Differences

This shows you the differences between two versions of the page.

--- internet:mail:mailcleaner_customize [2022/08/15 09:51]
gcooper
+++ internet:mail:mailcleaner_customize [2024/01/09 09:12] (current)
gcooper
@@ Line 60: / Line 60: @@
   * ''login.css''
   * ''navigation.css''
+===== Freemail Domains =====
+It's probably best to blacklist them.
 ===== SpamC Score =====
@@ Line 88: / Line 92: @@
 ===== Customize SpamAssassin =====
+<note tip>Copy customized rules to Mailcleaner cluster members.</note>
+<note tip>Using the MailCleaner Admin web interface, **restart the Filtering Engine service** after making rule modifications.
+</note>
 <file>
@@ Line 102: / Line 111: @@
 /usr/mailcleaner/share/spamassassin/99_custom_rules_sharepointonline.cf
+FIXME I added sharepointonline.com as a freemail domain and added many points, so I changed this score to zero.
 <file>
@@ Line 112: / Line 123: @@
 /usr/mailcleaner/share/spamassassin/99_custom_rules_scores.cf
-FIXME This worked pretty well, but getting more freemail spam all the time.
 <file>
-freemail_domains sharepointonline.com
+score    DCC_CHECK       1.5
+score    ARC_SIGNED      0.001
 score    KHOP_BIG_TO_CC  2.0
+score    RCVD_IN_UCEPROTECT3  1.0
-score    FREEMAIL_FROM 2.0
+score    FREEMAIL_FROM   3.5
-score    FREEMAIL_ENVFROM_END_DIGIT  0.25
-score    FREEMAIL_REPLYTO_END_DIGIT  0.25
-score    FREEMAIL_FORGED_REPLYTO 3.0
-score    FREEMAIL_REPLYTO 2.5
-score    FREEMAIL_REPLY  1.0
-score    MC_MANY_FREEMAIL_RCPT  2.5
-rawbody   GOOGLE_APIS   /https?:\/\/storage\.googleapis\.com/i
-score     GOOGLE_APIS   1.5
-describe  GOOGLE_APIS   Has a hyperlink that points to Google APIs
-header    DOMAIN_NUM    From =~ /\@[\w+=\.]*\d{2,}[\w+=\.]*/
-score     DOMAIN_NUM    1.0
-describe  DOMAIN_NUM    Domain name has 2 or more numbers
-header    LONG_SUBJECT  Subject =~ /.{120,}/
-score     LONG_SUBJECT  1.0
-describe  LONG_SUBJECT  Subject line is very long
-</file>
-FIXME Testing this due to more freemail spam:
-<file>
-freemail_domains sharepointonline.com
-score    KHOP_BIG_TO_CC  3.0
-score    FREEMAIL_FROM 3.5
 score    FREEMAIL_ENVFROM_END_DIGIT  1.0
 score    FREEMAIL_REPLYTO_END_DIGIT  1.0
-score    FREEMAIL_FORGED_REPLYTO 3.5
+score    FREEMAIL_FORGED_REPLYTO  3.5
-score    FREEMAIL_REPLYTO 3.5
+score    FREEMAIL_REPLYTO  3.5
 score    FREEMAIL_REPLY  3.5
 score    MC_MANY_FREEMAIL_RCPT  3.5
@@ Line 162: / Line 142: @@
 describe  GOOGLE_APIS   Has a hyperlink that points to Google APIs
-header    DOMAIN_NUM    From =~ /\@[\w+=\.]*\d{2,}[\w+=\.]*/
+header    DOMAIN_NUM    From =~ /\@.*\d.*\d.*/
 score     DOMAIN_NUM    2.0
 describe  DOMAIN_NUM    Domain name has 2 or more numbers
@@ Line 169: / Line 149: @@
 score     LONG_SUBJECT  2.0
 describe  LONG_SUBJECT  Subject line is very long
-</file>
+header    EMPTY_SUBJECT Subject =~ /^$/
+score     EMPTY_SUBJECT 1.5
+describe  EMPTY_SUBJECT Subject header exists but is empty
+header    ONMICROSOFT_FROM From =~ /onmicrosoft\.com/i
+score     ONMICROSOFT_FROM 3.0
+describe  ONMICROSOFT_FROM From header contains onmicrosoft.com domain
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools