3
SpamAssassin in a box local.cf customization
Idea shared by Steve Reid - 2/20/2015 at 8:18 AM
Proposed
Here is my config:
 
#    Rescore some rules
#
# score        HTML_IMAGE_ONLY_02          3.5
# score        FORGED_IMS_TAG              2.5
score     ALL_TRUSTED             0
score     RCVD_IN_NIX_SPAM        0 1.5 0 1.5
score     RCVD_IN_HOSTKARMA_WL        0 0 0 0
score        RCVD_IN_HOSTKARMA_NO        0.2
score        RCVD_IN_HOSTKARMA_BR        0.2
score        KHOP_SC_CIDR24            0.3
score        KHOP_SC_TOP_CIDR8        0.3
score        NORMAL_HTTP_TO_IP        0.5
score        LOTS_OF_MONEY                0.2
score     RCVD_IN_DNSWL_NONE         0 0 0 0
score        RP_MATCHES_RCVD            0
score        BAYES_00                0
score        RCVD_IN_DNSWL_NONE        0
score        RCVD_IN_MSPIKE_H3        0
score        BAYES_100                2.8
score        BAYES_90                2.5
score        BAYES_80                2.3
score        BAYES_70                2.0
score        BAYES_60                1.8
score        BAYES_50                1.5
score        BAYES_40                1.3
score        BAYES_30                1.0
score        BAYES_20                0.8
score        BAYES_10                0.3
score        JAM_PHARMACY_BD                2.0
score        JAM_DO_STH_HERE                0.5
score        MIME_HTML_ONLY                1.5
score        DIET_1                    1.5
score        RAZOR2_CHECK                2.0
score        T_LOTS_OF_MONEY                1.0
score        FROM_12LTRDOM                0.5
score        FRT_TODAY2                1.0
score        JAM_SMALL_FONT_SIZE            1.0
score        RCVD_IN_DNSWL_LOW            0.0
score        JAM_REPLACED_I_BD            1.0
score        JAM_LONG_LINK                1.0
score        JAM_LOAN_BD                1.0
 
 
Not sure if anyone else has customizations they can share?

12 Replies

Reply to Thread
0
I disabled all RBL checks in SpamAssassinInABox because I want to manage them on a daily basis, but I do use it for URIBL's since it scores better than I could do manually. I think I increased the RAZOR2 score like you did. I find the JAM_SMALL_FONT_SIZE rule to be very inaccurate and I think I set it to a very low weight.
Thanks, -Joe
1
I was told that this file will get overwritten with an update of SpamAssassin in a box. Supposedly any file in the same folder with .cf will get loaded. I just make a backup.
0
If you upgrade the full program from Jam Software it will update the local.cf, but any of the normal SpamAssassin update channels will not update the local.cf.
Thanks, -Joe
0
SmarterMail 13.3
 
Hi, friends. I've been working with my local.cf file. I find that when I implement Steve Reid's configuration, SmarterMail refuses to start, and gives me a series of abstruse connection errors. The full local.cf file is below. What do you think I am doing wrong?
 
Is there a place where one can simply download an optimized local.cf file for SAIB?
 
Thank you as always for any advice.
 
Eric
 
local.cf:
 
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
#   Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#   IMPORTANT: Do not enable report_safe when using JAM Software products!!!
report_safe 0

#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock

#   Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0

#   Use Bayesian classifier (default: 1)
#
# use_bayes 1

#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 0
#    This is the directory and filename for Bayes databases. Several
#    databases will be created, with this as the base directory and
#    filename, with _toks, _seen, etc. appended to the base.
#
bayes_path C:\ProgramData\JAM Software\spamdService\sa-bayes\bayes
#    With "bayes_auto_learn_on_error" turned on, autolearning will be
#    performed only when a bayes classifier had a different opinion from
#    what the autolearner is now trying to teach it (i.e. it made an
#    error in judgement). This strategy may or may not produce better
#    future classifications, but usually works very well, while also
#    preventing unnecessary overlearning and slows down database growth.
bayes_auto_learn_on_error 1

