SA plugins includes/excludes - SpamAssassin

This is a discussion on SA plugins includes/excludes - SpamAssassin ; I just setup a server 2 days ago and had one active domain running in it. I still get tons of spams, the hit rate was well below 10%. Out of every 10 spams, less than 1 was tagged in ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SA plugins includes/excludes

  1. SA plugins includes/excludes

    I just setup a server 2 days ago and had one active domain running in it.

    I still get tons of spams, the hit rate was well below 10%. Out of every 10
    spams, less than 1 was tagged in average.

    My score to tag is 5, 8 to delete



    Now I focus my customizations on plugins which I hope can enhance the chance
    of catching spams.

    The followings are my plugins list, I wonder if there are any plugin which I
    should include/exclude to make my SA work better.



    Is there other technic that works well with/without SA which also greatly
    reduce spams?



    ;; /etc/mail/spamassassin/v310.pre

    ;;

    loadplugin Mail::SpamAssassin::Plugin::Pyzor

    #loadplugin Mail::SpamAssassin::Plugin::Razor2

    #loadplugin Mail::SpamAssassin::Plugin::SpamCop

    loadplugin Mail::SpamAssassin::Plugin::AWL

    loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold

    #loadplugin Mail::SpamAssassin::Plugin::TextCat

    #loadplugin Mail::SpamAssassin::Plugin::AccessDB

    loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject

    loadplugin Mail::SpamAssassin::Plugin:omainKeys

    loadplugin Mail::SpamAssassin::Plugin::MIMEHeader

    loadplugin Mail::SpamAssassin::Plugin::ReplaceTags



    ;; /etc/mail/spamassassin/v320.pre

    ;;

    loadplugin Mail::SpamAssassin::Plugin::Check

    loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch

    loadplugin Mail::SpamAssassin::Plugin::URIDetail

    # loadplugin Mail::SpamAssassin::Plugin::Shortcircuit

    loadplugin Mail::SpamAssassin::Plugin::Bayes

    loadplugin Mail::SpamAssassin::Plugin::BodyEval

    loadplugin Mail::SpamAssassin::Plugin:NSEval

    loadplugin Mail::SpamAssassin::Plugin::HTMLEval

    loadplugin Mail::SpamAssassin::Plugin::HeaderEval

    loadplugin Mail::SpamAssassin::Plugin::MIMEEval

    loadplugin Mail::SpamAssassin::Plugin::RelayEval

    loadplugin Mail::SpamAssassin::Plugin::URIEval

    loadplugin Mail::SpamAssassin::Plugin::WLBLEval

    loadplugin Mail::SpamAssassin::Plugin::VBounce

    # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

    # loadplugin Mail::SpamAssassin::Plugin::ASN

    loadplugin Mail::SpamAssassin::Plugin::ImageInfo



  2. Re: SA plugins includes/excludes

    Ms.Engineer wrote:
    >
    > I just setup a server 2 days ago and had one active domain running in
    > it.
    >
    > I still get tons of spams, the hit rate was well below 10%. Out of
    > every 10 spams, less than 1 was tagged in average.
    >
    > My score to tag is 5, 8 to delete
    >

    Interesting. It really shouldn't be anywhere near that bad, even using
    an "out of the box" install unless you've got some configuration issues,
    so it's worth looking for common problems.

    What version are you running? Have you run sa-update? Can you at least
    quote X-Spam-Status headers for some of missed spam? (even better would
    be to put whole emails up as examples somewhere on the web, but the
    X-Spam-Status will sometimes show us what's going on by itself, and it's
    a whole lot easier..)

    Have you looked at the hits on those spam emails?

    Does ALL_TRUSTED ever show up in spam? If so, read
    http://wiki.apache.org/spamassassin/TrustPath

    Does the spam match BAYES_00? If so, use sa-learn to clear your bayes
    database and retrain it, as something clearly went wrong there.

    Do any of the spams match WHITELIST_*.. if so, you need to look at your
    whitelisting configs. The most common mistake here is doing
    "whitelist_from *@mydomain.com", and ending up whitelisting all spam
    that's spoofing your source.

    I see you're using Pyzor, do you have a recent Net:NS and working DNS?
    (ie: do any spams match rules starting with "RCVD_IN_")


    >
    >
    > Now I focus my customizations on plugins which I hope can enhance the
    > chance of catching spams.
    >
    > The followings are my plugins list, I wonder if there are any plugin
    > which I should include/exclude to make my SA work better.
    >

    I think we need to find out why your base install isn't working properly
    before we start adding things.


  3. Re: SA plugins includes/excludes

    I've found that SA works well by default, except that I'm really
    intolerant of any spam in my inbox, so I use thresholds that others
    consider unreasonably low. I retrain on all spam and all ham daily
    (moving uncaught spam to a spam.manual group, letting correctly-tagged
    spam stay in spam groups, and moving false positives to the right
    place). This is fairly fast because already-learned mail is reasonably
    quickly skipped.

    Recently I paid attention more and spiffed up my config, and two things
    made a big difference:

    enabling razor2 (just installing the perl package)

    adding every legitimate host that accepts mail for me from the
    internet to trusted_networks (an example is mail.netbsd.org). This
    enables address-based blacklist checking on the previous hops.



  4. Re: SA plugins includes/excludes

    On 14.06.08 14:53, Greg Troxel wrote:
    > I've found that SA works well by default, except that I'm really
    > intolerant of any spam in my inbox, so I use thresholds that others
    > consider unreasonably low. I retrain on all spam and all ham daily
    > (moving uncaught spam to a spam.manual group, letting correctly-tagged
    > spam stay in spam groups, and moving false positives to the right
    > place). This is fairly fast because already-learned mail is reasonably
    > quickly skipped.
    >
    > Recently I paid attention more and spiffed up my config, and two things
    > made a big difference:
    >
    > enabling razor2 (just installing the perl package)


    enablink most of network checks highers efficiency. Razor, pyzor, DCC, URI
    blacklists... but you need them installed and for DCC you need local DCC
    server if you process more than 200k mails daily.

    > adding every legitimate host that accepts mail for me from the
    > internet to trusted_networks (an example is mail.netbsd.org). This
    > enables address-based blacklist checking on the previous hops.
    >


    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Eagles may soar, but weasels don't get sucked into jet engines.


+ Reply to Thread