From: Jorey Bump (no email)
Date: Thu Feb 02 2006 - 17:24:57 EST
Benjamin Adams wrote:
> I'm running spamassassin on Mac OS X tiger
> I created a mail account for for everyone to send their spam to be
> submitted.
> Then I created a script that would run:
>
> "su cyrusimap -c 'sa-learn -spam nameusername/*.' "
>
> This seamed to work but now I don't think its working
If you're looking to build a global bayes database, this is probably the
wrong approach. It's too high maintenance and gives your users way too
much power. If you want to let users interact, you may also want to look
at dspam.
I run SpammAssassin in a postfix content filter (I use a before-queue
content filter, but high volume sites should use an after-queue content
filter). SA will prime the bayes database with its excellent builtin
rules. It will kick in when it's reached a suitable number of tokens, so
don't try to rush it. The only cron job I run is sa-learn --force-expire
once a day offpeak, because opportunistic token expiration is a
performance killer (set bayes_auto_expire 0 in local.cf). Once in a
while, I'll run sa-learn on a small corpus of spam I've collected myself.
> I want to lower my hits required to 3.5
Don't do that. In most cases, SA knows best. Monitor the rules that kick
in, and if you think that some contribute too many or too few points,
adjust them in local.cf:
# increase default score
score DRUGS_ERECTILE_OBFU 2
# decrease default score
score MISSING_SUBJECT 0.5
I only have a handful of these. Setting it too low will mark way too
many messages as spam. I use a two-tiered approach, and quarantine or
deliver scores between 5 and 7, but REJECT (not bounce) messages with
scores of 7 or more. YMMV. Note that rejection is only possible before
delivery (as with a postfix before-queue content filter, or a sendmail
milter).
> I tried changing /var/mail/spamassassin/local.cf
>
> required_hits 3
>
> But the mail coming in still says required 5, is this the wrong file?
> Do I have to restart something?
It's required_score. For more info, run this command:
perldoc Mail::SpamAssassin::Conf
> anyone have a other ideas to stop spam I'm getting slammed with it.
There are many good ideas for stopping spam. But you should do it at the
MTA level, not after delivery to your mailbox. A good start would be to
learn about DNSBLs, and be sure to accept mail for valid users, only. If
you're using OS X, you're probably running postfix, which has many
excellent anti-UCE features.
Here's an example restriction list from /etc/postfix/main.cf (I don't
know if it's in the same location on the Mac) that will block a lot of
spam (even more can be accomplished with content filters and access maps):
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_unlisted_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unlisted_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client combined.njabl.org
reject_rbl_client list.dsbl.org
There are other DNSBLs that are more aggressive, greylisting, and sender
address verification. All have good and bad points, so study the
documentation well. Running an MTA is very complex. It's also a *little*
off-topic, here, so my apologies to the list.
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|