1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What's your favorite SpamAssassin settings?

Discussion in 'E-mail Discussions' started by Stuff4Toys, Jan 27, 2009.

  1. Stuff4Toys

    Stuff4Toys New Member

    Joined:
    Oct 3, 2008
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Wisconsin
    I read all that I can find on SpamAssassin but have one question?

    We have 25 corporate users, what would you suggest I set my required_score and Auto Delete at?

    I tried required_score at 8 and it got all the Viagra messages, but still left a few of the others. I have not turned on Auto Delete yet.

    Thanks
    JOhn ><>
     
  2. FrankyKnife

    FrankyKnife New Member

    Joined:
    Mar 27, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Zurich (CH)
    i have started with score 5. now i am at 4... viagra and that crap stopped, but still getting huge amounts of simple spam mails with standard links.

    does anybody know a solution against that? spamassassin or exim workaround?


    PS: do you know how to turn off "auto delete" again?
     
  3. hydra

    hydra Member

    Joined:
    Mar 26, 2008
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Amsterdam, Netherlands
    Hi,

    I suggest you have a look at ASSP.
    There is a payed and a free version for cpanel and both block spam very well.
    Much better than spamassasin and lower load.:cool:
     
  4. sehh

    sehh Member

    Joined:
    Feb 11, 2006
    Messages:
    521
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Europe
    just enable all the online block lists in exim, enable MTA checks for HELO and other stuff like that.

    finally, add some extra spam rules from http://www.rulesemporium.com

    you'll be fine, i rarely get a single spam per month...!
     
  5. FrankyKnife

    FrankyKnife New Member

    Joined:
    Mar 27, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Zurich (CH)
    if i get spamassassin not back to standard settings i will move to ASSP... lets see.

    i have searched here and on google how to set spamassassin back to NOT delete spam mails automatically. i cant find anything helpful.
    -> does anybody know how to set it back/to undo/resetting? i have totally lost the control how spamassassin is handling my mails!!! :-(
    i want to have all mail received! also spam mails - marked as spam showing me the score!

    ---

    thx for the link for spam rules.
    what do you use against spam mails like that:
    Code:
    http://www.google.com/group/YvetteDelacruzVV/?mnsgauhjyuisgfyubchgalpcwyxp
    
    To no overly declutch hallucinate. rifle by significance. ..
    so real And buttery. It nicotine. Be on flogging.
    _________________________________________________________________
    News, entertainment and everything you care about at Live.com. Get it now!
    http://www.live.com/getstarted.aspx
    Code:
    Cameron Diaz pictured in the rain wearing a white shirt without bra. This page reveals all the crazy stuff celebrities can do.
    http://andrew_mkissel9651.googlegroups.com/web/index.html?gda=2Pvp0TwAAABw2kwOzNYHO1QxB79IGFL1MktvkqKHodUvoYKu9_j931s2J23Br1X3GJDAub4Hu3r9Wm-ajmzVoAFUlE7c_fAt&gsc=sntkKhYAAAD7dGpLPO39Xy3mweqsN2Jx-vghgYgES8zAzJdW7J9-8w 
    
    --------------------------------------------------------------------------------
    Windows Live™: E-mail. Chat. Share. Get more ways to connect. See how it works. 
    Code:
    This-was-just-published-here:
    http://www.geocities.com/p7626ADUODENAL/
    
     
    #5 FrankyKnife, Feb 2, 2009
    Last edited: Feb 2, 2009
  6. sehh

    sehh Member

    Joined:
    Feb 11, 2006
    Messages:
    521
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Europe
    Those are mostly blocked at the MTA level by SpamCop and the other RBL's that are all enabled from WHM's exim configuration.

    Best practice against the above emails is to ban whole countries!!! (i've talked with all our clients and made sure we aren't banning a country they need) so i came up with: China, Taiwan, Philippines and a few others (i couldn't ban Russia, due to a client but that would is in my TODO list for the future). That cut spam by about 80%, Exim rules cut down spam by 10% and the rest 10% is blocked by SA.

    I've also enabled some extra features by myself that aren't included in cPanel/WHM but are hidden within Exim, for example:

    smtp_receive_timeout = 1m (lower timeout)
    smtp_connect_backlog = 1 (limit connections)
    smtp_accept_queue = 10 (same)
    smtp_accept_max = 10 (same)
    smtp_enforce_sync = true (strict communication, stops bad email robots)

    and other stuff like that...
     
