hi everyone,
a few days ago I managed to setup a Carbonio server in a production environment (yay!)
now I realize we receive a lot of spam, mostly because of this spamassassin rule: RCVD_IN_DNSWL_HI -5.0
is it possible to change this score to something like -1.0 or so? I couldn't find anything in the docs.
thanks very much.
Hi,
Thank you for writing to us.
If you are receiving spam mails due to "RCVD_IN_DNSWL_HI -5.0" then check if
all of these mails are coming from same domain or not? If all are from same domain then most probably they are listed in this type of databases (i.e. https://www.dnswl.org). In that case, you can whitelist the domain by following these steps:
vi /opt/zextras/conf/salocal.cf.in [WHITELIST YOUR DESIRED DOMAIN LIKE THIS AT THE END OF THE FILE] whitelist_from *@abc.com whitelist_from testuser1@abc.com Then Restart Antispam Service zextras@mail:~/conf$ zmantispamctl restart check if the change persists or not zextras@mail:~/conf$ tail -n 10 salocal.cf.in endif # See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7133 normalize_charset 1 whitelist_from *@abc.com whitelist_from testuser1@abc.com zextras@mail:~/conf$
*** You can blacklist any domain using the same steps
But if you are getting spam mails due to "RCVD_IN_DNSWL_HI -5.0" from random domains then I would suggest to think twice before lowering the guard. You can also train your SpamAssassin by marking those emails as HAM or SPAM.
I think it would be the best approach.
If you still think that you need to tweak the value of "RCVD_IN_DNSWL_HI -5.0", the you could do followings:
vi /opt/zextras/data/spamassassin/localrules/local.cf [ADD VALUE LIKE THIS] # Set the threshold at which a message is considered spam (default: 5.0) # # required_score 5.0 score RCVD_IN_DNSWL_HI 0 -1 0 -1 [THEN RESTART THE ANTISPAM SERVICE; IT WILL CHANGE THE VALUE FROM -5 TO -1] zmantispamctl restart
But as I said, choose your strategy carefully so that you can stay safe.
I hope it helps.
Thanks and regards,
Sharif
@vamp
# sudo su -
# echo "score RCVD_IN_DNSWL_HI -1.0" >> /opt/zextras/data/spamassassin/localrules/sauser.cf
# su - zextras -c "zmantispamctl restart"
@sharif hello,
first of all I'd like to thank you for taking the time to reply 🙂
then I wanna say I tried your solution but it didn't work, RCVD_IN_DNSWL_HI still has -5 as score.
I'm going to try what the other user said (changing sauser.cf instead of local.cf) and I will let you know!
Hi,
Sorry to hear that.
I have tested them before posting but I will definitely recheck it. I will also look into the other solutions, I hope you find your desired solution.
Thanks again and have a good day.
Thanks and regards,
Sharif
@cleverflores hello and thank you for your reply.
I tried your solution but the file is read only.
any other ideas?
thank you very much
Hi,
I rechecked my method and I found expected result. I wonder why it is not working for you.
zextras@mail:~/conf$ grep DNSWL /opt/zextras/data/spamassassin/localrules/local.cf score RCVD_IN_DNSWL_HI 0 -7 0 -7 zextras@mail:~/conf$ zextras@mail:~/conf$ zextras@mail:~/conf$ zmantispamctl restart Stopping amavisd... done. Stopping amavisd-mc... done. Starting amavisd-mc...done. Starting amavisd...done. zextras@mail:~/conf$
Received email header:
Return-Path: <btv1==690d8acab54==bolcorp@hodavasi.com> Received: from mail.sampleserver.xyz (LHLO mail.sampleserver.xyz) (185.205.246.75) by mail.sampleserver.xyz with LMTP; Wed, 22 Nov 2023 14:48:01 +0600 (BDT) Received: from localhost (localhost [127.0.0.1]) by mail.sampleserver.xyz (Postfix) with ESMTP id 471CA246DC6 for <zextras@sampleserver.xyz>; Wed, 22 Nov 2023 14:48:01 +0600 (+06) X-Virus-Scanned: amavisd-new at sampleserver.xyz X-Spam-Flag: NO X-Spam-Score: -7.206 X-Spam-Level: X-Spam-Status: No, score=-7.206 required=3.2 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: mail.sampleserver.xyz (amavisd-new);
I am attaching the screenshot.
Please let me know your feedback.
Regards,
Sharif
@sharif hi!
you were right, I figured out my mistake!
the other day I accidentaly put the line inside an if/endif statement inside local.cf
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit score RCVD_IN_DNSWL_HI 0 -1 0 -1 endif # Mail::SpamAssassin::Plugin::Shortcircuit
now I moved it below the endif line and my score is -1
thank you very much for your support, it is very appreciated.
wish you a nice day 🙂
Hi,
Ah ... don't worry it happens.
I'm Glad that we solved it and that is what matters.
Please take care and have a good day to you too.
Regards,
Sharif
hello,
I recently upgraded to the latest version of Carbonio and I noticed a lot of spam right after.
Then I remembered (from my Zimbra days) that some spamassassin settings are overwritten by upgrades.
I checked my local.cf and the score for RCVD_IN_DNSWL_HI was back to default, so I changed the setting again.
Now we're back to normal 🙂
Just wanted to share, in case anyone else was wondering.