More spam since a few months


Since a few months a lot of mail passes spam assassin.

It seems it passes the GreyList, but they are listed in blacklists.
What parameters can I tune to get rid of these messages

It never reaches a spam-score from 5 or higher

I’m using 57a

X-Spam-Level: *
X-Greylist: delayed 602 seconds by postgrey-1.36 at; Thu, 09 Mar 2023 20:53:21 CET
X-Spam-Report: *  1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist *      [URIs:] *  1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL *      blocklist *      [URIs:] * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% *      [score: 0.0000] *  0.1 DMARC_NONE DMARC record not found * -0.1 SPF_PASS SPF check passed * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record *  0.0 HTML_MESSAGE BODY: HTML included in message *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts *  0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML *      tag
X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_00,DMARC_NONE, HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,SPF_HELO_PASS, SPF_PASS,URIBL_ABUSE_SURBL,URIBL_BLACK autolearn=no autolearn_force=no version=3.4.2
Content-Type: text/html; charset=ISO-8859-1
X-Spam-Score: 1.5

Did the spam mail get into your personal mailbox? If yes, then just mark them so they end up in your “junk” mail folder that exists in the web mail interface of Mail In A Box.

This is what I like about Mail In A Box. Its easy to install and has a very good web mail interface that equals to Gmail and Outlook. So, all spam can be sent to the junk mail folder.

I know that trick. My issue is that mail servers on the blocking lists doesn’t get blocked

In the - default - config file is a line:

smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client,reject_unlisted_recipient,check_policy_service inet:

so I should expect it isn’t even offered to spam-assassin

First it’s grey listed - as expected

Mar 10 07:43:04 box postgrey[1044]: action=greylist, reason=new,, client_address=,,
Mar 10 07:43:04 box postfix/smtpd[23107]: NOQUEUE: reject: RCPT from[]: 450 4.2.0 <>: Recipient address rejected: Greylisted, see; from=<> to=<> proto=ESMTP helo=<>

a next time, the mail is offered

Mar 10 07:54:58 box postfix/smtpd[24477]: connect from[]
Mar 10 07:54:58 box postfix/smtpd[24477]: warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
Mar 10 07:54:58 box postgrey[1044]: action=pass, reason=triplet found, delay=601,, client_address=, sender=backyardmiraclefarm@episodeco,
Mar 10 07:54:58 box postfix/smtpd[24477]: AC77DE4D41:[]
Mar 10 07:54:58 box postfix/cleanup[24483]: AC77DE4D41: message-id=<>
Mar 10 07:54:58 imap( Info: Logged out in=5597 out=13841
Mar 10 07:54:58 box opendmarc[764]: implicit authentication service:
Mar 10 07:54:58 box opendmarc[764]: AC77DE4D41: SPF(mailfrom): pass
Mar 10 07:54:58 box opendmarc[764]: AC77DE4D41: none
Mar 10 07:54:59 box postfix/qmgr[30361]: AC77DE4D41: from=<>, size=25428, nrcpt=1 (queue active)
Mar 10 07:54:59 lmtp(24542): Info: Connect from
Mar 10 07:54:59 box spampd[15838]: processing message <> for <>
Mar 10 07:54:59 box postfix/smtpd[24477]: disconnect from[] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

by the way, I changed the recipient email address

Which blacklist did you use? How did you configure that?

That’s default configuration.

The question is: why is spam in a blacklist past trough to postgrey and not rejected at all

Ah, you mean the bit about:

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist *      [URIs:] *  
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL *

So, the way this works: spamassassin has a massive amount of rules. Each rule can result in a positive or negative score. The score of each rule is summed, resulting in your case in X-Spam-Score: 1.5 When the score is above a threshold (usually 5) it is declared spam by spamassassin and moved in to the SPAM folder.
In your case there are two rules triggered. These rules indicate there’s a URL in the mail that is on a blacklist (not necessarily that the whole mail should be blacklisted). The result is a score of 1.7 and 1.2. There is also a BAYES_00 rule giving a score of -1.9, which means according to that rule it is probably not spam.
Because the total score is 1.5, which is below 5, spamassassin does not yet rule this message as spam.
What you can do easily yourself is create a blacklist of your own. Create a blacklist file, e.g. /etc/spamassassin/ and fill it with e.g.

# blacklist everyone at
blacklist_from *

This will give all emails from an additional score of 10, usually enough to be judged as spam. Is there a constant in the spam mails that might help you create such a filter?

(Specifically for your situation, internet tells me that triggering rule BAYES_00 on obvious spam would mean that the spamassassin bayes filtering has not been trained enough or correctly. This might be solved by moving all spam into the spam/junk folder, as sugumaranv already mentioned.)

Thanks for the reactions.

I’ll first do an update to the latest version (next week) and see if that fixes something.