Spam Assassin - Deception

[Torgut]

Yesterday I moved to Plesk 7.5 Reloaded and purchased a Premiere Licence. I had great expectations about Spam Assassin but right now I can only say it sucks, and a lot.

Only way it seems to stop mail is in level 1; but the, it stops basically all mail. Level 2 let Viagra ads pass easily. Just to mention an example. It didn't stop so far any spam and already received around 20 spam mails in the test account.

I went to Spam Assassin website and read some docs... amazing how it's painted as the state of art software... gosh... could I plase just add manually blacklisted words? No... nobody seems to know exactly why. It would be much simpler then. I'm realy disapointed with that piece of junk. It's an example how simple things works, complicated mambo-jambo solutions are only full of empty words.

 

[eilko]

The default spamassassin works fine. But it can be made much better. Check the spamassassin site and take a look at

http://wiki.apache.org/spamassassin/HashSharingSystem

to add DCC, Razor2 and Pyzor checks

Check http://wiki.apache.org/spamassassin/BayesInSpamAssassin

to enable Bayes.

Check http://www.rulesemporium.com/rules.htm
for some extra rules.

We are using Spamassassin for years now with much success. We have set the threshold at 5 which gives almost none false positives and keeps 99,8% of the spam out of the inbox.

 

[Torgut]

Eilko !

Thank you so much for your help. Yes, you are right. Now it's much better. Only problem I still have is a somewahet erratic behaviour which I couldn't yet understand:

It looks that sometimes the service is up but not working; restarting the service didn't work, then killed manually the process, restarted the service... etc etc and after a while it started to work. Don't really know exactly the sequence which bring it to life.

 

[redprive]

Hello, eilko, can you help me to configure my spamassassin perfectly?

I'm rookie in spam fight and I'm learning.

Can you explain me How I can to add DCC, Razor2 and Pyzor checks in my server and enable Bayes?

I have readed http://www.rulesemporium.com/rules.htm and I have downloaded this rules for add to /etc/mail/spamassassin/ directory but about DCC, Razor2, Pyzor and Bayes I'm learning in this moment.

Thankx

 

[eilko]

check the links I posted from the spamassassin wiki. This first link has detailed instructions to the DCC, pyzor and razor installations. Follow the serverwide settings.

 

[redprive]

Ok, I'm going to read all this information about instructions to the DCC, pyzor and razor installations.

But is it a good idea to start now with next options:

- enable MAPS Zones and add:
opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org or ¿mail service will be more slowly?

- Can I download all rules from http://www.rulesemporium.com/rules.htm and save them in /etc/mail/spamassassin/ ?

Are they a good ideas?

Thank you

 

[eilko]

I don't like maps, it slows down the mail connection and it blocks listed servers. I don't think it is a good thing to block servers for your clients so we have the maps lists in spamassassin so a listed site gets extra points to be tagged as spam.

you can add extra rules at /etc/mail/spamassassin, make sure you pick the ones for your spamassassin version. some of these rules are incorporated in newer versions of spamassassin.

after installing run spamassassin -D --lint from command line to check for errors. Then restart the spamassassin deamons.

 

[redprive]

Ok, I don't utilize maps.

About add rules, with http://www.rulesemporium.com/rules.htm I have enought?

Do you recommended any link for download rules?

Thank you

 

[eilko]

these rules work fine. I use the following rules:

70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
70_sare_header.cf
70_sare_html.cf
70_sare_oem.cf
70_sare_random.cf
70_sare_specific.cf
70_sare_spoof.cf
70_zmi_german.cf
72_sare_bml_post25x.cf
99_sare_fraud_post25x.cf

Take also a look at rulesdujour, to auto update these rules. See e.g. http://www.exit0.us/index.php?pagename=RulesDuJour

 

[redprive]

My SpamAssassin version is 3.0.4-1.fc3

This rules works with this version?

Yesterday I download rulesdujour's script. I will install.

Thank you very much

 

[eilko]

I am using 3.1.0 at the moment but has upgraded recently without making changes to the rules. So the rules should work with 3.0.4

 

[redprive]

Ok, I have add this rules in my server and I have stopped and started spamassassin service.

Other more rules in http://www.rulesemporium.com/rules.htm aren't interesting?

 

[eilko]

not that I am aware of, some are obsolete others for other versions.

Add razor, dcc and pyzor to get even better scores.

 

[redprive]

I have comprobated that I haven't installed razor, dcc and pyzor.

I'm going to start with razor, but before I want to question you if next steps are I need:

To install the packages that Razor requires , do the following:

cd $HOME/src
wget http://unc.dl.sourceforge.net/sourceforge/razor/razor-agents-sdk-2.03.tar.gz
tar xvzf razor-agents-sdk-2.03.tar.gz
cd razor-agents-sdk-2.03
perl Makefile.PL PREFIX=$HOME && make && make install


To install Razor:

cd $HOME/src
wget http://unc.dl.sourceforge.net/sourceforge/razor/razor-agents-2.67.tar.gz
tar xvzf razor-agents-2.67.tar.gz
cd razor-agents-2.67
perl Makefile.PL PREFIX=$HOME && make && make install
razor-client
razor-admin -create
razor-admin -discover
razor-admin -register



configure firewall

Manual says:

The Razor2 system requires outbound access to servers on tcp port 2703 in general (the servers are, at the moment, on the class C 66.151.150.0/24, but allowing only access to those machines would be too restrictive).

It also requires outbound access to those servers on tcp port 7.

Can you say me how I have to configure my firewall for to allow this traffic?

Thank you very much

 

[eilko]

do you restrict outbound traffic with your firewall? most common is to restrict incoming traffic.

Just install razor and if the razor-admin -discover
doesn't work you can take a look at the firewall.

AFter installing razor make sure you move the razor config file (~/.razor2/*) to a place where it can be read by spamassassin. You can add the following lines to your local.cf to make it work:

use_razor2 1
razor_timeout 10
razor_config /etc/mail/spamassassin/razor/razor-agent.conf

 

[redprive]

I have installed razor.

I have copied razor-agent.conf in /etc/mail/spamassassin/razor

I have executed razor-admin -discover and I haven't answer.

Then, that's all right?

How I can to know if razor is working fine?

Thank you very much

 

[redprive]

I have installed pyzor & DCC the next way:

PYZOR:

python setup.py build
python setup.py install

Rights:

chmod -R a+rX /usr/share/doc/pyzor \
/usr/lib/python2.3/site-packages/pyzor \
/usr/bin/pyzor /usr/bin/pyzord
DCC

cd /tmp/spam
wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar -xvf dcc.tar.tar
cd dcc-1.3.31
./configure
make
make install

and I have modified local.cf and I have added next lines:

#razor
use_razor2 1
razor_timeout 10
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

#dcc
use_dcc 1

dcc_path /usr/local/bin/dccproc

dcc_add_header 1

dcc_dccifd_path /usr/sbin/dccifd

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1
pyzor_options --homedir /etc/mail/spamassassin


Do you think that I have razor,pyzor and DCC working fine?

Thank you very much

 

[eilko]

run spamassassin --lint -D from command line to check if DCC, Razor and Pyzor are used.

 

[redprive]

I have do it. Results are in attach file.

In this file I write you steps that I have started.

Do you think is it all right?

Thank you very much

 

[eilko]

you can not attach files here. just copy & paste the output