If you can give me some recommendation, you're welcome
(Jason ?)
best regards
Full Version: SpammAssasin
Hello, do you have some link to a basic user manual for config spammassasin in the cpanel ? I'm interested in it, I go to http://spamassassin.apache.org/doc.html, but i can't find a a good basic tutorial for the end user. (And server side mail filtering is a complete new world for me.)
If you can give me some recommendation, you're welcome
(Jason ?)
best regards
If you can give me some recommendation, you're welcome
(Jason ?)
best regards
check out http://forum.hostony.com/index.php?showtopic=3225&hl=
for a short list of some of the blocks I use with spamassassin. It doesnt include any of the scores, and I think at this point I have probably double that in triggers.
I'd be glad to help you, what are you trying to do? Just set it up to block spam? My ruleset is pretty strict, but in my testing for a few months before routing spam to /dev/null showed that it didnt catch any legit email that wasnt sent from a comercial source. Meaning it never caught a personal email and tagged it. Some sign up messages for different places were caught up in it, but they usually look much like spam to the filter because of unsubscribe links, poorly formatted messages, lots of "trigger" words etc...
Just let me know what you are trying to accomplish and I'll try and give you a hand.
Jason
for a short list of some of the blocks I use with spamassassin. It doesnt include any of the scores, and I think at this point I have probably double that in triggers.
I'd be glad to help you, what are you trying to do? Just set it up to block spam? My ruleset is pretty strict, but in my testing for a few months before routing spam to /dev/null showed that it didnt catch any legit email that wasnt sent from a comercial source. Meaning it never caught a personal email and tagged it. Some sign up messages for different places were caught up in it, but they usually look much like spam to the filter because of unsubscribe links, poorly formatted messages, lots of "trigger" words etc...
Just let me know what you are trying to accomplish and I'll try and give you a hand.
Jason
Jason:
Thank you very much for your assist.
Now, I'll check your link to these post.
I will let you know if i don't understand something Thanks again.
(Yeah I want to block Spam, I think at the beginning i will not route it to /dev/null, I'll try just tagging the spam for a time)
Thank you very much for your assist.
Now, I'll check your link to these post.
I will let you know if i don't understand something
Thanks again.(Yeah I want to block Spam, I think at the beginning i will not route it to /dev/null, I'll try just tagging the spam for a time)
ok, I think that I need to put the list:
In some place
QUOTE
ALL_TRUSTED
BIZ_TLD
BLANK_LINES_70_80
DATE_IN_FUTURE_03_06
DEAR_SOMETHING
DISGUISE_PORN
DNS_FROM_AHBL_RHSBL
DRUGS_ERECTILE
DRUG_DOSAGE
