Re: A SpamAssassin Crash Course for Admins
On 12/6/2011 12:59 AM, Dorian Chan wrote: Hello all, I've attached a newer version with Windows info. Thanks Daniel, Patrick, and Ted. A few comments: 1) There are multiple types of blacklists and whitelists. IP blacklists, URL blacklists, and address blacklists. IP and URL blacklists (and whitelists) are usually public and checked via DNS queries. Address blacklists (and whitelists) are usually stored on the local machine or shared in a local network rather than being public. 2) (Address) whitelists can trust emails pretending to be from whitelisted addresses, but this can be mitigated in SA by checking IP address, DKIM, SPF, or other methods to verify that the email is actually from the user it claims. 3) Recommended threshold (required_hits) is 5.0. All of the default scores are geared toward this. If you lower it, you will increase false positives. If you raise it, you will increase false negatives. 4) whitelist_from is not recommended, however if you know where the mail should be coming from, you can use whitelist_from_rcvd. If the sender uses DKIM or SPF, you can use whitelist_auth. 5) When checking rules, use 'spamassassin --lint'. This should give no output if the rule syntax is correct. Adding the '-D' option gives a bunch of extra debug information, which can make it more difficult (especially for a new user) to see whether the lint succeeded. Also, please use a font for command samples which can easily distinguish between '-' (a single dash) and '--' (a double dash). It is common to use courier or some other monospaced font for command samples in documents such as this. And make sure your editor does not automatically change the double dash to a long hyphen. The '--lint' option should start with two dashes. 6) You should note that 'spamassassin -t' will always claim that the message is spam. You should ignore that and refer to the score and rule hits instead. -- Bowie A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: A SpamAssassin Crash Course for Admins
On 2011-12-06 16:39, Bowie Bailey wrote: On 12/6/2011 12:59 AM, Dorian Chan wrote: Hello all, I've attached a newer version with Windows info. Thanks Daniel, Patrick, and Ted. A few comments: 1) There are multiple types of blacklists and whitelists. IP blacklists, URL blacklists, and address blacklists. IP and URL blacklists (and whitelists) are usually public and checked via DNS queries. Address blacklists (and whitelists) are usually stored on the local machine or shared in a local network rather than being public. URL blacklists should be named *domain blacklists as they list domains and users may chose to use them for URI and/or Sender /rDNS, etc checks.
Re: A SpamAssassin Crash Course for Admins
On Tue, 06 Dec 2011 16:50:29 +0100 Axb axb.li...@gmail.com wrote: URL blacklists should be named *domain blacklists No, I think they should be named URL blacklists. A domain blacklist, in my opinion, refers to the blacklisting of an email sender's domain. Regards, David.
Re: A SpamAssassin Crash Course for Admins
Am Dienstag, den 29.11.2011, 21:30 -0800 schrieb Ted Mittelstaedt: ... is that really so clear ? under 'what is spamassassin' you need to clarify that SA is not run on e-mail clients like desktops, that it is run on mailservers. -- Peace, Thomas
RE: A SpamAssassin Crash Course for Admins
Hi there, There isn't really much documentation for any Windows related topics since Michael Bell's tutorial site is offline as well as SpamAssassin for Win32 project being discontinued. However, while compiling an own version of native (so not Cygwin based) Windows SpamAssassin, I've written down the most important parts into a manual that refers to SpamAssassin Version 3.3.1. The major parts should be valid for current releases of SpamAssassin as well. You can find the manual on our company's website: http://www.jam-software.com/spamassassin/manual.php under the topic How To - Build SpamAssassin for Windows. I've also updated the official Wiki sites a while ago with parts of this content: http://wiki.apache.org/spamassassin/InstallingOnWindows http://wiki.apache.org/spamassassin/SpamdOnWindows In any case, you should highlight that SpamD has major problems running on a Windows Perl distribution. This becomes noticeable in terms of stability (especially when used on an x64 platform) and memory usage (serious memory leaks). Best regards, Daniel Lemke JAM Software GmbH Managing Director: Joachim Marder Max-Planck-Str. 22 * 54296 Trier * Germany Phone: +49-651-1456530 * Fax: +49-651-14565329 Commercial register number HRB 4920 (AG Wittlich) http://www.jam-software.com From: Kevin A. McGrail [mailto:kmcgr...@pccc.com]mailto:[mailto:kmcgr...@pccc.com] Sent: Wednesday, November 30, 2011 4:21 AM To: antiamoeba; Daniel Lemke Subject: Re: A SpamAssassin Crash Course for Admins Interesting idea. Windows isn't a bit platform for SpamAssassin but it's growing. There is one guy you can ask who is great with SA on windows named Daniel Lemke. I've cc'd him and maybe he can provide some feedback. Even if he just has some ideas of good websites or resources to start with. Regards, KAM Thanks for extending the deadline. A question for you: Would I need to include info about customizing on Windows as well? As I can't find very much about that anywhere and most admins use Unix for servers. I've attached the commented version 2.0 as well. Thanks.
