Spamassin server-side rule to filter spam

[dschol]

I've been searching around on the forums to find an answer to this. Sorry if if it has already been answered...

I just got spamassassin up and running on my scalix box (which I can confirm by looking at the message headers). Is there a way to get the scalix server to route spam into a spam folder for each user? What is the current, out of the box behavior?

Thanks in advance for your help.

[ScalixSupport]

Please take a look at the script sxaa in the admin_resource_kit/ directory of the installation media. It's possible to add a rule for each user without needing to sign on with a client.

The readme gives all the details.

Cheers

Dave

[leigh]

Current, out-of-the-box behaviour is to not care whether a message is spam or not. You need to set up server-side rules with either sxaa or the rules wizard.
I use two rules for my spam. I have a SPAM folder and a POSSIBLE SPAM folder.
Anything spamassassin marks with "X-Spam-Status:Yes" goes straight into a spam folder.
Anything with "X-Spam-Level:***" and "X-Spam-Status:No" goes into the "possible spam" folder, for later perusal/deletion/sa-learning/whatever-I-feel-like.

[dschol]

Thanks for the info! I'm still pretty new to Scalix. Where do I find the rules wizard? Also, is there any chance you could post an example of how to setup the script to move "X-Spam-Status: Yes" to the user's spam folder?

Thanks again!

Current, out-of-the-box behaviour is to not care whether a message is spam or not. You need to set up server-side rules with either sxaa or the rules wizard.
I use two rules for my spam. I have a SPAM folder and a POSSIBLE SPAM folder.
Anything spamassassin marks with "X-Spam-Status:Yes" goes straight into a spam folder.
Anything with "X-Spam-Level:***" and "X-Spam-Status:No" goes into the "possible spam" folder, for later perusal/deletion/sa-learning/whatever-I-feel-like.

[leigh]

Rules wizard is found at http://yourservername/Scalix/rw
Once you have a play with it, it should be failry obvious how to set up the rules you want. The interface is quite intuitive. (That's my way of saying I'm impressed with the results from scalix.)

Simply set the "conditions" for the rule to "message Header" contains "X-Spam-Status:Yes", and the action to "File it to the specified folder" and name the folder you want their spam sent to.
As mentioned earlier, if you use sxaa from the admin_resource_kit directory, you can script it to apply the same rules to all mailboxes. (I must get around to that soon, before I need to add lots more users.)

[tchen]

I have another problem.

After I added a rule with the rules wizard, I got the spam filed to the directory spam as I wished, but there is still a copy of it in Inbox, what did I miss here?

I even tried to add another rule to delete it, but since the "Actions" only apply to incoming messages, it doesn't work either.

Anyone has the same problem?

Thanks
tchen

[leigh]

Sounds like you have used the wrong action.
Make sure you use "File it to specified folder".

[alfista]

Hi All,

I finally got my spamassassin going and reviewed the readme for sxaa.

My understanding is that SA will not reject/delete any message for any user unless you tell it to. If that is the case is it truly neccessary (using sxaa) to create a rule for each user to either move/delete the message based on the spam score or, as the OP asked, is there a way to set a global setting to delete all spam messages?

I would like to set up a global rule to
1 - delete messages over a certain threshhold
2 - move messages to a users 'SPAM' folder that are under that threshhold, but still high
3 - leave non-spam messages in the 'INBOX'

Is this possible? Also, does anyone have any suggestions for 'must have' additions to SA?

Thanks,

Jason

[leigh]

Spamassassin will reject mail if over a certain threshold, which is configurable. I think the default value is 15.
It then tags mail as spam if over another threshold, default 5.
I find that the best way to filter spam is with 2 seperate rules, which must be set up for each user.
One is to move all mail with "X-Spam-Flag: YES" in the header into a SPAM folder.
Then any mail with both "X-Spam-Level: ***" and "X-Spam-Status: No" in the header goes into a "Possible spam" folder. This will cater for messages scoring 3 or more.
I have found only one piece of legitimate email filed in "possible spam" in the last 6 months using these rules. Anything put in "Possible Spam" is then fed back into sa-learn to feed the bayesian database.

