Hi all, I have a fairly vanilla install of ISPconfig, basic configuration and using some RBL blocking with Spamassassin. All ok but still getting a bit of spam through. What config are you using and how effective is it? I am hoping to get some ideas to include in my server and reduce the amount of spam. Currently using Default ISPConfig Installs of: Amavis, ClamAV, Spamassassin in conjuction with these RBL's: Zen Spamhause (default) Spamcop Barracuda TIA.
To fine-tune the spam scanning you acn add additional rulesets for SpamAssassin and you might install razor and pyzor for SpamAssassin.
razor and pyzor seem to do the same just depending on perl and python isn't it? Are they running out of the box or do they need configuration to work with ISPconfig?
I thought they are different things, but I might be wrong. Never come to my mind that they might be the same Just install them "for SpamAssassin" and add their SpamAssassinamassassin local.cf, then restart amavisd to apply the changes. Another thing that one might add is DCC, but that's not OS and might be free for personal use only. And @florian030 provides a good additional SpamAssassin ruleset here: https://schaal-it.com/current-rules-spamassassin-schaal/
@till you are right, they are not the same, but they use the same idea of networked system. Do you know if both of them can be used together? Can I simply install the Debian packages of them? By DCC you mean Distributed Checksum Clearinghouse? What is the difference in applying a SPAM ruleset to a domain vs. a mailbox? Or asked differently: if I apply a SPAM ruleset for a domain, do I need to apply it to the mailbox too?
Installation should be (if I remember correctly): apt-get install pyzor razor su - amavis razor-admin -create razor-admin -register pyzor discover yes The mailbox setting (if set) overrides the domain setting. I'll set the spam filter policy in the domain level on my servers. I use the mailbox setting only in case that the filter level shall differ from the one of the domain.
Thanks @till . This one seems no longer needed as it takes the default server anyway if no servers file is available. @till I know that DCC is not considered free by Debian. Are there Debian packages or do I need to install it manually?
@florian030 How does your ruleset interact with the ISPConfig SPAM Filter Policies? Does it make sense to use other rulesets (i.e. spamassassin.heinlein-support.de) besides yours?
Probably not. But if you are still not satisfied with the results after razor and pyzor installation plus some extra rules like the ones from Florian, then you might want to try it.
The rules are used by spamassassin, it depends just on your policies, if the score is "high enough". You can use any additional rules and i use the rules from Peer, too.
I'd also recommend https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto and https://github.com/extremeshok/clamav-unofficial-sigs + some rbls dnsbl.inps.de,zen.spamhaus.org, truncate.gbudb.net, bl.mailspike.net, b.barracudacentral.org, noptr.spamrats.com, dyna.spamrats.com, drone.abuse.ch, cbl.abuseat.org there are others like blockliste.de and some paid ones ( which rly do have good and up2date lists sometimes ). And if you have few chinese customers or customers with chinese contacts ( or russian or ... ) Code: loadplugin Mail::SpamAssassin::Plugin::RelayCountry ifplugin Mail::SpamAssassin::Plugin::RelayCountry add_header all Relay-Country _RELAYCOUNTRY_ header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(CN|RU|UA|RO|VN)/ describe RELAYCOUNTRY_BAD Relayed through spammy country at some point score RELAYCOUNTRY_BAD 4.0 header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(DE|AT|CH)/ describe RELAYCOUNTRY_GOOD First untrusted GW is DE, AT or CH score RELAYCOUNTRY_GOOD -0.5 endif # Mail::SpamAssassin::Plugin::RelayCountry ^^