RE: A SpamAssassin Crash Course for Admins
It's not always just branding. It's also, giving proper attribution. Organisations and people should be credited appropriately for their contributions. It's the respectful thing to do. GNU/Linux is the best example of this IMO. At least you said free software arena and not open source world ;) mike, please change your email to apachespamassassin@blahblahetc... ;- - rh
Re: A SpamAssassin Crash Course for Admins
Dorian, * Dorian Chan articgrayling...@gmail.com: Hello again, I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! I've attached an edited version that adds puts SA in context with other filtering methods. p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563 SpamAssassinPatrick.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Re: A SpamAssassin Crash Course for Admins
On 30/11/11 07:17, Ted Mittelstaedt wrote: I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! Everywhere you say SpamAssassin you should probably be saying Apache SpamAssassin. And instead of saying Linux you should say GNU/Linux, and instead of saying Ford you should say Ford Motor Company, and instead of saying Coke you should say Coca Cola, and instead of saying. Never thought I'd see the day when branding became this important in the Free Software arena... :-( It's not always just branding. It's also, giving proper attribution. Organisations and people should be credited appropriately for their contributions. It's the respectful thing to do. GNU/Linux is the best example of this IMO. At least you said free software arena and not open source world ;) -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature
Re: A SpamAssassin Crash Course for Admins
On 11/30/2011 4:32 AM, spamassas...@lists.grepular.com wrote: GNU/Linux is the best example of this IMO. IMO, that is the most controversial example you could have picked. I believe Debian and FSF are the only people that recognize that branding for Linux. Not arguing one side or the other but no one is arguing that SpamAssassin is under ASF's umbrella. And since this is a document basically about Spam on behalf of the project, getting our own name right in the document makes sense without working about kow-towing the capitalist pigs that rule the world ;-) Regards, KAM
Re: A SpamAssassin Crash Course for Admins
Well, here's my $0.02 For starters, is it realistic to think that someone charged with implementing spamassassin on a mailserver does not know what spam is? The first 2 sections are fluff and would be best replaced by a link to wikipedia's spam entry, along with the warning if you need to read wikipedia to figure out what spam is you shouldn't be installing spamassassin The 3rd section can be replaced with something saying: for the purposes of this document the following definitions are used: fp - yadda yadda yadda fn - yadda yadda yadda greylist - yadda yadda yadda in the shortest sentences you can write. The real beginning of the document should start with what is spamassassin dkim does not belong in the how sa works overview apple osx section is almost meaningless. Any osx server admin knows they have to go under the hood to the osx command line to do anything with their server. I'm not really sure why you have that in there because you don't have any other distribution-specific info it appears. Perhaps if you put several sections dealing with distro-specific stuff that might be better to put the OSX stuff in. vi is not really a good editor to tell a newbie to use. (I use vi myself exclusively) There are easier editors for newbies I get that probably you prefer vi and there's nothing wrong with mentioning it but you shouldn't seem as though it's a requirement. smartypants jokes telling people to block 0.0.0.0 to 255.255.255.255 are not appropriate either. I guarentee there will be newbies who won't get the joke and will actually try to do this. Also this misses the fact that a lot of mailservers nowadays are dual-stacked and run both IPv4 and IPv6. My personal preference for writing crash courses is to pick a specific *nix distribution and then detail an install on that. There are many small details that are critical to get right to have a successful installation, but you can't include these in a giant crash course that covers all the major