Enabling SpamAssasin checks for SpamHaus. How to?

Andy Newby

Valued Member
Hi,

Hopefully I'm posting in the right forum :)

We are getting hammered by spam currently. I want to setup SpamHaus via our SpamAssasin service on the site. I've written a script, and this works fine - but it just doesn't seem to be checking SpamHaus. I'm a bit new to this whole SpamAssasin, so it's a bit overwelming for me. Please be gentle ;)

Here is my local.cf file:

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

whitelist_from root@mail.myserver.com
whitelist_from *@linode.com

blacklist_from *@*.stream
blacklist_from *@*.link
blacklist_from *@*.click
blacklist_from *@*.science
blacklist_from *@*.study
blacklist_from *@*.download
blacklist_from *@*.top
blacklist_from *@*.accountant
blacklist_from *@*.date
blacklist_from *@*.review

# Add *****SPAM***** to the Subject header of spam e-mails
#
#rewrite_header Subject *****SPAM***** {original subject}
#rewrite_subject 1


# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1


# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.


# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0


# Use Bayesian classifier (default: 1)
#
#use_bayes 1


# Bayesian classifier auto-learning (default: 1)

# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status


# Whether to decode non- UTF-8 and non-ASCII textual parts and recode
# them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1

# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on

# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on

# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on

# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham

endif # Mail::SpamAssassin::plugin::Shortcircuit
 

Andy Newby

Valued Member
Oh, and there seems to be a bug with your Facebook signup system:

App Not Set Up: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions.

Just a heads up
 

EQ Admin

EQ Forum Admin
Staff member
Hi Andy,

If you grep through your perl install you'll find that there are already rules for Spamhaus in there. There isn't anything more you need to do to enable Spamhaus in SpamAssassin. It's part of the scoring.

That said, if you're detected as a high volume server you might be cut off and asked by Spamhaus to pay for their service and run a local copy of their RBL.

Spamhaus is a safe RBL. Instead of waiting for the more resource intensive SpamAssassin to run, have you considered configuring your MTA to reject smtp connections from IP addresses that are listed in Spamhaus?

If you decide to make that change, I also recommend getting the service from Invaluement. I've been running Invaluement with Spamhaus for years and rarely experience a false positive result from either service.

Also, check your SpamAssassin logs. The default score of 5.0 is a bit high and lets through obvious spam. You might want to try bringing the default score for your users down to something like 3.2 and measure the success.

Thanks for the heads up on the Facebook logins, I'll check it out!
 

Andy Newby

Valued Member
Hi,

Thanks for the reply. I wasn't aware it was running as part of SpamAssasin... guess I've still got a lot to learn!

Now you mention it, I have checked the logs and it does say about doing the checks on SpamHaus. We get about 1000 emails a day, and 99% of them are spam - but I expect that isn't considered "too much" for SpamHaus.

Spamhaus is a safe RBL. Instead of waiting for the more resource intensive SpamAssassin to run, have you considered configuring your MTA to reject smtp connections from IP addresses that are listed in Spamhaus?

If you decide to make that change, I also recommend getting the service from Invaluement. I've been running Invaluement with Spamhaus for years and rarely experience a false positive result from either service.

haha I wouldn't have a clue how to do that! Unfortunately my server tech has done a disappearing act , so I'm left trying to fix the pieces. When major stuff comes up we pay someone to do it, but for the "small" bits I try and manage myself. I'm far from a server tech though :)

Thanks for the heads up on the Facebook logins, I'll check it out!

No worries. I know how annoying it is when people don't tell you about bugs.

Cheers

Andy
 
Last edited by a moderator:

EQ Admin

EQ Forum Admin
Staff member
Hi Andy,

Which MTA are you using? That name (postfix, sendmail, qmail, exim, etc + spamhaus) on google should find you a setup guide.

Please feel free to connect with me on LinkedIn if you need consulting help for this problem or to keep me in mind for future problems where you'd hire help - https://www.linkedin.com/in/raymondpopowich/
 
Top