How do i setup amavis to remove spam tagged email ?

Discussion in 'Installation/Configuration' started by findafriend, Mar 18, 2010.

  1. findafriend

    findafriend New Member

    Hi

    Thanks so far for the nice help i got here...

    I have this header and can see it is spam, I just want to have it deleted and not getting into the users email inbox.

    The header is as follows :

    Yes, score=3.608 tagged_above=2 required=3.501 tests=[BAYES_50=0.001, HTML_FONT_LOW_CONTRAST=0.124, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, RDNS_NONE=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_JP_SURBL=1.501, URIBL_OB_SURBL=1.5]

    As you can see it gets tagged by URIBL_JP_SURBL=1.501 and URIBL_OB_SURBL=1.5.

    How can i setup amavis to delete this... I have searched howtoforge and have not yet been able to find a solution to this...

    Another thing, I found something which as i read it is put into spamassassin (amavis) :

    http://www.akadia.com/services/postfix_spamassassin.html

    Something is turned off and put into spamassassin :

    # --------------------------------
    # Deactivated, done in SpamAssasin
    # --------------------------------
    # reject_rhsbl_client blackhole.securitysage.com,
    # reject_rhsbl_sender blackhole.securitysage.com,
    # reject_rbl_client relays.ordb.org,
    # reject_rbl_client blackholes.easynet.nl,
    # reject_rbl_client cbl.abuseat.org,
    # reject_rbl_client proxies.blackholes.wirehub.net,
    # reject_rbl_client bl.spamcop.net,
    # reject_rbl_client sbl.spamhaus.org,
    # reject_rbl_client opm.blitzed.org,
    # reject_rbl_client dnsbl.njabl.org,
    # reject_rbl_client list.dsbl.org,
    # reject_rbl_client multihop.dsbl.org,

    Do i have to put this back into postfix to use it or is there another solution to this ?

    Postfix has been edited with the following line which work as expected :

    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client bl.spamcop.net permit

    How can i incorporate the list mentioned above which have been removed from postfix in the mentioned example ?

    And how do i implement URIBL_JP_SURBL and URIBL_OB_SURBL so spam not only get tagged but also removed before even reach the inbox on users ?

    If i succeed in my "job" I would love to make a little "guide" on how I did, as this might help others inside here.

    Br

    Mogens
     
  2. till

    till Super Moderator

    There is no need to change any file for this, just set the spam kill level in the policy in ispconfig to the value were amavisd shall delete the spam.
     
  3. findafriend

    findafriend New Member

    Thanks Till

    As i see it there are two ways to combat spam :

    1) The one i mentioned
    2) lowering the kill level

    You suggest the second as the easiest one, but this have a potential of deleting things not being spam

    And secondly URIBL_JP_SURBL and URIBL_OB_SURBL is spam, so is there a way to set amavis to reach on this instead of just lovering the spam kill level, as this could cause emails not being spam getting deleted and we dont want that.
    And i don't want the users to get botheret with things which can be deleted by the email system

    How can i use URIBL_JP_SURBL and URIBL_OB_SURBL and not lowering the spam kill level ?

    BR

    Mogens
     
    Last edited: Mar 18, 2010
  4. till

    till Super Moderator

    You asked "How do i setup amavis to remove spam tagged email ?" which means to delete emails and you can loose legit emails with that of course, if you set the kill level too low. Personally, I wont delete emails directly in amavis, I tag my emails and then move them to a spam folder by a filter rule.
     
  5. findafriend

    findafriend New Member

    ok let me ask the other way around as already done above...

    how can this be done inside amavis, so the user dont have to bother with spam.
    There is no need to let the user get email we now already is spam.
     
  6. till

    till Super Moderator

    Then see #2.
     
  7. findafriend

    findafriend New Member

    Maybe I'm not asking correctly

    When URIBL_OB_SURBL get a score, what i would like is to have amavis to delete the email....

    It is obvious that the above mentioned is spam, and it should not reach the users email box, but get deleted before even reaching there.

    I have a new example here, where the email has gone through filtrering :

    X-Spam-Status:
    Yes, score=4.653 tagged_above=2 required=3.501 tests=[BAYES_60=1, HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033]

    There are some indications that it is spam :

    RCVD_IN_XBL=3.033

    This one is triggered by :

    the CBL (Composite Block List) from cbl.abuseat.org
    the NJABL Open Proxy IPs list from www.njabl.org

    This email is before editing main.cf

    But if it worked as expected.. it would be deleted by amavis, as it is in one of the above mentioned databases.

    I have cbl.abuseat.org and bl.spamcop.net covered in the following line in postfix main.cf :

    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org permit

    hope this make sense ?
     
  8. findafriend

    findafriend New Member

    what should i write in postfix to use :

    URIBL_SBL ?
     
  9. till

    till Super Moderator

Share This Page