Optimizing Anti-Spam

[Danita Zanre]

I’ve used EFA before, but I need to keep this on a SLES server right now, and don’t really have time to figure out how to get EFA to run on it.  This is an edge server, but right now it’s behind a relay.  I’m testing it behind an existing appliance until I get it ready - so all of the edge processes will need to be added after I turn it live.  

Does Mailscanner have user or domain level SA config files?  I haven’t figured that out yet.  I’m getting sick of Portuguese spam, but I have users who receive Portuguese.  I get German spam, but I also get real german mail.  I also get Spanish spam, and don’t speak Spanish - hehe - but I can’t block any language system-wide or even domain-wide for that matter.  

Thanks for all of the suggestions.  I’m only at about 30% spam blocking right now, and it’s really closer to 80%, so I have to figure out how to tighten it up a bit.  

Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office


On January 5, 2017 at 8:18:33 PM, Dave Jones (dave at jonesol.com) wrote:

Definitely setup zen.spamhaus.org RBL but this won't help much unless it's an edge mail server.  There are a lot of things that you can't do at the MTA level unless you are an edge mail server like HELO checks, DNS PTR checks, RBL checks, greylisting, etc.
There are ways to make SpamAssassin ignore the relay server by adding it to internal_networks and trusted_networks but that won't help the MTA-level checks which are very important.  You should try to block as much as possible at the MTA level so there will be proper bounce messages.  Once the message reaches MailScanner, then it's basically dropped silently which could be considered bad.
Download and take a look at the Postfix setup in https://efa-project.org/ to get some good ideas on how to tune your own server.  You might find that you would like to switch over to the EFA server and make it an edge mail server to be the most effective.
There are tons of other tricks to tune out a MailScanner server if you have to time to implement them.
- postwhite
- SQLgrey or postgrey
- pypolicyd-spf to add an SPF check header used by SA
- postscreen with many RBLs weighted to your needs
- senderscore.org RBL is very helpful (search SA mailing list archives)
- Postfix tuning (reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_helo_hostname
- Postfix rate limiting
- Postfwd to add custom headers, ex. etect large BCC and add a custom header that can be used by SA for scoring
- opendkim to sign outbound messages for improved delivery
- SA shortcircuit'ing to whitelist trusted senders
- SA whitelist_auth list so you can bump up BAYES_* scores
- SA BAYES_* score adjustment
- SA bayes_ignore_header listing (search SA mailing list archives)
- SA score tuning for reliable whitelists
- SA ham shortcircuit for very reliable whitelists
- ClamAV add extra signatures for more aggressive blocking (search clamav-unofficial-sigs.conf)
- SA - custome rules download of 20_axb_misc.cf
- SA - enable RelayCountry and add custom rules for bad countries for your users/region
- SA - ok_languages and ok_locales
....
Dave

On Thu, Jan 5, 2017 at 12:35 AM, Thom van der Boon <thom at vdb.nl> wrote:
Hi

I use 2 things:

Lower threshold: Spamassassin score:
5:  Mark as (possible) spam
10 (in stead of 15): delete
use KAM.cf: KAM.cf is a very nice set of spammassassin rules file which catches a awfull lot of spam
You can find the KAM.cf.sh script via Google

Met vriendelijke groet, Best regards,


Thom van der Boon
E-Mail: thom at vdb.nl



=====



Thom.H. van der Boon b.v.
Transito 4
6909 DA  Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/

Van: "Danita Zanre" <danita at caledonia.net>
Aan: mailscanner at lists.mailscanner.info
Verzonden: Woensdag 4 januari 2017 17:50:42
Onderwerp: Optimizing Anti-Spam

Hi all!  It’s been years since I’ve implemented something like Mailscanner as part of an anti-spam system, but I’ve used various Linux based systems like Maia Mailguard in the distant past.  I've used appliances for quite awhile, but for various reasons have now chosen Mailscanner for the task.  Right now I’m training and tweaking things on a smaller subset domain rather than flipping the switch for my entire system.  I’ve only been running for about 5 days or so.  I’m training the bayes database multiple times a day with both spam and ham, and Spamassassin is now active, but I have a lot of what I consider “obvious” spam leaking through - vulgar words in the subject, sexual content, etc.  While my users will forgive marketing and general “junk”, they will be less forgiving of these things ;-)

I’m doing some research on the best settings to optimize.  I used to use things like Razor, DCC, selective greylisting, custom rule sets.  I imagine that these things have changed a lot in the past 10 years.  Can you give me some ideas on some optimizations you use to tighten things up?  

Thanks!


Danita Zanrè, Move Out of the Office
I love my job, and you can too!
Tel: (720) 319-7530 - Caledonia Network Consulting
Tel: (720) 319-8240 - Move Out of the Office


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner




--
This message has been scanned for viruses and
dangerous content by Iris MailScanner, and is
believed to be clean.  

--  
MailScanner mailing list  
mailscanner at lists.mailscanner.info  
http://lists.mailscanner.info/mailman/listinfo/mailscanner  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170105/b9d3b888/attachment.html>