We are trying to set-up a new spam filtering configuration instead of our former one purely based on DNSBL (http://ifc.lambrate.inaf.it/dnsbl.html).
We decided to follow a template configuration suggested by our national research and academic network (http://www.garr.it/WG/sec-mail/), with some "localizations", in particularly we like to quarantine spam instead of passing it on tagged. We use sendmail 8.13.1, amavisd-new-2.1.2 in the "milter" configuration and spamassassin (spamd) 3.0.4. With the exception of spamassassin (newest release) the software is the one which comes bundled with Linux SuSE 9.2. We preliminary performed the following tests : - we left our original sendmail+DNSBL running on our primary and secondary MX (this rejects between 30 and 40% of incoming mail as spam). The MXs forward mail to user workstations. - I tried spamassassin (called via my procmail configuration) on my workstation for several week, and was happy with its behaviour. In particular : - ALL mail are tagged with X-Spam-Checker-Version, X-Spam-Level and X-Spam-Status, Bayes autolearn and AWL is working - messages tagged as sure spam (above a score of 15) are preceded by a detailed report with description and score of all rules - of course only spam surviving the previous DNSBL on MX are processed by spamassassin - Our sysman tried spamd (called via spamc in his procmail configuration) on his workstation for a short time to verify it was working ok All above tests are considered successful and providing a reference case - we have then installed and configured amavisd-new as milter in sendmail on our primary MX (leaving so far the DNSBL active at sendmail level, we plan to remove them only at the end). After a few minor quirks with sockets, it has been operating successfully since 5 days, catching some further 7-10% of spam (we have set up our own syslog mail analysis) users WON'T run any spamassassin of their own While we are happy with some behaviour, we have been unsuccessful in tuning some details specially concerning header tagging and notification. a) we presently run only spam checking, no virus checking b) we defined $final_spam_destiny = D_REJECT; c) we defined $QUARANTINEDIR to be a file (Unix mbox folder) d) we have $sa_tag_level_deflt = -999, $sa_tag2_level_deflt = 4.5, $sa_kill_level_deflt = 4.5, $sa_dsn_cutoff_level = -999 as in the GARR recommended configuration As a result of the above all spam above 4.5 (which seems pretty OK) is NOT delivered to the recipient, but quarantined to the virusmails folder. We plan to rotate the folder daily and send to each user one mail with the report of the spam received. This is considered satisfactory, since people are used from DNSBL to see spam disappear. The quarantined messages have the X-Spam-Level and X-Spam-Status header line, but NO DETAILED REPORT as spamassassin was providing QUESTION 1) is there any way to generate the detailed report ? e) however passed messages have no X-Spam-* header lines of any sort. We can only get the score (Hits) from the mail log file, but no detailed list of the tests in X-Spam-Status A number of passed messages in the log have Hits: - QUESTION 2) Do I interpret correctly the various statements in http://www.ijs.si/software/amavisd/ meaning that no header editing AT ALL is performed when using the milter ? I thought the sa_tag should be honoured even in milter configuration. QUESTION 3) are the Hits: - related to $sa_timeout ? Should we raise this timeout to a value higher than default ? f) we tried to edit $X_HEADER_TAG = 'X-Virus-Spam-Scanned' so that the recipient could see that a spam scan was done and where, but it looks like that in passed mail we get only the "standard" X-Virus-Scanned: by amavisd-new without indication of host nor of our editing. Quarantined mails get nothing. QUESTION 4) is editing of this keyword also impossible in milter configuration, or is there something we should do to enable it ? g) we have $sa_auto_whitelist = 1 , and we have Bayes filter configured in spamassassin local.cf ... but we doubt that they are operating. The bayes and auto-whitelist files have size zero, and there is no info on auto learn in any header keyword (since there are no X-Spam-Status keywords) QUESTION 5) is this another thing impossible in milter configuration, or is there something we should do to enable it ? h) we have all $warn*sender=0 and $warn*recip=1. We noticed (sending a GTUBE test from somewhere outside our domain) that when a spam is trapped a SMTP notification is generated (this is not unlike the behaviour of the DSNBL and is quite satisfactory) ... ... but the text of the notification message is quite cryptic, just reject=550 5.7.1 Message content rejected QUESTION 6) is there any way to customize this message ? In the case of the DNSBL we have for instance a message redirecting to a web page of ours which suggests a course of actions. Ideally we would like to report the spamassassin tests, or at least the score in there ---------------------------------------------------------------------------- Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html ---------------------------------------------------------------------------- ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
