[rt-users] Still lots of Spam hitting RT after filtering via Procmail/Spamassasin/Rules Du Jour
Pedro Santa
pedro.santa at gmail.com
Thu May 10 11:03:34 EDT 2007
Hi list!
My RT instance still receives lots of SPAM even with procmail
filtering, with Spamassasin updated with "rules du jour" script.
My procmail logs show that some of the mail is filtered but still gets
trough lots of spam. Any suggestions.
Thanks in advance.
Pedro Machado Santa
RT 3.4.1
Here are my configuration files:
###########################
### /etc/aliases:
rt: | "/usr/bin/procmail -m /etc/procmailrcs/rt-helpdesk"
rt-comment: | "/usr/bin/perl /usr/bin/rt-mailgate --queue helpdesk
--action comment --url http://gestao.dec.uc.pt/rt/"
gestor-info: | "/usr/bin/perl /usr/bin/rt-mailgate --queue gestor-info
--action correspond --url http://gestao.dec.uc.pt/rt/"
###########################
### /etc/procmailrcs/rt-helpdesk
PATH=/usr/local/bin:/bin:/usr/bin
LOGFILE=/var/log/procmail.log
INCLUDERC=/etc/procmailrcs/_spamfilter
# All mails bigger than 300000 characters are sent to an administrator instead
:0fwbh
* > 300000
| /usr/bin/rt-mailgate --queue helpdesk --action correspond --url
http://gestao.dec.uc.pt/rt
#if the spam trigger is fired send to spam queue
#:0fwbh
:0:
* ^X-Spam-Level: \*\*\*
/var/mail/admin
#| /usr/bin/rt-mailgate --queue spam --action correspond --url
http://gestao.dec.uc.pt/rt
:0:
* ^Subject: RHN Errata Alert:
!gestor-info at dec.uc.pt
#if the spam trigger is not fired then send to expected destination
:0wbh
|/usr/bin/rt-mailgate --queue helpdesk --action correspond --url
http://gestao.dec.uc.pt/rt
###########################
### /etc/procmailrcs/_spamfilter
#
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamassassin
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null
#/local/mailcopy/almost-certainly-spam
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
:0 c
/var/mail/admin
#/local/mailcopy/unconfirmed-ham
More information about the rt-users
mailing list