Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: What's your favorite SpamAssassin settings?

  1. #1
    Registered Member Stuff4Toys's Avatar
    Join Date
    Oct 2008
    Location
    Wisconsin
    Posts
    17

    Smile What's your favorite SpamAssassin settings?

    I read all that I can find on SpamAssassin but have one question?

    We have 25 corporate users, what would you suggest I set my required_score and Auto Delete at?

    I tried required_score at 8 and it got all the Viagra messages, but still left a few of the others. I have not turned on Auto Delete yet.

    Thanks
    JOhn ><>
    JMDualPro - Marine and Sports Battery Chargers
    JMKerusso - Quality Kerusso Christian Wear
    Stuff4Toys - Stuff for your Boat

  2. #2
    Registered Member FrankyKnife's Avatar
    Join Date
    Mar 2004
    Location
    Zurich (CH)
    Posts
    16

    Default

    i have started with score 5. now i am at 4... viagra and that crap stopped, but still getting huge amounts of simple spam mails with standard links.

    does anybody know a solution against that? spamassassin or exim workaround?


    PS: do you know how to turn off "auto delete" again?

  3. #3
    Registered Member
    Join Date
    Mar 2008
    Location
    Amsterdam, Netherlands
    Posts
    102

    Default

    Hi,

    I suggest you have a look at ASSP.
    There is a payed and a free version for cpanel and both block spam very well.
    Much better than spamassasin and lower load.

  4. #4
    Registered Member sehh's Avatar
    Join Date
    Feb 2006
    Location
    Europe
    Posts
    515

    Default

    just enable all the online block lists in exim, enable MTA checks for HELO and other stuff like that.

    finally, add some extra spam rules from http://www.rulesemporium.com

    you'll be fine, i rarely get a single spam per month...!

  5. #5
    Registered Member FrankyKnife's Avatar
    Join Date
    Mar 2004
    Location
    Zurich (CH)
    Posts
    16

    Default

    if i get spamassassin not back to standard settings i will move to ASSP... lets see.

    i have searched here and on google how to set spamassassin back to NOT delete spam mails automatically. i cant find anything helpful.
    -> does anybody know how to set it back/to undo/resetting? i have totally lost the control how spamassassin is handling my mails!!! :-(
    i want to have all mail received! also spam mails - marked as spam showing me the score!

    ---

    thx for the link for spam rules.
    what do you use against spam mails like that:
    Code:
    http://www.google.com/group/YvetteDelacruzVV/?mnsgauhjyuisgfyubchgalpcwyxp
    
    To no overly declutch hallucinate. rifle by significance. ..
    so real And buttery. It nicotine. Be on flogging.
    _________________________________________________________________
    News, entertainment and everything you care about at Live.com. Get it now!
    http://www.live.com/getstarted.aspx
    Code:
    Cameron Diaz pictured in the rain wearing a white shirt without bra. This page reveals all the crazy stuff celebrities can do.
    http://andrew_mkissel9651.googlegroups.com/web/index.html?gda=2Pvp0TwAAABw2kwOzNYHO1QxB79IGFL1MktvkqKHodUvoYKu9_j931s2J23Br1X3GJDAub4Hu3r9Wm-ajmzVoAFUlE7c_fAt&gsc=sntkKhYAAAD7dGpLPO39Xy3mweqsN2Jx-vghgYgES8zAzJdW7J9-8w 
    
    --------------------------------------------------------------------------------
    Windows Live™: E-mail. Chat. Share. Get more ways to connect. See how it works.
    Code:
    This-was-just-published-here:
    http://www.geocities.com/p7626ADUODENAL/
    Last edited by FrankyKnife; 02-02-2009 at 03:06 PM.

  6. #6
    Registered Member sehh's Avatar
    Join Date
    Feb 2006
    Location
    Europe
    Posts
    515

    Default

    Those are mostly blocked at the MTA level by SpamCop and the other RBL's that are all enabled from WHM's exim configuration.