distros. Generally people read these wanting to get something up and running quick so they need the specific info SA isn't really useful by itself it has to be run by something. A lot of people use procmail to call SA on mail and you need to detail that method. It also would help to detail calling SA with spamass milter although that is sendmail specific so it may not apply to all distros. And it would be a good thing to cover using a front end quarantine manager like mailscanner although not to go in depth since these typically are rather complex to get working. Ted On 11/28/2011 10:28 PM, antiamoeba wrote: Hi, I'm currently working on a crash course for administrators as part of Google Code-in. I would really appreciate it if you could provide any feedback for this project. This is still a big work in process and multiple definitions still need to be added/revised. Please let me know if you have any suggestions or if I have understood anything wrong. I've attached a pdf and a word document. Thanks, antiamoeba http://old.nabble.com/file/p32879895/SpamAssassin.pdf SpamAssassin.pdf http://old.nabble.com/file/p32879895/SpamAssassin.docx SpamAssassin.docx
Re: A SpamAssassin Crash Course for Admins
A note for those unfamiliar with GCI that these are 13 to 17 year old kids getting an introduction to open source. Thanks for the feedback! Regards, KAM Ted Mittelstaedt t...@ipinc.net wrote: Well, here's my $0.02 For starters, is it realistic to think that someone charged with implementing spamassassin on a mailserver does not know what spam is? The first 2 sections are fluff and would be best replaced by a link to wikipedia's spam entry, along with the warning if you need to read wikipedia to figure out what spam is you shouldn't be installing spamassassin The 3rd section can be replaced with something saying: for the purposes of this document the following definitions are used: fp - yadda yadda yadda fn - yadda yadda yadda greylist - yadda yadda yadda in the shortest sentences you can write. The real beginning of the document should start with what is spamassassin dkim does not belong in the how sa works overview apple osx section is almost meaningless. Any osx server admin knows they have to go under the hood to the osx command line to do anything with their server. I'm not really sure why you have that in there because you don't have any other distribution-specific info it appears. Perhaps if you put several sections dealing with distro-specific stuff that might be better to put the OSX stuff in. vi is not really a good editor to tell a newbie to use. (I use vi myself exclusively) There are easier editors for newbies I get that probably you prefer vi and there's nothing wrong with mentioning it but you shouldn't seem as though it's a requirement. smartypants jokes telling people to block 0.0.0.0 to 255.255.255.255 are not appropriate either. I guarentee there will be newbies who won't get the joke and will actually try to do this. Also this misses the fact that a lot of mailservers nowadays are dual-stacked and run both IPv4 and IPv6. My personal preference for writing crash courses is to pick a specific *nix distribution and then detail an install on that. There are many small details that are critical to get right to have a successful installation, but you can't include these in a giant crash course that covers all the major distros. Generally people read these wanting to get something up and running quick so they need the specific info SA isn't really useful by itself it has to be run by something. A lot of people use procmail to call SA on mail and you need to detail that method. It also would help to detail calling SA with spamass milter although that is sendmail specific so it may not apply to all distros. And it would be a good thing to cover using a front end quarantine manager like mailscanner although not to go in depth since these typically are rather complex to get working. Ted On 11/28/2011 10:28 PM, antiamoeba wrote: Hi, I'm currently working on a crash course for administrators as part of Google Code-in. I would really appreciate it if you could provide any feedback for this project. This is still a big work in process and multiple definitions still need to be added/revised. Please let me know if you have any suggestions or if I have understood anything wrong. I've attached a pdf and a word document. Thanks, antiamoeba http://old.nabble.com/file/p32879895/SpamAssassin.pdf SpamAssassin.pdf http://old.nabble.com/file/p32879895/SpamAssassin.docx SpamAssassin.docx
