What's your favorite SpamAssassin settings?

Stuff4Toys

Member
Oct 3, 2008
17
0
51
Wisconsin
I read all that I can find on SpamAssassin but have one question?

We have 25 corporate users, what would you suggest I set my required_score and Auto Delete at?

I tried required_score at 8 and it got all the Viagra messages, but still left a few of the others. I have not turned on Auto Delete yet.

Thanks
JOhn ><>
 

FrankyKnife

Member
Mar 27, 2004
16
0
151
Zurich (CH)
i have started with score 5. now i am at 4... viagra and that crap stopped, but still getting huge amounts of simple spam mails with standard links.

does anybody know a solution against that? spamassassin or exim workaround?


PS: do you know how to turn off "auto delete" again?
 

hydra

Well-Known Member
Mar 26, 2008
102
1
68
Amsterdam, Netherlands
Hi,

I suggest you have a look at ASSP.
There is a payed and a free version for cpanel and both block spam very well.
Much better than spamassasin and lower load.:cool:
 

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
just enable all the online block lists in exim, enable MTA checks for HELO and other stuff like that.

finally, add some extra spam rules from http://www.rulesemporium.com

you'll be fine, i rarely get a single spam per month...!
 

FrankyKnife

Member
Mar 27, 2004
16
0
151
Zurich (CH)
if i get spamassassin not back to standard settings i will move to ASSP... lets see.

i have searched here and on google how to set spamassassin back to NOT delete spam mails automatically. i cant find anything helpful.
-> does anybody know how to set it back/to undo/resetting? i have totally lost the control how spamassassin is handling my mails!!! :-(
i want to have all mail received! also spam mails - marked as spam showing me the score!

---

thx for the link for spam rules.
what do you use against spam mails like that:
Code:
http://www.google.com/group/YvetteDelacruzVV/?mnsgauhjyuisgfyubchgalpcwyxp

To no overly declutch hallucinate. rifle by significance. ..
so real And buttery. It nicotine. Be on flogging.
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
Code:
Cameron Diaz pictured in the rain wearing a white shirt without bra. This page reveals all the crazy stuff celebrities can do.
http://andrew_mkissel9651.googlegroups.com/web/index.html?gda=2Pvp0TwAAABw2kwOzNYHO1QxB79IGFL1MktvkqKHodUvoYKu9_j931s2J23Br1X3GJDAub4Hu3r9Wm-ajmzVoAFUlE7c_fAt&gsc=sntkKhYAAAD7dGpLPO39Xy3mweqsN2Jx-vghgYgES8zAzJdW7J9-8w 

--------------------------------------------------------------------------------
Windows Live™: E-mail. Chat. Share. Get more ways to connect. See how it works.
Code:
This-was-just-published-here:
http://www.geocities.com/p7626ADUODENAL/
 
Last edited:

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
Those are mostly blocked at the MTA level by SpamCop and the other RBL's that are all enabled from WHM's exim configuration.

Best practice against the above emails is to ban whole countries!!! (i've talked with all our clients and made sure we aren't banning a country they need) so i came up with: China, Taiwan, Philippines and a few others (i couldn't ban Russia, due to a client but that would is in my TODO list for the future). That cut spam by about 80%, Exim rules cut down spam by 10% and the rest 10% is blocked by SA.

I've also enabled some extra features by myself that aren't included in cPanel/WHM but are hidden within Exim, for example:

smtp_receive_timeout = 1m (lower timeout)
smtp_connect_backlog = 1 (limit connections)
smtp_accept_queue = 10 (same)
smtp_accept_max = 10 (same)
smtp_enforce_sync = true (strict communication, stops bad email robots)

and other stuff like that...
 

FrankyKnife

Member
Mar 27, 2004
16
0
151
Zurich (CH)
ok, thx for the hint... will check the smtp settings!

i have disabled spamassassin (+ spamd etc.) now. lets see how it goes from scratch again!? (i just wonder that i am getting less spam mails now... *lol)

here is my current exim WHM setting: would be pleased about any comment/suggestion. thx
 

Attachments

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
1) enable the 3rd option, you don't want emails to [email protected] (usually you want [email protected])

2) Enable the 10th option, SPF checks are VERY important and we should always use them (all my domains have SPF in their DNS zone)

3) You could enable the 16th option, it allows Exim to use the dedicated IP address of each domain (if they have one and aren't using the shared IP). Makes your server more reliable but nothing to do with incoming spam.

