HELBER.IT - SpamAssassin at SMTP time
Jan Helber
 

Server > SpamAssassin at SMTP time > 

NAVIGATION

INHALT


Background information:
A few days ago someone tried to send me an email from an email-address which was not on my auto-whitelist. The email was rejected.
Therefor the sender resent the email from an email-account which I already sent some mail to before - so it was on the auto-whitelist. The email was accepted.

The person told me that the first delivery attempt failed ... reason enough for some research!

 

Research:
Since I know that there is no rule which adds more than 2.5pts, my spam score threshold is set to 3 points. Therefor I was sure that at least 2 spam detection rules found something. First thing to check was the SpamAssassin report in the header of the resent email which I received:

pts

rule name

description

2.0

GAPPY_SUBJECT

Subject: contains G.a.p.p.y-T.e.x.t

1.8

SUBJ_ALL_CAPS

Subject is all capitals

2.4

FR_ALMOST_VIAG2

RAW: Almost looks like viagra.

Since the subject of the email was "U N G L A U B L I C H" the first 2 spam rules were clear. Who sends an email with a subject like this?!

First I was a bit confused but then I found the part of the email that SpamAssassin was complaining about: "Im Jahr 1978 wurde in der Via Gradoli der President der Christlich Democratischen Partei Aldo Moro für ca 2 Monate eingekerkert."

The word "via" is Italian and means "way". But SpamAssassin doesn't "know" that and rated "Via Gradoli" as attempt to hide the word Viagra from spamdetection. This was my first false-positive ... too bad!

 

Accepting > Queuing > Scanning:

First of all one bad thing about first accepting each email and scanning it afterwards is that the spammer knows that this email-address is valid and won't remove it from his spam-list. But there are further drawbacks as well.
When you already accepted an email and afterwards SpamAssassin rates it as spam you have several options:

  1. Delete the email. You should not do this, cause in case of a false-positive the sender won't know that you did not receive the email.
  2. Delete the email and send a bound-message to the sender. In case the email is not a false-positive but a spam-mail, the sender-address is probably forged. Therefor you annoy innocent people with spam. First of all this is bad behavior. But in the worst case you could be added to a Opens external link in new windowRBL (your emails are not accepted by other mail-servers anymore). Therefor you shouldn't do this either.
  3. Move the email to a spam-folder. A possible method. But who wants to review all those spam-mails?!

 

SpamAssassin at SMTP time does not have any of those handicaps:

  1. False-positive: The email is rejected. Therefore the sender is informed about the delivery-failure by his mail-server without us (our mail-server) needing to send a bounce-email. Therefor the sender now gets the chance to compose a proper email.
  2. Spam-mail: The email is rejected. The spammer recognizes that the email could not be delivered and possibly removes the email-address from his spam-list.

But you need a more powerful mail-server than simply queuing an email and wait till there are enough resources to scan it. Since I own such a powerful workstation I am very happy with SpamAssassin at SMTP time!