how to change score...
 
Notifications
Clear all

how to change score to an existing spamassassin rule

10 Posts
3 Users
2 Reactions
624 Views
 vamp
(@vamp)
Joined: 10 months ago
Posts: 6
Topic starter  

hi everyone,

a few days ago I managed to setup a Carbonio server in a production environment (yay!)

now I realize we receive a lot of spam, mostly because of this spamassassin rule:  RCVD_IN_DNSWL_HI  -5.0

is it possible to change this score to something like -1.0 or so?  I couldn't find anything in the docs.

thanks very much.


   
Quote
(@sharif)
Admin
Joined: 2 years ago
Posts: 448
 

@vamp

Hi,

Thank you for writing to us.

If you are receiving spam mails due to "RCVD_IN_DNSWL_HI  -5.0" then check if

all of these mails are coming from same domain or not? If all are from same domain then most probably they are listed in this type of databases (i.e. https://www.dnswl.org). In that case, you can whitelist the domain by following these steps:

vi  /opt/zextras/conf/salocal.cf.in

[WHITELIST YOUR DESIRED DOMAIN LIKE THIS AT THE END OF THE FILE]

whitelist_from *@abc.com
whitelist_from testuser1@abc.com


Then Restart Antispam Service
zextras@mail:~/conf$ zmantispamctl restart


check if the change persists or not

zextras@mail:~/conf$ tail -n 10 salocal.cf.in

endif

# See  https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7133 
normalize_charset 1


whitelist_from *@abc.com
whitelist_from testuser1@abc.com

zextras@mail:~/conf$

 

*** You can blacklist any domain using the same steps

 

But if you are getting spam mails due to "RCVD_IN_DNSWL_HI  -5.0" from random domains then I would suggest to think twice before lowering the guard. You can also train your SpamAssassin by marking those emails as HAM or SPAM.

I think it would be the best approach. 

If you still think that you need to tweak the value of "RCVD_IN_DNSWL_HI  -5.0", the you could do followings:

vi  /opt/zextras/data/spamassassin/localrules/local.cf

[ADD VALUE LIKE THIS]

#   Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0
score RCVD_IN_DNSWL_HI 0 -1 0 -1


[THEN RESTART THE ANTISPAM SERVICE; IT WILL CHANGE THE VALUE FROM -5 TO -1]

zmantispamctl restart

 

But as I said, choose your strategy carefully so that you can stay safe.

I hope it helps.

 

Thanks and regards,

Sharif

 


   
ReplyQuote
(@cleverflores)
Joined: 3 years ago
Posts: 15
 

@vamp 
# sudo su -
# echo "score RCVD_IN_DNSWL_HI  -1.0" >> /opt/zextras/data/spamassassin/localrules/sauser.cf
# su - zextras -c "zmantispamctl restart"


   
ReplyQuote
 vamp
(@vamp)
Joined: 10 months ago
Posts: 6
Topic starter  

@sharif hello,

first of all I'd like to thank you for taking the time to reply 🙂

then I wanna say I tried your solution but it didn't work, RCVD_IN_DNSWL_HI still has -5 as score.

I'm going to try what the other user said (changing sauser.cf instead of local.cf) and I will let you know!


   
ReplyQuote
(@sharif)
Admin
Joined: 2 years ago
Posts: 448
 

@vamp 

Hi,

Sorry to hear that.

I have tested them before posting but I will definitely recheck it. I will also look into the other solutions, I hope you find your desired solution.

Thanks again and have a good day.

Thanks and regards,

Sharif


   
ReplyQuote
 vamp
(@vamp)
Joined: 10 months ago
Posts: 6
Topic starter  

@cleverflores hello and thank you for your reply.

I tried your solution but the file is read only.

any other ideas?

 

thank you very much


   
ReplyQuote
(@sharif)
Admin
Joined: 2 years ago
Posts: 448
 

@vamp

Hi,

I rechecked my method and I found expected result. I wonder why it is not working for you.

zextras@mail:~/conf$ grep DNSWL /opt/zextras/data/spamassassin/localrules/local.cf
score RCVD_IN_DNSWL_HI 0 -7 0 -7
zextras@mail:~/conf$
zextras@mail:~/conf$
zextras@mail:~/conf$ zmantispamctl restart
Stopping amavisd... done.
Stopping amavisd-mc... done.
Starting amavisd-mc...done.
Starting amavisd...done.
zextras@mail:~/conf$

Received email header:

Return-Path: <btv1==690d8acab54==bolcorp@hodavasi.com>
Received: from mail.sampleserver.xyz (LHLO mail.sampleserver.xyz)
 (185.205.246.75) by mail.sampleserver.xyz with LMTP; Wed, 22 Nov 2023
 14:48:01 +0600 (BDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.sampleserver.xyz (Postfix) with ESMTP id 471CA246DC6
	for <zextras@sampleserver.xyz>; Wed, 22 Nov 2023 14:48:01 +0600 (+06)
X-Virus-Scanned: amavisd-new at sampleserver.xyz
X-Spam-Flag: NO
X-Spam-Score: -7.206
X-Spam-Level:
X-Spam-Status: No, score=-7.206 required=3.2 tests=[DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-7, RCVD_IN_MSPIKE_H5=0.001,
	RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
	T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: mail.sampleserver.xyz (amavisd-new);

 

I am attaching the screenshot.

Please let me know your feedback.

Regards,

Sharif


   
ReplyQuote
 vamp
(@vamp)
Joined: 10 months ago
Posts: 6
Topic starter  

@sharif hi!

you were right, I figured out my mistake!

the other day I accidentaly put the line inside an if/endif statement inside local.cf

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit


score RCVD_IN_DNSWL_HI 0 -1 0 -1


endif # Mail::SpamAssassin::Plugin::Shortcircuit

now I moved it below the endif line and my score is -1

thank you very much for your support, it is very appreciated.

wish you a nice day 🙂


   
ReplyQuote
(@sharif)
Admin
Joined: 2 years ago
Posts: 448
 

@vamp 

Hi,

Ah ... don't worry it happens.

I'm Glad that we solved it and that is what matters.

Please take care and have a good day to you too.

Regards,

Sharif 


   
ReplyQuote
 vamp
(@vamp)
Joined: 10 months ago
Posts: 6
Topic starter  

hello,

I recently upgraded to the latest version of Carbonio and I noticed a lot of spam right after.

Then I remembered (from my Zimbra days) that some spamassassin settings are overwritten by upgrades.

I checked my local.cf and the score for RCVD_IN_DNSWL_HI was back to default, so I changed the setting again.

Now we're back to normal 🙂

 

Just wanted to share, in case anyone else was wondering.


   
ReplyQuote