1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Spam Assassin - Deception

Discussion in 'Plesk for Linux - 8.x and Older' started by Torgut, Apr 6, 2006.

  1. Torgut

    Torgut Guest

    0
     
    Yesterday I moved to Plesk 7.5 Reloaded and purchased a Premiere Licence. I had great expectations about Spam Assassin but right now I can only say it sucks, and a lot.

    Only way it seems to stop mail is in level 1; but the, it stops basically all mail. Level 2 let Viagra ads pass easily. Just to mention an example. It didn't stop so far any spam and already received around 20 spam mails in the test account.

    I went to Spam Assassin website and read some docs... amazing how it's painted as the state of art software... gosh... could I plase just add manually blacklisted words? No... nobody seems to know exactly why. It would be much simpler then. I'm realy disapointed with that piece of junk. It's an example how simple things works, complicated mambo-jambo solutions are only full of empty words.
     
  2. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    The default spamassassin works fine. But it can be made much better. Check the spamassassin site and take a look at

    http://wiki.apache.org/spamassassin/HashSharingSystem

    to add DCC, Razor2 and Pyzor checks

    Check http://wiki.apache.org/spamassassin/BayesInSpamAssassin

    to enable Bayes.

    Check http://www.rulesemporium.com/rules.htm
    for some extra rules.

    We are using Spamassassin for years now with much success. We have set the threshold at 5 which gives almost none false positives and keeps 99,8% of the spam out of the inbox.
     
  3. Torgut

    Torgut Guest

    0
     
    Eilko !

    Thank you so much for your help. Yes, you are right. Now it's much better. Only problem I still have is a somewahet erratic behaviour which I couldn't yet understand:

    It looks that sometimes the service is up but not working; restarting the service didn't work, then killed manually the process, restarted the service... etc etc and after a while it started to work. Don't really know exactly the sequence which bring it to life.
     
  4. redprive

    redprive Guest

    0
     
    Hello, eilko, can you help me to configure my spamassassin perfectly?

    I'm rookie in spam fight and I'm learning.

    Can you explain me How I can to add DCC, Razor2 and Pyzor checks in my server and enable Bayes?

    I have readed http://www.rulesemporium.com/rules.htm and I have downloaded this rules for add to /etc/mail/spamassassin/ directory but about DCC, Razor2, Pyzor and Bayes I'm learning in this moment.

    Thankx
     
  5. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    check the links I posted from the spamassassin wiki. This first link has detailed instructions to the DCC, pyzor and razor installations. Follow the serverwide settings.
     
  6. redprive

    redprive Guest

    0
     
    Ok, I'm going to read all this information about instructions to the DCC, pyzor and razor installations.

    But is it a good idea to start now with next options:

    - enable MAPS Zones and add:
    opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org or ¿mail service will be more slowly?

    - Can I download all rules from http://www.rulesemporium.com/rules.htm and save them in /etc/mail/spamassassin/ ?

    Are they a good ideas?

    Thank you
     
  7. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    I don't like maps, it slows down the mail connection and it blocks listed servers. I don't think it is a good thing to block servers for your clients so we have the maps lists in spamassassin so a listed site gets extra points to be tagged as spam.

    you can add extra rules at /etc/mail/spamassassin, make sure you pick the ones for your spamassassin version. some of these rules are incorporated in newer versions of spamassassin.

    after installing run spamassassin -D --lint from command line to check for errors. Then restart the spamassassin deamons.
     
  8. redprive

    redprive Guest

    0
     
  9. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    these rules work fine. I use the following rules:

    70_sare_adult.cf
    70_sare_bayes_poison_nxm.cf
    70_sare_header.cf
    70_sare_html.cf
    70_sare_oem.cf
    70_sare_random.cf
    70_sare_specific.cf
    70_sare_spoof.cf
    70_zmi_german.cf
    72_sare_bml_post25x.cf
    99_sare_fraud_post25x.cf

    Take also a look at rulesdujour, to auto update these rules. See e.g. http://www.exit0.us/index.php?pagename=RulesDuJour
     
  10. redprive

    redprive Guest

    0
     
    My SpamAssassin version is 3.0.4-1.fc3

    This rules works with this version?

