Customising Spam Assassin - more aggressive filtering recommendations

contabo basic VPS1 6Gb memory and Hetzern Dedicaed 64Gb memory
OS type and version AlmaLinux 9.3
Webmin version 2.111
Virtualmin version 7.10.0

Hi Everyone,

I’m looking for any pointers for making Spam Assassin more efficient… it’s letting in far too much obvious spam for my liking.

This is a default SA setup, I’ve changed nothing so far. I know I can add custom rules (Webmin, Servers, Spam Assassin Mail Filters, Header and Body tests) which are added to the /etc/mail/spamassassin/ file. Doe anyone have any additional custom rules they use as default they are willing to share, or recommendations to any public custom rules files they use?

I also seem to have some messages that are not going through the SA filter (as they are getting no SA score), like this,


Whereas, I’d normally get the spam score as below,


Any pointers or advice gratefully received.

  • you are not failing SPF with spam assain. (at a guess)
  • do you have grey lisitng enabled
  • Class emails as SPAM if they fail SPF check
  • Virtualmin check SPF records? - #10 by Ilia - Virtualmin - Virtualmin Community
    • Decide where to set the rule
      • Global Rule: Webmin → SpamAssassin Mail Filter → Header and Body Tests → Switch to advanced mode
      • Virtual Server Rule: Virtualmin → Mail Options → SpamAssassin Configuration → Header and Body Tests → Switch to advanced mode
        • this might not be available and dpeneds on your Virtualmin configuration set during the POST-Installation wizard.
    • Add these ‘SpamAssassin test scores’ or what you want to assign, maybe just SPF_FAIL = 10.00 (which works for me on cPanel)
      • SPF_FAIL = 10.00
      • SPF_SOFTFAIL = 5.00
      • SPF_HELO_FAIL = 5.00

Email and SPAM section on My Virtualmin Notes | QuantumWarp

Hi Shoulders,

Thanks for the reply. I hadn’t turned on Greylisting yet, but I think I will. I’m coming from a cPanel background myself (using mailscanner) and had tweaked everything over the years so that we were getting very little spam though there.

I think you are right in that it isn’t punishing SPF failures (and I think it only give like a +.1 score for SPF passes…). I’ll have a play adding in a penalty score for those that fail SPF.

Thanks again

I’ve mentioned this before. Default SA doesn’t process emails over 512K so spammers pad the email. I set mine to 1M and that seemed to stop that problem.

@ID10T I have added this to my notes from one of your earlier threads. Very useful. alot of emails are above 512KB, even the spammy ones.

Yes, I noticed on my old cPanel server a bunch of spam had started to come in at 2Mb.

@ID10T can you give me the location of where you change this setting because this is my page

Virtualmin --> System settings --> Spam and Virus Scanning --> Maximum message size to process: unlimited

p.s. I know spamassain is not running , this is my dev site

1 Like

looks like this might of changed at some point.


It solved my issue. Is this the right place to do it? I don’t know. I should probably have looked harder, but… :wink:

this was a valid solution as not everyone’s virtualmin will be setup like mine. I also did not know it had been changed and I also have not check to see if the unlimited value actually works as I have not actually used mail properly on my server yet.

Thats the correct place to change it

to enhance detection, make sure to sa-learn your Ham and spam folders that you can set up to confirm which emails are spam and which are legitimate. Also make sure to run the daily rules updates and check the log occasionally because any errors or bad rules will appear there. The daily log will also show you how the bayes data is growing over time and learning, the user files being used, the rules being used, the updated rules and more. It is a good check to see what is happening (or not). I dump the log to my email daily and check it occasionally to spot errors.

I also automatically dump spam into a SPAM folder which sits for a maximum of 10 days for review. If they are not spam then I remove them. If they spam then I run a CRON job to learn from those emails then delete them. It works very well and very few spam emails appear. If new ones appear they get handled within a week or two.

Thanks Paul,

Can you share any details of your CRON job to process a spam folder… I’ve been saving up all my instances of spam (detected or where I’ve manually moved them into the spam folder), so I’ve a history of what’s getting caught (or not).

I’ll do some googling on checking if the daily rules updates are executing.

Thanks for the pointers.

Virtualmin has a spamassassin setting for each user to create a spam folder and auto dump spam into that folder:

In /etc/cron.daily folder is which runs nightly and updates spamassassin. my cron is:
To process the spam after 10 days I run this cron job (taken from another internet post). There are versions of this script to run all users but this is one user only:

the first job deletes spam mail after 10 days.
2nd and 3rd jobs learn spam from your spam folder (read and unread folders) for that user.
4th job learns “ham” mail (non spam) from an optional ham folder. I use that to help learn what is non-spam.

Hi Paul,

Thanks for the very detailed reply. I’ll get to work on that now!


One of the best tools is the spamassassin/ file with all the weights and expressions to determine the weight of spam triggers. You can update the config on virtualmin but I learned to update my own rules directly in the file and I added regex checks for specific problems I was having. For example, I can check subjects for having three words in any order because the sender kept mixing them up and it was not caught quickly enough. This would not be typical but I was trying to learn something.

header CONTAINS_MUTUAL1 Return-path =~ /(?=.*mutual)(?=.*mortgage)(?=.*omaha)/i

The config file is large but if you have persistent problems you can add the test and some weights and it will clean up your inbox quickly. You can apply globally to all users or each user independently. All of my info comes from searches for SA scripts and help.

Hi Paul,

How regularly are you running your SA-Learn tasks? For example, you are deleteing spam older than 10 days, so if you are running it more regularly than every ten days, are you effectively learning the same messages, or is it smart enough to know its already learnt them?

By default, the new install of Virtualmin has no cron jobs related to Spam Assassin, so I am creating these from scratch.

Thanks for all your pointers so far - I’ve only ever really played with setting (basic) rules in the on my old cPanel server (where we also had mailscanner). I’ve never gotten my head around regex, but I like you example, as I can see an easy way to trap some repeat offenders that are getting through.


The cron job is daily. The learning understands previous emails and doesn’t store new tokens for the same email. After 10 days (pick your number) the job deletes a spam email from the spam box. The bayes tokens will increase with time as you identify spam and learn from them. Plus, spamassassin updates the main set of rules and weights so it should be very effective, very quickly.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.