HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Anti Spam for Postfix (http://www.howtoforge.com/forums/showthread.php?t=13689)

pehpehang 27th June 2007 12:11

Anti Spam for Postfix
 
Hi there,

Help please...

1. I have installed the spamassassin into my Postfix ( Linux ) but spamassassin mark my legal email as spam. Any solution?

2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail?

Thanks

regards
Sarah

AlArenal 27th June 2007 12:24

#1
You'll need to post more information about your setup. Please post at least what SA told you in your false positive. SA tells you which rule added how much to the score and thereby gives you hints about what's up and what may be changed.

#2
SA is the defacto market leading solution. There may be others, but I don't know them ;) What you'll find on the web are some solution providers who offer to handle the mail for you, but for most people these services are too costly.

pehpehang 28th June 2007 10:27

1 Attachment(s)
Hi AlArenal,

Thanks for your reply.

1) Here is my file setup. Please let me know if you need any others files.
a) /etc/mail/spamassassin/local.cf

required_score 2
#rewrite_header Subject [SPAM]
#report_safe 0
#use_pyzor 0
#use_razor2 1
#use_razor2 0
use_dcc 0
dcc_home /var/dcc
skip_rbl_checks 0
rbl_timeout 3
score RCVD_IN_BL_SPAMCOP_NET 2
#trusted_networks 123.123.123.
use_bayes 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes
required_hits 5
add_header all Level _STARS(X)_
rewrite_subject 1
report_safe 1
subject_tag *SPAM* [_HITS_]

b) /home/pehpehang/.spamassassin/user_prefs

# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
################################################## #########################

# How many hits before a mail is considered spam.

# required_hits 4

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn

# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# score HEADER_8BITS 0
# score HTML_COMMENT_8BITS 0
# score SUBJ_FULL_OF_8BITS 0
# score UPPERCASE_25_50 0
# score UPPERCASE_50_75 0
# score UPPERCASE_75_100 0

c) /usr/share/spamassassin/50_scores.cf ( Default )
Please see attached file.


d) /home/pehpehang/.procmailrc

LOGFILE=procmaillog
VERBOSE=on # turn this on for debugging
DROPPRIVS=yes

:0fw
| /usr/bin/spamassassin


2) The following are my some question.

a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?

b) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i receive a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.


**** ------- ******
From: <MAILER-DAEMON@b004mail7.cracantu.it>
To: <cheryllam@jpcomputers.com.sg>
Subject: failure notice
Date: Tuesday, June 26, 2007 7:16 PM

Hi. This is the qmail-send program at b004mail7.cracantu.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<fbf2d@cracantu.it>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <cheryllam@jpcomputers.com.sg>
Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
(envelope-sender <cheryllam@jpcomputers.com.sg>)
by 192.168.22.60 (qmail-ldap-1.03) with SMTP
for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
(clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
X-Spam-Status: Yes, hits=10.9 required=4.0
X-Spam-Level: ++++++++++
Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
From: "Merle Nichols" <elenabn@cracantu.it>
Reply-To: "Merle Nichols" <elenabn@cracantu.it>
To: elenabn@cracantu.it
Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
Date: Tue, 26 Jun 2007 06:58:15 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-Qmail-Scanner-1.25st: added fake MIME-Version header
MIME-Version: 1.0



Please help as i am new in SpamAssassin. Thanks in advance...

regards
Sarah.

Hans 28th June 2007 11:01

You can consider to change the spam hits score within the mailbox of the mailuser within ISPConfig. The default value is 5.

I have very good experience with Postgrey, which is a greylisting system for the Postfix MTA.
It is easily to setup according this howto here: http://www.howtoforge.com/greylisting_postfix_postgrey

AlArenal 28th June 2007 11:14

Uh, sooo much to read ;)

Quote:

a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?
The local.cf is the global configuration file. The settings in there apply to every mail scan, except you have defined other values in your user_prefs. The settings in user_prefs override the values of local.cf for the particular user.
We go with global settings for every mailbox of our customers. Especially decreasing required_hits value easily leads to a lot more so called "false positives" (ham mails that get marked as spam, although they are not).

Going with the same rules for also makes it easier in the beginning to check and tweak the base configuration.

--

I'm not a great fan of greylisting. Over the past few months and weeks spammers lerned to bypass it and you may run into trouble with your customers. I'd rather use a solid anti-spam setup for Postfix (till or falko just posted a good one here on howtoforge.com ), but it takes time until you got it how you want it. There are quite some RBLs that cause even more trouble...

Hans 28th June 2007 11:37

I have very bad experiences wit RBL's and i do not want to be depend on them.
You also could consider to start using Pyzor, Razor & DCC for Spamasassin.

pehpehang 28th June 2007 12:04

Anti Spam
 
Hi there,

Thanks for your reply.

Sorry, long text again ... :)

1. So my config files for /etc/mail/spamassassin/local.cf is correct? Anything need to be amend?

2. Can i edit to /usr/share/spamassassin/50_scores.cf ?
The following is 1 sample of score. If i want to edit the score, which value i need to change 0.970 or 1.540 or 2.070 or 0.894 ?

Eg. score ACCEPT_CREDIT_CARDS 0.970 1.540 2.070 0.894

3) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i received a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.

------- START -----------

From: <MAILER-DAEMON@b004mail7.cracantu.it>
To: <cheryllam@jpcomputers.com.sg>
Subject: failure notice
Date: Tuesday, June 26, 2007 7:16 PM

Hi. This is the qmail-send program at b004mail7.cracantu.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<fbf2d@cracantu.it>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <cheryllam@jpcomputers.com.sg>
Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
(envelope-sender <cheryllam@jpcomputers.com.sg>)
by 192.168.22.60 (qmail-ldap-1.03) with SMTP
for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
(clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
X-Spam-Status: Yes, hits=10.9 required=4.0
X-Spam-Level: ++++++++++
Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
From: "Merle Nichols" <elenabn@cracantu.it>
Reply-To: "Merle Nichols" <elenabn@cracantu.it>
To: elenabn@cracantu.it
Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
Date: Tue, 26 Jun 2007 06:58:15 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-Qmail-Scanner-1.25st: added fake MIME-Version header
MIME-Version: 1.0


Thanks a millions

regards
sarah

Hans 28th June 2007 12:29

Warning
 
@pehpehang,

I just removed some content within your replies.

Please do not use that text about casino's & watches & more stuff at the end of your messages, otherwise i, or other moderators will remove your future thread/messages!

AlArenal 28th June 2007 15:57

Quote:

Originally Posted by Hans
I have very bad experiences wit RBL's and i do not want to be depend on them.
You also could consider to start using Pyzor, Razor & DCC for Spamasassin.

And our customers don't want to receive those 120.000 mails that got rejected on monday alone by the use of RBLs ;)

falko 28th June 2007 21:20

Quote:

Originally Posted by pehpehang
2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail?

Take a look at DSpam: http://www.nuclearelephant.com/


All times are GMT +2. The time now is 22:07.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.