today i am playing with spamassassin. i recently moved all the company email to the same hosts as my website. It is really great to have all the proper hosting features. i am so used to cpanel now.
spamassasin is a great tool and it is really excellent to be able to control it. Previously the ISP was controlling spam blocking for our domain and so some clients email was getting bounced and we end up looking bad. unfortunately like most open source software it does practically everything but you will have to read much documentation before it does.
here is the spamassassin user_prefs which i am working with from today. The default settings were not aggressive enough.
i got it thanks to the following link
http://forum.hostony.com/index.php?showtopic=3873
i have commented on each item in this example so i can learn it myself. I amended some scores cos i had some false positives and raised the required score to 10 instead of 5.5 as it was in the above example. It is still very much a work in progress. Basically the intention is to give the usual types of spam very high scores.
i have the local mailserver which basically just acts as an imap solution for the company set up to pick up the [***SPAM*** header and put it into the IMAP trash mailbox. I do not like to reject any emails but we do not have an enormous amount of email. Then the trash mailbox is also checked periodically through the day and i do i final check when i delete the trash.
you can check this config and see the possibilities. there are more at the following address
http://spamassassin.apache.org/tests_3_1_x.html
while reviewing this config now, there is much work to be done
anyway here is the user_prefs config
# here is the score which classifies the message as spam
required_score 10.0
# this text is added to the start of the subject of spam mails
rewrite_header subject [***SPAM*** Score/Req: _HITS_/_REQD_]
# here are the spam test and the scores you set
# the scores of the tests positive for an email are all added to give the final score
# spam is 100% natural
score ALL_NATURAL 10.0
# did not pass through any untrusted hosts
score ALL_TRUSTED 4.0
# contains URL in BIZ top level domain
score BIZ_TLD 4.0
# message has 80-90% blank lines
score BLANK_LINES_70_80 4.0
# porn spam mentions cum shots
score CUM_SHOT 10.0
# date is 3 to 6 hours after received date
score DATE_IN_FUTURE_03_06 2.0
# contains dear (something)
score DEAR_SOMETHING 3.0
# attempts to disguise porn words
score DISGUISE_PORN 10.0
# dns listed in dnsbl.ahbl.org
score DNS_FROM_AHBL_RHSBL 5.0
# talks about price per dose
score DRUG_DOSAGE 10.0
# talks about erectile dysfunction drug
score DRUG_ED_SILD 5.0
# subject contains an English UCE tag?
score ENGLISH_UCE_SUBJECT 3.0
# freedom of financial nature
score FIN_FREE 4.0
# contains a forged HELO
score FORGED_RCVD_HELO 0.5
# from yahoo.com does not match
score FORGED_YAHOO_RCVD 5.0
# from address ends in numbers
score FROM_ENDS_IN_NUMS 1.0
# contains subject with G A P S in the text
score GAPPY_SUBJECT 4.0
# relayed HELO
score HELO_DYNAMIC_HCC 4.0
# relayed HELO
score HELO_DYNAMIC_IPADDR2 4.0
# relayed HELO
score HELO_DYNAMIC_YAHOOBB 5.0
# message is 20 - 30% html
score HTML_20_30 1.0
score HTML_30_40 1.0
score HTML_40_50 1.0
score HTML_50_60 1.0
score HTML_60_70 1.0
score HTML_70_80 1.0
score HTML_80_90 1.0
score HTML_90_100 2.0
# html font face is not a word
score HTML_FONT_FACE_BAD 4.0
# html font color is same as background
score HTML_FONT_INVISIBLE 5.0
# html with images only 0-400 bytes
score HTML_IMAGE_ONLY_04 9.0
