A lot of the spam I have that is bypassing my local.cf rules are forwarded onto another account usingt he users forwarding rules. So myname@mydomain.co.uk which forwards to myname@myotherdomain.co.uk is getting the spam that I am reporting as by passing local.cf.
Saying that, its not just this setup, I still get emails delivered to my normal info@ account by-passing local.cf sometimes, and that has no forwarding.
I have changed it to this, as they often seem to be in sorbs. Although I am sure one got through that was on a spamhaus blacklist. Lets see if it helps! Although doesnt explain why spamassassin is not using the blacklists I added in local.cf
dont use too many rbls, it’ll be much slower to check all of them, for every message…
i usually pick 1 or 2, it’s mostly fine with zen.spamhaus.org & b.barracudacentral.org (eg.)
concerning spamassassin , can you send a print screen from $webmin_url/config.cgi?spam ?
I dont mind it slowing a little as long as it does not affect the whole server, as its a mail, no one knows its slower, only when you’re on the phone and someone says I just sent you an email and your like its not arrived yet, wait, wait, oh its come!
Do you know if when its rejected the sender gets a bounce back, like if a real user sends an email and they are on the blacklist, to bounce back and be told?
use single rbl (personal favorite : zen.spamhaus.org) or 2 max. some of these other rbls might not work correctly, have stricter rules, etc…start removing some and/or check logs to find blaming rbl…