[alfista]

Is this the command to create the spam rule shown above?

sxaa --user testuser--file "possible spam" --header "X-Spam-Level:***" --header "X-Spam-Status: No"

The command runs OK, but the rule is not editable in the ruleswizard tool.

[btisdall]

Is this the command to create the spam rule shown above?

sxaa --user testuser--file "possible spam" --header "X-Spam-Level:***" --header "X-Spam-Status: No"

You need a space between the username & the '--file" option, otherwise it's fine.

The command runs OK, but the rule is not editable in the ruleswizard tool.

Yes, that's the correct behaviour.

[alfista]

Thanks all...

This appears to be working, however it doesn't appear that SA has a provision to delete messages over a certain threshold as I've received messages with a 19.2 score.

Is there a recommended way to do this?

Thanks,

Jason

[alfista]

Also, by running this command:

./sxaa --user testuser --info 501

it does not appear that the command I executed in my above post took the two header parameters...only one is displayed in the output from the 'info' command. Am I missing something?

Thanks,

Jason

[btisdall]

According to the sxaa.readme:

It is also possible to specify a simple condition to apply to a rule.

The key word being the first 'a' I think (so I was wrong in my last post).

However, in your case the second condition is superfluous because it's implied - if 'X-Spam-Status: ' wasn't 'No' then the message would've already been matched & processed by the previous rule.

FYI I do my two-tiered sorting in a slightly different way:

I set 'X-Spam-Status: Yes' to be turned on at say 5.3

I decide that anything above 12, is definitely spam, so:

My first rule moves anything with "X-Spam-Level:************" to 'Spam'.

My second rule moves anything with 'X-Spam-Status: Yes' to 'Possible Spam'

Although this is very similar to what Leigh's described, it does mean that 'possible spam' is effectively sorted with slightly more precision, since 'X-Spam-Status: Yes' is set to one decimal place whereas the asterisks represent integer values. Since the demarcation between 'ham' & possible spam is probably more important than the one between possible spam & spam, that makes sense to me.

This appears to be working, however it doesn't appear that SA has a provision to delete messages over a certain threshold.

SA is a scoring mechanism only, agents such as Procmail & Amavisd or the Scalix server rules in discussion here are responsible for actions such as movement/deletion.

Try filing to "Deleted Items" - it seems to do the job, though I haven't tested it thoroughly.

You might also want to check out (here comes the shameless plug) my Amavisd-New HOWTO.

http://www.scalix.com/wiki/index.php?ti ... -New_HOWTO

[ericwagner101]

FYI I do my two-tiered sorting in a slightly different way:

I set 'X-Spam-Status: Yes' to be turned on at say 5.3

I decide that anything above 12, is definitely spam, so:

My first rule moves anything with "X-Spam-Level:************" to 'Spam'.

My second rule moves anything with 'X-Spam-Status: Yes' to 'Possible Spam'

This won't work as "definately" spam will end up in both the Spam and Possible Spam folder since X-Spam-Status: Yes will be set for both levels of spam.

Here is a way around the problem:

sxaa --user "User Name" --file "Possible Spam" \
--header "X-Spam-Status: No%X-Spam-Level: ****" \
--title "Possible Spam Check"

sxaa --user "User Name" --file "Spam" \
--header "X-Spam-Status: Yes" \
--title "Spam Check"

You will need to set the required_score in spamassassin local.conf to the Spam level. The number of "*" in the first filter above determine what goes into the "Possible Spam" folder.

Note that this will only work if X-Spam-Status comes before X-Spam-Level in the email headers (this is usually the case.) The reason you have to do it this way is that you can't put multiple --header checks in an sxaa rule (it doesn't work). The "%" is a wild card that matches any amount of text (including line ends.)