Anti Spam for Postfix

Discussion in 'Server Operation' started by pehpehang, Jun 27, 2007.

  1. pehpehang

    pehpehang New Member

    Hi there,

    Help please...

    1. I have installed the spamassassin into my Postfix ( Linux ) but spamassassin mark my legal email as spam. Any solution?

    2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail?

    Thanks

    regards
    Sarah
     
  2. AlArenal

    AlArenal New Member

    #1
    You'll need to post more information about your setup. Please post at least what SA told you in your false positive. SA tells you which rule added how much to the score and thereby gives you hints about what's up and what may be changed.

    #2
    SA is the defacto market leading solution. There may be others, but I don't know them ;) What you'll find on the web are some solution providers who offer to handle the mail for you, but for most people these services are too costly.
     
  3. pehpehang

    pehpehang New Member

    Hi AlArenal,

    Thanks for your reply.

    1) Here is my file setup. Please let me know if you need any others files.
    a) /etc/mail/spamassassin/local.cf

    required_score 2
    #rewrite_header Subject [SPAM]
    #report_safe 0
    #use_pyzor 0
    #use_razor2 1
    #use_razor2 0
    use_dcc 0
    dcc_home /var/dcc
    skip_rbl_checks 0
    rbl_timeout 3
    score RCVD_IN_BL_SPAMCOP_NET 2
    #trusted_networks 123.123.123.
    use_bayes 1
    bayes_auto_learn 1
    bayes_path /home/spamd/.spamassassin/bayes
    required_hits 5
    add_header all Level _STARS(X)_
    rewrite_subject 1
    report_safe 1
    subject_tag *SPAM* [_HITS_]

    b) /home/pehpehang/.spamassassin/user_prefs

    # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
    # for details of what can be tweaked.
    ###########################################################################

    # How many hits before a mail is considered spam.

    # required_hits 4

    # Whitelist and blacklist addresses are now file-glob-style patterns, so
    # "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
    # whitelist_from someone@somewhere.com

    # Add your own customised scores for some tests below. The default scores are
    # read from the installed spamassassin rules files, but you can override them
    # here. To see the list of tests and their default scores, go to
    # http://spamassassin.org/tests.html .
    #
    # score SYMBOLIC_TEST_NAME n.nn

    # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
    # definitely want to uncomment the following lines. They will switch off some
    # rules that detect 8-bit characters, which commonly trigger on mails using CJK
    # character sets, or that assume a western-style charset is in use.
    #
    # score HEADER_8BITS 0
    # score HTML_COMMENT_8BITS 0
    # score SUBJ_FULL_OF_8BITS 0
    # score UPPERCASE_25_50 0
    # score UPPERCASE_50_75 0
    # score UPPERCASE_75_100 0

    c) /usr/share/spamassassin/50_scores.cf ( Default )
    Please see attached file.


    d) /home/pehpehang/.procmailrc

    LOGFILE=procmaillog
    VERBOSE=on # turn this on for debugging
    DROPPRIVS=yes

    :0fw
    | /usr/bin/spamassassin


    2) The following are my some question.

    a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?

    b) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i receive a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.


    **** ------- ******
    From: <MAILER-DAEMON@b004mail7.cracantu.it>
    To: <cheryllam@jpcomputers.com.sg>
    Subject: failure notice
    Date: Tuesday, June 26, 2007 7:16 PM

    Hi. This is the qmail-send program at b004mail7.cracantu.it.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <fbf2d@cracantu.it>:
    Sorry, no mailbox here by that name. (#5.1.1)

    --- Below this line is a copy of the message.

    Return-Path: <cheryllam@jpcomputers.com.sg>
    Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
    Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
    (envelope-sender <cheryllam@jpcomputers.com.sg>)
    by 192.168.22.60 (qmail-ldap-1.03) with SMTP
    for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
    Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
    Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
    (clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
    Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
    Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
    X-Spam-Status: Yes, hits=10.9 required=4.0
    X-Spam-Level: ++++++++++
    Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
    by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
    X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
    Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
    From: "Merle Nichols" <elenabn@cracantu.it>
    Reply-To: "Merle Nichols" <elenabn@cracantu.it>
    To: elenabn@cracantu.it
    Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
    Date: Tue, 26 Jun 2007 06:58:15 -0500
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7Bit
    X-Qmail-Scanner-1.25st: added fake MIME-Version header
    MIME-Version: 1.0



    Please help as i am new in SpamAssassin. Thanks in advance...

    regards
    Sarah.
     

