Spamassassin uses a number of rules to decide if an email is blocked and creates a score of each email. This is normally included in the header of each email, so you can see which rules have trigged.
The Spamassassin training improves the Bayesian spam testing, so if the training is working you should see the following appear
X-Spam-Status: Yes/No, score=X.X required=5.0 tests=BAYES_99...... autolearn=no
The BAYES_99 score means the email has spam probability is 99 to 100%, however you can get BAYES_00 to BAYES_99.
If you can't see the above line in any emails, then Spamassassin is not working.
On my Virtualmin setup i've changed to having a spam folder that i move emails to and then there is a daily job that runs the Spamassassing training and after 4 weeks deletes the email.
I currently setup the script for each user with the following:
/usr/bin/sa-learn -u <username> --spam /home/domain/homes/<user>/Maildir/.<folder name>/cur/
/usr/bin/find /home/domain/homes/<user>/Maildir/.<folder name>/cur/ -mtime+28 -exec rm {} \;
This configuration prepends "[Potential fraud]" to subject
if reply-to
and From
domains differ
exim.conf:
system_filter = /etc/exim/system_filter.conf
system_filter.conf:
if $h_reply-to matches "(@.+)"
and not $h_from contains "$1"
then
headers add "Old-Subject: $h_subject"
headers remove "Subject"
headers add "Subject: [Potential Fraud] $h_old-subject (reply-to domain is $1)"
headers remove "Old-Subject"
endif
I use a regex to extract the reply-to domain (if present) including the "@". The matching text needs to be in the from
header to avoid the warning.
Note: The $1 regex backreference remains available for the subject rewrite
Best Answer
Postfix does not have a utility like exigrep, so you will need to grep the queue files for the subject and then pipe the queue id to postsuper to delete them