And beware excessive whitelisting! Some of that stuff may well bite you!;-)
--
-- Glenn

Hit the wrong button and omitted my example..
Anyway, here?s my example ?

#Sanesecurity Signature (jurlbl.ndb)
header SPAMVIRUSJurlbl X-YOURORGANISATION-MailScanner-SpamVirus-Report =~ /Sanesecurity.Jurlbl/i
score SPAMVIRUSJurlbl 4.0
describe SPAMVIRUSJurlbl Spam Virus Junk


There are loads of databases you can use, it?s a fantastic ?bolt on? to clamd.

Thanks,
Rich


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Richard Mealing
Sent: 27 May 2014 16:51
To: 'mailscanner at lists.mailscanner.info'
Subject: RE: MailScanner filtering out less and less spam

If you don?t have mailwatch you can turn on ?Log Non Spam?, then you can see the scores in the logs. Maybe your threshold is wrong or you have turned it off altogether?

If you use clamav then you can add the signatured from sanesecurity and then you can treat emails as spam through the ?Virus Names Which Are Spam? option.

For example ?


Thanks,
Rich

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne
Sent: 27 May 2014 15:24
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner filtering out less and less spam

the only one not enabled as Always Include SpamAssassin Report. the spam score number format was %d I think, but I tried the setting below, looks like that will be more verbose.

overall, im not seeing rules get skipped, but emails that are obviously spams are just being no scored as such.

thanks for the advice!



From: Martin Hepworth<mailto:maxsec at gmail.com>
Sent: ?Friday?, ?May? ?23?, ?2014 ?9?:?32? ?AM
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>

Hi
add the SA info into email headers to see what the score and rule hits are ( helps with debug), in MailScanner.conf make sure the follow are set thus:

Spam Score Number Format = %5.2f

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = yes

Spam Score Number Format = %5.2f
This should give you some clue as to whats (not) happening as first step

--
Martin Hepworth, CISSP
Oxford, UK

On 23 May 2014 06:45, Michael Huntley <michael at huntley.net<mailto:michael at huntley.net>> wrote:
I always keep a sizable chunk of recent spam on hand to feed to spamassassin. I do it on a 45 day or so schedule. I place the spam in a folder and sa-learn it using the proper user. This seems to keep things sane.

Cheers!

mph


On 5/22/2014 7:12 PM, Jonathan Horne wrote:
Greetings,

I have several MailScanner installs that lately, have been allowing an increased amount of spam to deliver. all separate systems, at separate sites, but all behaving the same way. more and more spam each week is getting thru. ive been noticing an increase at least over the past 3-4 weeks.

is there anything that can be done? previously when these systems were deployed (about 9-12 months ago, I forget now) they were incredibly effective.

thanks for any tips,
Jonathan







--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140528/64cd2aee/attachment.html