On Tue, Sep 22, 2009 at 4:02 PM, Jose Luis Marin Perez <jolumape...@hotmail.com> wrote: > Dear Sirs. > > Thank you for your answers > > Qmail-Smtpd have the following RBL configured: > > bl.spamcop.net > cbl.abuseat.org > combined.njabl.org
Consider zen. It is excellent. Spamcop and NJABL have caused too many false positives to be used for blocking here, although very useful in scoring mail. Everyone's mail is different, YMMV. Also consider the invalument block lists, see http://dnsbl.invaluement.com/ A very, very good list that is usable for blocking. Not free, but very affordable. > > These are the SARE rules which adds to SA: > careful with this, some of those sets will cause you FPs! Don't just blindly copy things, read about what you are doing first. > echo "70_sare_adult.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_evilnum0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_evilnum1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_evilnum2.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj2.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj3.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_genlsubj_x30.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_header0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_header1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_header2.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_header3.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_header.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_highrisk.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html2.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html3.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html4.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_html.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_obfu0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_obfu1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_obfu2.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_obfu3.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_obfu.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_oem.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_random.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_specific.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_spoof.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_stocks.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_unsub.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_uri0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_uri1.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_uri3.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_whitelist.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "70_sare_whitelist_spf.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "72_sare_bml_post25x.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > echo "99_sare_fraud_post25x.cf.sare.sa-update.dostech.net" >> > /etc/mail/spamassassin/sare-sa-update-channels.txt > > As certify that the SARE rules are working? > > Inquire about rules SOUGHT > > Thanks > > Jose Luis > >> Date: Tue, 22 Sep 2009 12:27:27 -0700 >> From: jhar...@impsec.org >> To: users@spamassassin.apache.org >> CC: aawo...@gmail.com >> Subject: RE: Problems with high spam >> >> On Tue, 22 Sep 2009, Jose Luis Marin Perez wrote: >> >> > I'll gather some examples of emails that my users are considered as SPAM >> > (Latest I could configure SA to display the report in the headers) >> > >> > Regarding the questions: >> > >> > 1. Yes I have set up qmail-smtpd to use rblsmtpd and definitively blocks >> > a lot of mails before the SA can analyze. >> >> Which RBLs are you using, if I may ask? >> >> > 2. I am using any third-party SA. But I will install now. >> >> In addition to the SARE rules, I recommend the SOUGHT rules. Those are >> automatically generated and updated regularly based on current spam. You >> will want to set up sa-update to update SOUGHT daily. >> >> >> Two more questions: >> >> >> >> (1) Are you using any SMTP-time DNSBL checks? You may find using the >> >> spamhaus zen list at SMTP time (if that is possible in your >> >> environment) >> >> will greatly reduce your spam volume with minimal problems. >> >> >> >> (2) Are you using any third-party SA rulesets, for example from the >> >> SARE >> >> repository? >> >> -- >> John Hardin KA7OHZ http://www.impsec.org/~jhardin/ >> jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org >> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 >> ----------------------------------------------------------------------- >> You do not examine legislation in the light of the benefits it >> will convey if properly administered, but in the light of the >> wrongs it would do and the harms it would cause if improperly >> administered. -- Lyndon B. Johnson >> ----------------------------------------------------------------------- >> Approximately 8758860 firearms legally purchased in the U.S. this year > > ________________________________ > Explore the seven wonders of the world Learn more!
