, it's ok? Now policy is 1,3.4,5
That's not determined to be spam, it's only tagged as such because of: Code: SPAM subject tag ***SPAM*** Leave "SPAM subject tag" empty (the default) and it should fix that. On the subject of spamassassin performance in general, it's not usually the best idea to just start dropping score threshholds to catch more spam. Yes, you will catch more, but you'll also have a lot more false positives; if you run a small server with limited users where you can keep an eye on things you might get away with it more, especially if you use bayes is trained well. But instead of dropping score threshholds too far, consider adding more tests to bump the score up, ie. make spamassassin actually do a better job. Train bayes, update to current spamassassin version, look at optional tests that aren't enabled by default, add some 3rd party rules, etc.
Ah yes, i deleted string SPAM subject tag and make -100,3.4,5 again. But mass of marked spam this morning (yesterday i did 1,3.4,5) with scores 1.8-4.8. can i try -100, 2, 3 configuration?
Yes, you can use any level that matches your needs to filter out messages. The first level (-100) just means when amavis shall start to write scores into the header, so that can be that low if you want to know what the system is doing as it has no influence on spam scoring. The other two level are for marking spam in the title and header and the third level is when spam gets deleted.
From the ISPConfig Manual; It says "Emails will still be scanned for viruses, but results of virus checks are ignored" and "Emails will still be scanned for spam, but results of spam checks are ignored". I still don't get what this means. If they are 'ignored', do they get the header-flag that puts them in the Junk folder? Or are they being ignored for any further processing and discarded? Here's what I want: I want users to get *every* email that is sent to them, despite of banned extensions, bad headers, bad virus attachments, spam, etc. except for a SA-score that is eceptionally high (like 12, that can safely be discarded, I would say ignored, but that's semantics). But here's the important part: It should *all* go into their Junk folders, and so for that I want it to be as trigger-happy as it can be. This seems basically what Gmail does; I think the configuration here is made way too complex. My users are already asking me what the Policies do or mean. They don't want to be bothered, mostly, but never want to miss any email, and now they're afraid they do. Say my friend wants to buy rare shoes from an obscure chinese webstore, she still wants to be able to see the confirmation email for the buy, even though it scores an 11 as spam. It needs to go in the Junk folder. So, how do I set those policies if that's what I want? Is it working if I use "Addr. extension virus" and then set "Junk" in there? Will it then go in the Junk folder automatically? I'll try that for all those then.