I am our church's webmaster and we are getting so much spam it is unbelieveable!!!!! :confuz: Please bear with me as I do not have a lot of experience with email administration. I have our SA filter set at 3.1 and to tag everything. It does tag everything, but we are each getting about 20 emails a day tagged as spam. I was reading on another post about tagging with SA and then deleting everything with a SA score above a certain #.

How do I do that? I am confused about the custom filters and how they work and how to code them. If I want to delete emails with SA score higher than, say, 10 ... how do I do that? I want to keep the lower scored emails in case they are legit and just delete those over a ceratin number (like 10). Any help would be appreciated. And please help me to understand the process ... I'm a "step A, step B, step C" kind of girl :wink:

Thanks!!!

~Heather

20. Wish I was getting only 20 at work, using Sprint's anti-spam

If you're using Outlook (and I think Outlook Express) you can set it to filter those tagged messages so that they're automatically put into a folder (make one and name it "Junk Mail" or something) or delete it outright. That's probably most straightforward. If you have it filter to Junk Mail first, then you can scan that from time to time, and if there's nothing you notice incorrectly tagged, just Select All in that folder and Delete.

Are all email addresses on your account getting lots of spam? Or just a select few?

Assuming that the domain in question is the one listed in your forum profile, I notice that your Catch-all email address is enabled. I would suggest disabling it, if you do not require that functionality. It will cut down enormously on the amount of spam forwarded to your shell email address.

More information about disabling the catch-all email address is available here:
http://service.FutureQuest.net/kb267

A SpamAssassin score of 3.1 is awfully low. Much lower than the standard default.

Looking at the SpamAssassin configuration on the domain in your profile, you have a lot of stuff whitelisted. It would be useful to see some of the email headers from the spams you are still receiving. Seeing how SA scored it might help us to give you better advice. But overall, having your own domain whitelisted for all email FROM your domain is going to result in receiving a fair amount of spam. I would recommend removing that from the whitelist and only whitelisting specific email addresses from your domain...only email addresses that are configured and used on your domain should be whitelisted.

Anything in the whitelist is going to be delivered, since that is such a heavy benefit against being pegged by SpamAssassin. If you have a lot of stuff whitelisted, then a lot of stuff is going to get past SpamAssassin.

Everyone that has email (not just me) is getting tons of spam, so I need to try to stop it on this end rather having them each create their folders in Outlook, OE, etc. But thank you anyway.

I have been reading about cutom filters, but I'm not sure how they work or how to code them. The vast majority of the stuff tagged as spam is obviously spam with scores around 20+.

Like I said ... want to keep the SA rather low because when I have upped it, legit email has been tagged (deleted when I had it set to delete).

Like I said ... want to keep the SA rather low because when I have upped it, legit email has been tagged (deleted when I had it set to delete).
I think you have this reversed.

Lower scores in SA (for the Required Score) cause it to be MORE LIKELY deleted (or tagged, as the case may be).

A Higher Required Score in SA will let the emails go on through SA without being tagged/deleted.
High

I have been reading about cutom filters, but I'm not sure how they work or how to code them. The vast majority of the stuff tagged as spam is obviously spam with scores around 20+.Show us the full email headers for some of these. Something is wrong if the SA Required Score is set at 3.1 and emails with 20+ are making it past.

Sheila -

Thanks! Yes, every email address is receiving a lot of spam. It is the domain in question that is on my profile. I have not yet disabled out catch-all address. I think I will do that. I had to put email from our domain onto the whitelist because, at that time, we were having a problem with our own emails being delieverd to each other. I will go in and change that to only specific emails ...

Here are some headers that are being tagged as spam:

Return-Path: <FrancesCorona@doglover.com>
Delivered-To: heatherm@truthtabernacle.net
Received: from localhost by mx08.futurequest.net
with SpamAssassin (version 3.1.3-gr0);
Sat, 15 Jul 2006 13:58:50 -0400
From: "Frances" <FrancesBarajas@adexec.com>
To: <heatherm@truthtabernacle.net>
Subject: *{spam}* Just out It will be great Be delighted with
Date: Sat, 15 Jul 2006 10:58:16 -0700
Message-Id: <77867287406633.3F461D3084@OQHW>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3-gr0 (2006-06-01) by QuestScan
on Sat, 15 Jul 2006 13:58:50 -0400
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.2 required=3.1 tests=RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=disabled
version=3.1.3-gr0

and another (these are pretty standard)

Return-Path: <YeseniaQuintero@representative.com>
Delivered-To: heatherm@truthtabernacle.net
Received: from localhost by mx04.futurequest.net
with SpamAssassin (version 3.1.3-gr0);
Sat, 15 Jul 2006 10:53:56 -0400
From: "Yesenia" <YeseniaByers@moscowmail.com>
To: <heatherm@truthtabernacle.net>
Subject: *{spam}* Latest stuff I think, yes. Delight
Date: Sat, 15 Jul 2006 16:53:20 +0200
Message-Id: <46668629941054.E1F31A68C4@OJ23N>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3-gr0 (2006-06-01) by QuestScan
on Sat, 15 Jul 2006 10:53:56 -0400
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.2 required=3.1 tests=RCVD_IN_NJABL_DUL,
URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_S URBL,
URIBL_WS_SURBL autolearn=disabled version=3.1.3-gr0

They are almost always just like this (about the same score, etc.)

I have the SA set to tag and not to delete them, just in case legit emails are taged I don't want them deleted. :)

OK, now I see what you are saying.

First of all, as Paul has said, 20 email a day is not very many. :(

But I would recommend that instead of tagging, you use the redirect feature.

In order to do this, you will have to disable the Global SpamAssassin.

Then create a new email address on your domain, such as
spambucket@truthtabernacle.net

Set up SpamAssassin as before on _one_ of the email addresses on your account, to redirect all spam to spambucket@truthtabernacle.net

Then, once you've set up that single filter for SA, it is easy to copy it to all of the rest of the email addresses on your domain, except for the spambucket one. Don't set up any filter on spambucket.

Once a day, someone should go in to the spambucket account and check if there are any valid emails, and otherwise delete them.

At least, this would keep the spams out of most of the people's INBOXes.

The other possibility, is the two-tier tag vs. delete if over a certain score. I will try to find some hints on that approach, but pretty much, all the hints on that approach are already in the forums. If you've already found all of the posts on that topic and you still want to try and implement this approach, then your best bet is to pose specific questions about the parts you don't understand so that we can target our explanations specifically to those areas, rather than re-explaining the general approach again (which it sounds like you already understand the general approach, so that wouldn't be very helpful for us to re-explain that....)

OK, here is the last time a script was discussed that deletes for SA scores above a certain level
http://www.aota.net/forums/showthread.php?postid=149260#post149260

If you still want to attempt this, then after reviewing the links in that post, please provide specifics about what you understand, do not understand, what you tried, how far you got, etc...

Sheila -

Thanks!! I have implemented all of your suggestions ... thanks so much for your help!!!

:yeah:

What I didn't understand was what to put in the box of the cutom filters (i.e. FIlter 1: Processor _______________ <-- I didn't know what went in the box.

Another quick question ... I turned off the global SA filter, what about global built-in filters?

~Heather

Good deal. I hope that helps to lessen the problem. :)