Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Spamassassin & the Botnet plugin
« previous next »
Pages: [1]   Go Down

Spamassassin & the Botnet plugin

  • 0 Replies
  • 1935 Views

Offline smeghead

  • *
  • 563
  • +0/-0
Spamassassin & the Botnet plugin
« on: December 19, 2007, 04:54:49 PM »
Hi all

I always install the botnet plugin when I build an SME box but have recently run into probs that pointed me to this as the culprit for a spate of false positives.

A client gets a lot of email with attachments from several suppliers & the botnet plugin was tagging it as spam; as it adds a score of 5.0 to the overall spam score it didn't take spamassassin much else to regard these messages as dodgy.

Three solutions came to mind:

. disable/remove plugin, it's there for a reason, not preferred
. reduce score assigned by plugin. reduces it's effectiveness, so not preferred
. bypass check for the supplier domains, bingo  :D

I tried upgrading to the latest version from the botnet.tar file (http://people.ucsc.edu/~jrudd/spamassassin) but it only helped a little bit; I have found spamassassin-botnet-0.8-2.el4.sme.noarch.rpm in the mirrors previously but can't find it there at the moment, using this rpm is preferable to the tar file.

So off I go hunting down how the SA plugins work.

Looking in /etc/mail/spamassassin I find the Botnet.cf file, one of three files that make up the plugin.  The other two files, Botnet.pl & Botnet.pm both reside in /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin.

Digging through the files it was obvious pretty quickly that the Botnet.cf file was the one I needed to work with.  Within the file there is a section that lists 'botnet_pass_domains'.  Using the examples in the file I added all the entries I needed into this file, saved it & ran signal-event email-update.

This file also contains the assigned scores for different botnet detections so you could tweak those settings too if req'd.

The botnet files are not templated so don't get changed on a reconfigure of the server.

If this was to be an ongoing issue I would have templated it & used db entries but it should really be pretty much a one off tweak.

So the result.  Well the false positives are now non existent, without any increase in spam, client is happy as they no longer hafta trawl through their junkmail everyday.

I love it when a plan comes together.

HTH
Logged
..................
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Spamassassin & the Botnet plugin