Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Jun 2015
    Posts
    2

    Default Spam Blocker rules

    Hi

    I work for an investment consultancy, and we are using untangle v11.1 in bridge mode in front of our Exchange server.

    We are getting quite a few false positives from Spam Blocker Lite. Looking at the logs, it appears SpamAssassin has a rule called "INVESTMENT_ADVICE", which is causing us a problem as all of our emails contain an email signature that refers to investment advice. We are not scanning outgoing emails, but any reply to an email we send receives the INVESTMENT_ADVICE flag (and I don't think there is an auto-white list setting in untangle v11.1?).

    The INVESTMENT_ADVICE flag appears to add 2.2 to the spam score, so gets us halfway to our medium 4.3 threshold.

    Is it possible to turn off this rule in SpamAssassin?

    Alternatively, does anyone know what the exact rule is for "INVESTMENT_ADVICE"? I can't cut the footer completely as it is needed for regulatory requirements, but I might be able to tweak the wording to avoid the flag? This would also help avoid our emails getting classed as spam by any recipient using SpamAssassin as well.

    Also, the Basian scores seem a bit high on some non-spam emails. Can I reset the trainer? Is it just a case of entering

    sa-learn --clear

    in the terminal?

    Thanks
    Rick

  2. #2
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    From what I can see, the rule looks for the phrase "investment advise" in the body of the email. You can modify the rule scoring by adding an entry to the local.cf file, which can be found in the /etc/spamassassin folder.

    You probably want to contact support regarding the resetting of your Basian scores. If I had to guess, I'd say the following command would work, buy YMMV:
    Code:
    su spamd -c "sa-learn --clear"

  3. #3
    Newbie
    Join Date
    Jun 2015
    Posts
    2

    Default

    Danp - Thanks for the pointers. I have had a look at the spamassassin code on Github and I believe the test is just for the occurrence of "investment advice", with no modifiers, so I might be able to reword our footer.

    I think to remove the test from our untangle firewall, the relevant line in local.cf would be:

    score INVESTMENT_ADVICE 0.0

    Rick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2