Brent, I've never heard (or I haven't been listening) about implementing SaneSecurity. Does it work well. Do you know how much spam it stops? Does it mark it or drop it? Are there config options? I've just implemented DSPAM on my QmailToaster (ironed out all the bugs last night) and it works phenomenally. I trained about 30 messages and haven't had one untagged spam since and no false positives. I've only trained it with spam, no ham. I realize this has only been 18 hours or so but it works much better than Spamassassin--I have both installed. I'm wondering if DSPAM shouldn't be stock in the Toaster packages as Spamassassin and Spamdyke are not doing it for my clients.
I am now setting up a DSPAM gateway for a client. Eric On 11/1/2013 11:51 AM, Brent Gardner wrote: > On 11/01/2013 08:45 AM, Tim Whitaker wrote: >> Hi everybody... I've been running qmail toaster on a fresh CentOS 5.9 >> install for about a month now and all has been well except for one >> thing... >> spam. I have googled as much as I could to try and figure out what my >> problem might be and I've made some changes but still some really >> annoying >> spam is coming through with file attachments and such. My problem is I >> can't figure out how to find any logs to tell me if SpamAssassin is >> actually working. I know the service is running. In there spirit of >> giving too much information, here's a bunch of stuff: >> >> cat /etc/tcprules.d/tcp.smtp >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private" >> >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private" >> >> >> cat /var/qmail/control/simcontrol >> :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif >> >> qmailctl stat >> authlib: up (pid 16643) 49008 seconds >> clamd: up (pid 16614) 49008 seconds >> imap4: down 49008 seconds >> imap4-ssl: down 49008 seconds >> pop3: up (pid 16603) 49008 seconds >> pop3-ssl: up (pid 16665) 49008 seconds >> send: up (pid 16626) 49008 seconds >> smtp: up (pid 16635) 49008 seconds >> spamd: up (pid 16622) 49008 seconds >> submission: up (pid 16685) 49007 seconds >> authlib/log: up (pid 16645) 49008 seconds >> clamd/log: up (pid 16616) 49008 seconds >> imap4/log: down 49008 seconds >> imap4-ssl/log: down 49008 seconds >> pop3/log: up (pid 16605) 49008 seconds >> pop3-ssl/log: up (pid 16671) 49008 seconds >> send/log: up (pid 16610) 49008 seconds >> smtp/log: up (pid 16640) 49008 seconds >> spamd/log: up (pid 16631) 49008 seconds >> submission/log: up (pid 16661) 49008 seconds >> > SpamAssassin logs to /var/log/qmail/spamd. > > > An important component of SpamAssassin is the bayesian analysis of > messages. I don't remember if this is enabled by default. To enable > it, put this in /etc/mail/spamassassin/local.cf: > > use_bayes 1 > > > Bayesian analysis won't work until it has trained on at least 200 ham > messages and 200 spam messages. Training can be done manually using a > body of samples you've collected, or it can be done automatically by > looking at messages as they pass through the system during normal > operation. To enable autolearning, put this in > /etc/mail/spamassassin/local.cf: > > bayes_auto_learn 1 > > > More information about SpamAssassin can be found in the QmailToaster > wiki: > > http://wiki.qmailtoaster.com/index.php/Spamassassin > > > And, of course, at the SpamAssassin site: > > http://spamassassin.apache.org/ > > > Definitely run Spamdyke. It greatly reduces the load on the system by > blocking large numbers of obvious spam before they get to the more > resource-intensive Toaster components such as ClamAV and SpamAssassin. > > Spamdyke can be installed using scripts in QmailToaster-Plus: > > http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-spamdyke > > > I also recommend SaneSecurity signatures for ClamAV. These allow > ClamAV to catch spam as well as viruses and malware. QmailToaster-Plus > includes an install script for SaneSecurity: > > http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity > > > I've been using the SaneSecurity Foxhole signatures to catch archive > attachments (.zip .rar etc.) that contain executables. More info: > > http://sanesecurity.com/foxhole-databases/ > > > You can also block all file attachments with specific extensions by > adding the extension to the attach= clause in > /var/qmail/control/simcontrol. More info: > > http://wiki.qmailtoaster.com/index.php/Simscan > > > Brent Gardner > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
