Forwarding, I ws replying directly to Martin for some reason. -----Original Message----- From: JD Smith Sent: Monday, April 10, 2006 9:51 AM To: 'Martin Hepworth' Subject: RE: SpamAssassin Woes
Aye, that's in my lint so I guess I do have that turned on. :) I don't have a 88_FVGT_headers.cf anywhere. Could I possibly be missing some rules that are distributed by default? I just updated my rule list with a selection from SARE, hopefully that increases my effectiveness a decent bit. Was training my SA with that corpus a bad idea? From what I just read in the FAQ it seems like SA is already fairly well trained on generic messages and that it will auto learn my specific spam better... Could I have possible done more harm than good? It seemed to be more effective pre training. Best regards, JD Smith -----Original Message----- From: Martin Hepworth [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 9:24 AM To: JD Smith Subject: RE: SpamAssassin Woes Looks like you're already the URI-RBL...you can check by looking at the output of the --lint you should see something akin to.. [89163] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [89163] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8d92d90) And [89163] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 [89163] dbg: dns: testing resolver nameservers: 127.0.0.1 [89163] dbg: dns: trying (3) msn.com... [89163] dbg: dns: looking up NS for 'msn.com' [89163] dbg: dns: NS lookup of msn.com using 127.0.0.1 succeeded => DNS available (set dns_available to override) [89163] dbg: dns: is DNS available? 1 If you check 88_FVGT_headers.cf you'll find a test for non-reverse DNS already - you just need to adjust the score to be over your threshold. Personnally I'd be careful about single rule triggering spam as this can lead to false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: JD Smith [mailto:[EMAIL PROTECTED] > Sent: 10 April 2006 15:14 > To: Martin Hepworth > Subject: RE: SpamAssassin Woes > > My boss wanted me to flag mail coming in that doesn't have a valid RDNS > as spam. > > How do I turn on the new uri-rbl? There is no information on it in the > two .pre files nor do I see anything in the .cf file. > > Thanks for the SARE link, I'm going through it now. > > Best regards, > > JD Smith > > -----Original Message----- > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > Sent: Monday, April 10, 2006 9:11 AM > To: JD Smith > Subject: RE: SpamAssassin Woes > > > We all gotta start somewhere... > > There's two different types of RBL's - > > 1. the 'traditional' RBL that looks at where the email has come from by > looking at the headers. > > I only run a couple of these inside SA - giving the rest a zero score in > spam.assassin.prefs.conf which turns off that RBL. > > 2. and the 'new' URI-RBL that looks at URL's in the message body... > > as for the RDNS lookups, what 'check' are you going to do with the > information from the RNDS? > > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: JD Smith [mailto:[EMAIL PROTECTED] > > Sent: 10 April 2006 15:05 > > To: Martin Hepworth > > Subject: RE: SpamAssassin Woes > > > > It says URIDNSRBL is turned on. The -lint showed it checking a list > of > > RBLs. I assume this is what you meant? > > > > Is there a way to get SA to do RDNS lookups and flag as spam based > upon > > that also? Or is that something that should be done by MailScanner or > > Postfix? I've had to learn basically everything about mail from > scratch > > since I started this project so some of my questions probably seem > > uninformed... Because they are. ;) > > > > Best regards, > > > > JD Smith > > > > -----Original Message----- > > From: Martin Hepworth [mailto:[EMAIL PROTECTED] > > Sent: Monday, April 10, 2006 8:58 AM > > To: JD Smith > > Subject: RE: SpamAssassin Woes > > > > Hi > > > > Check out the SARE and other rules at > > > > www.rulesemporium.org > > > > Also make sure you've got the URI-RBL plugin installed and working > > (check > > the /etc/mail/spamassassin/*.pre files to see if the plugin is > > uncommented, > > and run "spamassassin -D --lint" to make sure it's being used). > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: JD Smith [mailto:[EMAIL PROTECTED] > > > Sent: 10 April 2006 14:49 > > > To: users@spamassassin.apache.org > > > Subject: SpamAssassin Woes > > > > > > Greetings List: > > > > > > My name is JD Smith and I have been put in charge of setting up a > spam > > > solution for my organization. I have chosen to go with MailScanner > + > > > Postfix + SA + MailWatch. > > > > > > I have everything pretty much setup and it is working, however my > spam > > > filtering is far from the 90th percentile.. I think I'm actually > only > > > catching around 70% or something which is worse than our old > solution. > > > > > > I trained the bayes with a corpus of common spam that was > recommended > > to > > > me by someone somewhere (I forget) when I first got started. Maybe > I > > > need new updated rules? Does anyone have any suggestions on where I > > > might find a list of good, suggested rules to implement? > > > > > > Best regards, > > > > > > JD Smith > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by ShooSpam, and is > > believed to be clean. > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > > -- > This message has been scanned for viruses and > dangerous content by ShooSpam, and is > believed to be clean. > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- This message has been scanned for viruses and dangerous content by ShooSpam, and is believed to be clean.
