After careful examination of false positives and scoring weights by SpamAssassin, all e-mail, by default, that (a) is marked as spam and (b) scores above a 10 will be deleted.  The threshold is considered if and only if the message is marked as spam.  To remove this feature just delete the section of code starting from the if … line down to the final closing brace (}) from /etc/maildroprc.  If you had made changes between today and when the global filter files were rolled out, then it was skipped over.  This accounted for quite literally only a handful of accounts, which gives a good indication of how many people actually read this blog.  Pat yourself on the back, good job!

Rationale: the majority of false positives score below an 8.  Generally for a message to score above a 10 would require multiple rules to be triggered, such as an invalid SPF record and listing in a real-time blacklist, both of which are blocked prior to the message being handed off to SpamAssassin.  Messages with invalid SPF information already pick up ~2.1 – 2.7 points depending upon the type of failure (soft, neutral, fail) and provided they make it that far, messages listed in SpamHaus rack up another ~2.8 points bringing the total score, before any further scoring attributes are evaluated, to 4.9– right below the spam threshold.  RBL and SPF mismatches are the major constituents of spam scoring, so really anything above a 10 on the server today would have likely scored a 15 or above prior to this week.

Minor adjustments to spam delivery

One thought on “Minor adjustments to spam delivery

  • May 16, 2008 at 1:01 pm GMT-0500
    Permalink

    I’ve been doing that anyway but it’s nice to see it became a system-wide thing. 🙂 This along with the other anti-spam measures you’ve implemented are greatly appreciated!

Comments are closed.