Is there a "Graymail" feature? Other spam questions.

Hi, I run Virtualmin GPL with several domains mostly for my family and some friends. Despite my attempts to eliminate spam it continues to be a problem. I’ve been on a spamassassin training rampage lately and it has helped.

All my domains are set to deliver normally mail marked as spam up to a score of 8. Over 8 and it gets deleted. Well there is a lot of mail getting through between 5 & 8 which has the +++SPAM+++ label in the subject as well as spam that did not get detected.

Unfortunately a lot of users don’t like to see the +++SPAM+++ emails even thoguht hey have been marked. Yes they can filter it etc, but I am curious if there is a way to have all those marked messages get diverted to a place where someone(me) can review them, and if they are not spam send them on to their proper destinations. I prefer this to be an easy solution when I simply review them all at once, multi-select the godo ones and then click a button that effectively says, “this mail is not spam, deliver normally.” I believe this is called graymail?

Does this exist?

FYI here are my spamassassin/postfix configs:
required_hits 5
report_safe 0
rewrite_header subject +++SPAM+++

and Postfix smtpd_recipient_restrictions

smtpd_recipient_restrictions = permit_mynetworks,reject_invalid_hostname,reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access,reject_rbl_client,
permit check_policy_service unix:/var/spool/postfix/postgrey/socket

Do those look ok? Any changes needed?

It takes quite a bit of configuration to get spamassassin to work together well with your mail delivery agent. often times, it works ok, but other times, it requires quite a bit of fine tuning. ill try to explain my general tactics when it comes to training spamassasin to do its job better. i will also attach my configuration to this post… but remember to tune the scores according to your setup, and that simply copying and pasting mine will likely have unintended consequences.

first off, as to the title of the OP; there is a grey-listing milter, but its not what you think it is. it effectively asks the sender to return the mail at a later time (if it thinks it might be spam). most spam operators have not configured there scripts or mail servers to support this, thus, the mail will never come back, and it will block the spam.

it’s currently being used by virtualmin for rate-limiting mail going in and out of the server. however, this plugin can be reconfigured to do grelisting as per its original intention… among other things. see the rate-limiting feature in virtualmin to install this (the package is called milter-greylist).

secondly, i suggest going into your spamassassin configuration directory (on debian/ubntu, this is located under /etc/spamassassin), and looking through each and every file. most of these files contain definitions for enabling different plugins… most of these can be enabled to help deter spam. some of these will need to be configured (on debian/ubuntu, in the configuration file /etc/spamassassin/

i suggest you configure virtualmin to deliver mail to a subdirectory in their mailbox called ./Spam. this way, they can poke through the suspected spam on their own time, seperating it from the legitimate mail.

you can reconfigure some of the spamassassin scores to help better classify mail that is almost-always spam. if spam starts at a score level of 5, and you delete the mail at 8 (my scores are tweaked so that it deletes spam marked as 12), you can tweak your scores to reflect this. i will attach my spamassassin configuration below.

ensure that spamassassin can actually write to the auto-learning bayes database under the users home directories. after everything is setup the way you want it, you might want to clear the auto-learning databases and the auto-whitelists and allow them to rebuild themselves. this may help your changes take effect. moreover, it might help get rid of bad rules which a poorly scoring mail, left as artifacts from a previous configuration.

the URIBL plugin is like a DNSBL, but rather than checking host names, it checks URL’s found in the email. this can be beneficial in removing some more mail. you must set this up manually in your spamassassin configuration, and enable the plugin, likewise. it will be available in the configuration which will be attached.

finally, the virus scanner (clamav or clamscan) can do a whole lot more than just scan for virus’s. check out a package called clamav-unofficial-sigs : i am not sure what operating systems it is available on, but on ubuntu, i found it in one of the provided repos.

basically, it has ClamAV signatures for all sorts of things, such as many more kinds of viruses, but also for Phishing mail, and other kinds of Spam. this will help raise the hit rate for the virus scanning component in virtualmin. i have virtualmin deliver mail marked as “virus” to a ./Virus folder within the users mail box, so that false-positives can be sifted through by the user likewise. however, it seems to be fairly accurate.

anyways, i hope this helps. i have attached my spamassasin configuration file to help you get an idea of how i configured some of these plugins, and how i reconfigured scores to help deter obvious spam. individual results may vary.

  • Steve

Thanks Steve, I try to implement some of your suggestions.

Yes I am aware of the grey listing function and how it works with Virtualmin, and I have that enabled. I was referring to something else where I as an admin can look at identified spam which has been automatically isolated in all email boxes and use it to train spamassassin. No big deal though.

As for having spam dumped into a separate spam folder, most of my users use POP3 so they won’t see this. I’m considering moving to IMAP but I know some people don’t want to go that route.

Thanks again and I will try to gett his stuff implemented.