HOWTO: Change rule score and stop Blacklisted emails being delivered.

Hedley Phillips info at digitalessence.net
Sat Nov 5 14:46:47 UTC 2016 

Hi,

I'm new to MailScanner and trying to get my head round the system and how
best to tweak it to suit my needs. I'm reading the User Guide and Training
Manual, have Googled this and checked the MailScanner forum and KB but am
none the wiser. Whether that's because I couldn't find the right information
or am not understanding it correctly remains to be seen...

I've got MailScanner v5.0.2 installed on CentOS in /usr/mailscanner/etc/ and
am having trouble with incoming blacklisted emails not being marked as such
and being delivered to my users resulting in a lot of spam.

The emails are getting a score of 1.70 from URIBL_BLACK and then being
delivered. The Blacklist tab in MailControl also shows no emails.

Here is an example from the Front-End. I know in this example it is getting
an overall score that marks it as high spam but quite often blacklisted
emails are sneaking through and not even being marked as possible spam.

BAYES_99	5.00	Bayes spam probability is 99 to 100%
BAYES_999	0.20	Bayes spam probability is 99.9 to 100%
DCC_CHECK	1.10	Detected as bulk mail by DCC (dcc-servers.net)
DIGEST_MULTIPLE	0.29	Message hits more than one network digest check
DKIM_SIGNED	0.10	Message has a DKIM or DK signature, not necessarily
valid
DKIM_VALID	-0.10	Message has at least one valid DKIM or DK signature
DKIM_VALID_AU	-0.10	Message has a valid DKIM or DK signature from
author's domain
HTML_FONT_LOW_CONTRAST	0.00	HTML font color similar or identical to
background
HTML_MESSAGE	0.00	HTML included in message
KAM_INFOUSMEBIZ	0.75	Prevalent use of .info|.us|.me|.me.uk|.biz domains
in spam/malware
KAM_INSURE	3.50	Life, Health, Auto, etc. Insurance SPAMs
KAM_WARRANTY	1.50	Spammers hawking home warranties
KAM_WARRANTY2	3.50	Spammers pushing home warranties
LOTS_OF_MONEY	0.00	
RAZOR2_CF_RANGE_51_100	0.50	Razor2 gives confidence level above 50%
RAZOR2_CF_RANGE_E8_51_100	1.89	Razor2 gives engine 8 confidence
level above 50%
RAZOR2_CHECK	0.92	Listed in Razor2 (http://razor.sf.net/)
RCVD_IN_PSBL	2.70	Received via a relay in PSBL
RDNS_NONE	0.79	Delivered to internal network by a host with no rDNS
SPF_SOFTFAIL	0.67	SPF: sender does not match SPF record (softfail)
T_REMOTE_IMAGE	0.01	
URIBL_BLACK	1.70	Contains an URL listed in the URIBL blacklist

SpamAssassin Score	24.92	
SpamAssassin Auto Learn	not learned

I've tried editing /usr/mailscanner/etc/spam.assassin.prefs.conf and adding
the following rule:

Score URIBL_BLACK 10.0

Then restarted with: 

Service MailScanner reload

But it made no difference to the score so this is not the right place to
edit.

My questions:

1) Which file do I edit to change the rule scores 
2) How can I get MailScanner to delete all emails that come from Blacklisted
addresses?

Thanks.

I've included a header as an example.

X-DigitalEssence-MailScanner-Information: Please contact the ISP for more
information
X-DigitalEssence-MailScanner-ID: 1c2fS6-0000fr-TM
X-DigitalEssence-MailScanner: Found to be clean
X-DigitalEssence-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=4.403, required 5, BAYES_50 0.80, DCC_CHECK 1.10,
	HTML_FONT_LOW_CONTRAST 0.00, HTML_MESSAGE 0.00, RDNS_NONE 0.79,
	SPF_HELO_PASS -0.00, SPF_PASS -0.00, T_REMOTE_IMAGE 0.01,
	URIBL_BLACK 1.70)
X-DigitalEssence-MailScanner-SpamScore: ssss
X-DigitalEssence-MailScanner-From: burnishment at omilo.stream
X-Spam-Status: No
X-Antivirus: avast! (VPS 161104-0, 04/11/2016), Inbound message
X-Antivirus-Status: Clean

More information about the MailScanner mailing list