Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: compdoc on July 14, 2008, 01:24:05 AM
-
Too much viagra spam getting thru. And bayes scoring is too low. I decided to change a few scores and added a template to /etc/e-smith/templates/etc/mail/spamassassin/local.cf to add the following lines. Was hoping for some feedback or possible scoring that works for you...
score BAYES_00 -7
score BAYES_05 -5
score BAYES_20 -2.5
score BAYES_40 -1
score BAYES_50 0.001
score BAYES_60 1.5
score BAYES_80 4
score BAYES_95 6
score BAYES_99 7
score DRUGS_DIET 4
score DRUGS_ERECTILE 4
score DRUGS_ERECTILE_OBFU 4
score DRUGS_MANYKINDS 4
score DRUG_ED_GENERIC 4
-
Do you have DNSBL and RHSBL enabled?
-
yup. And DCC. I was getting viagra ads with scores below my tagging or blocking scores, which are pretty low.
I came up with these new scores by googling. Ive adjusted them a bit since.
Any spam getting thru are at least being tagged now.
-
In server-manager under email section you can set it to be moved to the junkmail folder. but one more question: Are you using SMTP or Multidrop for receiving emails?
-
yup. SMTP.
-
compdoc
Are you using the LearnAsSpam bayesian techniques, refer Email FAQ from Sonoracom
http://wiki.contribs.org/SME_Server:Documentation:FAQ#The_entire_Sonoracomm_howto_from_Google.27s_text_cache
If users just drag and drop a few of the "newer" spam messages, then they will soon be getting tagged as spam without needing input from you.
-
Can you please post the output of
config show qpsmtpd
-
Too much viagra spam getting thru. And bayes scoring is too low. I decided to change a few scores and added a template to /etc/e-smith/templates/etc/mail/spamassassin/local.cf to add the following lines. Was hoping for some feedback or possible scoring that works for you...
Almost right.. but to keep the changes over reboot and updates you should not modify the main templates, but instead modify a copy in the templates-custom tree as an override as described in the SME Server developers Guide Template section linked from the wiki.
-
Can you please post the output of
config show qpsmtpd
Theres nothing wrong with my configuration. Most spam is caught by dnsbl, some by rhsbl, and the rest by check_earlytalker or other non-conforming rules.
Not all spam comes from known locations. What I'm doing is tweaking spamassassin to do a better job of catching spam that slips thru the other checks.
One way to do that is to give bayes higher scoring, because it does pretty well at recognizing the spam I get.
I do train bayes using IMAP and my own script, btw.
-
Almost right.. but to keep the changes over reboot and updates you should not modify the main templates, but instead modify a copy in the templates-custom tree as an override as described in the SME Server developers Guide Template section linked from the wiki.
If you had actually read my first post, you'd have seen that I havent modified any existing templates.
-
If you had actually read my first post, you'd have seen that I havent modified any existing templates.
yea, but shouldn't the new template be in /etc/e-smith/templates-custom/etc/mail/spamassassin/
instead of here /etc/e-smith/templates/etc/mail/spamassassin/ so they don't get overwritten?
-
yea, but shouldn't the new template be in /etc/e-smith/templates-custom/etc/mail/spamassassin/
instead of here /etc/e-smith/templates/etc/mail/spamassassin/ so they don't get overwritten?
Yes.
-
yea, but shouldn't the new template be in /etc/e-smith/templates-custom/etc/mail/spamassassin/
instead of here /etc/e-smith/templates/etc/mail/spamassassin/ so they don't get overwritten?
Ahh. I've been using /etc/e-smith/templates/etc/mail/spamassassin/local.cf for years, and have luckily never had my files overwritten. (there are two I keep in there)
Would I just create a similar directory structure in /etc/e-smith/templates-custom/etc/mail/spamassassin/ and place my files there?
-
Ahh. I've been using /etc/e-smith/templates/etc/mail/spamassassin/local.cf for years, and have luckily never had my files overwritten. (there are two I keep in there)
Would I just create a similar directory structure in /etc/e-smith/templates-custom/etc/mail/spamassassin/ and place my files there?
