Note: I'm using the qmail-scanner-queue.pl setup that is popular here.
I've found that having local SPF rules can speed up SpamAssassin if you have configured Plesk to add SPF Headers.
We decided to be a bit draconian with our SPF policy, so in Plesk>Server>Mail we set SPF checking mode to "Reject mails when SPF resolves to fail." (Forwarders be damned!)
The issue:
Plesk performs a SPF check and adds a Received-SPF header. This is a remote DNS request.
SpamAssassin performs another remote DNS request for SPF, completely ignoring the already written header.
The solution:
Comment out "loadplugin Mail::SpamAssassin::Plugin::SPF" from /etc/mail/spamassassin/init.pre
Create some local rules in /etc/mail/spamassassin/local.cf
Code:
report_safe 0
rewrite_header subject *****SPAM*****
required_score 6.50
header LOCAL_SPF_PASS Received-SPF =~ /^pass/
header LOCAL_SPF_NEUTRAL Received-SPF =~ /^neutral/
header LOCAL_SPF_SOFTFAIL Received-SPF =~ /^softfail/
header LOCAL_SPF_FAIL Received-SPF =~ /^fail/
score LOCAL_SPF_PASS -0.001
score LOCAL_SPF_NEUTRAL 2.199 1.210 0.756 0.686
score LOCAL_SPF_SOFTFAIL 2.301 0.654 0.698 0.596
score LOCAL_SPF_FAIL 2.600 0.992 1.669 0.693
Restart spamd (/etc/init.d/spamassassin restart)
These local rules read the header that Plesk wrote. The scores are the defaults listed on the spamassassin wiki.
Login
Register
FAQ
Search
