[luau] SpamAssassin Spoofing

Warren Togami warren at togami.com
Thu Aug 7 18:09:01 PDT 2003 

On Thu, 2003-08-07 at 11:15, Randall Oshita wrote:
> Hey Vince,
> I put *@hpu.edu on the whitlist because I got some faculty complaining
> that they cannot send "load" emails from webexchange (html) out and gets
> tagged as spam.
> If I write a MD rule wouldn't that be the same as whitelisting it? Or do
> you mean that a MD rule can look at headers to filter?
> Also, what gets read first the blacklist or the whitelist?
> Thanks,
> Randall

I would recommend the following rather than a blanket whitelist:

1) Raise the default spamassassin threshold to a higher number.  I
personally use 8, although I've run it effectively at 12 before when
Bayes was fully populated.  The higher number remains effective in spam
filtering when combined with a few spamassassin augmenting tools and
some score tweaks mentioned in #3, #4 and #5.

2) What specific SA rules are raising the score above the threshold? 
(Cut & Paste the SA report section) You could consider disabling only
those specific SA rules.  Combined with the higher SA threshold it
should reduce false positives going into the SPAM bin.

3) Use pyzor, Vipul's Razor and DCC to augment spamassassin's scoring
accuracy.  Those three tools do a reasonably good job of raising the
score of bulk mail (DCC) and spam reported by other people (pyzor and
Razor).  What brand and version of Linux do you use?

4) Upgrade to spamassassin-2.60-PR3.  It is near final release, and I
have been using PR1, PR2 and now PR3 for a while now in production so it
seems very stable too.  2.60-PR3 is a lot more intelligent in scoring
spam and non-spam than older versions.

5) Add more DNS RBL's to your local.cf.  All of the free DNS RBL's are
enabled by default in spamassassin-2.60-PR3, but adding some of the
for-pay RBL's are sometimes worth it.  I personally use SPAMCOP at score
3 because it is kind of cheap and effective, but I am considering buying
MAPS RBL+ too.

6) Consider adding the Spamhaus RBL to automatic reject at your MTA
rather than allowing those mail to go through spamassassin.  I
personally have never received a single legitimate mail from SBL
addresses in 6 months on 30 accounts on my server, but your mileage may
vary.

Warren Togami
warren at togami.com

More information about the LUAU mailing list