Yes, for more information on the template system have a look at the SME Sevrer Developer's Guide linked in the wiki. It has an extensive part on the template system and it's layout and logic.
-
Here are my latest settings. All but the bayes settings are from googled sources.
And to be clear, this is only to refine the abilities of spamassassin for dealing with email that makes it past the RBL, and other public database services.
Also, if you try this, dont adjust the BAYES_50 setting. This is used for special purpose.
score BAYES_00 -4
score BAYES_05 -3
score BAYES_20 -2
score BAYES_40 -1
score BAYES_50 0.001
score BAYES_60 1.5
score BAYES_80 4
score BAYES_95 6
score BAYES_99 7
score DRUGS_ANXIETY 3.0
score DRUGS_ANXIETY_EREC 3.00
score DRUGS_DIET 3.01
score DRUGS_DIET_EREC 3.00
score DRUGS_DIET_PAIN 2.50
score DRUGS_ERECTILE 4.00
score DRUGS_MANYKINDS 4.00
score DRUGS_PAIN 1.0
score DRUGS_PAIN_EREC 4.00
score DRUGS_SLEEP 1.00
score DRUGS_SLEEP_EREC 0.50
score DRUGS_ERECTILE_OBFU 6.0
score FUZZY_AFFORDABLE 6.0
score FUZZY_AMBIEN 4.0
score FUZZY_BILLION 6.0
score FUZZY_CELEBREX 4.0
score FUZZY_CPILL 4.0
score FUZZY_CREDIT 6.0
score FUZZY_ERECT 6.0
score FUZZY_FOLLOW 4.0
score FUZZY_GUARANTEE 8.0
score FUZZY_MEDICATION 8.0
score FUZZY_MILF 8.0
score FUZZY_MILLION 6.0
score FUZZY_MONEY 6.0
score FUZZY_MORTGAGE 8.0
score FUZZY_OBLIGATION 4.0
score FUZZY_OFFERS 6.0
score FUZZY_PHARMACY 6.0
score FUZZY_PHENT 4.0
score FUZZY_PRESCRIPT 6.0
score FUZZY_REFINANCE 6.0
score FUZZY_REMOVE 4.0
score FUZZY_ROLEX 6.0
score FUZZY_SOFTWARE 6.0
score FUZZY_THOUSANDS 6.0
score FUZZY_TRAMADOL 4.0
score FUZZY_VLIUM 4.0
score FUZZY_VICODIN 4.0
score FUZZY_VIOXX 6.0
score FUZZY_VPILL 4.0
score FUZZY_XPILL 4.0
score GENERIC_VIAGRA 6.0
score IMPOTENCE 6.0
score ONLINE_PHARMACY 4.0
score REPLICA_WATCH 8.0
score SUBJECT_DRUG_GAP_C 4.0
score SUBJECT_DRUG_GAP_L 4.0
score SUBJECT_DRUG_GAP_P 4.0
score SUBJECT_DRUG_GAP_S 4.0
score SUBJECT_DRUG_GAP_VA 4.0
score SUBJECT_DRUG_GAP_VIC 4.0
score SUBJECT_DRUG_GAP_X 4.0
score SUBJECT_FUZZY_MEDS 6.0
score SUBJECT_FUZZY_CHEAP 6.0
score SUBJECT_FUZZY_PENIS 6.0
score SUBJECT_FUZZY_TION 6.0
-
Well, seems I've been trying to treat the symptoms, and not the cause.
I dont believe /etc/cron.daily/sa_update has been updating my rules. The /var/log/sa-update.log is empty, and has not been updated for a month. And the one closed sa-update.log contains a few errors and likewise wasn't being updated after that.
Also, I think /etc/cron.daily/sa_update is missing a command required for SA 3.2.x according to http://saupdates.openprotect.com/ :
"For SA 3.2.x, don't forget to add the "--allowplugins" option also to the cron command."
I've made the few changes, manually updated the rules files, and deleted all the scores I've been adding by template except the bayes scoring. We'll see how it goes...