Hi there, Help please... 1. I have installed the spamassassin into my Postfix ( Linux ) but spamassassin mark my legal email as spam. Any solution? 2. Is there any 3rd party anti spam software available in the market besides spamassassin and procmail? Thanks regards Sarah
#1 You'll need to post more information about your setup. Please post at least what SA told you in your false positive. SA tells you which rule added how much to the score and thereby gives you hints about what's up and what may be changed. #2 SA is the defacto market leading solution. There may be others, but I don't know them What you'll find on the web are some solution providers who offer to handle the mail for you, but for most people these services are too costly.
Hi AlArenal, Thanks for your reply. 1) Here is my file setup. Please let me know if you need any others files. a) /etc/mail/spamassassin/local.cf required_score 2 #rewrite_header Subject [SPAM] #report_safe 0 #use_pyzor 0 #use_razor2 1 #use_razor2 0 use_dcc 0 dcc_home /var/dcc skip_rbl_checks 0 rbl_timeout 3 score RCVD_IN_BL_SPAMCOP_NET 2 #trusted_networks 123.123.123. use_bayes 1 bayes_auto_learn 1 bayes_path /home/spamd/.spamassassin/bayes required_hits 5 add_header all Level _STARS(X)_ rewrite_subject 1 report_safe 1 subject_tag *SPAM* [_HITS_] b) /home/pehpehang/.spamassassin/user_prefs # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. ########################################################################### # How many hits before a mail is considered spam. # required_hits 4 # Whitelist and blacklist addresses are now file-glob-style patterns, so # "[email protected]", "*@isp.com", or "*.domain.net" will all work. # whitelist_from [email protected] # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HEADER_8BITS 0 # score HTML_COMMENT_8BITS 0 # score SUBJ_FULL_OF_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 c) /usr/share/spamassassin/50_scores.cf ( Default ) Please see attached file. d) /home/pehpehang/.procmailrc LOGFILE=procmaillog VERBOSE=on # turn this on for debugging DROPPRIVS=yes :0fw | /usr/bin/spamassassin 2) The following are my some question. a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ? b) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i receive a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem. **** ------- ****** From: <[email protected]> To: <[email protected]> Subject: failure notice Date: Tuesday, June 26, 2007 7:16 PM Hi. This is the qmail-send program at b004mail7.cracantu.it. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[email protected]>: Sorry, no mailbox here by that name. (#5.1.1) --- Below this line is a copy of the message. Return-Path: <[email protected]> Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000 Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189]) (envelope-sender <[email protected]>) by 192.168.22.60 (qmail-ldap-1.03) with SMTP for <[email protected]>; 26 Jun 2007 10:58:35 -0000 Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200 Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <[email protected]>, uid 201) with qmail-scanner-1.25st (clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st. Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):. Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000 X-Spam-Status: Yes, hits=10.9 required=4.0 X-Spam-Level: ++++++++++ Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151) by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200 X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500 Message-ID: <[email protected]> From: "Merle Nichols" <[email protected]> Reply-To: "Merle Nichols" <[email protected]> To: [email protected] Subject: [SPAM] - Stylish repl1ca w4tches from famous brands Date: Tue, 26 Jun 2007 06:58:15 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit X-Qmail-Scanner-1.25st: added fake MIME-Version header MIME-Version: 1.0 Please help as i am new in SpamAssassin. Thanks in advance... regards Sarah.
You can consider to change the spam hits score within the mailbox of the mailuser within ISPConfig. The default value is 5. I have very good experience with Postgrey, which is a greylisting system for the Postfix MTA. It is easily to setup according this howto here: http://www.howtoforge.com/greylisting_postfix_postgrey
Uh, sooo much to read The local.cf is the global configuration file. The settings in there apply to every mail scan, except you have defined other values in your user_prefs. The settings in user_prefs override the values of local.cf for the particular user. We go with global settings for every mailbox of our customers. Especially decreasing required_hits value easily leads to a lot more so called "false positives" (ham mails that get marked as spam, although they are not). Going with the same rules for also makes it easier in the beginning to check and tweak the base configuration. -- I'm not a great fan of greylisting. Over the past few months and weeks spammers lerned to bypass it and you may run into trouble with your customers. I'd rather use a solid anti-spam setup for Postfix (till or falko just posted a good one here on howtoforge.com ), but it takes time until you got it how you want it. There are quite some RBLs that cause even more trouble...
I have very bad experiences wit RBL's and i do not want to be depend on them. You also could consider to start using Pyzor, Razor & DCC for Spamasassin.
Anti Spam Hi there, Thanks for your reply. Sorry, long text again ... 1. So my config files for /etc/mail/spamassassin/local.cf is correct? Anything need to be amend? 2. Can i edit to /usr/share/spamassassin/50_scores.cf ? The following is 1 sample of score. If i want to edit the score, which value i need to change 0.970 or 1.540 or 2.070 or 0.894 ? Eg. score ACCEPT_CREDIT_CARDS 0.970 1.540 2.070 0.894 3) I do not know why i receive a lot of email like "failure notice", "Undelivery mail return" and etc.... It is very funny because that email account we do not use it yet i received a lot of this kind of email. The following is sample of "failure notice" email. I think someone is use our email illegally. Pls advice how to solve this problem. ------- START ----------- From: <[email protected]> To: <[email protected]> Subject: failure notice Date: Tuesday, June 26, 2007 7:16 PM Hi. This is the qmail-send program at b004mail7.cracantu.it. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[email protected]>: Sorry, no mailbox here by that name. (#5.1.1) --- Below this line is a copy of the message. Return-Path: <[email protected]> Received: (qmail 29533 invoked from network); 26 Jun 2007 10:58:35 -0000 Received: from unknown (HELO b005mail.cracantu.it) ([192.168.22.189]) (envelope-sender <[email protected]>) by 192.168.22.60 (qmail-ldap-1.03) with SMTP for <[email protected]>; 26 Jun 2007 10:58:35 -0000 Received: (qmail 26068 invoked by uid 210); 26 Jun 2007 12:58:34 +0200 Received: from 79.8.26.151 by b004mail5.cracantu.it (envelope-from <[email protected]>, uid 201) with qmail-scanner-1.25st (clamdscan: 0.90.3/3523. spamassassin: 3.2.1. perlscan: 1.25st. Clear:RC:0(79.8.26.151):SA:1(10.9/4.0):. Processed in 1.826129 secs); 26 Jun 2007 10:58:34 -0000 X-Spam-Status: Yes, hits=10.9 required=4.0 X-Spam-Level: ++++++++++ Received: from host151-26-dynamic.8-79-r.retail.telecomitalia.it (79.8.26.151) by 192.168.22.189 with SMTP; 26 Jun 2007 12:58:33 +0200 X-Originating-IP: 195.104.26.220 by smtp.79.8.26.151; Tue, 26 Jun 2007 06:58:15 -0500 Message-ID: <[email protected]> From: "Merle Nichols" <[email protected]> Reply-To: "Merle Nichols" <[email protected]> To: [email protected] Subject: [SPAM] - Stylish repl1ca w4tches from famous brands Date: Tue, 26 Jun 2007 06:58:15 -0500 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit X-Qmail-Scanner-1.25st: added fake MIME-Version header MIME-Version: 1.0 Thanks a millions regards sarah
Warning @pehpehang, I just removed some content within your replies. Please do not use that text about casino's & watches & more stuff at the end of your messages, otherwise i, or other moderators will remove your future thread/messages!
And our customers don't want to receive those 120.000 mails that got rejected on monday alone by the use of RBLs
