Spamassassin rules not firing correctly
Kai Schaetzl
maillists at conactive.com
Fri May 9 10:31:04 IST 2014
Stef Morrell wrote on Fri, 2 May 2014 15:07:54 +0000:
> Would you bother with bayes at all then
Bayes is very effective, especially when it comes to spam that cannot be
identified otherwise, especially by technical or sender-based (RBL) rules.
Anyway, I find that a lot of spam (say 90% or more) is already blocked by
technical measures, e.g. do you check for existing hostnames of clients
and senders? Or even reverse hostnames? Helos? A lot of the spam gets sent
from provider networks that don't even set a hostname for their IP
addresses.
Also, if there are common characteristics like a lot having senders in the
me domain - why don't you add a rule for that. Not to block those senders
with just one rule, but to add up with other hits, so it finally reaches
the 5.0 threshold. Did you check if you have any legitimate .me senders?
Educate your users to stop using wildcard accounts, if you have a client
structure that can use wildcard accounts. Actually, might be a good idea
to tell people that you stop scanning wildcard accounts.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list