DRUG_ED_SILD
ENGLISH_UCE_SUBJECT
FIN_FREE
FORGED_OUTLOOK_HTML
FORGED_OUTLOOK_TAGS
FORGED_YAHOO_RCVD
FROM_ENDS_IN_NUMS
GAPPY_SUBJECT
HELO_DYNAMIC_YAHOOBB
HTML_20_30
HTML_30_40
HTML_40_50
HTML_50_60
HTML_60_70
HTML_70_80
HTML_80_90
HTML_90_100
HTML_FONT_FACE_BAD
HTML_FONT_INVISIBLE
HTML_IMAGE_ONLY_04
HTML_MESSAGE
HTML_TEXT_AFTER_BODY
HTML_TEXT_AFTER_HTML
HTML_WEB_BUGS
INFO_TLD
INVALID_DATE
MISSING_DATE
MISSING_SUBJECT
NIGERIAN_BODY1
NIGERIAN_BODY2
NIGERIAN_BODY3
NIGERIAN_BODY4
NO_REAL_NAME
OFFSHORE_SCAM
RCVD_HELO_IP_MISMATCH
RCVD_IN_BL_SPAMCOP_NET
RCVD_IN_DSBL
RCVD_IN_NJABL_DUL
RCVD_IN_SBL
RCVD_IN_SORBS_DUL
RCVD_IN_XBL
RCVD_NUMERIC_HELO
REMOVE_PAGE
SUBJECT_DRUG_GAP_L
SUBJ_HAS_SPACES
SUBJ_HAS_UNIQ_ID
TO_ADDRESS_EQ_REAL
TRACKER_ID
UNDISC_RECIPS
WHY_WAIT
FORGED_RCVD_HELO
HELO_DYNAMIC_HCC
HELO_DYNAMIC_IPADDR2
ALL_NATURAL
CUM_SHOT
MONEY_BACK
BIZ_TLD
BLANK_LINES_70_80
DATE_IN_FUTURE_03_06
DEAR_SOMETHING
DISGUISE_PORN
DNS_FROM_AHBL_RHSBL
DRUGS_ERECTILE
DRUG_DOSAGE
DRUG_ED_SILD
ENGLISH_UCE_SUBJECT
FIN_FREE
FORGED_OUTLOOK_HTML
FORGED_OUTLOOK_TAGS
FORGED_YAHOO_RCVD
FROM_ENDS_IN_NUMS
GAPPY_SUBJECT
HELO_DYNAMIC_YAHOOBB
HTML_20_30
HTML_30_40
HTML_40_50
HTML_50_60
HTML_60_70
HTML_70_80
HTML_80_90
HTML_90_100
HTML_FONT_FACE_BAD
HTML_FONT_INVISIBLE
HTML_IMAGE_ONLY_04
HTML_MESSAGE
HTML_TEXT_AFTER_BODY
HTML_TEXT_AFTER_HTML
HTML_WEB_BUGS
INFO_TLD
INVALID_DATE
MISSING_DATE
MISSING_SUBJECT
NIGERIAN_BODY1
NIGERIAN_BODY2
NIGERIAN_BODY3
NIGERIAN_BODY4
NO_REAL_NAME
OFFSHORE_SCAM
RCVD_HELO_IP_MISMATCH
RCVD_IN_BL_SPAMCOP_NET
RCVD_IN_DSBL
RCVD_IN_NJABL_DUL
RCVD_IN_SBL
RCVD_IN_SORBS_DUL
RCVD_IN_XBL
RCVD_NUMERIC_HELO
REMOVE_PAGE
SUBJECT_DRUG_GAP_L
SUBJ_HAS_SPACES
SUBJ_HAS_UNIQ_ID
TO_ADDRESS_EQ_REAL
TRACKER_ID
UNDISC_RECIPS
WHY_WAIT
FORGED_RCVD_HELO
HELO_DYNAMIC_HCC
HELO_DYNAMIC_IPADDR2
ALL_NATURAL
CUM_SHOT
MONEY_BACK
In some place
Or need I just put these list: http://spamassassin.apache.org/tests_3_0_x.html ?
Where?
"score" ?
"black_list" ?
Maybe i'll need to close the cpanel interface and just give a look in the shell.
Here my /.spammassasin/user_prefs content:
Ok, i think this will help: http://www.cts.wustl.edu/cts/help/Mail_Spa...assin_Conf.html
Where?
"score" ?
"black_list" ?
Maybe i'll need to close the cpanel interface and just give a look in the shell.
Here my /.spammassasin/user_prefs content:
CODE
required_score 5
rewrite_header subject ** SPAM ** HITS: _HITS_ ** REQD: _REQD_ **
rewrite_header subject ** SPAM ** HITS: _HITS_ ** REQD: _REQD_ **
Ok, i think this will help: http://www.cts.wustl.edu/cts/help/Mail_Spa...assin_Conf.html
Here is my current user_prefs
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
###########################################################################
# How many hits before a mail is considered spam.
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com
# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# <http://spamassassin.org/tests.html> .