  7. FrankyKnife

    FrankyKnife New Member

    Joined:
    Mar 27, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Zurich (CH)
    ok, thx for the hint... will check the smtp settings!

    i have disabled spamassassin (+ spamd etc.) now. lets see how it goes from scratch again!? (i just wonder that i am getting less spam mails now... *lol)

    here is my current exim WHM setting: would be pleased about any comment/suggestion. thx
     

    Attached Files:

  8. sehh

    sehh Member

    Joined:
    Feb 11, 2006
    Messages:
    521
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Europe
    1) enable the 3rd option, you don't want emails to root@myserver.mydomain.com (usually you want root@mydomain.com)

    2) Enable the 10th option, SPF checks are VERY important and we should always use them (all my domains have SPF in their DNS zone)

    3) You could enable the 16th option, it allows Exim to use the dedicated IP address of each domain (if they have one and aren't using the shared IP). Makes your server more reliable but nothing to do with incoming spam.

    4) Enable the 20th option, "Show generic recipient failure.." so a spammer won't know why he is being blocked.

    5) Personally, i've disabled the two "Skip scanning..." options, if my virus scanner or SA are down, i don't want delivery to happen. Let the remote server re-try again until i fix the problem. Of course this is optional and depends on the type of clients that you have in your system.
     
  9. mtindor

    mtindor Active Member

    Joined:
    Sep 14, 2004
    Messages:
    1,182
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    inside a catfish
    Personally, I think installing DCC and Vipuls Razor (Razor2) has been the best thing I've done in a long time. I've ran multiple Cpanel servers for years and never had installed DCC/Razor2 and enabled it in Spamassassin.

    I did this recently, it's working great to handle a lot of the remaining mail that spamassassin wasn't catching - each hit of Razor adds about 2.5 to a score, and DCC adds a little more - seems to be just enough to put the vague spam up over the threshold.

    I can't believe I hadn't done it sooner.

    Mike
     
  10. qwerty

    qwerty Member

    Joined:
    Jan 21, 2003
    Messages:
    214
    Likes Received:
    0
    Trophy Points:
    16
    hey Mike any tips on how to get those 2 installed? Ive been looking into this for a while but could never figure it out Cheers

    Dan
     
  11. mtindor

    mtindor Active Member

    Joined:
    Sep 14, 2004
    Messages:
    1,182
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    inside a catfish
    For DCC, if you're running a firewall, make sure you open up UDP 6277 inbound and outbound. If you install Razor, make sure to open TCP 2703 outbound.

    I used the following insructions (ignoring everything but the DCC and Razor instructions) for my install of DCC and Razor:

    Razor Install
    DCC Install

    I'm running Centos 5.3 and the latest Release version of Cpanel. I simply followed the Razor and DCC instructions... I wasn't interested in the SARE rules right now and was familiar with how to handle the SARE rules and serverwide antispam anyway. My only concern was installing DCC and Razor.

    You'll obviously have to go into /etc/mail/spamassassin/v310.pre and uncomment each as you are ready to test it.

    loadplugin Mail::SpamAssassin::plugin::DCC
    loadplugin Mail::SpamAssassin::plugin::Razor2


    Mike
     
  12. furquan

    furquan Member

    Joined:
    Jul 27, 2002
    Messages:
    419
    Likes Received:
    0
    Trophy Points:
    16
    Guys :

    my apologies for bumping in on old ticket, but i need to know if we can still follow the tutorial mentioned in these links :-

    "http://www.rvskin.com/index.php?page=public/antispam#1.2"


    The reason i ask this is coz the HOW-TO give a warning :-

    "We don't test it on cPanel11. If you know EXIM, you can follow below instruction as a guideline. Don't copy it all."

    is it safe to go ahead and use it on WHM/Cpanel 11.25 ?
     
  13. mykkal

    mykkal Member

    Joined:
    Feb 9, 2007
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, Georgia, United States
    How would I block these countries?
     
  14. sehh

    sehh Member

    Joined:
    Feb 11, 2006
    Messages:
    521
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Europe
    Simply get a list of IP addresses with subnets for each country you want to ban and add them to your /etc/spammeripblocks

    exim will do the rest :)


    I've used this site to get country subnets: Country IP Blocks

    just select the countries you want from the list on the right side, make sure that "CIDR" is selected and click on the "choose countries" button. Remove the comments and copy/paste the rest into the file I mentioned above.
     
  15. sehh

    sehh Member

    Joined:
    Feb 11, 2006
    Messages:
    521
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Europe
    spam protection should run on the email server, not the client. A good protection consists of many different layers, so the first layer should be at the MTA level during connection, second layer is RBL checking etc, so on and so forth. Running just a simple spam application on the client is counterproductive and the wrong way to do it.
     
  16. mgwaters

    mgwaters New Member

    Joined:
    Aug 9, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi There, I'm new to configuring these things. So... where do I set the above rules? smtp_receive_timeout = 1m ?? Thanks, I appreciate your help.
     

Share This Page