I've been with LunarPages a long time and have dozens of e-mail accounts at my domains and add-on domains. I have SpamAssassin turned on for the entire account (Spam Auto Delete: disabled, score: 4, Spam Box: enabled, Custom Setup: required score=4)

For my own e-mail account (which I've had 10+ years) I don't have many spam problems. The occasional spam gets through, but most of it is intercepted correctly and sent to the spam box.

For my wife's account, she is getting CHRONIC spam. 100+ pieces per day. My gut is to say that SpamAssassin isn't working on her address, but when I examine headers for her mail, it does look like it's going through SpamAssassin, just scoring too low. (But how weird that her account, which she's had for much less time than I've had mine, is so chronically attacked while mine isn't.)

Below, I've included the relevant excerpts of headers from a few different spam mails. Can anyone with the expertise to read these help me figure out how I could modify SpamAssassin's settings to do a better job at catching mails like these? I can't lower the threshold any more, otherwise it'll be catching legitimate mail.

(Retiring her e-mail address is unfortunately not an option.)

GRATEFULLY APPRECIATE ANY HELP!!

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Have you seen the most recent changes to your credit-scores? Your Experian, Equifax & TransUnion Scores are your Ticket to a New car, Credit-cards, a Mortgage & more! Poor 301-600 Good 600-700 Excellent 700-849 [...] Content analysis details: (2.3 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    ++
X-Spam-Flag:    NO
X-Spam-Score:    23
X-Spam-Status:    No, score=2.3

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Does your bathroom need a facelift? Are you tired of stepping into the same old dreary bathroom with the same old dreary tile? Want to spruce it up? Make it beautiful? For most people the bathroom is the first place they go in the morning. Make it shiny, sunny, bright, clean. From just a tiny bit of improvement to a complete renovation that adds more space, we can do it at an incredible price. That's what we do. We find remodelers in your area that literally fight to get your business. They are qualified, bonded, insured, and experienced. [...] Content analysis details: (3.0 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [216.211.153.38 listed in bb.barracudacentral.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4987] 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +++
X-Spam-Flag:    NO
X-Spam-Score:    30
X-Spam-Status:    No, score=3.0

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Date: 4.13.12 Important information, you have been pre approved. You have been pre-approved for an advance of up to 1,000. You have up to 100 days to pay back the advance unlike other lender that only give you two weeks. [...] Content analysis details: (1.6 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.0 LOTS_OF_MONEY Huge... sums of money 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +
X-Spam-Flag:    NO
X-Spam-Score:    16
X-Spam-Status:    No, score=1.6

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Power your home without greedy electric companies ? > VANCOUVER, British Columbia -- Vancouver's business community will be watching the Canucks set off on their Stanley Cup run with the same enthusiasm as most fans, while ensuring they're ready in case those fans ignore the team's marketing campaign aimed at averting a riot like the one that befell the city following a Game 7 loss to Boston in last year's Stanley Cup finals. [...] Content analysis details: (1.5 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.1465] 0.0 LOTS_OF_MONEY Huge... sums of money 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +
X-Spam-Flag:    NO
X-Spam-Score:    15
X-Spam-Status:    No, score=1.5

I've been living way-too-much SPAM for a while and recently decided to tackle the problem.

I have always had SpamAssassin turned "on" with the "score" threshold set to 5.0.

But many of the SPAM messages I was getting had scores between 0.5 and 5.0 and therefore would make it through to my inbox.

I first tried setting up filters for keywords in the message subject or body, but found that that was hard to maintain and would lead to false-positives.

Then I notices some patterns:

When I looked at the X-Ham-Report header field, I saw many of the SPAM messages were listed in the various registries (eg: RCVD_IN_BRBL_LASTEXT and RCVD_IN_BRBL_LASTEXT) But even though these were "blacklisted" by the registries, they still didn't get a large enough score to trigger the filter.

So I added a simple filter in CPanel to do a "Header" "contains" "RCVD_IN_BRBL" and "Header" "contains" "RCVD_IN_BRBL"
I also added a few others of the items that show in the X-Ham-Report header.

Now my inbox is a much nicer place....

One question I would throw out to the LP experts: Is there way to "tweak" the scores given to each item that the system checks? Could I have anything blacklisted a "4.0" instead of what it usually gets (1.4 in the case of the email I checked just now...)?

Anyway, good luck!

Oops, I figured it out.
Its in account level and user level filtering under email

Thanks!