#
# score SYMBOLIC_TEST_NAME n.nn
use_auto_whitelist 0
required_score 5.5
rewrite_header subject *****SPAM SCORE: _SCORE_*****
score ALL_TRUSTED 4.0
score BIZ_TLD 4.0
score BLANK_LINES_70_80 4.0
score DATE_IN_FUTURE_03_06 2.0
score DEAR_SOMETHING 3.0
score DISGUISE_PORN 10.0
score DNS_FROM_AHBL_RHSBL 10.0
score DRUGS_ERECTILE 10.0
score DRUG_DOSAGE 10.0
score DRUG_ED_SILD 5.0
score ENGLISH_UCE_SUBJECT 3.0
score FIN_FREE 4.0
score FORGED_OUTLOOK_HTML 5.0
score FORGED_OUTLOOK_TAGS 5.0
score FORGED_YAHOO_RCVD 5.0
score FROM_ENDS_IN_NUMS 1.0
score GAPPY_SUBJECT 4.0
score HELO_DYNAMIC_YAHOOBB 5.0
score HTML_20_30 3.0
score HTML_30_40 4.0
score HTML_40_50 4.0
score HTML_50_60 5.0
score HTML_60_70 6.0
score HTML_70_80 7.0
score HTML_80_90 8.0
score HTML_90_100 9.0
score HTML_FONT_FACE_BAD 4.0
score HTML_FONT_INVISIBLE 5.0
score HTML_IMAGE_ONLY_04 9.0
score HTML_MESSAGE 0.5
score HTML_TEXT_AFTER_BODY 4.0
score HTML_TEXT_AFTER_HTML 4.0
score HTML_WEB_BUGS 5.0
score INFO_TLD 2.0
score INVALID_DATE 3.0
score MISSING_DATE 4.0
score MISSING_SUBJECT 3.0
score NIGERIAN_BODY1 10.0
score NIGERIAN_BODY2 10.0
score NIGERIAN_BODY3 10.0
score NIGERIAN_BODY4 10.0
score NO_REAL_NAME 2.0
score OFFSHORE_SCAM 10.0
score RCVD_HELO_IP_MISMATCH 5.0
score RCVD_IN_BL_SPAMCOP_NET 10.0
score RCVD_IN_DSBL 10.0
score RCVD_IN_NJABL_DUL 10.0
score RCVD_IN_SBL 10.0
score RCVD_IN_SORBS_DUL 10.0
score RCVD_IN_XBL 10.0
score RCVD_NUMERIC_HELO 3.0
score REMOVE_PAGE 9.0
score SUBJECT_DRUG_GAP_L 9.0
score SUBJ_HAS_SPACES 3.0
score SUBJ_HAS_UNIQ_ID 9.0
score TO_ADDRESS_EQ_REAL 3.0
score TRACKER_ID 9.0
score UNDISC_RECIPS 5.0
score WHY_WAIT 10.0
score FORGED_RCVD_HELO 4.0
score HELO_DYNAMIC_HCC 4.0
score HELO_DYNAMIC_IPADDR2 4.0
score ALL_NATURAL 10.0
score CUM_SHOT 10.0
score MONEY_BACK 7.0
score DRUGS_PAIN 5.5
whitelist_from *@messaging.sprintpcs.com
whitelist_from *@netviper.com
whitelist_from *@sprintpcs.com
whitelist_from *@hostony.com
----- END -----
I currently get 0 spam messages a day that slip through. When I have it just tag and not delete I get close to 200+ spam messages tagged each day. Its an OLD email account that has been around since 1995, so it gets a good deal of spam sent to it. In a month maybe 1 or 2 messages slip by spamassassin, but its a rarity...
The way I derived the above list of scores was to watch my spam intake for a few weeks and I would add each thing that spam assassin was tagging into it, and score it accordingly. Like "DRUGS_ERECTILE" spamassassin by default doesnt score this very high, but 80% of the spam is for Enlarging your Penis, so it seemed to me wise to score that very high, well above my threshold. With the scores set the way they are right now, most spam is tagged in the 30-100 range, which seems odd that I have such a low required score (5.5). But if I set the score higher, I end up with about 10 or so messages a day that fly below the 30 and up threshold. Even in that lower set only 1 or 2 will be single digits, so the 5.5 catches them perfectly. Most all of my other "legit" email scores either 0 or in the 2-3 range, a couple from time to time soar to 4 or even 5. I tested this config for 3 months worth of tagging only and then going through each tagged message to ensure it wasnt catching anything legit, and in that 3 month period, only 2 messages were tagged as spam and were legit, but they were from a business that formatted their message much like a spam message so it scored a 5.0. So I upped the threshold to 5.5 and havent had aproblem since. Now all of it just goes to /blackhole.
Hope that helps.
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
###########################################################################
# How many hits before a mail is considered spam.
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com
# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# <http://spamassassin.org/tests.html> .
