SpamAssassin tips
2009-05-08 by Adam Katz
I've become quite the SpamAssassin guru in the last few years; I'm quite active in users@... and on irc://irc.freenode.net/#spamassassin ... and I'm all alone on irc://irc.freenode.net/#milter-greylist Anyway, p0f is a godsend, allowing me to do this (I'm not sure about the spacing, that's just for the email): greylist.conf contains: ######## racl greylist p0f "Windows 2003" delay 10m autowhite 35d \ addheader "X-Greylist-OS: %Fx" racl greylist p0f "Windows 2008" delay 10m autowhite 35d \ addheader "X-Greylist-OS: %Fx" # here it is, specific spite for Windows. this nabs a LOT of bots! racl greylist p0f "Windows 2000" delay 20m autowhite 14d \ addheader "X-Greylist-OS: %Fx" racl greylist p0f "Windows XP" delay 20m autowhite 14d \ addheader "X-Greylist-OS: %Fx" ######## local.cf contains: ######## header KHOP_WIN_GREYED X-Greylist-OS =~ /Windows (?:XP|2000)/ describe KHOP_WIN_GREYED Sending server is a Windows desktop OS score KHOP_WIN_GREYED 0 0.5 0 1.0 header __KHOP_GREYED X-Greylist =~ /Delayed for [0-9]/ meta KHOP_GREYLISTED __KHOP_GREYED && !KHOP_WIN_GREYED describe KHOP_GREYLISTED Sending server is new to me score KHOP_GREYLISTED 0 0.1 0 0.2 ifplugin Mail::SpamAssassin::Plugin::DNSEval header __GREYLISTING ALL =~ /^X-(?:Scam-Grey|Greylist(?:ing)?): /m meta KHOP_DIALUP __GREYLISTING && RCVD_IN_SORBS_DUL describe KHOP_DIALUP Dynamic IP survived greylisting: false positive? tflags KHOP_DIALUP nice score KHOP_DIALUP 0 -1.1 0 -0.3 # reduced from 0 1.6 0 0.9 endif ######## I'm still toying with the score for KHOP_WIN_GREYED ... it might get higher. When I'm done experimenting, the first two will go into my "khop-general" sa-update channel. KHOP_DIALUP is already present in my "khop-bl" channel. http://khopesh.com/Anti-spam#sa-update_channels