    Attached Files:

    Last edited by a moderator: Jun 28, 2007
  4. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    You can consider to change the spam hits score within the mailbox of the mailuser within ISPConfig. The default value is 5.

    I have very good experience with Postgrey, which is a greylisting system for the Postfix MTA.
    It is easily to setup according this howto here: http://www.howtoforge.com/greylisting_postfix_postgrey
     
  5. AlArenal

    AlArenal New Member

    Uh, sooo much to read ;)

    The local.cf is the global configuration file. The settings in there apply to every mail scan, except you have defined other values in your user_prefs. The settings in user_prefs override the values of local.cf for the particular user.
    We go with global settings for every mailbox of our customers. Especially decreasing required_hits value easily leads to a lot more so called "false positives" (ham mails that get marked as spam, although they are not).

    Going with the same rules for also makes it easier in the beginning to check and tweak the base configuration.

    --

    I'm not a great fan of greylisting. Over the past few months and weeks spammers lerned to bypass it and you may run into trouble with your customers. I'd rather use a solid anti-spam setup for Postfix (till or falko just posted a good one here on howtoforge.com ), but it takes time until you got it how you want it. There are quite some RBLs that cause even more trouble...
     
  6. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    I have very bad experiences wit RBL's and i do not want to be depend on them.
    You also could consider to start using Pyzor, Razor & DCC for Spamasassin.
     
  7. pehpehang

    pehpehang New Member

    Anti Spam

    Hi there,

    Thanks for your reply.

    Sorry, long text again ... :)

    1. So my config files for /etc/mail/spamassassin/local.cf is correct? Anything need to be amend?

    2. Can i edit to /usr/share/spamassassin/50_scores.cf ?
    The following is 1 sample of score. If i want to edit the score, which value i need to change 0.970 or 1.540 or 2.070 or 0.894 ?

    Eg. score ACCEPT_CREDIT_CARDS 0.970 1.540 2.070 0.894

    3) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i received a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem.

    ------- START -----------

    From: <MAILER-DAEMON@b004mail7.cracantu.it>
    To: <cheryllam@jpcomputers.com.sg>
    Subject: failure notice
    Date: Tuesday, June 26, 2007 7:16 PM

    Hi. This is the qmail-send program at b004mail7.cracantu.it.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <fbf2d@cracantu.it>:
    Sorry, no mailbox here by that name. (#5.1.1)

    --- Below this line is a copy of the message.

    Return-Path: <cheryllam@jpcomputers.com.sg>
    Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000
    Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189])
    (envelope-sender <cheryllam@jpcomputers.com.sg>)
    by 192.168.22.60 (qmail-ldap-1.03) with SMTP
    for <fbf2d@cracantu.it>; 26 Jun 2007 10:58:35 -0000
    Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200
    Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <cheryllam@jpcomputers.com.sg>, uid 201) with qmail-scanner-1.25st
    (clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st.
    Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):.
    Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000
    X-Spam-Status: Yes, hits=10.9 required=4.0
    X-Spam-Level: ++++++++++
    Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151)
    by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200
    X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500
    Message-ID: <bbuhqykTIZQCLMelenabn@cracantu.it>
    From: "Merle Nichols" <elenabn@cracantu.it>
    Reply-To: "Merle Nichols" <elenabn@cracantu.it>
    To: elenabn@cracantu.it
    Subject: [SPAM] - Stylish repl1ca w4tches from famous brands
    Date: Tue, 26 Jun 2007 06:58:15 -0500
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7Bit
    X-Qmail-Scanner-1.25st: added fake MIME-Version header
    MIME-Version: 1.0


    Thanks a millions

    regards
    sarah
     
    Last edited by a moderator: Jun 28, 2007
  8. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    Warning

    @pehpehang,

    I just removed some content within your replies.

    Please do not use that text about casino's & watches & more stuff at the end of your messages, otherwise i, or other moderators will remove your future thread/messages!
     
    Last edited: Jun 28, 2007
  9. AlArenal

    AlArenal New Member

    And our customers don't want to receive those 120.000 mails that got rejected on monday alone by the use of RBLs ;)
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Take a look at DSpam: http://www.nuclearelephant.com/
     

Share This Page