[SPAM] Banned rulenames

Discussion in 'General' started by lino, Feb 7, 2011.

  1. lino

    lino New Member

    Hi,
    I'm configuring the antispam policies for my mail server installed on Ubuntu 10 and ISPconfig3.
    In the tab called "Other" of the "SpamFilter Policy" (I used the preconfigured Normal policy) I wanted to insert the name of a rule I don't want to be considered when amavis and spamassassin are trying to find out spammed mails.

    I read what the manual says about that and I thought that inserting the HTML_MESSAGE rulename in the field "Banned rulenames" was sufficient but the score calculated by spamassassin still includes this rule evaluation.

    Can someone help me? Didn't I understand something about?

    Thanks...
     
  2. gdavid

    gdavid New Member

    Same problem here. I'm getting a lot of untagged SPAM mail because the rule RCVD_IN_DNSWL_HI gives very low score (-8) to these messages.
    I put the rule RCVD_IN_DNSWL_HI in "Banned rulenames" of my spamfilter policy, but amavis log says (scanning the emails):

    Nov 2 11:43:22 myhost.ex.com /usr/sbin/amavisd-new[22550]: (22550-19) INFO: unknown banned table name RCVD_IN_DNSWL_HI, recip=mymail@ex.com

    How to avoid RCVD_IN_DNSWL_HI checks?
    Thanx!
    giuliano

     
  3. till

    till Super Moderator

    You can redefine the score of spamassassin rules in the file /etc/spamassassin/local.cf. To ignore that rule, set the score to 0. Then restart mavisd.
     
  4. gdavid

    gdavid New Member

    Thanks for your answer. Your method should work, I suppose. And I'll adopt if the solution I found will not be stable.
    The solution for me was to change the DNS for my mailserver. The dsnwl.org is very very annoying and unleal. If it receives more than 100.000 request per day from the same DNS resolver, it responds with an "OK" as the IP spamassassin requested to check is really clean.
    This is very uncorrect, in my opinion.
    You can check the dnswl answer with
    $host 84.91.139.98.list.dnswl.org
    If the answer is
    84.91.139.98.list.dnswl.org has address 127.0.5.0
    you are ok.
    If the answer is
    84.91.139.98.list.dnswl.org has address 127.0.10.3
    this means the DNS server you are using is over the 100.000 requests.
    In the specific, I understud the final 3 means "HI trusted", 0 means "I don't know nothing abut this IP"
    Obviously in the case I reported, I'ts impossible the IP 84.91.139.98 is Hi trusted, so dnswl is forcing (in an horrible way) my attention to the fact that 100.000 requests are gone.

    Anyway, I stopped using 8.8.8.8 as DNS server, and now everything is ok.


     

Share This Page