Gabriel wrote: > I'm working on my first install of amavis on a site where spam is a > real issue. I've read all I can I tried to tweak things a bit at a > time to get them working but I'm still not seeing the results that I > would like. I know others that report great success with amavis and I > would like to get to that same place :)
> The AV part works great. The spam, not so well. I do block lots of > spam but just about as much makes it by. I don't know what other > information I should include (in addition to my config) to shed light > on my problem but I can provide any other details needed. In your case it's not amavisd-new that's disappointing you, it's SpamAssassin. Do you ever see ALL_TRUSTED in your headers when the mail is sent from outside your network? If so, it is often best to configure trusted_networks and internal_networks manually, for example: clear_internal_networks clear_trusted_networks trusted_networks 266.266.266.0/28 # my public network trusted_networks 127.0.0.0/8 trusted_networks 10.164.200.0/24 # my internal network internal_networks 266.266.266.0/28 internal_networks 127.0.0.0/8 internal_networks 10.164.200.0/24 SpamAssassin 3.1 is working (quite a bit) better for me than 3.0.x. Are you using DCC, Razor and Pyzor? They help. A local caching DNS server can make a big difference in the number of network tests spamassassin is able to perform within its time window. Sometimes you need to create specific rules for specific spam (like the ever popular geocities spam). Sometimes someone else already has a custom rule. You might familiarize yourself with http://www.rulesemporium.com/rules.htm and see if one of their .cf files address your specific needs (but don't blindly add file after file or you may pay a price in performance and additional false positives). Sometimes a few rules out of one of the files will serve the purpose. You shouldn't run without at least one backup AV so add this back in to your amavisd.conf: @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); You might post your local.cf if you like. Gary V ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
