from = to spam

I’m getting spam that is using my address as the from address. To me from me.

Spamassassin gives it a high score, but also says it’s not spam

"Status: No, score=-89.6 required=5.0"

Which I am guessing is because the to address is mine.

I saw a post about doing something concerning whitelisting, but I don’t have my address whitelisted (or is that done automatically?).

Is there a way for me to use the "spamassassin/header - body tests" to add points if the to and from match? if so, how?

Or is there another way to handle this?

oh, I’m on centOS if that matters.

Well, that score is negative (-89.6), so it’s actually a particularly low score. But you’re right, it may be because it’s your address.

You may want to try disabling the autowhitelist (AWL) related feature in SpamAssassin.

To do that, edit /etc/spamassassin/ (I think that’s where it is, it may be different on CentOS), and add this:

use_auto_whitelist 0

And from there, restart SpamAssassin (/etc/init.d/spamassassin restart).

In the ‘spam and virus delivery’ module, there is a:

"Always allow mail from mailboxes in domain?"

I currently have it set to ‘no’, though actually I do want users to be able to write each other without any trouble.

Does checking that as yes or no affect the same setting you are referring to in Or are those different?

oh, and thanks for straightening me out on the - (negative), I had missed that little detail :slight_smile:

Sorry, I’m not sure what those options affect within Spamassassin.

They may be adding addresses to the autowhitelist, which would make the problem you’re seeing worse :wink:

If those options don’t have help available for them, you might just need to tinker a bit to see what exactly they’re enabling (for example, try making a change and see how the file differs).

Or, maybe someone more knowledgeable than myself will chime in! :slight_smile:

Thanks Eric, either way, your ‘use_auto_whitelist 0’ seems to be working.

I’m trying to get rid of emails that have the word ‘viagra’ in them now. I put the word into the ‘header and body tests’ and gave it a bunch of points, but it doesn’t seem to be working.

Do you, or anyone else, know if I need to put that in some kind of regular expression? And if so, how do I do that?

Thanks again for all your help Eric, just about got everything set up, and just switch the dns to point at my new virtualmin server!

Waiting now for the dns to update so I can see how it all works for real.


Well, I’m not sure of the specifics of your rule – but did you have a chance to go over the Rules Howto over on the SA Wiki?

Some details on writing SpamAssassin rules are here:

They explain what all goes into writing them, checking for syntax errors, and other goodies.

Thanks for the link, Eric. I guess I wasn’t the only one unsure how to fill out the Header and Body Tests.

I would be great if we could maintain a wiki page of working filters.