Matt wrote: > Hi all,
> We're getting some user complaints of spam and they all seem to follow the > same general template. > Something like this: > ---snip--- > nicky > http://uk.geocities.com/Hyman_Barrientos/?Wn=Seek_quick.and_effective.cures > ---snip--- > After which they have some random words at the end (random english > dictionary words). Some of them don't. > A lot of these are making it to the quarantine but some of them aren't > even getting a positive score. Is there a rule out there I can find, or > possibly an additional blacklist I can add on top of the default (razor)? > I'm not a big fan of blacklists but as long as we're only just "tagging" > spam (and not deleting it) and the blacklist is fairly conservative, I > wouldn't mind allowing it to add some points to messages. > Thanks, > Matt Make sure you set: $sa_local_tests_only = 0; in amavisd.conf. Otherwise SpamAssassin will not perform network tests (Razor included). I think you are using FreeBSD, so there should be a /usr/local/etc/mail/spamassassin/init.pre file. This file normally will contain: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF If you did not install from ports, then it might be in /etc/mail/spamassassin Verify that init.pre exists in the same place you have local.cf and at the very least 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL' is there. You might consider using Pyzor. It is slower than some of the other tests (only one server) and it has made a bit of a mess on some machines when the Pyzor server was unavailable. The author will change the server on occasion, so it may be a good idea to make sure the server is up by maybe doing a 'pyzor ping' in a cron job, with the result mailed to you. If you use ports, it should be there: /usr/ports/mail/pyzor install, then run both: pyzor discover and su vscan -c 'pyzor discover' (pyzor discover provides pyzor the IP address of the Pyzor server) then 'pyzor ping' to see if the Pyzor server is up run su vscan -c 'spamassassin --lint -D' and you should see debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 if all is working well. I don't think you even need to reload amavisd-new. DCC is very good, but as an ISP, and due to the volume of mail you receive, and due to the license, I believe you would need to run the DCC server (dccd I think) on one of your machines and then provide your data (flood your data) to the main servers. At least something to that effect, I think. You would have to study how to set this up. If you don't have $sa_local_tests_only = 0; set, then this would be the main problem. An email like this should hit on a couple of the networks tests, with URIDNSBL the most likely to help. There is not much for SpamAssassin to key on if network test are not performed. Gary V ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/