    Yesterday I download rulesdujour's script. I will install.

    Thank you very much
     
  11. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    I am using 3.1.0 at the moment but has upgraded recently without making changes to the rules. So the rules should work with 3.0.4
     
  12. redprive

    redprive Guest

    0
     
  13. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    not that I am aware of, some are obsolete others for other versions.

    Add razor, dcc and pyzor to get even better scores.
     
  14. redprive

    redprive Guest

    0
     
    I have comprobated that I haven't installed razor, dcc and pyzor.

    I'm going to start with razor, but before I want to question you if next steps are I need:

    To install the packages that Razor requires , do the following:

    cd $HOME/src
    wget http://unc.dl.sourceforge.net/sourceforge/razor/razor-agents-sdk-2.03.tar.gz
    tar xvzf razor-agents-sdk-2.03.tar.gz
    cd razor-agents-sdk-2.03
    perl Makefile.PL PREFIX=$HOME && make && make install


    To install Razor:

    cd $HOME/src
    wget http://unc.dl.sourceforge.net/sourceforge/razor/razor-agents-2.67.tar.gz
    tar xvzf razor-agents-2.67.tar.gz
    cd razor-agents-2.67
    perl Makefile.PL PREFIX=$HOME && make && make install
    razor-client
    razor-admin -create
    razor-admin -discover
    razor-admin -register



    configure firewall

    Manual says:

    The Razor2 system requires outbound access to servers on tcp port 2703 in general (the servers are, at the moment, on the class C 66.151.150.0/24, but allowing only access to those machines would be too restrictive).

    It also requires outbound access to those servers on tcp port 7.

    Can you say me how I have to configure my firewall for to allow this traffic?

    Thank you very much
     
  15. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    do you restrict outbound traffic with your firewall? most common is to restrict incoming traffic.

    Just install razor and if the razor-admin -discover
    doesn't work you can take a look at the firewall.

    AFter installing razor make sure you move the razor config file (~/.razor2/*) to a place where it can be read by spamassassin. You can add the following lines to your local.cf to make it work:

    use_razor2 1
    razor_timeout 10
    razor_config /etc/mail/spamassassin/razor/razor-agent.conf
     
  16. redprive

    redprive Guest

    0
     
    I have installed razor.

    I have copied razor-agent.conf in /etc/mail/spamassassin/razor

    I have executed razor-admin -discover and I haven't answer.

    Then, that's all right?

    How I can to know if razor is working fine?

    Thank you very much
     
  17. redprive

    redprive Guest

    0
     
    I have installed pyzor & DCC the next way:

    PYZOR:

    python setup.py build
    python setup.py install

    Rights:

    chmod -R a+rX /usr/share/doc/pyzor \
    /usr/lib/python2.3/site-packages/pyzor \
    /usr/bin/pyzor /usr/bin/pyzord
    DCC

    cd /tmp/spam
    wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
    tar -xvf dcc.tar.tar
    cd dcc-1.3.31
    ./configure
    make
    make install

    and I have modified local.cf and I have added next lines:

    #razor
    use_razor2 1
    razor_timeout 10
    razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

    #dcc
    use_dcc 1

    dcc_path /usr/local/bin/dccproc

    dcc_add_header 1

    dcc_dccifd_path /usr/sbin/dccifd

    #pyzor
    use_pyzor 1
    pyzor_path /usr/bin/pyzor
    pyzor_add_header 1
    pyzor_options --homedir /etc/mail/spamassassin


    Do you think that I have razor,pyzor and DCC working fine?

    Thank you very much
     
  18. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    run spamassassin --lint -D from command line to check if DCC, Razor and Pyzor are used.
     
  19. redprive

    redprive Guest

    0
     
    I have do it. Results are in attach file.

    In this file I write you steps that I have started.

    Do you think is it all right?

    Thank you very much
     
  20. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    you can not attach files here. just copy & paste the output
     
Loading...