Re: A SpamAssassin Crash Course for Admins
Ah, that would make a difference. Carry on! Ted On 11/29/2011 3:02 AM, Kevin A. McGrail wrote: A note for those unfamiliar with GCI that these are 13 to 17 year old kids getting an introduction to open source. Thanks for the feedback! Regards, KAM Ted Mittelstaedt t...@ipinc.net wrote: Well, here's my $0.02 For starters, is it realistic to think that someone charged with implementing spamassassin on a mailserver does not know what spam is? The first 2 sections are fluff and would be best replaced by a link to wikipedia's spam entry, along with the warning if you need to read wikipedia to figure out what spam is you shouldn't be installing spamassassin The 3rd section can be replaced with something saying: for the purposes of this document the following definitions are used: fp - yadda yadda yadda fn - yadda yadda yadda greylist - yadda yadda yadda in the shortest sentences you can write. The real beginning of the document should start with what is spamassassin dkim does not belong in the how sa works overview apple osx section is almost meaningless. Any osx server admin knows they have to go under the hood to the osx command line to do anything with their server. I'm not really sure why you have that in there because you don't have any other distribution-specific info it appears. Perhaps if you put several sections dealing with distro-specific stuff that might be better to put the OSX stuff in. vi is not really a good editor to tell a newbie to use. (I use vi myself exclusively) There are easier editors for newbies I get that probably you prefer vi and there's nothing wrong with mentioning it but you shouldn't seem as though it's a requirement. smartypants jokes telling people to block 0.0.0.0 to255.255.255.255 http://255.255.255.255 are not appropriate either. I guarentee there will be newbies who won't get the joke and will actually try to do this. Also this misses the fact that a lot of mailservers nowadays are dual-stacked and run both IPv4 and IPv6. My personal preference for writing crash courses is to pick a specific *nix distribution and then detail an install on that. There are many small details that are critical to get right to have a successful installation, but you can't include these in a giant crash course that covers all the major distros. Generally people read these wanting to get something up and running quick so they need the specific info SA isn't really useful by itself it has to be run by something. A lot of people use procmail to call SA on mail and you need to detail that method. It also would help to detail calling SA with spamass milter although that is sendmail specific so it may not apply to all distros. And it would be a good thing to cover using a front end quarantine manager like mailscanner although not to go in depth since these typically are rather! complex to get working. Ted On 11/28/2011 10:28 PM, antiamoeba wrote: Hi, I'm currently working on a crash course for administrators as part of Google Code-in. I would really appreciate it if you could provide any feedback for this project. This is still a big work in process and multiple definitions still need to be added/revised. Please let me know if you have any suggestions or if I have understood anything wrong. I've attached a pdf and a word document. Thanks, antiamoeba http://old.nabble.com/file/p32879895/SpamAssassin.pdf SpamAssassin.pdf http://old.nabble.com/file/p32879895/SpamAssassin.docx SpamAssassin.docx
Re: A SpamAssassin Crash Course for Admins
KAM did that in the first reply. Patrick Ben Koetter wrote: * Dorian Chan articgrayling...@gmail.com: Sorry, I don't really think the nabble attachment option really worked, so I'll actually attach it. Sorry for that! It worked both times, but the document is almost unreadable because its filled with comments. Can you post a clean version? p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563 -- View this message in context: http://old.nabble.com/A-SpamAssassin-Crash-Course-for-Admins-tp32879895p32883125.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: A SpamAssassin Crash Course for Admins
