Training spamassassin rules not working

maenda

Member
Jul 10, 2020
26
0
6
48
Hi all,

I'm sure this has been asked multiple times before and found already some simular posts, but i cannot get it to work.

I daily receive spam messages from bit invest. I trained spamassassin with the headers, but it seems not to be working. I also created a custom spamassassin rule for it, but i keep receiving them.

It contains this header:


Code:
Return-Path: <contact@webwellblog.com>
Delivered-To:receiver
Received: from webserver
    by webserver with LMTP
    id wHmKBKg4vl+3eQAARAZS/w
    (envelope-from <contact@webwellblog.com>)
    for <myemail>; Wed, 25 Nov 2020 11:57:44 +0100
Return-path: <contact@webwellblog.com>
Envelope-to: myemail
Delivery-date: Wed, 25 Nov 2020 11:57:44 +0100
Received: from proxspamfilter ([178.19.119.250])
    by webserver1 with esmtp (Exim 4.94)
    (envelope-from <contact@webwellblog.com>)
    id 1khsUa-0004cU-17
    for myemail; Wed, 25 Nov 2020 11:57:44 +0100
Received: from pmgfilter (localhost [127.0.0.1])
    by pmgfilter (Proxmox) with ESMTP id DAE86576
    for <myemail>; Wed, 25 Nov 2020 11:57:43 +0100 (CET)
Received: from mail.webwellblog.com (mail.webwellblog.com [128.199.217.121])
    by pmgfilter (Proxmox) with ESMTP
    for <myemail>; Wed, 25 Nov 2020 11:57:42 +0100 (CET)
From: "Lucas , Klant manager" <contact@webwellblog.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=webwellblog.com;
    s=default; t=1606301853;
    bh=03fGkoweN6DAGYORTvjEQcykzxUY6OGUnbM+G94jZaE=;
    h=From:Subject:To:Date:From;
    b=mf2fg9yXygL2J/OPMmdpNHry7vrcu6xrcMRHFB+knr9shr4E3dkMpFEzdH+hNcaMi
    tF7a65jdjeie0YUe04MoDY/SteHWT3waPGi7trGw3m4GlpOQAj/0j+W2JbMtwYYi3c
    jEAz+PiyWXITArbpLJW+29byJ8rasKlbyRP+lAUQ=
Subject: Je hebt 24 uur om uw openstaande saldo, jj krijgen
To: "info" <myemail>
Content-Type: multipart/alternative; boundary="YEhP2me2qtYYDGQZhGeazcgF6n3tn=_Kor"
Mime-Version: 1.0
Date: Wed, 25 Nov 2020 02:57:33 -0800
Message-Id: <20201125105731.6E7B1600F76D@mail.webwellblog.com>
X-SPAM-LEVEL: Spam detection results: 2
    BAYES_00 -1.9 Bayes spam probability is 0 to 1%
    DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
    DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
    DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
    DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
    HTML_MESSAGE 0.001 HTML included in message
    SCHAALIT_URI_888 5 -
    SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
    SPF_PASS -0.001 SPF: sender matches SPF record
    T_KAM_HTML_FONT_INVALID 0.01 Test for Invalidly Named or Formatted Colors in HTML
    URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [webwellblog.com,page.link,fonts.googleapis.com]

Hope someone can help me with a cool filter for this and how to create the filter the right way
 
If you want to match a particular header - you can use a Match field What Object, if you want to block mails from a particular envelope sender - use a who object (i.e. if all mails come from contact@webwellblog.com)

last but not least - seems you need to adapt your DNS-setup:
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked.
see:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
especially
https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway

I hope this helps!
 
If you want to match a particular header - you can use a Match field What Object, if you want to block mails from a particular envelope sender - use a who object (i.e. if all mails come from contact@webwellblog.com)

last but not least - seems you need to adapt your DNS-setup:

see:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
especially
https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway

I hope this helps!
Hi Stoiko,

For the WHAT object i understand, but is there an example how to write such rule?

Thanks for pointing out to the DNS part. Will look into that.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!