Part 2a - toss the trash
Alright. You've followed the instructions so far, and you've got Spam Assassin flagging your email.
I mentioned earlier that you can also have messages that have a certain SPAM score (or higher) automatically tossed into the great bit-bucket. We'll learn how to do this now.
First, have a look inside a flagged spam message:
Code:
Content preview: chemotherapy communion furrier hinterland switzer
snapshot stronghold kenneth cavern choose carboloy stood crane armament
cathedra laze kaleidoscope sanatorium armillaria textural memorandum
juggle URI:http://www.hotgle.info/
URI:http://www.hotgle.info/images/oobb.gif [...]
Content analysis details: (7.8 points, 4.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9999]
0.2 HTML_MESSAGE BODY: HTML included in message
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?68.95.20.248>]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=68.95.20.248>]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Notice - this message scored 7.8 points, which is above my flagging threshold of 4.5. The breakdown of which Spam Assassin rules played in the scoring of this message is also shown in messages that score above your threshold.
Note also that this one had a BAYES score. That's what we're working toward. Getting spam assassin to learn the spammers tricks and toss them! Without the BAYES score this message would have scored only 2.4 points and would have been delivered to my inbox. But more on that later.
If you look at the message header you'll see:
Code:
Subject: Notice_from_mailserver--Possible_SPAM Your eBay auct1on payment
Date: Tue, 04 May 2004 14:48:35 +0200
Message-Id: <DAE095E7499CEBD@12move.nl>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on pass5.dizinc.com
X-Spam-Level: *******
X-Spam-Status: Yes, hits=7.8 required=4.5 tests=BAYES_99,HTML_MESSAGE,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL autolearn=no version=2.63
(though I do wish that Surpass would set up the RDNS to resolve to my domain, it shows Pass5.dizinc.com here...)
Note the line:
X-Spam-Level: *******.
We're going to use that to our advantage. The number of stars is the value of WHOLE POINTS that the message scored. There are 7 here. We want to create a rule that will automatically TOSS any message that scores 8 points or higher.
To do this, we'll move back to Cpanel and click on the MAIL icon.
In the list of options, choose
E-mail filtering
If you have previously input filters, they'll show here, and below them you'll see:
Code:
[ Add Filter ] | [ Go Back ]
Select
Add Filter
The Add filter dialog is pretty simple. The Filter drop down defaults to subject. Change this to "Any Header".
The next box over is where you enter your test criteria. You can cut and paste the line below:
Code:
X-Spam-Level: ********
If you want a higher threshold, add a star. If you want a lower one (not recommended at the beginning - some email's that I get from PCWeek score as high as 7.9!) subtract a star.
Leave the
Destination as 'discard'.
Now click ACTIVATE.
There. You've done it. If you followed the examples literally, you'll now flag all messages that score over 4.5 points, and automatically trash messages scoring over 8 points.
Next lesson - How to train Spam Assassin to learn spammers new tricks...