How to improve SpamAssassin performance.

[Netcontac]

Hi,


Do you know how to make more efficient SpamAssassin without server overloading?

I set spamd processes to 1 (The default suggested) and Score to 2.0 (A smaller number is more strict as I understood), I also had work with the learning feature for a few days, however, it is not filtering between the 10 to 20 percent of Spam, I have not get false positives yet. This is less accurate by far than Thunderbird e-mail client.

Greetings

 

[atomicturtle]

Make sure youre using the local DNS server first in /etc/resolv.conf:

nameserver 127.0.0.1

2.0 is probably overly aggressive for tagging spam, I use 4.0 myself. For improvements on overall spam detection I'd also add razor, dcc and pyzor to the system, and if you can afford the occational delayed message, add in greylisting.

If you're running a CentOS/RHEL/Fedora system, Ive got all of these components in my yum archive, which you can add with:

wget -q -O - http://www.atomicorp.com/installers/atomic.sh |sh

To install razor, dcc, and pyzor:
yum install razor-agents dcc pyzor
service spamassassin restart

To install greylisting:
yum install qgreylist
service xinetd restart

 

[Netcontac]

Thank you atomic turtle,

I wonder if you could give any information about "razor, dcc, and pyzor".

After realizing you are good with SPAM. Can you give some references to me about the way that mailbox users could configure their black/white lists and manage the SpamAssassin learning process from Horde?

Regards

 

[atomicturtle]

Those are shared spam signature databases, razor is made by Cloudmark, pyzor is open source, dcc is the distributed-checksum clearing house.

Horde uses imap, so for my users (who use imap), I have Spam and Ham folders, and a cron job that runs sa-learn every night against them in cron.

 

[Netcontac]

What maintenance do those signature databases require after installation? Do they need to be updated manually?

If I understood your IMAP solution, the user puts undesirable e-mails in SPAM and false positives in HAM, then by night you process them. Am I right? But what about the White/Black lists of Horde? Can they be processed to?

About Plesk White/Black lists. Do you know if IP addresses can be added instead of domains (Maybe in a special format?

Thank you

 

[atomicturtle]

No maintenance required, these are community maintained systems, with thousands of contributors.

You could write something to process the messages for From lines and add them to the spamassassin blacklist. Ive never done that myself, doesn't horde already have a white/blacklist function in it though? I dont use it myself.

You can blacklist IP's through the plesk interface, under Mail in the server section.

 

[Netcontac]

Thank you very much. I will try your signatures.

It would be good having a plug-in allowing horde to manage SPAM as well as it is now with Plesk. Until now I had found a few cPanel compatible but not for Plesk.

Greetings

 

[Netcontac]

Here I am again.

I found more SpamAssassin plug-ins:

SPF (Sender Policy Framework)
FuzzyOCR
TextCat

I would like to know your opinion.

I learned about the OCR recognition in SPAM appliances, but I am not sure about the amount of resources if may use.

I did not find what is for TextCat.

Finally, the SPF looks to me interesting, in fact, I configured my DNS supporting it, however, I am not sure how it may work with my mail server.

Best Regards

 

[atomicturtle]

SPF is already in there, FuzzyOCR is neat. Its not too bad on the CPU, you just want to keep an eye on the max connections you allow.

 

[Netcontac]

I will make a poll with my users to see if they are having problems with SPAM images to install or not FuzzyOCR, aparentely it is not a concern yet.

Changing subject, I tried the White list of Server-wide mail preferences but I have not been able to make it work. E-mails sent from one domain of another in same Web server are frequently labeled as SPAM.

I do not know if I make something wrong defining the IPs. There was a default setting 127.0.0.0 / 8. If I enter an IP, as 1.1.1.1, Plesk adds 32: 1.1.1.1 / 32

I register all my IPs including 127.0.0.1 / 32 , the ISP even delete 127.0.0.0 / 8 but it does not work.

Any idea?

Best regards

 

[atomicturtle]

Id look at what tests are tagging things from it as spam, and get to the bottem of the root cause before whitelisting. If its because they're on an RBL or something, downstream SA's will pick that up and also mark it as spam.

 

[flupke]

Originally posted by Netcontac
Hi,


Do you know how to make more efficient SpamAssassin without server overloading?

I set spamd processes to 1 (The default suggested) and Score to 2.0 (A smaller number is more strict as I understood), I also had work with the learning feature for a few days, however, it is not filtering between the 10 to 20 percent of Spam, I have not get false positives yet. This is less accurate by far than Thunderbird e-mail client.

