• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SpamAssassin rules - FIGHT SPAM

M

matija

Guest
Spam is something we all have to deal with on our servers everyday... And although default SpamAssassin rules help a bit, they're not enough to fight spam efficiently...
So, I started browsing this forum in search for additional dose of help so I can finally, one day, open my mailbox spam-free :)

First, here's the list of MAPS zones which greatly help reducing spam:
opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org
(Copy/paste this list into Plesk Control Panel -> Server -> Mail -> Enable MAPS spam protection -> MAPS zones)

Secondly, as lots of people complain how SpamAssassin doesn't learn at all, and manual learning process can be pain in the *** if you have more than 1 postoffice, try using custom rules found at http://www.rulesemporium.com/rules.htm.
It's much more efficient (faster) than training SpamAssassin manually for each postoffice... Just watch out that they're compatible with version 2.64
 
Thanks for sharing this info, I'm also trying to reduce spam on my server, I've enabled some reverse dns blacklists and SPF, so far, but I still get about 20 spam messages a day in my email box.

I dont have a lot of experience with spamassassin though, i just have it enabled with "Hits required for spam=7" and some whitelists.

How do I add/install these new rules into my windows spamassassin setup. I run plesk 7.5.6 for Windows (SpamAssassin 2.64)

I noticed that SA rules are in the "C:\Program Files\SWsoft\Plesk\Additional\SpamAssassin\rules" folder but I didn't find any docs on how to add new rules. Do I just copy these new rules into this folder? do i need to do anything else? is there a way to schedule updates for these rules on windows?

Thanks in Advance
 
Finally got them to work:

I tried 1st placing the rules in the path:
"C:\Program Files\SWsoft\Plesk\Additional\Perl\site\etc\mail\spamassassin"
and they didn't seem to work, then I placed them in
"C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin"
and they finally worked.
 
also added a couple more maps zones, I will let you know how it goes:

opm.blitzed.org;rbl-plus.mail-abuse.org;bl.spamcop.net;relays.ordb.org;sbl.spamhaus.org;KR.rbl.cluecentral.net;BR.rbl.cluecentral.net;blackholes.mail-abuse.org;cbl.abuseat.org;xbl.spamhaus.org;list.dsbl.org;dul.dnsbl.sorbs.net
 
How has this worked out for you? What rules did you opt for? I am currently using the following MAPS:

sbl-xbl.spamhaus.org
bl.spamcop.net
relays.ordb.org
dnsbl.net.au
list.dsbl.org
dnsbl.sorbs.net
rhsbl.ahbl.org
cbl.abuseat.org
spamsources.fabel.dk
blackholes.mail-abuse.org
BR.rbl.cluecentral.net
opm.blitzed.org
rbl-plus.mail-abuse.org

but I am still receiving a lot of SPAM not marked. There is no install for these rules? I just need to download them into the proper directories and they will start working with out a restart? Will these just mark the emails as SPAM or will they be rejected?

Also do you have them updating every day. If so how did you implement this?

Thanks
 
Originally posted by rcampbell
There is no install for these rules? I just need to download them into the proper directories and they will update themselves?
Click to expand...
Save the rules manually ("Save as..." within browser) to "%plesk_dir%\Additional\Perl\site\share\spamassassin"
(Although, I've put them in every folder that contained SA rules)

Will these just mark the emails as SPAM or will they be rejected?
Click to expand...
AFAIK, it'll mark them as spam... It's up to your users to choose whether delete it automatically or to add *****SPAM***** to title.
 
I have setup

70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
70_sare_evilnum0.cf
70_sare_html0.cf
70_sare_html1.cf
70_sare_oem.cf
70_sare_specific.cf
70_sare_spoof.cf
70_sare_unsub.cf
70_sare_whitelist_pre30.cf

and have restarted my spam assassin service. So far so good. Would you recommend any other rules or not recommend some?
Now what about auto updates? how is this implementsed on the windows machines. Everything I saw looks like linux? Is it something you can walk me through or know of a how-to ?
 
Basically, this is it... I have downloaded 90% of rules from that website, don't remember which ones.
SWsoft said something about widening SpamAssassin options in next version of Plesk, so I hope we could setup these rules from GUI in the future... I don't know how to setup auto-updates, just hope they enable it via Plesk.
 
this link takes me to linux only. I am looking for windows support on how to auto update the rules.
 
This its what I did

for the Auto update of the SARE rules on windows I solved it with a quick a dirty solution, i havent tested it thoroughly, I'm open to any suggestions.



1- I downloaded a copy of wget .exe for windows and intalled in the winnt/system (any folder in the system path would work)
2- I created a batch file on c:\ called sareupdate.bat

it contains this (NOTE: the full paths to the www.rulesemporium.com rules need to be corrected for the items with the ..., the Forum script its chopping the text because its too long.

Code: 
cd C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin\
wget -N [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x31.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu2.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_obfu_x31.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_oem.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_random.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_specific.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_spoof.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_unsub.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri2.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_uri_x31.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/70_sare_whitelist_pre30.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf[/url]
wget -N [url]http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf[/url]
exit

3- I added en entry on the plesk scheduler for "c:\sareupdate.bat" once a day.
 
here a sample of the output i've been getting when it runs (i can't post the whole output because the message its too long).

