@hardbrasil,
Spamassassin is a pretty particular piece of software and your problem is less related to spamassassin and more to your (general) spam settings.
I will discuss them briefly:
a) Domainkeys: no problem here, leave as is (for the time being at least)
b) DNS zones for DNSBL service: only use "sbl.spamhaus.org;zen.spamhaus.org"
There is a reason for this: the other lists are less reliable, even buggy (in rare occassions, this can lead to no checking at all) and often based upon spamhaus.org (i.e. they overlap).
Better to use a minimal amount of DNSBL lists, by preference the most suitable and efficient lists, being spamhaus.org.
c) SPF rules: it is
not enough to use "include:spf.trusted-forwarder.org".
In general, this is a bad setting.
I will not discuss the details, but a proper setting is:
1 - check the checkbox "Switch on SPF spam protection",
2 - set "SPF checking mode" to "Reject mail when SPF resolves to fail (deny)"
3 - set both "SPF local rules" as "SPF guess rules" to "v=spf1 +a/24 +mx/24 +ptr ?all include:spf.trusted-forwarder.org" (Note: this is a general SPF record, it can be more "strict")
Please note that the order in the SPF record, as mentioned in point 3, is very important.
Also note that it is very
important to check where the SPF record is "active": if your Plesk instance is a primary nameserver, then step c) is all you have to do.
However, if you use some external nameserver (for instance, you use nameservers provided by the registrar or some external service, like Route53), then it is absolutely necessary to add a TXT record to your DNS, with
<domain>.tld TXT v=spf1 a mx ip4:<IP of your server> ~all
and note that
- this SPF record is somewhat more strict: the "/24" has been removed (allowing less IPs to match SPF syntax) and the "ip4:" has been added (only pass SPF check if the IP matches)
- if your machine allows IPv6: just add "ip6:<IP of your server>"
- do not set the "~all" SPF record to "-all": this will result in a lot of false negatives
and, finally, note that
- the SPF check result of "negative" does not imply that spam does not get delivered: a negative SPF result does not imply that mail is blocked
- Spamassassin does use the SPF results to allow or disallow mail: mails are blocked by Spamassassin.
All of the above is just some rough outline of what you can or should do, to improve the blocking of spam messages.
As another tip, you could also introduce DMARC records in your DNS (this takes the form of _dmarc.<domain>.tld TXT v=DMARC1; p=none; rua=mailto:<mail> or such alike).
DMARC also works like a charm to tackle spam mails, but it requires some additional effort.
In short, I would suggest to take steps a to c first and have a look at the effect of the number of spam mails.
Hope the above helps!
Regards.....
Facebook
Twitter
