Enabling SpamAssasin checks for SpamHaus. How to?

Discussion in 'Mail Server Support' started by Andy Newby, Feb 21, 2017.

  1. Andy Newby

    Andy Newby Valued Member

    Joined:
    Feb 21, 2017
    Messages:
    11
    Likes Received:
    1
    Hi,

    Hopefully I'm posting in the right forum :)

    We are getting hammered by spam currently. I want to setup SpamHaus via our SpamAssasin service on the site. I've written a script, and this works fine - but it just doesn't seem to be checking SpamHaus. I'm a bit new to this whole SpamAssasin, so it's a bit overwelming for me. Please be gentle ;)

    Here is my local.cf file:

    # This is the right place to customize your installation of SpamAssassin.
    #
    # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
    # tweaked.
    #
    # Only a small subset of options are listed below
    #
    ###########################################################################

    whitelist_from root@mail.myserver.com
    whitelist_from *@linode.com

    blacklist_from *@*.stream
    blacklist_from *@*.link
    blacklist_from *@*.click
    blacklist_from *@*.science
    blacklist_from *@*.study
    blacklist_from *@*.download
    blacklist_from *@*.top
    blacklist_from *@*.accountant
    blacklist_from *@*.date
    blacklist_from *@*.review

    # Add *****SPAM***** to the Subject header of spam e-mails
    #
    #rewrite_header Subject *****SPAM***** {original subject}
    #rewrite_subject 1


    # Save spam messages as a message/rfc822 MIME attachment instead of
    # modifying the original message (0: off, 2: use text/plain instead)
    #
    # report_safe 1


    # Set which networks or hosts are considered 'trusted' by your mail
    # server (i.e. not spammers)
    #
    # trusted_networks 212.17.35.


    # Set file-locking method (flock is not safe over NFS, but is faster)
    #
    # lock_method flock


    # Set the threshold at which a message is considered spam (default: 5.0)
    #
    required_score 5.0


    # Use Bayesian classifier (default: 1)
    #
    #use_bayes 1


    # Bayesian classifier auto-learning (default: 1)

    # Set headers which may provide inappropriate cues to the Bayesian
    # classifier
    #
    # bayes_ignore_header X-Bogosity
    # bayes_ignore_header X-Spam-Flag
    # bayes_ignore_header X-Spam-Status


    # Whether to decode non- UTF-8 and non-ASCII textual parts and recode
    # them to UTF-8 before the text is given over to rules processing.
    #
    # normalize_charset 1

    # Some shortcircuiting, if the plugin is enabled
    #
    ifplugin Mail::SpamAssassin::plugin::Shortcircuit
    #
    # default: strongly-whitelisted mails are *really* whitelisted now, if the
    # shortcircuiting plugin is active, causing early exit to save CPU load.
    # Uncomment to turn this on
    #
    # shortcircuit USER_IN_WHITELIST on
    # shortcircuit USER_IN_DEF_WHITELIST on
    # shortcircuit USER_IN_ALL_SPAM_TO on
    # shortcircuit SUBJECT_IN_WHITELIST on

    # the opposite; blacklisted mails can also save CPU
    #
    # shortcircuit USER_IN_BLACKLIST on
    # shortcircuit USER_IN_BLACKLIST_TO on
    # shortcircuit SUBJECT_IN_BLACKLIST on

    # if you have taken the time to correctly specify your "trusted_networks",
    # this is another good way to save CPU
    #
    # shortcircuit ALL_TRUSTED on

    # and a well-trained bayes DB can save running rules, too
    #
    # shortcircuit BAYES_99 spam
    # shortcircuit BAYES_00 ham

    endif # Mail::SpamAssassin::plugin::Shortcircuit
     


  2. Andy Newby

    Andy Newby Valued Member

    Joined:
    Feb 21, 2017
    Messages:
    11
    Likes Received:
    1
    Oh, and there seems to be a bug with your Facebook signup system:

    App Not Set Up: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions.

    Just a heads up
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,990
    Likes Received:
    143
    Hi Andy,

    If you grep through your perl install you'll find that there are already rules for Spamhaus in there. There isn't anything more you need to do to enable Spamhaus in SpamAssassin. It's part of the scoring.

    That said, if you're detected as a high volume server you might be cut off and asked by Spamhaus to pay for their service and run a local copy of their RBL.

    Spamhaus is a safe RBL. Instead of waiting for the more resource intensive SpamAssassin to run, have you considered configuring your MTA to reject smtp connections from IP addresses that are listed in Spamhaus?

    If you decide to make that change, I also recommend getting the service from Invaluement. I've been running Invaluement with Spamhaus for years and rarely experience a false positive result from either service.

    Also, check your SpamAssassin logs. The default score of 5.0 is a bit high and lets through obvious spam. You might want to try bringing the default score for your users down to something like 3.2 and measure the success.

    Thanks for the heads up on the Facebook logins, I'll check it out!
     
  4. Andy Newby

    Andy Newby Valued Member

    Joined:
    Feb 21, 2017
    Messages:
    11
    Likes Received:
    1
    Hi,

    Thanks for the reply. I wasn't aware it was running as part of SpamAssasin... guess I've still got a lot to learn!

    Now you mention it, I have checked the logs and it does say about doing the checks on SpamHaus. We get about 1000 emails a day, and 99% of them are spam - but I expect that isn't considered "too much" for SpamHaus.

    haha I wouldn't have a clue how to do that! Unfortunately my server tech has done a disappearing act , so I'm left trying to fix the pieces. When major stuff comes up we pay someone to do it, but for the "small" bits I try and manage myself. I'm far from a server tech though :)

    No worries. I know how annoying it is when people don't tell you about bugs.

    Cheers

    Andy
     
    Last edited by a moderator: Feb 22, 2017
  5. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,990
    Likes Received:
    143
    Hi Andy,

    Which MTA are you using? That name (postfix, sendmail, qmail, exim, etc + spamhaus) on google should find you a setup guide.

    Please feel free to connect with me on LinkedIn if you need consulting help for this problem or to keep me in mind for future problems where you'd hire help - https://www.linkedin.com/in/raymondpopowich/
     
  6. Andy Newby

    Andy Newby Valued Member

    Joined:
    Feb 21, 2017
    Messages:
    11
    Likes Received:
    1

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...