Per-User SpamAssassin Scores?

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Fri Jun 11 09:21:33 IST 2004 

Walter

here's the approach I took after getting badly burnt by MailSweeper and
it's spam handling.

1) make small changes often, rather than a big bang approach..

2) subscribe to the sa-users email list!!!

3) upgrade to the latest MS is you already haven't.

4) install SA (2.63) and train the bayes with some spam and ham from
your domain (you'll need at least 200 of each before it kicks in).

5) only turn on the RBL's in SA you want (you'll have to turn off the
rest by overriding their score to zero in spam.assassin.prefs.conf).
Turn off RBL's in MailScanner so the RBL's just add to the score.
My file looks like the following in that area..

header  RCVD_SPAMHAUS_XBL
rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL
tflags RCVD_SPAMHAUS_XBL net
score RCVD_SPAMHAUS_XBL 1.5

# habeas getting totally abused by the spammers
score HABEAS_SWE 0.0

# don't do all the RBL's just orb and spamhause XBL - above
score RCVD_IN_NJABL 0.0
score RCVD_IN_NJABL_DIALUP 0.0
score RCVD_IN_NJABL_MULTI 0.0
score RCVD_IN_NJABL_PROXY 0.0
score RCVD_IN_NJABL_RELAY 0.0
score RCVD_IN_NJABL_SPAM 0.0
score RCVD_IN_DYNABLOCK 0.0
score RCVD_IN_OPM 0.0
score RCVD_IN_OPM_WINGATE 0.0
score RCVD_IN_OPM_SOCKS 0.0
score RCVD_IN_OPM_HTTP 0.0
score RCVD_IN_OPM_ROUTER 0.0
score RCVD_IN_SORBS_BLOCK 0.0
score RCVD_IN_DSBL 0.0
score RCVD_IN_RFCI 0.0
score DNS_FROM_RFCI_DSN 0.0
#score RCVD_IN_SBL 0.0
score HABEAS_VIOLATOR 0.0
score RCVD_IN_BSP_TRUSTED 0.0
score RCVD_IN_BSP_OTHER 0.0



6) config MS so it forwards all the spam as happened before. but tags
the suspect messages with "{Spam}?" - the MUA can then filter on this..

7) Don't scan outgoing email for spam, create a rule so internal
ip-addresses don't get scanned...

8) Sort a method where users can put corrections to the bayes DB for
spam and ham and use scripts in the archives to sa-learn from these
mailboxes (pop or imap). Also worth monitoring the spam and ham
mailboxes yourself to at point 11 you can look for rules that match or
create your own, or adjust SA whitelists (point 12).

then when the basics are working....

9) add in the surbl.org plugin and setup the three domains for scanning
in the spamcop_uri rule supplied with the plugin.

10) add in some of the extra rules from rulesemporiam.com (anti-drug,
chickenpox, are a good start). add in extras as you find spam that's fits.

11) have a look at MailWatch for releasing stuf, getting stats etc.
there's a luser patch available so users can release their own when to
get to blocking spam.

12) look at the whitelists in SA and tune them for email lists (like
this one) so they don't get caught accidentally.

13) THEN and only THEN when it's been running for a few months with a
very high hit rate and low false positives start to stop delivery of spam.

14) *Then* look at any user specific issues...I find I get do everything
i need from a global point of view but YMMV.

It's about user confidence and regaining that once one solution has
given problems so easy does it. Also SA is quite complicated at first
viewing so ake sure you understand how it works and don't be afraid to
ask questions here and on the SA list if that's more appropriate.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Walter D. Wyndroski wrote:
> I've been using MailScanner for over two years with excellent results.
> I'm now ready to jump into to the SpamAssassin side of MS. However, I
> need to set up a per-user scoring system if possible. I wanting to write
> a CGI which would allow users to log in and enable/disable spam assassin
> for their account as well as set their own scores. I read some material
> in the past about using a partial MySQL backend with MailScanner. With
> the frequency of changes which would occur, I think using MySQL to
> manage this would be best. Is this possible to do?
>
> For those who want to know my reasoning behind this, here it is. I
> briefly used SA about 2 years ago and received a great deal of flack
> from some of my users. Right now, I am using a challenge-response
> anti-spam system which is okay. However it is cumbersome and not the
> best solution. I only planned for it to be an interim solution until I
> had the time to effectively return to the issue. So basically I need the
> ability to explicitly turn on SA for some users and not others as well
> as providing those who use SA the ability to set/customize their own
> scoring.
>
> If this has been answered in a previous post , please point me to it. I
> did a quick search through the list and didn't find anything on this
> subject. Otherwise, thank you in advance for any help.
>
> Walt Wyndroski
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> <mailto:jiscmail at jiscmail.ac.uk>
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list