Topic: Spam Assassin questions

[Kobus]

Hello everyone

I have recently switched to the built in spamassassin and need to know a few things please:

How do I whitelist email addresses
How do I whitelist whole domains
How do i report false negatives and positives to the system
can I block whole contries like .ch
can i block single addresses and domains


If you can point me in a doc direction then please do, else some short answers would be great. I am in the meantime going through the spamassassin docs on the apache.org website, but i am sure there is some smeserver customisations that need adhering to.

I used to use ASSP which has a gui where I was able to delegate this tasks to users, does spamassassin have a gui?

Thanks in advance.

Kobus

[janet]

kbensch

yum install --enablerepo=smecontribs smeserver-wbl
Configure using the new server manager panel

Also look at the FAQ link at top of Forum. Read the Email section, re Spam, particularly look at Bayesian and the Sonoracom configuration steps.
Setup the LearnAsSpam folder to manually drag undetected spam to it for learning. There are other spamassassin extras as well for sme.

The above will get you started.

[Kobus]

A further question I have is will this be supported in future releases of sme, or will it break like my assp config with the recent 751 update?  I don't want to install something again that will cause issues later. I ran assp for around 4 years, or whenever 71 came out and it completely broke both sme ssl and the spAm side of things

[janet]

kbensch

There is no guarantee that any sme server contrib will survive upgrades, but most likely the maintainer (or someone) will release a fix for the contrib if there are any compatibility issues.
In most cases most contribs will survive upgrades within a version point change ie 7.4 to 7.5.
There is more likely to be an upgrade required to a contrib when going from say 7.x to 8.x, but it's not always necessary.

Something like ASSP  is a very big departure from standard sme server configuration and it's not surprising that your upgrade was broken by ASSP.

You should only have minimal problems (if any) when using supported sme contribs.

[Kobus]

well i have now given spamassassin 2 weeks to run and i am still getting loads and loads of spam coming through. I have made up my mind that 4+ years of ASSP had been good and for that reason I will prob go back to it. I also think that SME should look at it in place of spamassassin as it is far better than SA.

I will however be setting up a seperate mail server for this purpose and not adjust anything on the sme server. I had major issues with sme when it upgraded to 7.5.1.

[janet]

Kobus

Spamassassin on it's own is not the full answer to spam.
Did you setup a custom configuration for spamassassin ?
Did you enable RBL's etc ?
What block lists have you configured ?
Did you enable executable content blocking ?
What file types are you blocking ?
Have you read & tried the other possibilities in the Email FAQ ?
Did you block identifiable sources using the wbl contrib ?

You do not really tell us what configuration changes you made to deal with spam etc on the SME Server, so it is hard for us to comment.

To my understanding ASSP is not greatly different to the various anti spam and anti virus measures that SME Server uses, particularly RBL's (which are not enabled by default and are not part of spamassassin), you do need to enable them all appropriately though.

[janet]

Kobus

I'm interested to know if you have properly configured other anti spam and anti virus measures eg RBL's for starters, in your test and comparison of SME with and without ASSP ?

Others including CharlieBrady would also like to know too, I'm sure.

Please refer to my last post.

There is also a greylisting plugin to really get tough with spam, it sure does kill any residual spam, but some recomend it's use, others don't. It really depends on your sources of email and inclination towards the control that greylisting puts in place.
When I used greylisting a while back, the small amount of spam I was getting dropped to zero, but other issues arose.

[Kobus]

Here is my answers to some of the comments you made earlier:

Spamassassin on it's own is not the full answer to spam. --> That is correct. I have setup the rbl and sbl and dnsbl and i am still getting loads of spam coming through with SA.
Did you setup a custom configuration for spamassassin ? --> Yes
Did you enable RBL's etc ?--> Yes

Here is my config:

config show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=enabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=whois.rfc-ignorant.org:dnsbl.njabl.org:zen.spamhaus.org
    RHSBL=enabled
    RequireResolvableFromHost=no
    SBLList=dsn.rfc-ignorant.org
    TlsBeforeAuth=1
    access=public
    qplogsumm=disabled
    status=enabled

[Kobus]

Some more comments:

I'm interested to know if you have properly configured other anti spam and anti virus measures eg RBL's for starters, in your test and comparison of SME with and without ASSP ? --> Yes I have. With ASSP I got maybe 2 spam emails per day. Now with SA, I get at least a 100. In my opinion SA is rubbish and I am lloking at setting up a seperate VM just to run ASSP. That way it wont break SME server for future updates.

Others including CharlieBrady would also like to know too, I'm sure.

Please refer to my last post.

There is also a greylisting plugin to really get tough with spam, it sure does kill any residual spam, but some recomend it's use, others don't. It really depends on your sources of email and inclination towards the control that greylisting puts in place.
When I used greylisting a while back, the small amount of spam I was getting dropped to zero, but other issues arose. -->

I never had any of these issues with ASSP.

[janet]

Kobus

RBLList=whois.rfc-ignorant.org:dnsbl.njabl.org:zen.spamhaus.org
    SBLList=dsn.rfc-ignorant.org

They are very conservative list choices. If you refer to the email FAQ you will see many other stronger lists that you can enable, I'm sure just adding even one more list will stop (reject) most of the spam you get now. See here
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers

You really need to get SME configured similarly to the way ASSP was, in order to make fair comparisons. Saying "In my opinion SA is rubbish", is not particularly significant, SA is a spam scoring/tagging filter which works well as designed, but it is NOT the only anti spam measure used on SME.

Do you have executable content filtering enabled eg minimally for ZIP1 format (plus a few others by default) ?
This will also reject a lot of spam that happens to be laden with a virus. It also takes the (CPU) load off of clamav and for that matter off SA too.

The comment I made about greylisting re "other issues", are issues inherent with using greylisting. Whatever form of greylisting used, those issues will still be apparent, whether on SME via a plugin or whether as part of ASSP. To some people those issues are "non issues". It depends on your mail users and the sources of mail and the administrators inclinations. Greylisting works perfectly fine for many people, yet others refuse to use it, as it does not suit or match their management policies.

I will say this though, if you enable the greylisting plugin on SME, you will have zero spam, or maybe one a month at worst.
I would have to add though, that simply adding strong RBL lists should also dramatically reduce spam, without even using greylisting.