Disable a spamassassin rule

[Kan]

Hello,

I use PMG to filter outgoing mails. But too many mails are blocked due to rule.

DEAR_SOMETHING 1.973 Contains 'Dear (something)'

How should I proceed to disable it ? Or what else should I do to make them delivered ?

 

[dcsapak]

normally a score of 1.9 is not high enough to mark a mail as spam, did you change this, or can you post the complete scores of the mails in question?

edit:
also see the content of the rule https://wiki.apache.org/spamassassin/Rules/DEAR_SOMETHING

 

[Kan]

normally a score of 1.9 is not high enough to mark a mail as spam, did you change this, or can you post the complete scores of the mails in question?

edit:
also see the content of the rule https://wiki.apache.org/spamassassin/Rules/DEAR_SOMETHING

Sorry for late answer. Didn't see it.

Here is the complete scores of the mail :

Spam detection results: 5
AWL -0.931 Adjusted score from AWL reputation of From: address
BAD_ENC_HEADER 0.001 Message has bad MIME encoding in the header
BAYES_50 0.8 Bayes spam probability is 40 to 60%
DEAR_SOMETHING 1.973 Contains 'Dear (something)'
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
FUZZY_CREDIT 1.678 Attempt to obfuscate words in spam
LOTS_OF_MONEY 0.001 Huge... sums of money
RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
SPF_PASS -0.001 SPF: sender matches SPF record
XFER_LOTSA_MONEY 0.999 Transfer a lot of money

 

[Stoiko Ivanov]

hmm - well most rules raising the score do indicate that the message will have problems being accepted on the receiving host as well (quite a few mailservers use spamassassin with similar rulesets) (FUZZY_CREDIT, XFER_LOTSA_MONEY, LOTS_OF_MONEY )

disabling a single rule will still keep the score above 3.

but to answer your question - you can create a custom spamassassin configuration to adapt the scores of individual rules - see the pmg-admin-guide https://www.proxmox.com/images/download/pmg/docs/pmg-admin-guide.pdf - section 4.8

 

[Kan]

hmm - well most rules raising the score do indicate that the message will have problems being accepted on the receiving host as well (quite a few mailservers use spamassassin with similar rulesets) (FUZZY_CREDIT, XFER_LOTSA_MONEY, LOTS_OF_MONEY )

disabling a single rule will still keep the score above 3.

but to answer your question - you can create a custom spamassassin configuration to adapt the scores of individual rules - see the pmg-admin-guide https://www.proxmox.com/images/download/pmg/docs/pmg-admin-guide.pdf - section 4.8

Thx for your feedback. Note that in the pdf section 4.8 the path /etc/mail/spamassasin/ should be replace by /etc/mail/spamassassin/ (missing one "s").

The file custom.cf exists yet in my PMG (not created by me) and not a cluster node. It contains :

# multi.uribl.com
# Contains an URL listed in the URIBL blacklist (0 1.7 0 1.7)
score URIBL_BLACK 0 3.7 0 3.7

# dbl.spamhaus.org
# Contains a spam URL listed in the Spamhaus DBL blocklist (0 2.5 0 2.5)
score URIBL_DBL_SPAM 0 4.5 0 4.5
# Contains a Phishing URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_PHISH 0 4.5 0 4.5
# Contains a malware URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_MALWARE 0 4.5 0 4.5
# Contains a botned C&C URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_BOTNETCC 0 4.5 0 4.5
# Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_SPAM 0 4.5 0 4.5
# Contains an abused phishing URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_PHISH 0 4.5 0 4.5
# Contains an abused malware URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_MALW 0 4.5 0 4.5
# Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_BOTCC 0 4.5 0 4.5

loadplugin Mail::SpamAssassin:lugin::RelayCountry

ifplugin Mail::SpamAssassin:lugin::RelayCountry

header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(IN|CN|RU|UA|RO|VN)/
describe RELAYCOUNTRY_BAD Relayed through spammy country at some point
score RELAYCOUNTRY_BAD 3.0

#ADJUST COUNTRY CODES TO YOUR NEED e.g. FR|BE|..... - use only a low score
header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(DE|AT|CH)/
describe RELAYCOUNTRY_GOOD First untrusted GW is DE, AT or CH
score RELAYCOUNTRY_GOOD -0.01
endif # Mail::SpamAssassin:lugin::RelayCountry

But I still do not know how to disable the DEAR_SOMETHING rule by adding a new rule...

 

[Stoiko Ivanov]

Thx for your feedback. Note that in the pdf section 4.8 the path /etc/mail/spamassasin/ should be replace by /etc/mail/spamassassin/ (missing one "s").

Thanks for the hint! - I just sent a patch to the mailing-list.

The file custom.cf exists yet in my PMG (not created by me) and not a cluster node. It contains :

That's odd - we don't ship this file - you can check whether it comes from a debian-package with:
`dpkg -S /etc/mail/spamassassin/custom.cf`

But it looks like an old manual config?

But I still do not know how to disable the DEAR_SOMETHING rule by adding a new rule...

This is described quite well in the spamassassin documentation:
* https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
* https://wiki.apache.org/spamassassin/WritingRules
(you should only need to add a 'score DEAR_SOMETHING 0')

hope this helps!