two questions about spam

[chrisp8756]

Hello Everyone,
Two questions about spam, I've upgrade from 5.6 to 5.7 with no problems. But I've been getting allot of complaints about spam since the recent upgrade. After doing a litte more research about how to improve spam from the wiki site. I discovered several new things at the wiki that are very cool.

Ok here are my questions..
1. In my salocal.cf.in if I block xyz.com and restart the spam filter by doing (zmamavisdctl restart) the domain should be blocked right? I've blocked a few domains just as a test and they seem to get through with no problem. Why? What am I doing wrong?

Here is an example of what I've blocked:
blacklist_from *@000email.com -- That should work right? Or does it take some time to process after I restart the spam filter?

2. Basic Rules - I have created some basic rules in my salocal.cf.in that look like this:

body LOCAL_RULE /sale/
score LOCAL_RULE 3

body LOCAL_RULE /manhood/
score LOCAL_RULE 3

So with this in place I restarted my spam filter and used the above words in my email. What I was hoping for was it would go straight to junk mail. Instead it went right to my inbox.


Can some one please explain what I migh be doing wrong?

[phoenix]

Question 1. I assume you are using the example here: Improving Anti-spam system - Zimbra :: Wiki - if that's the case you use the format of the domain name shown in this example and give it a positive score.

Question 2. I would strongly advise against writing your own rules, the slightest slip in your rule will allow spam through. You should make sure that the spamassassin rules are updated regularly and that you add some test for backscatter spam. Search the forums for details on both of those subjects, some links below for starters.

Spam Links - backscatter
SareChannels - Spamassassin Wiki
http://daryl.dostech.ca/sa-update/sa...date-howto.txt

[chrisp8756]

Thanks for your reply I truly appreciate your help. Ok so according to the wiki.zimbra.com to block a domain goes like this.

blacklist_from *@emn-mysavingsnow.net

But when I do that and restart the spam filter the domain still gets through. Why is that happening?

Regarding the #1 I would assume that most employees would agree with you about not writting your own rules. Don't you think it would be a good idea to just remove that stuff off the Wiki?

[chrisp8756]

Please help,
In my salocal.cf.in if I block xyz.com and restart the spam filter by doing (zmamavisdctl restart) the domain should be blocked right? I've blocked a few domains just as a test and they seem to get through with no problem.

Here is an example of what I've blocked:
blacklist_from *@000email.com --

This doesn't seem to be working, can someone please let me know how I can block a domain using salocal.cf.in?

[dwmtractor]

As I mentioned in your other thread, I personally recommend making all your custom changes in /opt/zimbra/conf/spamassassin/local.cf for two reasons:

1. It overrides all the other settings, so you can be sure that whatever you set in local.cf will be the final word, and
2. It gives you a single place to back up and restore all your personal tweaks, as well as a single place to go to figure out what you might've screwed up. . .