1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

SpamAssassin rules - FIGHT SPAM

Discussion in 'Plesk for Windows - 8.x and Older' started by matija, Jan 6, 2006.

  1. matija

    matija Guest

    0
     
    Spam is something we all have to deal with on our servers everyday... And although default SpamAssassin rules help a bit, they're not enough to fight spam efficiently...
    So, I started browsing this forum in search for additional dose of help so I can finally, one day, open my mailbox spam-free :)

    First, here's the list of MAPS zones which greatly help reducing spam:
    opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org
    (Copy/paste this list into Plesk Control Panel -> Server -> Mail -> Enable MAPS spam protection -> MAPS zones)

    Secondly, as lots of people complain how SpamAssassin doesn't learn at all, and manual learning process can be pain in the *** if you have more than 1 postoffice, try using custom rules found at http://www.rulesemporium.com/rules.htm.
    It's much more efficient (faster) than training SpamAssassin manually for each postoffice... Just watch out that they're compatible with version 2.64
     
  2. atinoco

    atinoco Guest

    0
     
    Thanks for sharing this info, I'm also trying to reduce spam on my server, I've enabled some reverse dns blacklists and SPF, so far, but I still get about 20 spam messages a day in my email box.

    I dont have a lot of experience with spamassassin though, i just have it enabled with "Hits required for spam=7" and some whitelists.

    How do I add/install these new rules into my windows spamassassin setup. I run plesk 7.5.6 for Windows (SpamAssassin 2.64)

    I noticed that SA rules are in the "C:\Program Files\SWsoft\Plesk\Additional\SpamAssassin\rules" folder but I didn't find any docs on how to add new rules. Do I just copy these new rules into this folder? do i need to do anything else? is there a way to schedule updates for these rules on windows?

    Thanks in Advance
     
  3. atinoco

    atinoco Guest

    0
     
    Finally got them to work:

    I tried 1st placing the rules in the path:
    "C:\Program Files\SWsoft\Plesk\Additional\Perl\site\etc\mail\spamassassin"
    and they didn't seem to work, then I placed them in
    "C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin"
    and they finally worked.
     
  4. atinoco

    atinoco Guest

    0
     
    also added a couple more maps zones, I will let you know how it goes:

    opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org;list.dsbl.org;dul.dnsbl.sorbs.net
     
  5. rcampbell

    rcampbell Guest

    0
     
    How has this worked out for you? What rules did you opt for? I am currently using the following MAPS:

    sbl-xbl.spamhaus.org
    bl.spamcop.net
    relays.ordb.org
    dnsbl.net.au
    list.dsbl.org
    dnsbl.sorbs.net
    rhsbl.ahbl.org
    cbl.abuseat.org
    spamsources.fabel.dk
    blackholes.mail-abuse.org
    BR.rbl.cluecentral.net
    opm.blitzed.org
    rbl-plus.mail-abuse.org

    but I am still receiving a lot of SPAM not marked. There is no install for these rules? I just need to download them into the proper directories and they will start working with out a restart? Will these just mark the emails as SPAM or will they be rejected?

    Also do you have them updating every day. If so how did you implement this?

    Thanks
     
  6. matija

    matija Guest

    0
     
    Save the rules manually ("Save as..." within browser) to "%plesk_dir%\Additional\Perl\site\share\spamassassin"
    (Although, I've put them in every folder that contained SA rules)

    AFAIK, it'll mark them as spam... It's up to your users to choose whether delete it automatically or to add *****SPAM***** to title.
     
  7. rcampbell

    rcampbell Guest

    0
     
    I have setup

    70_sare_adult.cf
    70_sare_bayes_poison_nxm.cf
    70_sare_evilnum0.cf
    70_sare_html0.cf
    70_sare_html1.cf
    70_sare_oem.cf
    70_sare_specific.cf
    70_sare_spoof.cf
    70_sare_unsub.cf
    70_sare_whitelist_pre30.cf

    and have restarted my spam assassin service. So far so good. Would you recommend any other rules or not recommend some?
    Now what about auto updates? how is this implementsed on the windows machines. Everything I saw looks like linux? Is it something you can walk me through or know of a how-to ?
     
  8. matija

    matija Guest

    0
     
    Basically, this is it... I have downloaded 90% of rules from that website, don't remember which ones.
    SWsoft said something about widening SpamAssassin options in next version of Plesk, so I hope we could setup these rules from GUI in the future... I don't know how to setup auto-updates, just hope they enable it via Plesk.
     
  9. rcampbell

    rcampbell Guest

    0
     
    this link takes me to linux only. I am looking for windows support on how to auto update the rules.
     
  10. matija

    matija Guest

    0
     
    Why do you advertise this forum in every single thread when it has nothing to do w/ Plesk for Windows?
     
  11. atinoco

    atinoco Guest

    0
     
    This its what I did

    for the Auto update of the SARE rules on windows I solved it with a quick a dirty solution, i havent tested it thoroughly, I'm open to any suggestions.



    1- I downloaded a copy of wget .exe for windows and intalled in the winnt/system (any folder in the system path would work)
    2- I created a batch file on c:\ called sareupdate.bat

    it contains this (NOTE: the full paths to the www.rulesemporium.com rules need to be corrected for the items with the ..., the Forum script its chopping the text because its too long.

