This is really annoying but for a few months already there's a lot of mails passing through the spam filter. What's even worse, it looks to like some of those mails: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5.5 tests=[HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no which makes me wtf to such an obvious spam consisting mostly of links...
Created attachment 395954 [details] Late unfiltered spam, enjoy Here's an archive of the folder where I put spam that didn't get catched by spam filter. Now you have an opportunity to do something to not let it pass because it's so irritating marking almost identical mails as spam every few hours...
$ xzgrep X-Spam-Level lot-of-spam.eml.xz | sort | uniq -c 23 X-Spam-Level: 56 X-Spam-Level: * 34 X-Spam-Level: ** 80 X-Spam-Level: *** 67 X-Spam-Level: **** 31 X-Spam-Level: ***** Seems like almost all of that can be filtered with local rules if you match e.g. ^X-Spam-Level: \* at the cost of possibly some false positives.
I should grep regular mail from that spam-level :). But what about the mails that are obvious spam to human and have negative spam level? That's suspicious at least.
I have a very tuned spam assassin setup, I'd like to implement it to cut down on spam from the aliases. I'll share tomorrow, but this is one of the reasons I joined infra in the first place
Created attachment 395984 [details] my spamassassin local.cf
This is getting ridiculous...
Ok, please let us know about the spam markings now. I included most of Matthew's rules, plus my home ones. Please note that we do NOT drop mail; we add headers it, and leave it to users to make their own decisions about it. There are lots of useful headers in it now: add_header all X-Spam-Bayes-Status _TOKENSUMMARY_ add_header all X-Spam-Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ add_header all X-Spam-DCC brand=_DCCB_ results=_DCCR_ add_header all X-Spam-Flag _YESNOCAPS_ add_header all X-Spam-Level _STARS(*)_ add_header all X-Spam-Pyzor results=_PYZOR_ add_header all X-Spam-Report _REPORT_ add_header all X-Spam-SA-Tests _TESTSSCORES_ add_header all X-Spam-Status _YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_ version=_VERSION_ Something isn't quite right with amavis that it's not adding all the headers yet, but it's a lot better on most mail: X-Spam-Flag: YES X-Spam-Score: 24.964 X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.964 tagged_above=-999 required=5.5 tests=[CHARSET_FARAWAY=3.2, CHARSET_FARAWAY_HEADER=3.2, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, MAYBE_SPANISH=0.5, MAYBE_SPANISH2=1, MIME_CHARSET_FARAWAY=2.45, MISSING_MID=0.14, RCVD_IN_BRBL_LASTEXT=2, RCVD_IN_PBL=3.558, RCVD_IN_SBL=2.596, RCVD_IN_XBL=0.724, RDNS_NONE=1.274, SPF_FAIL=0.919, SPF_HELO_FAIL=0.001, TVD_SPACE_ENCODED=2.401] autolearn=unavailable
Well here are the headers of one of the gazillion spam emails reaching the freedesktop-bugs@ alias Return-Path: <Cheap__Car__Insurance@ockt.eu> X-Original-To: freedesktop-bugs@gentoo.org Delivered-To: freedesktop-bugs@gentoo.org Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 580D6340B8E for <freedesktop-bugs@gentoo.org>; Thu, 12 Mar 2015 18:11:55 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: 0.989 X-Spam-Level: X-Spam-Status: No, score=0.989 tagged_above=-999 required=5.5 tests=[HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=1] autolearn=no All the X-Spam tags are useless. And here is another one Return-Path: <Match---Dating@domitt.eu> X-Original-To: freedesktop-bugs@gentoo.org Delivered-To: freedesktop-bugs@gentoo.org Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 89AD1340B81 for <freedesktop-bugs@gentoo.org>; Thu, 12 Mar 2015 17:20:56 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: 0.999 X-Spam-Level: X-Spam-Status: No, score=0.999 tagged_above=-999 required=5.5 tests=[HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=1] autolearn=no we get about 50 of these per day.
Requested by prometheanfire on irc: Return-Path: <oss-security-return-16103-ago=gentoo.org@lists.openwall.com> X-Original-To: ago@gentoo.org Delivered-To: ago@gentoo.org Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 2272D3407BF for <ago@gentoo.org>; Fri, 13 Mar 2015 14:34:38 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: 1.099 X-Spam-Level: * X-Spam-Status: No, score=1.099 tagged_above=-999 required=5.5 tests=[DCC_CHECK=1.1, SPF_PASS=-0.001] autolearn=no
I've added spam headers so if we do flag things we can at least know why (x-spam-status and the like).
Still no good. Around 50 mails with Monday date, 50 Sunday, 70 Saturday... and all of them following the same scheme. Couldn't we just add a specific filter for that? I mean, it's trivial: Some crap about opening URL Some random crap URL Unsubscribe URL A lot of random keywords
any luck with that? my @gentoo.org email is getting unmanageable with all the spam i am getting on daily basis.
(In reply to Markos Chandras from comment #12) > any luck with that? my @gentoo.org email is getting unmanageable with all > the spam i am getting on daily basis. Do you have something to recommend here? The situation is getting worse and worse really.