#1  
Old 27th June 2007, 12:11
pehpehang pehpehang is offline
Junior Member
 
Join Date: Jun 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Anti Spam for Postfix

Hi there,

Help please...

1. I have installed the spamassassin into my Postfix ( Linux ) but spamassassin mark my legal email as spam. Any solution?

2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail?

Thanks

regards
Sarah
Reply With Quote
Sponsored Links
  #2  
Old 27th June 2007, 12:24
AlArenal AlArenal is offline
Senior Member
 
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts
Default

#1
You'll need to post more information about your setup. Please post at least what SA told you in your false positive. SA tells you which rule added how much to the score and thereby gives you hints about what's up and what may be changed.

#2
SA is the defacto market leading solution. There may be others, but I don't know them What you'll find on the web are some solution providers who offer to handle the mail for you, but for most people these services are too costly.
Reply With Quote
  #3  
Old 28th June 2007, 10:27
pehpehang pehpehang is offline
Junior Member
 
Join Date: Jun 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi AlArenal,

Thanks for your reply.

1) Here is my file setup. Please let me know if you need any others files.
a) /etc/mail/spamassassin/local.cf

required_score 2
#rewrite_header Subject [SPAM]
#report_safe 0
#use_pyzor 0
#use_razor2 1
#use_razor2 0
use_dcc 0
dcc_home /var/dcc
skip_rbl_checks 0
rbl_timeout 3
score RCVD_IN_BL_SPAMCOP_NET 2
#trusted_networks 123.123.123.
use_bayes 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes
required_hits 5
add_header all Level _STARS(X)_
rewrite_subject 1
report_safe 1
subject_tag *SPAM* [_HITS_]

b) /home/pehpehang/.spamassassin/user_prefs

# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
################################################## #########################

# How many hits before a mail is considered spam.

# required_hits 4

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn

# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# score HEADER_8BITS 0
# score HTML_COMMENT_8BITS 0
# score SUBJ_FULL_OF_8BITS 0
# score UPPERCASE_25_50 0
# score UPPERCASE_50_75 0
# score UPPERCASE_75_100 0

c) /usr/share/spamassassin/50_scores.cf ( Default )
Please see attached file.


d) /home/pehpehang/.procmailrc

LOGFILE=procmaillog
VERBOSE=on # turn this on for debugging
DROPPRIVS=yes

:0fw
| /usr/bin/spamassassin


2) The following are my some question.

a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?

b) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i receive a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.


**** ------- ******
From: <MAILER-DAEMON@b004mail7.cracantu.it>
To: <cheryllam@jpcomputers.com.sg>
Subject: failure notice
Date: Tuesday, June 26, 2007 7:16 PM

Hi. This is the qmail-send program at b004mail7.cracantu.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<fbf2d@cracantu.it>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <cheryllam@jpcomputers.com.sg>
Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
(envelope-sender <cheryllam@jpcomputers.com.sg>)
by 192.168.22.60 (qmail-ldap-1.03) with SMTP
for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
(clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
X-Spam-Status: Yes, hits=10.9 required=4.0
X-Spam-Level: ++++++++++
Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
From: "Merle Nichols" <elenabn@cracantu.it>
Reply-To: "Merle Nichols" <elenabn@cracantu.it>
To: elenabn@cracantu.it
Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
Date: Tue, 26 Jun 2007 06:58:15 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-Qmail-Scanner-1.25st: added fake MIME-Version header
MIME-Version: 1.0



Please help as i am new in SpamAssassin. Thanks in advance...

regards
Sarah.
Attached Files
File Type: txt 50_scores.txt (38.4 KB, 219 views)

Last edited by Hans; 28th June 2007 at 12:23.
Reply With Quote
  #4  
Old 28th June 2007, 11:01
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,259
Thanks: 215
Thanked 648 Times in 294 Posts
Default

You can consider to change the spam hits score within the mailbox of the mailuser within ISPConfig. The default value is 5.

