Optimizing Anti-Spam

Dave Jones dave at jonesol.com
Fri Jan 6 02:12:15 UTC 2017 

Definitely setup zen.spamhaus.org RBL but this won't help much unless it's
an edge mail server.  There are a lot of things that you can't do at the
MTA level unless you are an edge mail server like HELO checks, DNS PTR
checks, RBL checks, greylisting, etc.
There are ways to make SpamAssassin ignore the relay server by adding it to
internal_networks and trusted_networks but that won't help the MTA-level
checks which are very important.  You should try to block as much as
possible at the MTA level so there will be proper bounce messages.  Once
the message reaches MailScanner, then it's basically dropped silently which
could be considered bad.
Download and take a look at the Postfix setup in https://efa-project.org/
to get some good ideas on how to tune your own server.  You might find that
you would like to switch over to the EFA server and make it an edge mail
server to be the most effective.
There are tons of other tricks to tune out a MailScanner server if you have
to time to implement them.
- postwhite
- SQLgrey or postgrey
- pypolicyd-spf to add an SPF check header used by SA
- postscreen with many RBLs weighted to your needs
- senderscore.org RBL is very helpful (search SA mailing list archives)
- Postfix tuning (reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_unknown_sender_domain, reject_non_fqdn_helo_hostname
- Postfix rate limiting
- Postfwd to add custom headers, ex. etect large BCC and add a custom
header that can be used by SA for scoring
- opendkim to sign outbound messages for improved delivery
- SA shortcircuit'ing to whitelist trusted senders
- SA whitelist_auth list so you can bump up BAYES_* scores
- SA BAYES_* score adjustment
- SA bayes_ignore_header listing (search SA mailing list archives)
- SA score tuning for reliable whitelists
- SA ham shortcircuit for very reliable whitelists
- ClamAV add extra signatures for more aggressive blocking (search
clamav-unofficial-sigs.conf)
- SA - custome rules download of 20_axb_misc.cf
- SA - enable RelayCountry and add custom rules for bad countries for your
users/region
- SA - ok_languages and ok_locales
....
Dave

On Thu, Jan 5, 2017 at 12:35 AM, Thom van der Boon <thom at vdb.nl> wrote:

> Hi
>
> I use 2 things:
>
>
>    - Lower threshold: Spamassassin score:
>    - 5:  Mark as (possible) spam
>       - 10 (in stead of 15): delete
>       - use KAM.cf: KAM.cf is a very nice set of spammassassin rules file
>    which catches a awfull lot of spam
>
> You can find the KAM.cf.sh script via Google
>
> Met vriendelijke groet, Best regards,
>
>
> Thom van der Boon
> E-Mail: thom at vdb.nl
>
>
>
> =====
>
>
>
> Thom.H. van der Boon b.v.
> Transito 4
> 6909 DA  Babberich
> Tel.: +31 (0)88 4272727 <+31%2088%20427%202727>
> Fax: +31 (0)88 4272789 <+31%2088%20427%202789>
> Home Page: http://www.vdb.nl/
>
> ------------------------------
> *Van: *"Danita Zanre" <danita at caledonia.net>
> *Aan: *mailscanner at lists.mailscanner.info
> *Verzonden: *Woensdag 4 januari 2017 17:50:42
> *Onderwerp: *Optimizing Anti-Spam
>
> Hi all!  It’s been years since I’ve implemented something like Mailscanner
> as part of an anti-spam system, but I’ve used various Linux based systems
> like Maia Mailguard in the distant past.  I've used appliances for quite
> awhile, but for various reasons have now chosen Mailscanner for the task.
> Right now I’m training and tweaking things on a smaller subset domain
> rather than flipping the switch for my entire system.  I’ve only been
> running for about 5 days or so.  I’m training the bayes database multiple
> times a day with both spam and ham, and Spamassassin is now active, but I
> have a lot of what I consider “obvious” spam leaking through - vulgar words
> in the subject, sexual content, etc.  While my users will forgive marketing
> and general “junk”, they will be less forgiving of these things ;-)
>
> I’m doing some research on the best settings to optimize.  I used to use
> things like Razor, DCC, selective greylisting, custom rule sets.  I imagine
> that these things have changed a lot in the past 10 years.  Can you give me
> some ideas on some optimizations you use to tighten things up?
>
> Thanks!
>
>
> *Danita Zanrè*, *Move Out of the Office*
> I love my job, and you can too!
> Tel: (720) 319-7530 - Caledonia Network Consulting
> Tel: (720) 319-8240 - Move Out of the Office
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170105/16d4c3c5/attachment.html>

More information about the MailScanner mailing list