Hi all How did you tuned spamassassin and amavis? The Basic configuration of Spamassassin is really bad. Thanks admins
Why that? Mine filters > 99% of all spams correctly without false positives. Just set the score in the policy you use to a lower value.
Example Spam: Code: Return-Path: <[email protected]> Delivered-To: xy Received: from localhost (localhost [127.0.0.1]) by xy.lumina.net (Postfix) with ESMTP id 7157D72E1FD for <xy>; Wed, 21 Oct 2009 08:15:17 +0200 (CEST) X-Virus-Scanned: SecGateway X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-9999 required=5 tests=[HTML_MESSAGE=0.001, SPF_PASS=-0.001] Received: from xyt ([127.0.0.1]) by localhost (xy [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jklDPGasqYu for <xy>; Wed, 21 Oct 2009 08:15:15 +0200 (CEST) Received: from blu0-omc2-s23.blu0.hotmail.com (blu0-omc2-s23.blu0.hotmail.com [65.55.111.98]) by cxy (Postfix) with ESMTP id 64B2E72E1FC for <yx>; Wed, 21 Oct 2009 08:15:15 +0200 (CEST) Received: from BLU147-W32 ([65.55.111.73]) by blu0-omc2-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 20 Oct 2009 23:15:14 -0700 Message-ID: <[email protected]> Content-Type: multipart/alternative; boundary="_c265623b-b73a-44ad-877a-f1a234209a68_" X-Originating-IP: [201.164.207.109] From: Mervin Hakkila <[email protected]> To: <xyh> Subject: Stefan, I lost my dog. Help me! Date: Wed, 21 Oct 2009 06:15:14 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 21 Oct 2009 06:15:14.0451 (UTC) FILETIME=[DA589630:01CA5215] X-Evolution-Source: imap://ds@sf/ --_c265623b-b73a-44ad-877a-f1a234209a68_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Here is his picture: http://professionalhotelier.in/indx_287.html Rhea. =20 _________________________________________________________________ Windows Live Hotmail: Your friends can get your Facebook updates=2C right f= rom Hotmail=AE. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so= cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092= 009= --_c265623b-b73a-44ad-877a-f1a234209a68_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html> <head> <style><!-- .hmmessage P { margin:0px=3B padding:0px } body.hmmessage { font-size: 10pt=3B font-family:Verdana } --></style> </head> <body class=3D'hmmessage'> Here is his picture: <A href=3D"http://professionalhotelier.in/indx_287.htm= l">http://professionalhotelier.in/indx_287.html</A><BR><BR>Rhea.<BR> = <br /><hr />Windows Live Hotmail: <a href=3D'http://www.microsoft.com= /middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx= ?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009' target=3D'_new'>You= r friends can get your Facebook updates=2C right from Hotmail=AE.</a></body= > </html>= --_c265623b-b73a-44ad-877a-f1a234209a68_-- I receive per day 30 spammails such as that. the score is 0, and I cant set the limit down to 0 ;-)
Run: sa-update on the shell regularily to keep the spamassassin rules database up to date and afterwards restart amavisd.
Hi Till I did the update, may I receive this following spams again. They are every time from hotmail servers and begin: Name, blablabla... Such as: Stefan, I could not reach you. Your phone line is consistently busy. How could I add rules from sansecurity and more to the clamav and add filters to spamassassin? thanks admins
Add something like this to the local.cf file: score FORGED_HOTMAIL_RCVD2 0.000 and restart amavisd. See also: http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo
As there is a daily cron to do so it would help to enable it. At least at Ubuntu it's disabled by default. To enable edit /etc/default/spammassassin and change from CRON=0 to CRON=1 Further it would help to restart/reload amavis within the cron if active. To do so change: # Reload if which invoke-rc.d >/dev/null 2>&1; then invoke-rc.d spamassassin reload > /dev/null 2>&1 else /etc/init.d/spamassassin reload > /dev/null 2>&1 fi TO # Reload if which invoke-rc.d >/dev/null 2>&1; then invoke-rc.d spamassassin reload > /dev/null 2>&1 if [ -f /var/run/amavis/amavis.pid ]; then invoke-rc.d amavis restart > /dev/null 2>&1 fi else /etc/init.d/spamassassin reload > /dev/null 2>&1 if [ -f /var/run/amavis/amavis.pid ]; then /etc/init.d/amavis restart > /dev/null 2>&1 fi fi No idea it it causes trouble under heavy load. Hopes that helps. At least should be included into the manual/perfect setup ;-)