symantec doesn't use spamassassin and does not use the name mailscanner. mailscanner is an open source program. It uses spamassassin to scan mail. I would also suggest that at the top of the document that you put in something along the lines of this document is intended to be read by [insert your target audience here] under 'what is spamassassin' you need to clarify that SA is not run on e-mail clients like desktops, that it is run on mailservers. you should also mention that the thunderbird mail client has the ability to detect SA scores in incoming mail and filter accordingly. Other mail clients can use a rule to determine if incoming mail is spam or not and dispose of it if SA thinks it is. Ted On 11/29/2011 7:13 PM, Dorian Chan wrote: Hello again, I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! Thanks, antiamoeba On Mon, Nov 28, 2011 at 10:28 PM, antiamoeba articgrayling...@gmail.com mailto:articgrayling...@gmail.com wrote: Hi, I'm currently working on a crash course for administrators as part of Google Code-in. I would really appreciate it if you could provide any feedback for this project. This is still a big work in process and multiple definitions still need to be added/revised. Please let me know if you have any suggestions or if I have understood anything wrong. I've attached a pdf and a word document. Thanks, antiamoeba http://old.nabble.com/file/p32879895/SpamAssassin.pdf SpamAssassin.pdf http://old.nabble.com/file/p32879895/SpamAssassin.docx SpamAssassin.docx -- View this message in context: http://old.nabble.com/A-SpamAssassin-Crash-Course-for-Admins-tp32879895p32879895.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: A SpamAssassin Crash Course for Admins
On Nov 29, 2011, at 9:13 PM, Dorian Chan wrote: Hello again, I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! Everywhere you say SpamAssassin you should probably be saying Apache SpamAssassin. Michael PS Kevin, this also applies to the listing on the Google Code-In site, is that something that can be fixed?
Re: A SpamAssassin Crash Course for Admins
On 11/30/2011 1:58 AM, Michael Parker wrote: Everywhere you say SpamAssassin you should probably be saying Apache SpamAssassin. Michael PS Kevin, this also applies to the listing on the Google Code-In site, is that something that can be fixed? Good call. Editing the GCI site would be painful I have a feeling, though.
Re: A SpamAssassin Crash Course for Admins
On 11/29/2011 10:58 PM, Michael Parker wrote: On Nov 29, 2011, at 9:13 PM, Dorian Chan wrote: Hello again, I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! Everywhere you say SpamAssassin you should probably be saying Apache SpamAssassin. And instead of saying Linux you should say GNU/Linux, and instead of saying Ford you should say Ford Motor Company, and instead of saying Coke you should say Coca Cola, and instead of saying. Never thought I'd see the day when branding became this important in the Free Software arena... :-( Ted Michael PS Kevin, this also applies to the listing on the Google Code-In site, is that something that can be fixed?
A SpamAssassin Crash Course for Admins
Hi, I'm currently working on a crash course for administrators as part of Google Code-in. I would really appreciate it if you could provide any feedback for this project. This is still a big work in process and multiple definitions still need to be added/revised. Please let me know if you have any suggestions or if I have understood anything wrong. I've attached a pdf and a word document. Thanks, antiamoeba http://old.nabble.com/file/p32879895/SpamAssassin.pdf SpamAssassin.pdf http://old.nabble.com/file/p32879895/SpamAssassin.docx SpamAssassin.docx -- View this message in context: http://old.nabble.com/A-SpamAssassin-Crash-Course-for-Admins-tp32879895p32879895.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: A SpamAssassin Crash Course for Admins
* Dorian Chan articgrayling...@gmail.com: Sorry, I don't really think the nabble attachment option really worked, so I'll actually attach it. Sorry for that! It worked both times, but the document is almost unreadable because its filled with comments. Can you post a clean version? p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563