On 09/12/2016 01:06 PM, John Hardin wrote:
> On Mon, 12 Sep 2016, thomas cameron wrote:
>
>
> Make sure you have a local recursing (**NOT** forwarding) DNS server
> that your MTA and SA are configured to use. Reason: if you're forwarding
> your MTA DNS requests to your ISP's DNS server, the aggregated traffic
> of you plus all the other ISP clients can exceed the various DNSBL and
> URIBL free-usage limits, rendering those tools useless.
[root@mail-west ~]# grep recurs /etc/named.conf
allow-recursion { 127.0.0.1; };
> A clear
> indicator this is happening: URIBL_BLOCKED hits.
I see "URIBL_BLACK Contains an URL listed in the URIBL blacklist" in the
headers of many of the messages that got through. Is that what you mean?
> Train up your Bayes using hand-vetted spam *and* ham, at least 200 of
> each. Using autolearn initially can be problematic, so disable that
> until SA is doing a fairly good job using hand-trained Bayes. Then you
> can let autolearn keep it up-to-date if you like, and continue to
> capture and manually train any persistent misses or near-misses.
> Generally the more you feed Bayes the better it performs, but it must be
> accurately classified. If you feeed garbage to Bayes, you'll get garbage
> results.
Good to know, thanks. I am running sa-learn --ham --mbox $MAIL now. I've
been running sa-learn --spam against the spam messages I've moved to my
spam folder, but forgot to teach it about ham.
> Keep hand-classified Bayes corpora around in case you ever need to wipe
> and retrain from scratch.
OK.
> Ensure you're training Bayes as the user that SA is running under.
> Training the wrong Bayes database is a common cause of problems.
It's a small server, so I'm doing this via procmail and spamc.
Everything runs in the context of the individual users. I need to run
sa-learn --ham as each user against their inboxes, I guess. I can add
cron jobs for each user to do that.
> Consider doing some MTA-level DNSBL checks. The Zen DNSBL is
> well-regarded. If you're using Postfix then there are some emails from
> Reindl Harald on this list regarding weighted DNSBL scoring that you may
> find useful. You'll have to search the archives to find those.
I'm using sendmail, and I have these checks on:
FEATURE(`dnsbl',`in.dnsbl.org ')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
FEATURE(`dnsbl',`cbl.abuseat.org')dnl
I will add FEATURE(`dnsbl',`zen.spamhaus.org')dnl to it.
> There are some other MTA-level checks you can perform, like greet pause
> and HELO validation (e.g. reject if the HELO has no dots).
Like this? http://www.harker.com/sendmail/checkhelo.html
> Consider greylisting.
I am using milter-greylist, and it is very helpful. A lot of these
messages are actually skipping greylisting, though!
X-Greylist: Sender passed SPF test, not delayed by
milter-greylist-4.5.16 (XXX [XXX.XXX.XXX.XXX]); Mon, 12 Sep 2016
18:11:18 +0000 (UTC)
Keep the tips coming, I appreciate learning from you!
Thomas
