Eric,
how exactly did you train dspam with the virtual QMT users / domains?
i've been having trouble figuring that out. Thanks.
---
Fabian S.
On 2013-11-01 14:21, Eric Broch wrote:
Brent,
I've never heard (or I haven't been listening) about implementing
SaneSecurity. Does it work well. Do you know how much spam it stops?
Does it mark it or drop it? Are there config options?
I've just implemented DSPAM on my QmailToaster (ironed out all the bugs
last night) and it works phenomenally. I trained about 30 messages and
haven't had one untagged spam since and no false positives. I've only
trained it with spam, no ham. I realize this has only been 18 hours or
so but it works much better than Spamassassin--I have both installed.
I'm wondering if DSPAM shouldn't be stock in the Toaster packages as
Spamassassin and Spamdyke are not doing it for my clients.
I am now setting up a DSPAM gateway for a client.
Eric
On 11/1/2013 11:51 AM, Brent Gardner wrote:
On 11/01/2013 08:45 AM, Tim Whitaker wrote:
Hi everybody... I've been running qmail toaster on a fresh CentOS 5.9
install for about a month now and all has been well except for one
thing...
spam. I have googled as much as I could to try and figure out what
my
problem might be and I've made some changes but still some really
annoying
spam is coming through with file attachments and such. My problem is
I
can't figure out how to find any logs to tell me if SpamAssassin is
actually working. I know the service is running. In there spirit of
giving too much information, here's a bunch of stuff:
cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private"
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
qmailctl stat
authlib: up (pid 16643) 49008 seconds
clamd: up (pid 16614) 49008 seconds
imap4: down 49008 seconds
imap4-ssl: down 49008 seconds
pop3: up (pid 16603) 49008 seconds
pop3-ssl: up (pid 16665) 49008 seconds
send: up (pid 16626) 49008 seconds
smtp: up (pid 16635) 49008 seconds
spamd: up (pid 16622) 49008 seconds
submission: up (pid 16685) 49007 seconds
authlib/log: up (pid 16645) 49008 seconds
clamd/log: up (pid 16616) 49008 seconds
imap4/log: down 49008 seconds
imap4-ssl/log: down 49008 seconds
pop3/log: up (pid 16605) 49008 seconds
pop3-ssl/log: up (pid 16671) 49008 seconds
send/log: up (pid 16610) 49008 seconds
smtp/log: up (pid 16640) 49008 seconds
spamd/log: up (pid 16631) 49008 seconds
submission/log: up (pid 16661) 49008 seconds
SpamAssassin logs to /var/log/qmail/spamd.
An important component of SpamAssassin is the bayesian analysis of
messages. I don't remember if this is enabled by default. To enable
it, put this in /etc/mail/spamassassin/local.cf:
use_bayes 1
Bayesian analysis won't work until it has trained on at least 200 ham
messages and 200 spam messages. Training can be done manually using a
body of samples you've collected, or it can be done automatically by
looking at messages as they pass through the system during normal
operation. To enable autolearning, put this in
/etc/mail/spamassassin/local.cf:
bayes_auto_learn 1
More information about SpamAssassin can be found in the QmailToaster
wiki:
http://wiki.qmailtoaster.com/index.php/Spamassassin
And, of course, at the SpamAssassin site:
http://spamassassin.apache.org/
Definitely run Spamdyke. It greatly reduces the load on the system by
blocking large numbers of obvious spam before they get to the more
resource-intensive Toaster components such as ClamAV and SpamAssassin.
Spamdyke can be installed using scripts in QmailToaster-Plus:
http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-spamdyke
I also recommend SaneSecurity signatures for ClamAV. These allow
ClamAV to catch spam as well as viruses and malware. QmailToaster-Plus
includes an install script for SaneSecurity:
http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity
I've been using the SaneSecurity Foxhole signatures to catch archive
attachments (.zip .rar etc.) that contain executables. More info:
http://sanesecurity.com/foxhole-databases/
You can also block all file attachments with specific extensions by
adding the extension to the attach= clause in
/var/qmail/control/simcontrol. More info:
http://wiki.qmailtoaster.com/index.php/Simscan
Brent Gardner
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]