Hi all

How did you tuned spamassassin and amavis?
The Basic configuration of Spamassassin is really bad.

Thanks
admins

The Basic configuration of Spamassassin is really bad.

Why that? Mine filters > 99% of all spams correctly without false positives. Just set the score in the policy you use to a lower value.

Example Spam:

Return-Path: <hakkilavfqfpjeradknzd1992@hotmail.com>
Delivered-To: xy
Received: from localhost (localhost [127.0.0.1]) by xy.lumina.net
(Postfix) with ESMTP id 7157D72E1FD for <xy>;
Wed, 21 Oct 2009 08:15:17 +0200 (CEST)
X-Virus-Scanned: SecGateway
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-9999 required=5
tests=[HTML_MESSAGE=0.001, SPF_PASS=-0.001]
Received: from xyt ([127.0.0.1]) by localhost
(xy [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
7jklDPGasqYu for <xy>; Wed, 21 Oct 2009
08:15:15 +0200 (CEST)
Received: from blu0-omc2-s23.blu0.hotmail.com
(blu0-omc2-s23.blu0.hotmail.com [65.55.111.98]) by cxy
(Postfix) with ESMTP id 64B2E72E1FC for <yx>;
Wed, 21 Oct 2009 08:15:15 +0200 (CEST)
Received: from BLU147-W32 ([65.55.111.73]) by
blu0-omc2-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue,
20 Oct 2009 23:15:14 -0700
Message-ID: <BLU147-W32227AEA689FDFD4FA6480B5BF0@phx.gbl>
Content-Type: multipart/alternative; boundary="_c265623b-b73a-44ad-877a-f1a234209a68_"
X-Originating-IP: [201.164.207.109]
From: Mervin Hakkila <hakkilavfqfpjeradknzd1992@hotmail.com>
To: <xyh>
Subject: Stefan, I lost my dog. Help me!
Date: Wed, 21 Oct 2009 06:15:14 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Oct 2009 06:15:14.0451 (UTC)
FILETIME=[DA589630:01CA5215]
X-Evolution-Source: imap://ds@sf/


--_c265623b-b73a-44ad-877a-f1a234209a68_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Here is his picture: http://professionalhotelier.in/indx_287.html

Rhea.
=20
__________________________________________________ _______________
Windows Live Hotmail: Your friends can get your Facebook updates=2C right f=
rom Hotmail=AE.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so=
cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092=
009=

--_c265623b-b73a-44ad-877a-f1a234209a68_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
--></style>
</head>
<body class=3D'hmmessage'>
Here is his picture: <A href=3D"http://professionalhotelier.in/indx_287.htm=
l">http://professionalhotelier.in/indx_287.html</A><BR><BR>Rhea.<BR> =
<br /><hr />Windows Live Hotmail: <a href=3D'http://www.microsoft.com=
/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx=
?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009' target=3D'_new'>You=
r friends can get your Facebook updates=2C right from Hotmail=AE.</a></body=
>
</html>=

--_c265623b-b73a-44ad-877a-f1a234209a68_--

I receive per day 30 spammails such as that. the score is 0, and I cant set the limit down to 0 ;-)

Run:

sa-update

on the shell regularily to keep the spamassassin rules database up to date and afterwards restart amavisd.

Hi Till

I did the update, may I receive this following spams again.

They are every time from hotmail servers and begin:

Name, blablabla...

Such as: Stefan, I could not reach you. Your phone line is consistently busy.


How could I add rules from sansecurity and more to the clamav and add filters to spamassassin?

thanks
admins

How could I change this parameter:

FORGED_HOTMAIL_RCVD2=1.117

Thanks
admins

Add something like this to the local.cf file:

score FORGED_HOTMAIL_RCVD2 0.000

and restart amavisd.

See also:

http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo

As there is a daily cron to do so it would help to enable it. At least at Ubuntu it's disabled by default. To enable edit /etc/default/spammassassin and change
from
CRON=0
to
CRON=1

Further it would help to restart/reload amavis within the cron if active. To do so change:
# Reload
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d spamassassin reload > /dev/null 2>&1
else
/etc/init.d/spamassassin reload > /dev/null 2>&1
fi

TO
# Reload
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d spamassassin reload > /dev/null 2>&1
if [ -f /var/run/amavis/amavis.pid ]; then
invoke-rc.d amavis restart > /dev/null 2>&1
fi
else
/etc/init.d/spamassassin reload > /dev/null 2>&1
if [ -f /var/run/amavis/amavis.pid ]; then
/etc/init.d/amavis restart > /dev/null 2>&1
fi
fi

No idea it it causes trouble under heavy load.

Hopes that helps.
At least should be included into the manual/perfect setup ;-)

As there is a daily cron to do so it would help to enable it. At least at Ubuntu it's disabled by default. To enable edit /etc/default/spammassassin and change
from
CRON=0
to
CRON=1

Further it would help to restart/reload amavis within the cron if active. To do so change:
# Reload
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d spamassassin reload > /dev/null 2>&1
else
/etc/init.d/spamassassin reload > /dev/null 2>&1
fi

TO
# Reload
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d spamassassin reload > /dev/null 2>&1
if [ -f /var/run/amavis/amavis.pid ]; then
invoke-rc.d amavis restart > /dev/null 2>&1
fi
else
/etc/init.d/spamassassin reload > /dev/null 2>&1
if [ -f /var/run/amavis/amavis.pid ]; then
/etc/init.d/amavis restart > /dev/null 2>&1
fi
fi

No idea it it causes trouble under heavy load.

Hopes that helps.
At least should be included into the manual/perfect setup ;-)




which file is this reload info in?
thanks