    Best practice against the above emails is to ban whole countries!!! (i've talked with all our clients and made sure we aren't banning a country they need) so i came up with: China, Taiwan, Philippines and a few others (i couldn't ban Russia, due to a client but that would is in my TODO list for the future). That cut spam by about 80%, Exim rules cut down spam by 10% and the rest 10% is blocked by SA.

    I've also enabled some extra features by myself that aren't included in cPanel/WHM but are hidden within Exim, for example:

    smtp_receive_timeout = 1m (lower timeout)
    smtp_connect_backlog = 1 (limit connections)
    smtp_accept_queue = 10 (same)
    smtp_accept_max = 10 (same)
    smtp_enforce_sync = true (strict communication, stops bad email robots)

    and other stuff like that...

  7. #7
    Registered Member FrankyKnife's Avatar
    Join Date
    Mar 2004
    Location
    Zurich (CH)
    Posts
    16

    Default

    ok, thx for the hint... will check the smtp settings!

    i have disabled spamassassin (+ spamd etc.) now. lets see how it goes from scratch again!? (i just wonder that i am getting less spam mails now... *lol)

    here is my current exim WHM setting: would be pleased about any comment/suggestion. thx
    Attached Thumbnails Attached Thumbnails What's your favorite SpamAssassin settings?-exim_config.jpg  

  8. #8
    Registered Member sehh's Avatar
    Join Date
    Feb 2006
    Location
    Europe
    Posts
    515

    Default

    1) enable the 3rd option, you don't want emails to root@myserver.mydomain.com (usually you want root@mydomain.com)

    2) Enable the 10th option, SPF checks are VERY important and we should always use them (all my domains have SPF in their DNS zone)

    3) You could enable the 16th option, it allows Exim to use the dedicated IP address of each domain (if they have one and aren't using the shared IP). Makes your server more reliable but nothing to do with incoming spam.

    4) Enable the 20th option, "Show generic recipient failure.." so a spammer won't know why he is being blocked.

    5) Personally, i've disabled the two "Skip scanning..." options, if my virus scanner or SA are down, i don't want delivery to happen. Let the remote server re-try again until i fix the problem. Of course this is optional and depends on the type of clients that you have in your system.

  9. #9
    Registered Member
    Join Date
    Sep 2004
    Location
    inside a catfish
    Posts
    1,157
    cPanel/WHM Access Level

    Root Administrator

    Default

    Personally, I think installing DCC and Vipuls Razor (Razor2) has been the best thing I've done in a long time. I've ran multiple Cpanel servers for years and never had installed DCC/Razor2 and enabled it in Spamassassin.

    I did this recently, it's working great to handle a lot of the remaining mail that spamassassin wasn't catching - each hit of Razor adds about 2.5 to a score, and DCC adds a little more - seems to be just enough to put the vague spam up over the threshold.

    I can't believe I hadn't done it sooner.

    Mike

  10. #10
    Registered Member
    Join Date
    Jan 2003
    Posts
    210

    Default

    Quote Originally Posted by mtindor View Post
    Personally, I think installing DCC and Vipuls Razor (Razor2) has been the best thing I've done in a long time. I've ran multiple Cpanel servers for years and never had installed DCC/Razor2 and enabled it in Spamassassin.

    I did this recently, it's working great to handle a lot of the remaining mail that spamassassin wasn't catching - each hit of Razor adds about 2.5 to a score, and DCC adds a little more - seems to be just enough to put the vague spam up over the threshold.

    I can't believe I hadn't done it sooner.

    Mike
    hey Mike any tips on how to get those 2 installed? Ive been looking into this for a while but could never figure it out Cheers

    Dan

  11. #11
    Registered Member
    Join Date
    Sep 2004
    Location
    inside a catfish
    Posts
    1,157
    cPanel/WHM Access Level

    Root Administrator

    Default

    Quote Originally Posted by qwerty View Post
    hey Mike any tips on how to get those 2 installed? Ive been looking into this for a while but could never figure it out Cheers

    Dan
    For DCC, if you're running a firewall, make sure you open up UDP 6277 inbound and outbound. If you install Razor, make sure to open TCP 2703 outbound.

