I've been actively using SpamAssasin for the last 2 years, constantly reveiwing my queue and updating my ignore and blacklists. Its been a a pain but has worked relatively well for me. Recently Ive been getting an influx of spam that is not being caught by SpamAssasin thus flooding my inbox. I suspect one of my contacts recently got hacked or is having their email spoofed but the spam I am receiving is blatant and should be getting flagged by SpamAssasin.
I'm looking for recommendations to get my Spam under control.
thanks in advance.
Over the weekend pulled the ip addresses from some of the emails and found a few were coming from 192.126.77.*. I then went into the IP Deny Manager and added it, still getting spam from that same subnet of IPs... No idea what to do if I cant even block their IP. Looking forward to your feedback.
The IP Deny Manager only blocks IP addresses via your site's .htaccess file, and it only blocks access to your website itself. Unfortunately with SpamAssassin you can only blacklist email addresses or domains, and not IP addresses directly.
I just wrote a new article for you on blocking IPs from sending you email, which goes over setting up a cPanel account level email filter to block email based off IP addresses in the headers.
I apologize that you've seemingly been receiving more spam unfiltered via SpamAssassin. From what I can tell looking at your mail logs, it looks like SpamAssassin has run on 417 messages, with it flagging 135 of them as spam.
From what I can tell, it looks like the messages not flagged as spam are not achieving a high enough spam score to hit your current set value of 3.5 for being flagged as spam.
I would recommend looking at the full mail headers of one of the messages you believe is blatant spam to see why it's possibly not getting marked as spam. If you can't figure it out by looking at the rules, you can forward a copy to us at email@example.com with the subject "Recent spam increase", then if you comment back on this question letting us know it's been sent there we can take a look for you.
Please let us know if you have any further questions at all.
I finally did see the email that you sent into firstname.lastname@example.org. The emails that you're getting - which are definitely spam, are not being recognized by SpamAssassin because of certain factors. You can actually block this particular sender by using the IP address starting with 192.126.77.xxx and creating a range (e.g 188.8.131.52 -184.108.40.2066). I suggest doing this because Spam Assassin isn't blocking those emails unless you lower the score needed to identify the email as a Spam. I'll give you an article link at the end of this comment that shows you how to make the filter. I suggest the filter also because there will be the occasional spam that appears to obey ALL of the rules to classify the message as "not spam", but you can tell by the content that it is spam. The ones that you listed are a good example of this, and they appear to be coming from a particular set of IP addresses. The link below shows how to look in the header and find the IP addresses of the email: