SpamAssassin Training and Tuning

Resources:

http://wiki.apache.org/spamassassin/

http://www.agentbob.info/agentbob/g3/57.html

http://wiki.apache.org/spamassassin/CustomRulesets

http://rulesemporium.com/++++++++++local.cf

To configure SpamAssassin to use Bayesian analysis we need to add this line:

use_bayes 1 1. Enable Bayes auto-learning

bayesautolearn 1++++++++++sa-learn

sa-learn - train SpamAssassin's Bayesian classifier

To show sa-learn spam:

sa-learn --spam --mbox --showdots /var/vmail/$domain/$user/.Spam/

To show sa-learn ham (not spam):

sa-learn --ham --mbox --showdots /var/vmail/$domain/$user/.maildir/cur/

If at any time you accidentally classify a message incorrectly this can be corrected. Move the message to a temporary folder, then use the command

sa-learn --forget --mbox ~/Mail/temp

Due to spam being constantly evolving, it's required that we show SA new spam and fill the database up with everything we have. The database can get large, but this is not a concern for us at this time.++++++++++.spamassassin/user_prefs (reccomended)

header RCVDINRFCPM eval:checkrbl('relay', 'postmaster.rfc-ignorant.org.')

describe RCVDINRFC_PM Received via a relay in postmaster.rfc-ignorant.org

score RCVDINRFC_PM 2.0

header XCHINESERELAY eval:check_rbl('relay', 'cn.rbl.cluecentral.net.')

describe XCHINESERELAY Received via a relay in China

score XCHINESERELAY 1.5

header XKOREANRELAY eval:check_rbl('relay', 'korea.services.net.')

describe XKOREANRELAY Received via a relay in Korea

score XKOREANRELAY 1.5

header XMONKEYFORMMAIL eval:check_rbl('relay', 'formmail.relays.monkeys.com.')

describe XMONKEYFORMMAIL Received via relay in monkeys.com's open formmail scripts list

score XMONKEYFORMMAIL 1.5 header XMONKEYPROXY eval:check_rbl('relay', 'proxies.relays.monkeys.com.')

describe XMONKEYPROXY Received via relay in monkeys.com's open proxy list

score XMONKEYPROXY 1.5

header XMONKEYPROXY eval:check_rbl('relay', 'spamhaus.relays.osirusoft.com.')

describe XMONKEYPROXY Received via relay in Spamhaus Blacklist

score XMONKEYPROXY 1.5 1. Not Just Another BlackList tests from http://njabl.org/use.html

header INNJABLORG rbleval:check_rbl('njabl','dnsbl.njabl.org.')

describe INNJABLORG Received via a relay in dnsbl.njabl.org

tflags INNJABLORG net

header NJABLOPENRELAY rbleval:checkrblresults_for('njabl', '127.0.0.2')

describe NJABLOPENRELAY DNSBL: sender is Confirmed Open Relay

tflags NJABLOPENRELAY net

header NJABLDUL rbleval:checkrblresultsfor('njabl', '127.0.0.3')

describe NJABL_DUL DNSBL: sender ip address in in a dialup block

tflags NJABL_DUL net

header NJABLSPAMSRC rbleval:checkrblresults_for('njabl', '127.0.0.4')

describe NJABLSPAMSRC DNSBL: sender is Confirmed Spam Source

tflags NJABLSPAMSRC net

header NJABLMULTISTAGE rbleval:checkrblresults_for('njabl', '127.0.0.5')

describe NJABLMULTISTAGE DNSBL: sent through multi-stage open relay

tflags NJABLMULTISTAGE net

header NJABLCGI rbleval:checkrblresultsfor('njabl', '127.0.0.8')

describe NJABL_CGI DNSBL: sender is an open formmail

tflags NJABL_CGI net

header NJABLPROXY rbleval:checkrblresultsfor('njabl', '127.0.0.9')

describe NJABL_PROXY DNSBL: sender is an open proxy

tflags NJABL_PROXY net

score INNJABLORG 0.38

score NJABL_DUL 0.62

score NJABLMULTISTAGE 0.75

score NJABL_PROXY 3.00

score NJABLOPENRELAY 3.00

score NJABL_CGI 1.50

score NJABLSPAMSRC 3.00

Trying to get more results:"DCC, Pyzor, Razor2

Spams, by and large, get distributed to lots of people with little or no modification. The DCC, Pyzor, and Razor projects attempt to cash in on this fact by asking people to submit a message to a central database once it has been identified as spam. If I identify a message as spam at 8:45am, I'll submit it to one of these databases. When you read the same message sent to you at 9:10am, Spamassassin asks that database, "Has anyone submitted this message as spam?". The database responds, "I'm 70% sure it is because someone reported it", and now its spam likelihood goes up."


emerge dcc razor pyzor

razor-admin -create+++++local.cf#Enable network checks

use_razor2              1

use_dcc                 1

use_pyzor               1+++++/etc/mail/spamassassin/v310.pre# DCC - perform DCC message checks.## DCC is disabled here because it is not open source.  See the DCC# license for more details.#

loadplugin Mail::SpamAssassin::Plugin::DCC# Razor2 - perform Razor2 message checks.## Razor2 is disabled here because it is not available for unlimited free# use.  It is currently free for personal use, subject to capacity# constraints.  See the Cloudmark SpamNet Service Policy for more details.#

loadplugin Mail::SpamAssassin::Plugin::Razor2

By on September 14, 2006 1:25 PM

SpamAssassin Training and Tuning

Tags

Categories:

Products

Yearly Archives

Categories ⊕

Search

Related Pages

Network Pages

See Also