Code: 
C:\WINNT\system32>cd C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin\ 

C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url] 
--05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_adult.cf[/url]
           => `70_sare_adult.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,854 [text/plain]
Server file no newer than local file `70_sare_adult.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url] 
--05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf[/url]
           => `70_sare_bayes_poison_nxm.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,839 [text/plain]
Server file no newer than local file `70_sare_bayes_poison_nxm.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url] 
--05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_evilnum0.cf[/url]
           => `70_sare_evilnum0.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24,298 [text/plain]
Server file no newer than local file `70_sare_evilnum0.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url] 
--05:00:00--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf[/url]
           => `70_sare_genlsubj0.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45,933 [text/plain]
Server file no newer than local file `70_sare_genlsubj0.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf[/url]
           => `70_sare_genlsubj2.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17,533 [text/plain]
Server file no newer than local file `70_sare_genlsubj2.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf[/url]
           => `70_sare_genlsubj_x30.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4,295 [text/plain]
Server file no newer than local file `70_sare_genlsubj_x30.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header0.cf[/url]
           => `70_sare_header0.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 118,966 [text/plain]
Server file no newer than local file `70_sare_header0.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header2.cf[/url]
           => `70_sare_header2.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 69,870 [text/plain]
Server file no newer than local file `70_sare_header2.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header_x30.cf[/url]
           => `70_sare_header_x30.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6,422 [text/plain]
Server file no newer than local file `70_sare_header_x30.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url] 
--05:00:01--  [url]http://www.rulesemporium.com/rules/70_sare_header_x31.cf[/url]
           => `70_sare_header_x31.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5,087 [text/plain]
Server file no newer than local file `70_sare_header_x31.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url] 
--05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html0.cf[/url]
           => `70_sare_html0.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 32,286 [text/plain]
Server file no newer than local file `70_sare_html0.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url] 
--05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html2.cf[/url]
           => `70_sare_html2.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7,866 [text/plain]
Server file no newer than local file `70_sare_html2.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url] 
--05:00:02--  [url]http://www.rulesemporium.com/rules/70_sare_html_x30.cf[/url]
           => `70_sare_html_x30.cf'
Resolving [url]www.rulesemporium.com...[/url] 38.99.66.94
Connecting to [url]www.rulesemporium.com[/url][38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,780 [text/plain]
Server file no newer than local file `70_sare_html_x30.cf' -- not retrieving.


C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>exit

I'm not even sure it works since the rules haven't been updated yet. the -N option in wget its supposed to download an update only in the SARE files are newer that the ones o nthe server.

These SARE rules are working 100% for me on plesk 7.5.6 with the default components (Spamassassin 2.64)

Let me know if you have any feedback or suggestions
 
Copy/paste from rulesemporium.com:
Download Policy: You can download each and every ruleset once per 24 hour period per IP address. If you try to download the rulesets too often, you will receive an error message. If you are downloading rulesets from many locations behind a proxy, please set up your own ruleset repository for your clients. Again: One single download of every file per 24 hours per IP address.
 
aye, I read that, that's why I set my batch file run once a day via the plesk scheduler.

3- I added en entry on the plesk scheduler for "c:\sareupdate.bat" once a day.
Click to expand...

actually wget doesn't download the file unless its newer than the ones I have on the server, so its even better.
 
well, the script has been running every night as scheduled

it seem like the people at SARE hasn't updated their rules yet, since i get this response in the logs

C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin>wget -N http://www.rulesemporium.com/rules/70_sare_adult.cf
--05:00:00-- http://www.rulesemporium.com/rules/70_sare_adult.cf
=> `70_sare_adult.cf'
Resolving www.rulesemporium.com... 38.99.66.94
Connecting to www.rulesemporium.com[38.99.66.94]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,854 [text/plain]
Server file no newer than local file `70_sare_adult.cf' -- not retrieving.
Click to expand...

all the SARE rule files i have in my server are dated january, 8th 2006 (the date I 1st downloaded them)

Thanks again for pointing these great rules to us
 
Howdy Guys,

Thanks for the very comprehensive thread. This info has been quite relevent and timely to me.

Sweet work on the batch file atinoco. I'm about to implement that one now.

As for the setting of whether to mark the spam, or to just delete it immediately - where does it go if you delete it? Ideally, it would end up in the "trash" of the horde web mail client, which would allow my customers to check their web mail once per week just to ensure they didn't lose anything they really should have retained.

Glad to see someone else is using Plesk for Windows atinoco. I might have to keep your details on hand!

I'll keep you guys posted of my updates if I have anything relevent to add.

Cheers,
Scoota
 
First hurdle I came across was that I needed to execute the batch file from the "C:\Program Files\SWsoft\Plesk\Additional\Perl\site\share\spamassassin".

I also found that wget would not execute unless it was in the same directory as the batch file (so everything's in the spamassassin directory).

Any reason why an exe and a batch file shouldn't exist in the spamassassin directory? I certainly hope not ;-)

And before you ask, yes, I dropped wget into the C:\Windows\System directory. But, I have not restarted. That may make the difference?

Shame we can't restart the SpamAssassin service using a scheduled task. Any ideas? I'm not that familiar with Plesk, but I had a look in Services under Computer Management and found no joy.

Thanks again!
 
You must log in or register to reply here.

Similar threads

S
Webmail not working, When i enable MAPS Zones
Replies
1
Views
2K
jwdick
J
W
Anti-SPAM Filters Work Less in 8.0?
Replies
3
Views
3K
benc@
B
O
Spam MAPS Zone
Replies
7
Views
4K
trec
T
J
Spam after Upgrade
Replies
0
Views
2K
jaime
J
J
Spam filtering disabled all Mail! - Please Help!
Replies
0
Views
2K
JackF
J
Back
Top