After a few hours of reading, i'm catching up...just few questions

Scott Silva ssilva at SGVWATER.COM
Tue Jun 28 20:12:39 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jason Williams spake the following on 6/28/2005 11:36 AM:
> I've spent the better part of my morning (since 0730 Pacific time)
> reading over all sorts of documentation about MailScanner and
> spamassassin. My lapse in keeping up to date with configuring MS and SA
> correctly has allowed quite a bit of spam to get through my network.
> Because of that, i went on a crash course this morning.(a lot to soak up)
> 
> I read quite a bit here and have a further, better understanding of
> everything. But I wanted to just ask a few quick questions to make sure
> I am correct in a few things I want to implement.
> The biggest part that im working on is the spam.assassin.prefs.conf file.
> 
> DCC. I went ahead and installed this. I plugged it into the init.pre
> file. When I do a --lint test, it kicks some errors, but doesn't break
> anything from what I found out (Thanks Julian). First question here is,
> how can I tell if it is contributing to blocking spam?

You will see messages in the log refering to DCC. You can run
grep DCC_CHECK /var/log/maillog  from a shell to see if it is hitting.
If you have some volume of e-mail, you might want to run the DCC daemon
DCCifd.

http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:plugins:dcc:dccifd_install


> 
> My main question is in regards to the spam.assassin.prefs.conf file as
> well as "ALL TRUSTED" portion. I haven't been able to really 'lockdown'
> what exactly the "ALL TRUSTED" should include for my network. I'm
> sketchy on that part.
>
As am I. I set the scores to zero until I can sort that out.


> This was recommended to me and I think it would be great for mysetup.
> http://www.uribl.com/
> 
> To implement this into my setup, just so im clear, these go into my
> spam.assassin.prefs.conf file at the very en?
> In the current file, I have this at the very end:
> 
> urirhssub URIBL_JP_SURBL  multi.surbl.org.        A   64
> body      URIBL_JP_SURBL  eval:check_uridnsbl('URIBL_JP_SURBL')
> describe  URIBL_JP_SURBL  Has URI in JP at http://www.surbl.org/lists.html
> tflags    URIBL_JP_SURBL  net
> 
> score URIBL_JP_SURBL    4.0

If you are using SpamAssassin 3.0.4 The above rule is now integrated.
Probably won't hurt to leave it, but might cause future confusion.

> 
> 
> I would like to add the following, from www.uribl.com as well as
> additional surbl.org, if there are additional ones.
> 
> urirhssub       URIBL_BLACK  multi.uribl.com.        A   2
> body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK')
> describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist
> tflags          URIBL_BLACK  net
> score        URIBL_BLACK  3.0
> 
> urirhssub       URIBL_GREY  multi.uribl.com.        A   4
> body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
> describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
> tflags          URIBL_GREY  net
> score        URIBL_GREY  1.0
> 
> 
> My question is that I should just add those to the bottom/end of my
> file, beneath the URIBL_JP section? I should adjust the scores as needed.
> 
> I figure that should get me started and headed in the right direction. I
> will continue to work on this today as well as the rest of the week. I
> am planning on using bayes, pyzor and razor as well.
> Just trying to make sure I fully understand these things and make sure I
> do it correctly.

> 
> Much appreciated to this list here. Everyone has always been extremely
> helpful.
> 
> Cheers,
> 
> Jason
> 


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list