Greetings

2 is pretty aggressive, we use value around 4, below we had emails sent by ourselves (hosting co.) considered a Spam! 4 blocks about 70% of the spams but I notice that with the time the filter is getting less and less effective, as example those new PDF spams get through.

Am also looking for plug in.

 

[Netcontac]

AtomicTurtle,

During this days I made tests confirming what you wrote, SA takes e-mails before consider the system white list.

This makes me wonder what the Server-wide mail preferences white list is for, but most important, Shall I have to write in the SA white list all the domains in the server? Is there a way to make it hiden to the users?

My ISP tried @127.0.0.1 at the SA white list but I am not sure SA uses IPs as it does with domains.

Greetings

 

[atomicturtle]

What tests are tagging the mail as spam?

 

[Netcontac]

Hi,

I made tests between the domains in the server, trying different configurations. None of them worked.

Here is my ISP answer after consulting SW-soft:

"Unfortunately there is no way to mark all local domains be automatically white-listed. You need to add them into SA white list manually as *@domain1, *@domain2, etc.."

I got some conclusions:
1. It is clear Plesk does not support SpamAssassin well.
2. It is not cost effective to set each domain, subdomain and alias domain in the white list of the server.
3. It is not a good business practice to show all the domains in the server to every client. Specially because there are not a domain level control, making server wide all the settings.
4. If white/black lists can not work with the components included in Plesk, they are useless and must be fixed or removed.
5. It does not worth the time trying that Plesk makes something it was not made for, it seems more productive to buy an specialized add-on from an specialized vendor as 4PSA Spam Guardian may be.

Greetings

 

[atomicturtle]

4PSA spam guardian is spamassassin. Its nothing different than what PSA already has, just a different GUI.

When I say tests, I mean the tests that Spamassassin uses on the message. There are hundreds of them, each contributing to the score that either marks a message as good or bad. Some of those tests, for whatever reason, are flagging your messages as spam.

The issue here that you want to avoid is that anyone running spamassassin (a lot!) could also flag your mail as spam. Which is why you need to know why your messages are being flagged. Whitelisting on your server wont do anything to keep other systems out there from throwing mail away from your server as spam.

 

[Netcontac]

Hi,

I agree with you, SpamAssassin is good.

Plesk is the problem, because its Server-wide mail preferences does not work with its Spam filter.

I did not say it, SW-soft did. May be some day they fix it.

Until that, those with the need to manage SPAM in an Enterprise environment as me, shall look for another product.

I had just found 4PSA spam guardian, please let me know which do you prefer.

Greetings

 

[sebastian_md]

Make sure youre using the local DNS server first in /etc/resolv.conf:

To install razor, dcc, and pyzor:
yum install razor-agents dcc pyzor
service spamassassin restart

Hello,

I've installed these but I have errors in log file.

Mar 26 14:00:31 mail spamd[15618]: mkdir /var/qmail/mailnames///.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8
/Mail/SpamAssassin.pm line 1491
Mar 26 14:00:31 mail spamd[15618]: locker: safe_lock: cannot create tmp lockfile /var/qmail/mailnames///.spamassassin/auto-whitelist
.lock.mail.XXXX.XX.15618 for /var/qmail/mailnames///.spamassassin/auto-whitelist.lock: No such file or directory
Mar 26 14:00:31 mail spamd[15618]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile
/var/qmail/mailnames///.spamassassin/auto-whitelist.lock.mail.smartex.ro.15618 for /var/qmail/mailnames///.spamassassin/auto-whitel
ist.lock: No such file or directory
Mar 26 14:00:31 mail spamd[15618]: bayes: locker: safe_lock: cannot create tmp lockfile /var/qmail/.spamassassin/bayes.lock.mail.sma
rtex.ro.15618 for /var/qmail/.spamassassin/bayes.lock: Permission denied
Mar 26 14:00:31 mail spamd[15618]: spamd: clean message (0.3/4.0) for qscand:110 in 4.0 seconds, 28816 bytes.
Mar 26 14:00:31 mail spamd[15618]: spamd: result: . 0 - HTML_FONT_BIG,HTML_MESSAGE,MIME_HTML_ONLY scantime=4.0,size=28816,user=qscan
d,uid=110,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<818827394.2964320.1269604830244.JavaMai
[email protected]>,autolearn=failed
Mar 26 14:00:31 mail spamd[15615]: prefork: child states: II

I suppose some config files are not created and some permission problems but I want to ask you before messing something

thank you for your help,
Seb