[BlueOnyx:15332] Re: AV-SPAM for blacklist only

Michael Stauber mstauber at blueonyx.it
Thu May 1 13:49:27 -05 2014 

Hi Chris,

>  From the crazy user idea department...
> 
> Customer does not want any spam filtering, but wants to blacklist 
> certain domains using his AV-SPAM settings in the GUI.
> 
> If he selects "Filter disabled" will email still be rejected from the 
> domains that he specifies in the "Blacklist From" textbox?

Not awfully well, no. :-)

If the filter is "disabled", then SpamAssassin still checks the emails.
But the "score" is raised from the default "5.00" (or whatever the user
set it to) to "900".

If you blacklist an address, it gets a score of +100. Which is lower
than the "900" of the "filter disabled". So it will still pass through.

Work around:

Create the file /etc/mail/spamassassin/customer.cf and put this in it:

score USER_IN_BLACKLIST 1000.000

Save the changes and restart SpamAssassin:

/sbin/service spamassassin restart

That raises the blackist score from 100 to 1000, which should be
sufficient to block it even with "filtering disabled".

However, I tell you why this is a stupid idea:

SpamAssassin is the best tool out there to fight SPAM. Properly
configured there are next to no false positives and very little actual
SPAM goes through. Turning it off? Welcome to a world of pain.

All your client really needs to do is to set a sensible "SPAM Score" in
his personal AV-SPAM settings. The default 5.00 works well for most. On
one email account from 1996 I have lowered it to 2.50, but I wouldn't do
that for something important. Others bump it up to 6.00 or 8.00. The one
site fits all approach might not work there. But it's no rocket science.

Set the filter to "Mark SPAM and deliver", watch it a bit and then see
what got tagged with which score and what made it through without
tagging. Then set a score accordingly and change the filter to "move
detected SPAM to 'caughtspam'". Then still everything goes through, but
the "bad apples" get sorted into a separate IMAP folder. Watch that some
more to confirm there are no false positives. Only when really
comfortable you should then activate "delete detected SPAM".

The option "mark and deliver" usually works best in business
environments. You can still set up email filtering rules in the email
client to deal with the kind of stuff that gets through. And nothing is
lost.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list