On Tue, Jun 9, 2015 at 8:36 AM, David Jones <djo...@ena.com> wrote: >>>On 08.06.15 23:03, Michael B Allen wrote: >>>So I have had SA running for about 2 days on a very small site with a >>>handful of users. I've been running the default config just to see how >>>well it would do by itself. Unfortunately quite a lot of spam is >>>getting through. So far 40 of 142 spams have passed. >>> >>>So my question is, what is the best way to improve things? Is there >>>any particular must-have plugins? What is the one thing I can do to a >>>default install that is going to give me the biggest return on >>>invested effort? > >>network checks like razor/pyzor/dcc (they all require third-party programs) >>TextCat (if you and your users are able to set up ok_languages) > > +1 on the razor/pyzor/dcc but they can be challenging to get working > TextCat is good and easy to enable. > > Some of the best and easiest things you can enable to block spam are > outside of SpamAssassin at your MTA (sendmail, postfix, etc.). > - Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the > majority of junk before it reaches SA. Just make sure you are below their > free threshold limit. One important way to do this is to make sure your > SA server isn't pointed to an Internet caching DNS server that would join > your queries with others. Install a local caching DNS server that does not > forward to another caching DNS server and change /etc/resolv.conf to use > 127.0.0.1.
Well that sounds like a must-have feature to me. But I just can't bring myself to install a caching DNS server and run everything through localhost. This is why software should be librarified. > - Enable DNS checks: > Make sure the sending mail server's SMTP HELO is a valid domain. > Make sure the sender address (MAIL FROM) is a valid domain. > Make sure the sending mail server has a PTR record. Some can go farther > with > this one and require the PTR match the SMTP HELO for FCrDNS but there are > many legit mail servers out there that don't have this setup properly so I > can > only check to make sure a PTR record exists. Later in SA I add points for > rule > RDNS_NONE that penalizes for incorrect FCrDNS. Is this done with postfix rules or SA rules? Where can I learn more about this? Doesn't SA already do this stuff? Sounds like I'm just going to stick with bayes. But suprisingly my spam intake has slowed. I don't even have the 200 spams yet. Thanks, Mike
