Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd April 2009, 11:19
padonker padonker is offline
Member
 
Join Date: Apr 2009
Posts: 30
Thanks: 2
Thanked 1 Time in 1 Post
Default SpamSnake: filter on content rules

Guys, lately our server is receiving a whole load of spam, which is passed by the SpamSnake as regular mail. The total score is <0.
The mail contains random words and a hyperlink, which always points to the same domain; interia.pl

How do I configure the Snake to filter messages with interia.pl in its body?

Thanks for any hints

-Patrick-

Last edited by padonker; 23rd April 2009 at 11:45.
Reply With Quote
Sponsored Links
  #2  
Old 23rd April 2009, 13:11
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Are you using the sane security clamav signatures ? They should be able to catch such may.

Also check your rules that are being matched by the message you could have bayes poisoning.

To catch the message you will have to write a custom spamassassin rule. something like

Code:
body MY_INTERIA_RULE /interia\.pl/i
score MY_INTERIA_RULE 10.0
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 23rd April 2009, 13:16
padonker padonker is offline
Member
 
Join Date: Apr 2009
Posts: 30
Thanks: 2
Thanked 1 Time in 1 Post
Default

Thanks,
In which conf file do I put such a rule?
Reply With Quote
  #4  
Old 23rd April 2009, 13:35
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

/etc/mail/spamassassin/local.cf
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
The Following User Says Thank You to topdog For This Useful Post:
padonker (23rd April 2009)
  #5  
Old 24th April 2009, 10:20
padonker padonker is offline
Member
 
Join Date: Apr 2009
Posts: 30
Thanks: 2
Thanked 1 Time in 1 Post
Default

Thanks, that worked a lot, but still too much is passed through.
I noticed that even though they are found on, amongst others, DCC, the score does not reach my defined level of 5.
I've looked in all config files but cannot find the right place where to tinker with the scores.
Any suggestions?

Reply With Quote
  #6  
Old 24th April 2009, 10:24
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Put your custom scores in /etc/mail/spamassassin/local.cf i suggest you raise your razor scores as well, razor is a network check which is expensive on resources have it score at 0.50 is just not efficient.

I suggest you score anything in razor at 5.0 and above
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 24th April 2009, 10:30
padonker padonker is offline
Member
 
Join Date: Apr 2009
Posts: 30
Thanks: 2
Thanked 1 Time in 1 Post
Default

is there a place where I can look up the syntax for such things? Don't want to bother for every little thingy
Reply With Quote
  #8  
Old 24th April 2009, 10:36
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

for the razor rules you need this

Code:
score 5.0 RAZOR2_CF_RANGE_51_100
score 5.0 RAZOR2_CF_RANGE_E4_51_100
score 5.0 RAZOR2_CHECK
And yes, if you read the spamassassin documentation as well as the wiki, writing of rules is explained. You can also look at the rules that come with the installation. You will be some basic perl knowledge though to understand them.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
The Following User Says Thank You to topdog For This Useful Post:
padonker (24th April 2009)
  #9  
Old 24th April 2009, 10:50
padonker padonker is offline
Member
 
Join Date: Apr 2009
Posts: 30
Thanks: 2
Thanked 1 Time in 1 Post
 
Thumbs up

excellent! great help
Reply With Quote
Reply

Bookmarks

Tags
spamsnake interia.pl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
SpamSnake SpamAssassin not working? getrav HOWTO-Related Questions 5 23rd June 2008 23:02
network issues now it says "401 The web site is blocked by administrator" Check General 3 26th February 2008 14:22
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18
php script injections Grizzly General 21 18th July 2006 08:55


All times are GMT +2. The time now is 13:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.