    I used the following insructions (ignoring everything but the DCC and Razor instructions) for my install of DCC and Razor:

    Razor Install
    DCC Install

    I'm running Centos 5.3 and the latest Release version of Cpanel. I simply followed the Razor and DCC instructions... I wasn't interested in the SARE rules right now and was familiar with how to handle the SARE rules and serverwide antispam anyway. My only concern was installing DCC and Razor.

    You'll obviously have to go into /etc/mail/spamassassin/v310.pre and uncomment each as you are ready to test it.

    loadplugin Mail::SpamAssassin::Plugin:CC
    loadplugin Mail::SpamAssassin::Plugin::Razor2


    Mike

  12. #12
    Registered Member
    Join Date
    Jul 2002
    Posts
    415

    Default

    Guys :

    my apologies for bumping in on old ticket, but i need to know if we can still follow the tutorial mentioned in these links :-

    "http://www.rvskin.com/index.php?page=public/antispam#1.2"


    The reason i ask this is coz the HOW-TO give a warning :-

    "We don't test it on cPanel11. If you know EXIM, you can follow below instruction as a guideline. Don't copy it all."

    is it safe to go ahead and use it on WHM/Cpanel 11.25 ?

  13. #13
    Registered Member mykkal's Avatar
    Join Date
    Feb 2007
    Location
    Atlanta, Georgia, United States
    Posts
    119

    Default

    Quote Originally Posted by sehh View Post
    Best practice against the above emails is to ban whole countries!!! (i've talked with all our clients and made sure we aren't banning a country they need) so i came up with: China, Taiwan, Philippines and a few others (i couldn't ban Russia, due to a client but that would is in my TODO list for the future). That cut spam by about 80%, Exim rules cut down spam by 10% and the rest 10% is blocked by SA.
    How would I block these countries?

  14. #14
    Registered Member sehh's Avatar
    Join Date
    Feb 2006
    Location
    Europe
    Posts
    515

    Lightbulb

    Simply get a list of IP addresses with subnets for each country you want to ban and add them to your /etc/spammeripblocks

    exim will do the rest


    I've used this site to get country subnets: Country IP Blocks

    just select the countries you want from the list on the right side, make sure that "CIDR" is selected and click on the "choose countries" button. Remove the comments and copy/paste the rest into the file I mentioned above.
    CODE IS POETRY

  15. #15
    Registered Member sehh's Avatar
    Join Date
    Feb 2006
    Location
    Europe
    Posts
    515

    Default

    spam protection should run on the email server, not the client. A good protection consists of many different layers, so the first layer should be at the MTA level during connection, second layer is RBL checking etc, so on and so forth. Running just a simple spam application on the client is counterproductive and the wrong way to do it.
    CODE IS POETRY

Page 1 of 2 12 LastLast

Similar Threads

  1. Apache SpamAssassin Settings
    By Nisa51 in forum E-mail Discussions
    Replies: 7
    Last Post: 06-24-2014, 01:33 PM
  2. Apache SpamAssassin settings?
    By Jonathan More in forum E-mail Discussions
    Replies: 0
    Last Post: 05-03-2013, 02:18 AM
  3. Spamassassin ignores Whiteliste settings
    By CoolMike in forum E-mail Discussions
    Replies: 3
    Last Post: 05-31-2008, 03:45 PM
  4. user Apache SpamAssassin settings.. scoring?
    By brightmatter in forum New User Questions
    Replies: 3
    Last Post: 08-11-2005, 11:03 PM
  5. does piping passes the Spamassassin settings?
    By big in forum cPanel & WHM Discussions
    Replies: 4
    Last Post: 10-17-2004, 03:39 AM
bargain