0

I can define custom scores for SpamAssasin, default one seems to be zero and it makes me wonder if i should raise it, but before doing so, where can i find detailed information on how these particular scores works in order to evaluate right score value to use?

I was searching a few sites like https://cwiki.apache.org/confluence/display/spamassassin/ for phrase "SPOOFED_FREEMAIL", to discover detail about this particular score, but nothing found.

  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider
                             [yolinee[at]163.com]
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
  0.0 SPOOFED_FREEMAIL       No description available.

I am interested to learn details about above scores mainly FREEMAIL ones, but where to search, where exactly is the place where i can find most detailed description about mentioned scores?

Here is very basic information: A) https://github.com/SpamExperts/OrangeAssassin-build/tree/master/debian/python3/usr/share/orangeassassin B) https://apache.googlesource.com/spamassassin/+/refs/tags/sa-update_3.4.0_20110317085118/rules

I have found only "FREEMAIL" kind of file which says "List contains commonly abused end user mail providers".

1
  • Look into wherever spamassassin is installed, configured (/etc/spamassassin) or is storing current rule collections (/var/lib/something). The actual definition of most rules is so close to human-readable, I would not be surprised if there was no additional commentary or documentation for many of them.
    – anx
    Commented Jun 28, 2023 at 9:25

1 Answer 1

1

Just review the definitions directly, where they are actually stored on your system. Probably:

/usr/share/spamassassin/20_freemail.cf
/usr/share/spamassassin/20_freemail_domains.cf

# and possible later versions at
/var/lib/spamassassin/{version}/{repository}/20_freemail.cf
/var/lib/spamassassin/{version}/{repository}/20_freemail_domains.cf

Such handcrafted lists rarely need hand tuning, though. You might rather want to retrieve sensible non-zero (but still small) defaults for these simply by fetching a (still somewhat maintained) updated rule set.

Its just an old, manually compiled list of domains known to have offered free mailboxes in the past. Nothing special and by nature always incomplete. Used for other useful signals in fighting spam, but generally not significantly on its own. A message claiming to be from one such known provider does not mean much in either direction: legitimate mail or trash. Check the other rules incorporating these, though. Sending from a freemail domain while also setting reply-to to something no private or business entity would reasonably do is a strong spam signal, that is why Spamassassin is right to keep the list around.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .