![]() ![]() This actually did the trick when added into /etc/spamassassin/local.cf: full TROJAN_ZIPUNDS /\w*\.rar/imgĭescribe TROJAN_RARDASH RM rar attached trojan dashĪlso, as first described, I needed to specifically block certain zip file names which soon morphed to rar and dashes, so, morphing the regex and appending as a rule triad to spamassassin's local.cf (and restarting) is currently holding, until next spam wave :-)įinally, this is a very very blunt workaround, so anyone with expertise on the subject is more than welcome to chime in. Second, the "ingredients" I started with were incorrect, plus messed up with SA ability to function at all. If the score is high enough (by default 5.0), the message is considered spam. Each rule adds or removes points in the message’s score. That older version certainly could explain Spamassassin not working as well. ![]() First up, SA doesn't drop e-mails by default, but it can score them so high on spam content that they don't show up to anyone's inbox. It seems that spamassassin only cared about '' domain (and not the one in the FROM address) when checking SPF, because that has no SPF record. It will check email message against a large set of rules, in contrast to a single rule in Postfix. If they are quite old, you might check and make sure there is a cronjob set to run sa-update. ![]()
0 Comments
Leave a Reply. |