# html included in message
score HTML_MESSAGE 0.5
# html contains text after body close
score HTML_TEXT_AFTER_BODY 4.0
# html contains text after html close
score HTML_TEXT_AFTER_HTML 4.0
# image tag intended to identify you
score HTML_WEB_BUGS 5.0
# contains URL in .info top level domain
score INFO_TLD 2.0
# invalid date header (not RFC 2822)
score INVALID_DATE 0.5
# missing date header
score MISSING_DATE 4.0
# money back guarantee
score MONEY_BACK 7.0
# from does not include a real name
score NO_REAL_NAME 0.5
# off shore scam
score OFFSHORE_SCAM 10.0
# rcvd helo and ip do not match
score RCVD_HELO_IP_MISMATCH 5.0
# recieved by relay in spamcop
score RCVD_IN_BL_SPAMCOP_NET 5.0
# received by relay in dsbl
score RCVD_IN_DSBL 5.0
# njabl : dial up sender did non-local
score RCVD_IN_NJABL_DUL 5.0
# rcvd relay in spamhaus
score RCVD_IN_SBL 5.0
# sorbs ; sent directly from dynamic IP
score RCVD_IN_SORBS_DUL 5.0
# rcvd relay in spamhaus xbl
score RCVD_IN_XBL 5.0
# rcvd helo is ip
score RCVD_NUMERIC_HELO 3.0
# url of page called remove
score REMOVE_PAGE 9.0
# subject contains gappy version of
score SUBJECT_DRUG_GAP_L 9.0
# subject contains a lot of spaces
score SUBJ_HAS_SPACES 3.0
# subject contains unique ID
score SUBJ_HAS_UNIQ_ID 9.0
# to repeats address as real name
score TO_ADDRESS_EQ_REAL 3.0
# has tracker ID number
score TRACKER_ID 9.0
valid looking to undisclosed recipients
score UNDISC_RECIPS 5.0
# what are you waiting for
score WHY_WAIT 10.0
# these ones are not in tests for version 3.1 i must look at them
score DRUGS_ERECTILE 10.0
score DRUGS_PAIN 5.5
score NIGERIAN_BODY1 10.0
score NIGERIAN_BODY2 10.0
score NIGERIAN_BODY3 10.0
score NIGERIAN_BODY4 10.0
score MISSING_SUBJECT 0.5
score FORGED_OUTLOOK_HTML 5.0
score FORGED_OUTLOOK_TAGS 5.0
# then here you put your white list domains
whitelist_from *@yourcompany.com
spamassasin is a great tool and it is really excellent to be able to control it. Previously the ISP was controlling spam blocking for our domain and so some clients email was getting bounced and we end up looking bad. unfortunately like most open source software it does practically everything but you will have to read much documentation before it does.
here is the spamassassin user_prefs which i am working with from today. The default settings were not aggressive enough.
i got it thanks to the following link
http://forum.hostony.com/index.php?showtopic=3873
i have commented on each item in this example so i can learn it myself. I amended some scores cos i had some false positives and raised the required score to 10 instead of 5.5 as it was in the above example. It is still very much a work in progress. Basically the intention is to give the usual types of spam very high scores.
i have the local mailserver which basically just acts as an imap solution for the company set up to pick up the [***SPAM*** header and put it into the IMAP trash mailbox. I do not like to reject any emails but we do not have an enormous amount of email. Then the trash mailbox is also checked periodically through the day and i do i final check when i delete the trash.
you can check this config and see the possibilities. there are more at the following address
http://spamassassin.apache.org/tests_3_1_x.html
while reviewing this config now, there is much work to be done
anyway here is the user_prefs config
# here is the score which classifies the message as spam
required_score 10.0
# this text is added to the start of the subject of spam mails
rewrite_header subject [***SPAM*** Score/Req: _HITS_/_REQD_]