#
# score SYMBOLIC_TEST_NAME n.nn
use_auto_whitelist 0
required_score 5.5
rewrite_header subject *****SPAM SCORE: _SCORE_*****
score ALL_TRUSTED 4.0
score BIZ_TLD 4.0
score BLANK_LINES_70_80 4.0
score DATE_IN_FUTURE_03_06 2.0
score DEAR_SOMETHING 3.0
score DISGUISE_PORN 10.0
score DNS_FROM_AHBL_RHSBL 10.0
score DRUGS_ERECTILE 10.0
score DRUG_DOSAGE 10.0
score DRUG_ED_SILD 5.0
score ENGLISH_UCE_SUBJECT 3.0
score FIN_FREE 4.0
score FORGED_OUTLOOK_HTML 5.0
score FORGED_OUTLOOK_TAGS 5.0
score FORGED_YAHOO_RCVD 5.0
score FROM_ENDS_IN_NUMS 1.0
score GAPPY_SUBJECT 4.0
score HELO_DYNAMIC_YAHOOBB 5.0
score HTML_20_30 3.0
score HTML_30_40 4.0
score HTML_40_50 4.0
score HTML_50_60 5.0
score HTML_60_70 6.0
score HTML_70_80 7.0
score HTML_80_90 8.0
score HTML_90_100 9.0
score HTML_FONT_FACE_BAD 4.0
score HTML_FONT_INVISIBLE 5.0
score HTML_IMAGE_ONLY_04 9.0
score HTML_MESSAGE 0.5
score HTML_TEXT_AFTER_BODY 4.0
score HTML_TEXT_AFTER_HTML 4.0
score HTML_WEB_BUGS 5.0
score INFO_TLD 2.0
score INVALID_DATE 3.0
score MISSING_DATE 4.0
score MISSING_SUBJECT 3.0
score NIGERIAN_BODY1 10.0
score NIGERIAN_BODY2 10.0
score NIGERIAN_BODY3 10.0
score NIGERIAN_BODY4 10.0
score NO_REAL_NAME 2.0
score OFFSHORE_SCAM 10.0
score RCVD_HELO_IP_MISMATCH 5.0
score RCVD_IN_BL_SPAMCOP_NET 10.0
score RCVD_IN_DSBL 10.0
score RCVD_IN_NJABL_DUL 10.0
score RCVD_IN_SBL 10.0
score RCVD_IN_SORBS_DUL 10.0
score RCVD_IN_XBL 10.0
score RCVD_NUMERIC_HELO 3.0
score REMOVE_PAGE 9.0
score SUBJECT_DRUG_GAP_L 9.0
score SUBJ_HAS_SPACES 3.0
score SUBJ_HAS_UNIQ_ID 9.0
score TO_ADDRESS_EQ_REAL 3.0
score TRACKER_ID 9.0
score UNDISC_RECIPS 5.0
score WHY_WAIT 10.0
score FORGED_RCVD_HELO 4.0
score HELO_DYNAMIC_HCC 4.0
score HELO_DYNAMIC_IPADDR2 4.0
score ALL_NATURAL 10.0
score CUM_SHOT 10.0
score MONEY_BACK 7.0
score DRUGS_PAIN 5.5
whitelist_from *@messaging.sprintpcs.com
whitelist_from *@netviper.com
whitelist_from *@sprintpcs.com
whitelist_from *@hostony.com
----- END -----
I currently get 0 spam messages a day that slip through. When I have it just tag and not delete I get close to 200+ spam messages tagged each day. Its an OLD email account that has been around since 1995, so it gets a good deal of spam sent to it. In a month maybe 1 or 2 messages slip by spamassassin, but its a rarity...
The way I derived the above list of scores was to watch my spam intake for a few weeks and I would add each thing that spam assassin was tagging into it, and score it accordingly. Like "DRUGS_ERECTILE" spamassassin by default doesnt score this very high, but 80% of the spam is for Enlarging your Penis, so it seemed to me wise to score that very high, well above my threshold. With the scores set the way they are right now, most spam is tagged in the 30-100 range, which seems odd that I have such a low required score (5.5). But if I set the score higher, I end up with about 10 or so messages a day that fly below the 30 and up threshold. Even in that lower set only 1 or 2 will be single digits, so the 5.5 catches them perfectly. Most all of my other "legit" email scores either 0 or in the 2-3 range, a couple from time to time soar to 4 or even 5. I tested this config for 3 months worth of tagging only and then going through each tagged message to ensure it wasnt catching anything legit, and in that 3 month period, only 2 messages were tagged as spam and were legit, but they were from a business that formatted their message much like a spam message so it scored a 5.0. So I upped the threshold to 5.5 and havent had aproblem since. Now all of it just goes to /blackhole.
