Since we've waded into this and you ask questions... Spamassassin itself will not drop emails, it only marks them as spam or not based on the required_score value. You can use other tools such as procmail (with a cooperating MTA such as postfix/sendmail/exim/etc) to drop, return, send to an alternate folder, or put in your INBOX based on the result of spamassassin. Or your own MUA might have facilities to not show it to you or whatever. I wouldn't worry much about true spammers readjusting based on the result, a typical professional spammer sends out about one billion messages per day. About the only automated hint some suspect is they might note whether an address returned unknown user or not since anything but unknown user indicates the email address is valid even if the message was rejected. So some choose to set up procmail (typically) scripts which appear to send back unknown user errors hoping that will drop them from the spammer's database entirely. I tend to think that's optimistic (THEY DON'T REALLY CARE!) but why not try? If one were trying to block a more targeted source and not a true "blind" spammer, perhaps just an annoying person who pitches slightly randomized versions of your domain for sale several times per day, then perhaps those methods would be effective and get one dropped from their database. The real tragedy of spam is the human time wasted over it. On March 17, 2016 at 10:31 ocl@gih.com (Olivier MJ Crepin-Leblond) wrote:
Dear Barry,
thanks for your follow-up on this. That's a good idea too. I've checked the past messages in the queue and spamassassin scores range from 3.4 to 4.9 (with a trigger score required of 5.2). However, can you get a rejection message sent to the originator of the message? When blocking at Postfix level, the message is not accepted in the system & a bounce is issued. A genuine email originator would get a bounce explaining the bounce and try another method to get in contact. With spamassassin the message would just get dropped, wouldn't it? (apologies, my spamassassin coding is a bit crusty) Kindest regards,
Olivier
On 17/03/2016 05:32, bzs@theworld.com wrote:
[is this OT, how did this start?]
I use spamassassin system-wide to increase the spam score of a message from certain TLDs to near the threshold where it's just rejected.
So for example in local.cf I add a rule like:
header DOTTOP_RULE From =~ /.*\.top/i describe DOTTOP_RULE BZS 20160226 score DOTTOP_RULE 2.5
which means just having a .TOP TLD in the From gives it a base score of 2.5, so it wouldn't take much more, tripping some other spamassassin rules, to just get it blocked entirely.
But it means in theory a very non-spammy msg from that TLD might still get through.
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*