4) Enable the 20th option, "Show generic recipient failure.." so a spammer won't know why he is being blocked.

5) Personally, i've disabled the two "Skip scanning..." options, if my virus scanner or SA are down, i don't want delivery to happen. Let the remote server re-try again until i fix the problem. Of course this is optional and depends on the type of clients that you have in your system.
 

mtindor

Well-Known Member
Sep 14, 2004
1,417
82
178
inside a catfish
cPanel Access Level
Root Administrator
Personally, I think installing DCC and Vipuls Razor (Razor2) has been the best thing I've done in a long time. I've ran multiple Cpanel servers for years and never had installed DCC/Razor2 and enabled it in Spamassassin.

I did this recently, it's working great to handle a lot of the remaining mail that spamassassin wasn't catching - each hit of Razor adds about 2.5 to a score, and DCC adds a little more - seems to be just enough to put the vague spam up over the threshold.

I can't believe I hadn't done it sooner.

Mike
 

qwerty

Well-Known Member
Jan 21, 2003
215
2
168
Personally, I think installing DCC and Vipuls Razor (Razor2) has been the best thing I've done in a long time. I've ran multiple Cpanel servers for years and never had installed DCC/Razor2 and enabled it in Spamassassin.

I did this recently, it's working great to handle a lot of the remaining mail that spamassassin wasn't catching - each hit of Razor adds about 2.5 to a score, and DCC adds a little more - seems to be just enough to put the vague spam up over the threshold.

I can't believe I hadn't done it sooner.

Mike
hey Mike any tips on how to get those 2 installed? Ive been looking into this for a while but could never figure it out Cheers

Dan
 

mtindor

Well-Known Member
Sep 14, 2004
1,417
82
178
inside a catfish
cPanel Access Level
Root Administrator
hey Mike any tips on how to get those 2 installed? Ive been looking into this for a while but could never figure it out Cheers

Dan
For DCC, if you're running a firewall, make sure you open up UDP 6277 inbound and outbound. If you install Razor, make sure to open TCP 2703 outbound.

I used the following insructions (ignoring everything but the DCC and Razor instructions) for my install of DCC and Razor:

Razor Install
DCC Install

I'm running Centos 5.3 and the latest Release version of Cpanel. I simply followed the Razor and DCC instructions... I wasn't interested in the SARE rules right now and was familiar with how to handle the SARE rules and serverwide antispam anyway. My only concern was installing DCC and Razor.

You'll obviously have to go into /etc/mail/spamassassin/v310.pre and uncomment each as you are ready to test it.

loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Razor2


Mike
 

furquan

Well-Known Member
Jul 27, 2002
473
4
168
Guys :

my apologies for bumping in on old ticket, but i need to know if we can still follow the tutorial mentioned in these links :-

"http://www.rvskin.com/index.php?page=public/antispam#1.2"


The reason i ask this is coz the HOW-TO give a warning :-

"We don't test it on cPanel11. If you know EXIM, you can follow below instruction as a guideline. Don't copy it all."

is it safe to go ahead and use it on WHM/Cpanel 11.25 ?
 

mykkal

Well-Known Member
Feb 9, 2007
120
0
166
Atlanta, Georgia, United States
Best practice against the above emails is to ban whole countries!!! (i've talked with all our clients and made sure we aren't banning a country they need) so i came up with: China, Taiwan, Philippines and a few others (i couldn't ban Russia, due to a client but that would is in my TODO list for the future). That cut spam by about 80%, Exim rules cut down spam by 10% and the rest 10% is blocked by SA.
How would I block these countries?
 

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
Simply get a list of IP addresses with subnets for each country you want to ban and add them to your /etc/spammeripblocks

exim will do the rest :)


I've used this site to get country subnets: Country IP Blocks

just select the countries you want from the list on the right side, make sure that "CIDR" is selected and click on the "choose countries" button. Remove the comments and copy/paste the rest into the file I mentioned above.
 

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
spam protection should run on the email server, not the client. A good protection consists of many different layers, so the first layer should be at the MTA level during connection, second layer is RBL checking etc, so on and so forth. Running just a simple spam application on the client is counterproductive and the wrong way to do it.
 

mgwaters

Registered
Aug 9, 2011
1
0
51
Hi There, I'm new to configuring these things. So... where do I set the above rules? smtp_receive_timeout = 1m ?? Thanks, I appreciate your help.