Hope that helps.
Jason:
thank you very much, I have SpammAssasin working now for some of my domains, and it's working fine. I'll keep it in observation for some time, and then i will redirect the spam to blackhole.
Thanks again for your assist, welcome back
greetings.
thank you very much, I have SpammAssasin working now for some of my domains, and it's working fine. I'll keep it in observation for some time, and then i will redirect the spam to blackhole.
Thanks again for your assist, welcome back
greetings.
yes jason thank you for that info.
i didnt realize just how many spams were walking thru the spamassain doors til i added all your entrys to my file, and i wanted to say thank you as i really apperciate the help on that issue.
i didnt realize just how many spams were walking thru the spamassain doors til i added all your entrys to my file, and i wanted to say thank you as i really apperciate the help on that issue.
Can I personalize this message ?
QUOTE
Spam detection software, running on the system "server20.fastbighost.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
blah blah blah....
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
blah blah blah....
I havent played with this option in a LONG time, but I belive this is the info you need...
From:
http://spamassassin.apache.org/full/3.0.x/...assin_Conf.html
QUOTE
report ...some text for a report...
Set the report template which is attached to spam mail messages. See the 10_misc.cf configuration file in /usr/share/spamassassin for an example.
If you change this, try to keep it under 78 columns. Each report line appends to the existing template, so use clear_report_template to restart.
Tags can be included as explained above.
clear_report_template
Clear the report template.
report_contact ...text of contact address...
Set what _CONTACTADDRESS_ is replaced with in the above report text. By default, this is 'the administrator of that system', since the hostname of the system the scanner is running on is also included.
report_hostname ...hostname to use...
Set what _HOSTNAME_ is replaced with in the above report text. By default, this is determined dynamically as whatever the host running SpamAssassin calls itself.
unsafe_report ...some text for a report...
Set the report template which is attached to spam mail messages which contain a non-text/plain part. See the 10_misc.cf configuration file in /usr/share/spamassassin for an example.
Each unsafe-report line appends to the existing template, so use clear_unsafe_report_template to restart.
Tags can be used in this template (see above for details).
clear_unsafe_report_template
Clear the unsafe_report template.
Set the report template which is attached to spam mail messages. See the 10_misc.cf configuration file in /usr/share/spamassassin for an example.
If you change this, try to keep it under 78 columns. Each report line appends to the existing template, so use clear_report_template to restart.
Tags can be included as explained above.
clear_report_template
Clear the report template.
report_contact ...text of contact address...
Set what _CONTACTADDRESS_ is replaced with in the above report text. By default, this is 'the administrator of that system', since the hostname of the system the scanner is running on is also included.
report_hostname ...hostname to use...
Set what _HOSTNAME_ is replaced with in the above report text. By default, this is determined dynamically as whatever the host running SpamAssassin calls itself.
unsafe_report ...some text for a report...
Set the report template which is attached to spam mail messages which contain a non-text/plain part. See the 10_misc.cf configuration file in /usr/share/spamassassin for an example.
Each unsafe-report line appends to the existing template, so use clear_unsafe_report_template to restart.
Tags can be used in this template (see above for details).
clear_unsafe_report_template
Clear the unsafe_report template.
From:
http://spamassassin.apache.org/full/3.0.x/...assin_Conf.html
Sure, thanks, but do you know how can make my own /usr/share/spamassassin/10_misc.cf file in a shared hosting enviroment ? surely spamm assasin support this...
ups, and if I try to rewrite it in .spammassasin/user_prefs ?
QUOTE(mblendinger @ Apr 22 2005, 11:12 PM) 
Sure, thanks, but do you know how can make my own /usr/share/spamassassin/10_misc.cf file in a shared hosting enviroment ? surely spamm assasin support this...
BUMP!
I put some .cf files in the same folder as my user_pref (/.spamassassin)
but they dont seem to be recognizing them.
Does this work or does exim need to be restarted to recognize the cf files?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.