I have very good experience with Postgrey, which is a greylisting system for the Postfix MTA.
It is easily to setup according this howto here: http://www.howtoforge.com/greylisting_postfix_postgrey
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #5  
Old 28th June 2007, 11:14
AlArenal AlArenal is offline
Senior Member
 
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts
Default

Uh, sooo much to read

Quote:
a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?
The local.cf is the global configuration file. The settings in there apply to every mail scan, except you have defined other values in your user_prefs. The settings in user_prefs override the values of local.cf for the particular user.
We go with global settings for every mailbox of our customers. Especially decreasing required_hits value easily leads to a lot more so called "false positives" (ham mails that get marked as spam, although they are not).

Going with the same rules for also makes it easier in the beginning to check and tweak the base configuration.

--

I'm not a great fan of greylisting. Over the past few months and weeks spammers lerned to bypass it and you may run into trouble with your customers. I'd rather use a solid anti-spam setup for Postfix (till or falko just posted a good one here on howtoforge.com ), but it takes time until you got it how you want it. There are quite some RBLs that cause even more trouble...
Reply With Quote
  #6  
Old 28th June 2007, 11:37
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,259
Thanks: 215
Thanked 648 Times in 294 Posts
Default

I have very bad experiences wit RBL's and i do not want to be depend on them.
You also could consider to start using Pyzor, Razor & DCC for Spamasassin.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #7  
Old 28th June 2007, 12:04
pehpehang pehpehang is offline
Junior Member
 
Join Date: Jun 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Anti Spam

Hi there,

Thanks for your reply.

Sorry, long text again ...

1. So my config files for /etc/mail/spamassassin/local.cf is correct? Anything need to be amend?

2. Can i edit to /usr/share/spamassassin/50_scores.cf ?
The following is 1 sample of score. If i want to edit the score, which value i need to change 0.970 or 1.540 or 2.070 or 0.894 ?

Eg. score ACCEPT_CREDIT_CARDS 0.970 1.540 2.070 0.894

3) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i received a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.

------- START -----------

From: <MAILER-DAEMON@b004mail7.cracantu.it>
To: <cheryllam@jpcomputers.com.sg>
Subject: failure notice
Date: Tuesday, June 26, 2007 7:16 PM

Hi. This is the qmail-send program at b004mail7.cracantu.it.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<fbf2d@cracantu.it>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <cheryllam@jpcomputers.com.sg>
Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
(envelope-sender <cheryllam@jpcomputers.com.sg>)
by 192.168.22.60 (qmail-ldap-1.03) with SMTP
for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
(clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
X-Spam-Status: Yes, hits=10.9 required=4.0
X-Spam-Level: ++++++++++
Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
From: "Merle Nichols" <elenabn@cracantu.it>
Reply-To: "Merle Nichols" <elenabn@cracantu.it>
To: elenabn@cracantu.it
Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
Date: Tue, 26 Jun 2007 06:58:15 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-Qmail-Scanner-1.25st: added fake MIME-Version header
MIME-Version: 1.0


Thanks a millions

regards
sarah

Last edited by Hans; 28th June 2007 at 12:23.
Reply With Quote
  #8  
Old 28th June 2007, 15:57
AlArenal AlArenal is offline
Senior Member
 
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Hans
I have very bad experiences wit RBL's and i do not want to be depend on them.
You also could consider to start using Pyzor, Razor & DCC for Spamasassin.
And our customers don't want to receive those 120.000 mails that got rejected on monday alone by the use of RBLs
Reply With Quote
  #9  
Old 28th June 2007, 21:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by pehpehang
2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail?
Take a look at DSpam: http://www.nuclearelephant.com/
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
In ISPconfig whitelist but still seen as spam edge Installation/Configuration 12 5th September 2007 00:30
Anti Spam Forms alexillsley Developers' Forum 7 15th April 2007 20:40
Forwarded spam mail not discared by antispam filter NETabuse General 7 26th February 2007 20:02
Anti Spam and anti-virus on by default dutchie Tips/Tricks/Mods 1 8th January 2007 22:48


All times are GMT +2. The time now is 19:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.