    Code:
    cd C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin\
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x31.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu2.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu_x31.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_oem.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_random.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_specific.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_spoof.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_unsub.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri2.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri_x31.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/70_sare_whitelist_pre30.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf[/url]
    wget -N [url]http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf[/url]
    exit
    
    3- I added en entry on the plesk scheduler for "c:\sareupdate.bat" once a day.
     
  12. atinoco

    atinoco Guest

    0
     
    here a sample of the output i've been getting when it runs (i can't post the whole output because the message its too long).

    Code:
    C:\WINNT\system32>cd C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin\ 
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url] 
    --05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url]
               => `70_sare_adult.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 31,854 [text/plain]
    Server file no newer than local file `70_sare_adult.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url] 
    --05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url]
               => `70_sare_bayes_poison_nxm.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 3,839 [text/plain]
    Server file no newer than local file `70_sare_bayes_poison_nxm.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url] 
    --05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url]
               => `70_sare_evilnum0.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 24,298 [text/plain]
    Server file no newer than local file `70_sare_evilnum0.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url] 
    --05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url]
               => `70_sare_genlsubj0.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 45,933 [text/plain]
    Server file no newer than local file `70_sare_genlsubj0.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url]
               => `70_sare_genlsubj2.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 17,533 [text/plain]
    Server file no newer than local file `70_sare_genlsubj2.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url]
               => `70_sare_genlsubj_x30.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 4,295 [text/plain]
    Server file no newer than local file `70_sare_genlsubj_x30.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url]
               => `70_sare_header0.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 118,966 [text/plain]
    Server file no newer than local file `70_sare_header0.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url]
               => `70_sare_header2.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 69,870 [text/plain]
    Server file no newer than local file `70_sare_header2.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url]
               => `70_sare_header_x30.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 6,422 [text/plain]
    Server file no newer than local file `70_sare_header_x30.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url] 
    --05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url]
               => `70_sare_header_x31.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 5,087 [text/plain]
    Server file no newer than local file `70_sare_header_x31.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url] 
    --05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url]
               => `70_sare_html0.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 32,286 [text/plain]
    Server file no newer than local file `70_sare_html0.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url] 
    --05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url]
               => `70_sare_html2.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7,866 [text/plain]
    Server file no newer than local file `70_sare_html2.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url] 
    --05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url]
               => `70_sare_html_x30.cf'
    Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
    Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2,780 [text/plain]
    Server file no newer than local file `70_sare_html_x30.cf' -- not retrieving.
    
    
    C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>exit
    
    I'm not even sure it works since the rules haven't been updated yet. the -N option in wget its supposed to download an update only in the SARE files are newer that the ones o nthe server.

    These SARE rules are working 100% for me on plesk 7.5.6 with the default components (Spamassassin 2.64)

    Let me know if you have any feedback or suggestions
     
  13. matija

    matija Guest

    0
     
    Copy/paste from rulesemporium.com:
    Download Policy: You can download each and every ruleset once per 24 hour period per IP address. If you try to download the rulesets too often, you will receive an error message. If you are downloading rulesets from many locations behind a proxy, please set up your own ruleset repository for your clients. Again: One single download of every file per 24 hours per IP address.
     
  14. atinoco

    atinoco Guest

    0
     
    aye, I read that, that's why I set my batch file run once a day via the plesk scheduler.

    actually wget doesn't download the file unless its newer than the ones I have on the server, so its even better.
     
  15. matija

    matija Guest

    0
     
    Did you make your custom scheduler to work eventually?
     
  16. atinoco

    atinoco Guest

    0
     
    well, the script has been running every night as scheduled

    it seem like the people at SARE hasn't updated their rules yet, since i get this response in the logs

    all the SARE rule files i have in my server are dated january, 8th 2006 (the date I 1st downloaded them)

    Thanks again for pointing these great rules to us
     
  17. scootabug

    scootabug Guest

    0
     
    Howdy Guys,

    Thanks for the very comprehensive thread. This info has been quite relevent and timely to me.

    Sweet work on the batch file atinoco. I'm about to implement that one now.

    As for the setting of whether to mark the spam, or to just delete it immediately - where does it go if you delete it? Ideally, it would end up in the "trash" of the horde web mail client, which would allow my customers to check their web mail once per week just to ensure they didn't lose anything they really should have retained.

    Glad to see someone else is using Plesk for Windows atinoco. I might have to keep your details on hand!

    I'll keep you guys posted of my updates if I have anything relevent to add.

    Cheers,
    Scoota
     
  18. scootabug

    scootabug Guest

    0
     
    First hurdle I came across was that I needed to execute the batch file from the "C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin".

    I also found that wget would not execute unless it was in the same directory as the batch file (so everything's in the spamassassin directory).

    Any reason why an exe and a batch file shouldn't exist in the spamassassin directory? I certainly hope not ;-)

    And before you ask, yes, I dropped wget into the C:\Windows\System directory. But, I have not restarted. That may make the difference?

    Shame we can't restart the SpamAssassin service using a scheduled task. Any ideas? I'm not that familiar with Plesk, but I had a look in Services under Computer Management and found no joy.

    Thanks again!
     
  19. kiwi@

    kiwi@ Guest

    0
     
    What is the optimum value for "Hits Required for Spam"?:eek:
     
  20. matija

    matija Guest

    0
     
Loading...