James
On 3/8/06, Jake Vickers <[EMAIL PROTECTED]> wrote:
Pybe wrote:I had just discovered your site before reading your reply =)
With the script is it supposed that the mails are forwarded from a client (sent to [EMAIL PROTECTED]) or actually moved to the folders by other means?
Where are the rbl servers set? In spamassasin or qmail?
I was just using the one domain on the server for family and friends but it grew as friends wanted their own domains etc and the original setup I had done didn't really like the idea of mutliple domains etc. So I had a look around and found qmail-toaster which ticked all the boxes.
As such I will be wanting to keep the rules fairly light as there is a variety of different users with different requirements using the system (Varies from my 19 year old sisters personal mail to a retired collegue's very small business)
I saw mention of an autowhitelist or something somewhere..... can anyone point me to some details on this?
I'll answer what I can.... The RBL's get added into your /var/qmail/control/blacklists file. Here's a copy of what I use:
[EMAIL PROTECTED] control]# cat blacklists
-r sbl-xbl.spamhaus.org -r bl.spamcop.net -r relays.ordb.org -r dnsbl.antispam.or.id
I have to keep mine pretty loose, due to some of the business the company I'm currently working for does. There are some more aggressive RBLs. Google them.
The script requires the users to move the messages to a folder called "Spam" via webmail or IMAP. I keep a couple accounts that I purposely infect with spam and I then manually move the messages to my Spam folder, and then manually run the learning script. What's on my site was the original script sent to me, but you should get the meat of it. If you need further help, just ask. I don't trust my users to consistently move their spam, which is why I do this all manually. Plus the fact that I actually infect 2 email addresses with spam (just create an email, and go sign up for something - post a resume on Monster.com... That got me over 120 spam messages in 3 days!) so I can feed my DB.
If you install DSpam (I have not had a chance to try it myself), your users would be able to forward messages to a "[EMAIL PROTECTED]" email address, and it would learn from them in taint mode. If you don't do this, you'll be tainting your DB. There is some mixed thought on whether or not you should do this, but I personally don't.
Whitelists.... What I do is set whitelists in Spamassassin for the users when they let me know that some mails are being flagged that shouldn't. The directive should be in your /etc/mail/spamassassin/local.cf file, in this format:
# Whitelist section manually added
whitelist_from *@pechanga.net
whitelist_from *@vm.vonage.com
What this will do is (using these as an example): any messages that comes in from pechanga.net (a gambling publication) will automatically get assigned a score of -100, so that no matter how many rules it gets flagged by, it (hopefully) will not receive more than 107.5 points (my threshold for marking as **SPAM** is 7.5). I have yet to see it happen. It's worked well for me. Pechanga was getting flagged on occasion, and this stopped it.
I would recommend using Rules-du-Jour, and maybe DSpam. I'm going to do more testing on DSpam after April and will (if it works well in my testing) write an install script for it.
I use Rules-du-Jour, and the blacklists above, and it does reasonably well. I have to keep mine "loose" as well, since one of our entities deals with casinos and online gambling. Since I have to keep it so loose, a number of spam messages still get through; this is why I also write my own rules as time permits. It's more of a knee-jerk rule writing, but it works reasonably well. Basically once a spam message annoys me enough (such as the "Doctor" and his pill ads), I write a rule(s) that specifically targets their messages to get rid of them for the time being (the "Doctor" is currently scoring 67.8 points on my system), but stuff always gets through.
