[BlueOnyx:26316] Re: negative AV-Spam score

[Juerg Sommer]

Hi Meaulnes,

 >> This clever jerk managed to send his blackmailing spam *from and to* my
 >> server administrator address. And since my server administrator 
address is
 >> in the whitelist (sorry! now politically correct: in the welcomelist:-)
 >> because I don't want to have my users to be blocklisted when I write 
them
 >> something, the e-mail got presumably this high negative score of -61.5

 > Believe the modifications to scoring and such are
 > kept in /etc/mail/spamassin directory but the rules
 > themselvers are located in /usr/share/spamassassin
 > and the main scoring file is 50_scores.cf, 72_scores.cf
 > and possibly some in 73_sandbox_manual_scores.cf

Thanks for your reply. Glad to read you were able to solve your problem. 
Rules are documented in the files Larry told you, maybe in another 
directory,  but you can search for the filenames. Do not change the 
score in this file, because this files will be replaced after an update. 
You can create new score in the file you create your own rules (because 
I don't use the plugin I don't know it's location). Simple add a line:

score     BAYES_00                          -4

to overwrite score for BAYES_00.

I recommend you to check and/or create a SPF record or DKIM and reject 
mails from your domain(s) from outside your mailservers to protect you 
from this spam. Some time ago same sender address was often used, with 
SPF/DKIM it's it is now rarely used. Maybe you also would put your 
mailservers and not your mail adress to the welcome list. There's an 
ALL_TRUSTED rule if mail is sent from localhost or networks listed in an 
trusted_networks.

Best regards,
Juerg