you are trying to empty an ocean with a teaspoon..
You were sure right about that. The amount of spam that was making it through spamassassin for both myself and a customer, has been on ongoing problem. But lately, it was getting out of hand. There is no way to screen enough words or phrases to block it all.
I enable Bayes to store a local database of scores, and once it learns enough ham/spam scores it does a pretty good job of judging spam. The problem is, SME's spamassassin seems to be ignoring Bayes. The highest Bayes score of BAYES_99 (meaning near 100% certainty) was having no effect on the total score. But not only Bayes hits were being ignored...
I decided to take the last 30 spam messages that made it to my mailbox, and see what hits spamassassin assigned to them. These were the most common:
BAYES_40
BAYES_50
BAYES_60
BAYES_80
BAYES_95
BAYES_99
DCC_CHECK
DEAR_SOMETHING
DIET_1
DIGEST_MULTIPLE
DKIM_ADSP_NXDOMAIN
DKIM_SIGNED
FB_GET_MEDS
FREEMAIL_FROM
HTML_EXTRA_CLOSE
HTML_IMAGE_ONLY_08
HTML_IMAGE_RATIO_04
HTML_IMAGE_RATIO_06
HTML_MESSAGE
HTML_SHORT_LINK_IMG_1
LOTS_OF_MONEY
MIME_HTML_ONLY
MIME_HTML_ONLY_MULTI
MPART_ALT_DIFF
PYZOR_CHECK
RAZOR2_CF_RANGE_51_100
RAZOR2_CF_RANGE_E8_51_100
RAZOR2_CHECK
RCVD_ILLEGAL_IP
RCVD_IN_BL_SPAMCOP_NET
RCVD_IN_SORBS_WEB
SPF_FAIL
SPF_NEUTRAL
SPF_PASS
SPF_SOFTFAIL
SUBJ_YOUR_FAMILY
SUBJECT_NEEDS_ENCODING
T_DKIM_INVALID
T_FRT_CONTACT
URIBL_BLOCKED
URIBL_DBL_REDIR
URIBL_DBL_SPAM
URIBL_JP_SURBL
All the spam had multiple hits from the list above and yet still made it to my inbox. Then a few days ago I found a discussion online that mentioned adjusting the scores for some of these hits, which lead me to the solution. Spamassassin wasn't scoring these hits high enough so I needed to score them higher. I created a file named:
/etc/e-smith/templates-custom/etc/mail/spamassassin/minimum.cf
Not all of the hits in the list above are clear indicators of spam, so after researching I only placed the following in the file minimum.cf :
# minimum.cf
score BAYES_99 5
score BAYES_95 4
score BAYES_80 3
score BAYES_60 2
score DIET_1 2
score DCC_CHECK 3
score PYZOR_CHECK 3
score RAZOR2_CHECK 3
score RAZOR2_CF_RANGE_51_100 2
score RAZOR2_CF_RANGE_E8_51_100 2
score RCVD_IN_BL_SPAMCOP_NET 5
score RCVD_IN_SORBS_WEB 5
score URIBL_BLOCKED 5
score URIBL_BLACK 5
score URIBL_DBL_SPAM 5
score URIBL_WS_SURBL 5
score URIBL_JP_SURBL 5
Then the following commands:
$ expand-template /etc/mail/spamassassin/minimum.cf
$ signal-event email-update
And presto chango! - no more spam in my inbox.
Of course, if you don't enable Bayes or DCC as I have done, then setting their scores higher wont be useful to you. However, if you examine the spamassassin hits in your own received spam, you can customize minimum.cf to suit your own needs.