How can we help?
  1. atmail help centre
  2. atmail on-premises
  3. Premium Antispam and Malware Detection

Follow

aspamd - Spam Classification

Stewart -

PROBLEM

How can I edit my aspamd rules?

ENVIRONMENT

  • atmail aspamd

CAUSE

Requirement to change aspamd rules. 

RESOLUTION

aspamd accepts mail messages using a subset of the rspamd protocol; sends the mail to the appropriate engine and provides a number of data points which available to the calling MTA in order to action the message: action and score. These are referenced to Exim by $spam_score and $spam_action. There are currently two engines available, the premium engine, and rspamd.

When using rspamd, all additional headers and symbols are returned. When using the premium engine, a number of additional headers are added to the message: 

  • X-atmail-spam-refid: A reference id useful in determining how a message was classified 
  • X-atmail-spam: The spam classification

These are available to Exim as $spam_report.

Premium Engine

The premium engine works by classifying the incoming message into the following classifications: 

  • Confirmed: Spam messages from known spam sources
  • Bulk: Spam messages from sources that are not confirmed spammers. 
  • Suspect: Legitimate messages that are sent to slightly larger than average distribution or are unidentified spam messages in the first few seconds of a massive spam outbreak 
  • NonSpam: Messages that are confirmed, without doubt, as coming from trusted sources. This classification is very rarely used. 
  • ValidBulk: Messages that are determined to be valid bulk (e.g. solicited bulk messages such as newsletters).
  • Unknown: Messages that don't fit a known category. These are the bulk of legitimate messages.

Configuration

The premium engine uses a number of configuration items to determine an rspamd action and a score for each Classification. Each has a default action and score, but can be changed if required. 

  • --unknownScore value (default: 0) [$SPAM_UNKNOWN_SCORE]
  • --unknownAction value (default: “no action”) [$SPAM_UNKNOWN_ACTION]
  • --confirmedScore value (default: 100) [$SPAM_CONFIRMED_SCORE]
  • --confirmedAction value (default: “reject”) [$SPAM_CONFIRMED_ACTION]
  • --bulkScore value (default: 50) [$SPAM_BULK_SCORE]
  • --bulkAction value (default: “reject”) [$SPAM_BULK_ACTION]
  • --suspectedScore value (default: 2) [$SPAM_SUSPECTED_SCORE]
  • --suspectedAction value (default: “rewrite subject”) [$SPAM_SUSPECTED_ACTION]
  • --nonSpamScore value (default: -100) [$SPAM_NON_SPAM_SCORE]
  • --nonSpamAction value (default: “no action”) [$SPAM_NON_SPAM_ACTION]
  • --virusScore value (default: 200) [$SPAM_VIRUS_SCORE]
  • --virusAction value (default: “reject”) [$SPAM_VIRUS_ACTION]
  • --virusHighScore value (default: 150) [$SPAM_VIRUS_HIGH_SCORE]
  • --virusHighAction value (default: “reject”) [$SPAM_VIRUS_HIGH_ACTION]
  • --virusMediumScore value (default: 4) [$SPAM_VIRUS_MEDIUM_SCORE]
  • --virusMediumAction value (default: “no action”) [$SPAM_VIRUS_MEDIUM_ACTION]
  • --validBulkScore value (default: 49) [$VALID_BULK_SCORE]
  • --validBulkAction value (default: “no action”) [$SPAM_VALID_BULK_ACTION]

Example

Changing bulkScore value from 50 to 100.

Command line

aspamd --bulkScore 100

Configuration file

Open and edit /etc/atmail/aspamd/aspamd.conf.

Locate: 

#SPAM_BULK_SCORE=50

Change to:

SPAM_BULK_SCORE=100

Comments

Contact our support team

+61 (7) 5357 6605       support@atmail.com


atmail

© Copyright 2021 atmail pty ltd | All Rights Reserved