October 24, 2014
 
 
RSSRSS feed

Tuneups and Tweaks for the Better Spam-Trap - page 2

Postfix Soft Bounces

  • October 7, 2004
  • By Carla Schroder

There are a couple of ways to do this. One is to enter your list directly into amavisd.conf, like the example in amavisd.conf in Section V:

map { $whitelist_sender{lc($_)}=1 } (qw(
  nobody@cert.org
  owner-alert@iss.net
  slashdot@slashdot.org
  bugtraq@securityfocus.com
  NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
.....
  owner-textbreakingnews@CNNIMAIL12.CNN.COM
  yahoo-dev-null@yahoo-inc.com
));

Or you can create a separate file, like /etc/amavisd/whitelist.txt, using the same one-address-per-line format, and call it from amavisd.conf like this:

read_hash(\%whitelist_sender, '/etc/amavisd/whitelist.txt');

If you're a Perl guru, you can also set up ACLs using typical mystical Perl syntax. Read Section V of amavisd.conf for examples.

Tweaking SpamAssassin

Remember, when using Amavisd-new with SpamAssassin, don't bother with SpamAssassin's configuration file. Do all the configurations in amavisd.conf, in Section VII.

This setting controls whether SpamAssassin will run all tests, or omit the ones that require Internet access. Disabling the Internet tests, which include RBLs (Realtime Blackhole Lists), open relay databases, some DNS checks, and optionally Pyzor and Vipul's Razor, will let more spam through.

Vipul's Razor and Pyzor are distributed spam databases of actual spams. Spammers spew forth millions upon millions of the same message; Vipul's Razor and Pyzor use a distributed system of reporting and spamtraps to keep their databases current, and then generate digital signatures of the messages to enable fast checking.

But if you're on a slow or unreliable Internet connection, this will speed up performance:

$sa_local_tests_only = 0;  #set to 1 to disable Internet tests

Don't bother checking small messages, because most spam is over 64K in size:

$sa_mail_body_size_limit = 64*1024; 

The most important and useful SpamAssassin setting is the level at which it tags messages as spam.

$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level

You'll want to watch this closely for several months. Higher numbers let more spam through. Lower numbers are more aggressive, so you run the risk of having legitimate mail tagged as spam.

E-mail newsletters and HTML mail from friends are likely candidates for false positives, or even people with an inexplicable fondness for too many exclamation points, or all-caps. I'm old and grumpy, and I don't care if I lose some messages. Anyone who really wants me will find a way. You know, with archaic communcations devices like telephones and paper letters. But when you're running a server for other users, you probably can't afford to be that cavalier. The safest method is to filter messages tagged as spam into a special folder, for human eyeball review.

Just for fun, you may customize the spam subject header to suit yourself. The default is this:

$sa_spam_subject_tag = '***SPAM*** ';

Feel free to use words like "loathsome," "parasitical," "evil," "steaming heap," whatever you need to express your true feelings.

Sitemap | Contact Us