# here are the spam test and the scores you set
# the scores of the tests positive for an email are all added to give the final score
# spam is 100% natural
score ALL_NATURAL 10.0
# did not pass through any untrusted hosts
score ALL_TRUSTED 4.0
# contains URL in BIZ top level domain
score BIZ_TLD 4.0
# message has 80-90% blank lines
score BLANK_LINES_70_80 4.0
# porn spam mentions cum shots
score CUM_SHOT 10.0
# date is 3 to 6 hours after received date
score DATE_IN_FUTURE_03_06 2.0
# contains dear (something)
score DEAR_SOMETHING 3.0
# attempts to disguise porn words
score DISGUISE_PORN 10.0
# dns listed in dnsbl.ahbl.org
score DNS_FROM_AHBL_RHSBL 5.0
# talks about price per dose
score DRUG_DOSAGE 10.0
# talks about erectile dysfunction drug
score DRUG_ED_SILD 5.0
# subject contains an English UCE tag?
score ENGLISH_UCE_SUBJECT 3.0
# freedom of financial nature
score FIN_FREE 4.0
# contains a forged HELO
score FORGED_RCVD_HELO 0.5
# from yahoo.com does not match
score FORGED_YAHOO_RCVD 5.0
# from address ends in numbers
score FROM_ENDS_IN_NUMS 1.0
# contains subject with G A P S in the text
score GAPPY_SUBJECT 4.0
# relayed HELO
score HELO_DYNAMIC_HCC 4.0
# relayed HELO
score HELO_DYNAMIC_IPADDR2 4.0
# relayed HELO
score HELO_DYNAMIC_YAHOOBB 5.0
# message is 20 - 30% html
score HTML_20_30 1.0
score HTML_30_40 1.0
score HTML_40_50 1.0
score HTML_50_60 1.0
score HTML_60_70 1.0
score HTML_70_80 1.0
score HTML_80_90 1.0
score HTML_90_100 2.0
# html font face is not a word
score HTML_FONT_FACE_BAD 4.0
# html font color is same as background
score HTML_FONT_INVISIBLE 5.0
# html with images only 0-400 bytes
score HTML_IMAGE_ONLY_04 9.0
# html included in message
score HTML_MESSAGE 0.5
# html contains text after body close
score HTML_TEXT_AFTER_BODY 4.0
# html contains text after html close
score HTML_TEXT_AFTER_HTML 4.0
# image tag intended to identify you
score HTML_WEB_BUGS 5.0
# contains URL in .info top level domain
score INFO_TLD 2.0
# invalid date header (not RFC 2822)
score INVALID_DATE 0.5
# missing date header
score MISSING_DATE 4.0
# money back guarantee
score MONEY_BACK 7.0
# from does not include a real name
score NO_REAL_NAME 0.5
# off shore scam
score OFFSHORE_SCAM 10.0
# rcvd helo and ip do not match
score RCVD_HELO_IP_MISMATCH 5.0
# recieved by relay in spamcop
score RCVD_IN_BL_SPAMCOP_NET 5.0
# received by relay in dsbl
score RCVD_IN_DSBL 5.0
# njabl : dial up sender did non-local
score RCVD_IN_NJABL_DUL 5.0
# rcvd relay in spamhaus
score RCVD_IN_SBL 5.0
# sorbs ; sent directly from dynamic IP
score RCVD_IN_SORBS_DUL 5.0
# rcvd relay in spamhaus xbl
score RCVD_IN_XBL 5.0
# rcvd helo is ip
score RCVD_NUMERIC_HELO 3.0
# url of page called remove
score REMOVE_PAGE 9.0
# subject contains gappy version of
score SUBJECT_DRUG_GAP_L 9.0
# subject contains a lot of spaces
score SUBJ_HAS_SPACES 3.0
# subject contains unique ID
score SUBJ_HAS_UNIQ_ID 9.0
# to repeats address as real name
score TO_ADDRESS_EQ_REAL 3.0
# has tracker ID number
score TRACKER_ID 9.0
valid looking to undisclosed recipients
score UNDISC_RECIPS 5.0
# what are you waiting for
score WHY_WAIT 10.0
# these ones are not in tests for version 3.1 i must look at them
score DRUGS_ERECTILE 10.0
score DRUGS_PAIN 5.5
score NIGERIAN_BODY1 10.0
score NIGERIAN_BODY2 10.0
score NIGERIAN_BODY3 10.0
score NIGERIAN_BODY4 10.0
score MISSING_SUBJECT 0.5
score FORGED_OUTLOOK_HTML 5.0
score FORGED_OUTLOOK_TAGS 5.0
# then here you put your white list domains
whitelist_from *@yourcompany.com
Comment