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header x-spam-status
bayes_ignore_header x-spam-checker-version
bayes_ignore_header X-Spam-Status
bayes_ignore_header x-spam-report
bayes_ignore_header x-process
bayes_ignore_header x-backup
bayes_ignore_header X-MS-Exchange-Organization-PCL
bayes_ignore_header X-MS-Exchange-Organization-SCL
bayes_ignore_header x-ms-exchange-organization-AuthSource
bayes_ignore_header X-MS-Exchange-Organization-AuthAs
bayes_ignore_header X-MS-Exchange-Organization-OriginalArrivalTime
bayes_ignore_header X-MS-Exchange-Forest-ArrivalHubServer
bayes_ignore_header X-MS-Exchange-Organization-OriginalClientIPAddress
bayes_ignore_header X-MS-Exchange-Organization-OriginalServerIPAddress
bayes_ignore_header X-MS-Exchange-Organization-MessageDirectionality
bayes_ignore_header X-MS-Exchange-Organization-Cross-Premises-Headers-Processed
# If the score is smaller that this, email will be automatically
# learned as nonspam. The threshold can be negative.
bayes_auto_learn_threshold_nonspam 0.05
# If the score is larger than this, email will be automatically
# learned as spam.
bayes_auto_learn_threshold_spam 11.0
# TextCat - language guesser (also defined in v310.pre, but not activated)
# Note: You have to specify ok_languages in order to make Textcat score spam
#
loadplugin Mail::SpamAssassin::Plugin::TextCat
#    Shortcircuit - stop evaluation early if high-accuracy rules fire
#
loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
shortcircuit SUBJECT_IN_WHITELIST    on
#   the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
shortcircuit SUBJECT_IN_BLACKLIST    on
#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
# shortcircuit ALL_TRUSTED             on
#   and a well-trained bayes DB can save running rules, too
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham
#    Some JAM customized Shortcircuit configuration
#    
#    Set Bayes_99 priority higher so it hits more early ( => less RBL checks )
priority BAYES_99                   -850
#     
#     Allow rules to be defined in user_prefs
#
allow_user_rules 1
#    Replace default headers through more formatted output
#
clear_headers
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) * on _HOSTNAME_ * at _DATE_
add_header all Status _YESNO_, score=_SCORE_, hits=_HITS_, required=_REQD_, autolearn=_AUTOLEARN_, shortcircuit=_SC_
add_header spam Level _STARS(*)_
add_header all Report _REPORT_

#    Google uses DKIM so this should only whitelist real google mails
#
whitelist_auth adwords-noreply@google.com   
whitelist_auth googlealerts-noreply@google.com
def_whitelist_from_spf *@jam-software.de
def_whitelist_from_spf *@jam-software.com

# DNSBL of German publisher heise (http://www.heise.de/ix/nixspam/)
header NIX_SPAM  eval:check_rbl('nix-spam',
'ix.dnsbl.manitu.net')
describe NIX_SPAM Listed in NIX_SPAM DNSBL (heise.de)
tflags NIX_SPAM  net
score NIX_SPAM  1.2
 

#    Rescore some rules
#
# score        HTML_IMAGE_ONLY_02          3.5
# score        FORGED_IMS_TAG              2.5
score     ALL_TRUSTED             0
score     RCVD_IN_NIX_SPAM        0 1.5 0 1.5
score     RCVD_IN_HOSTKARMA_WL        0 0 0 0
score        RCVD_IN_HOSTKARMA_NO        0.2
score        RCVD_IN_HOSTKARMA_BR        0.2
score        KHOP_SC_CIDR24            0.3
score        KHOP_SC_TOP_CIDR8        0.3
score        NORMAL_HTTP_TO_IP        0.5
score        LOTS_OF_MONEY                0.2
score     RCVD_IN_DNSWL_NONE         0 0 0 0
score        RP_MATCHES_RCVD            0
score        BAYES_00                0
score        RCVD_IN_DNSWL_NONE        0
score        RCVD_IN_MSPIKE_H3        0
score        BAYES_100                2.8
score        BAYES_90                2.5
score        BAYES_80                2.3
score        BAYES_70                2.0
score        BAYES_60                1.8
score        BAYES_50                1.5
score        BAYES_40                1.3
score        BAYES_30                1.0
score        BAYES_20                0.8
score        BAYES_10                0.3
score        JAM_PHARMACY_BD                2.0
score        JAM_DO_STH_HERE                0.5
score        MIME_HTML_ONLY                1.5
score        DIET_1                    1.5
score        RAZOR2_CHECK                2.0
score        T_LOTS_OF_MONEY                1.0
score        FROM_12LTRDOM                0.5
score        FRT_TODAY2                1.0
score        JAM_SMALL_FONT_SIZE            1.0
score        RCVD_IN_DNSWL_LOW            0.0
score        JAM_REPLACED_I_BD            1.0
score        JAM_LONG_LINK                1.0
score        JAM_LOAN_BD                1.0
 
0
Not really sure, but I would say to start over and be careful when making the changes.
0
Dear Steve,

I carefully used tabs between the columns, and now it works. The SAIB scores are now active in SAIB local.cf. Thank you very much, as always, for your kind help. I am curious to see how this SAIB optimization affects spam incursions.

Question -- are you aware of any other optimized SAIB scores? I'm looking on the JAM software site and I am not seeing any references to optimizing these SAIB scores -- and apparently it is essential to optimize local.cf with these SAIB scores.

I hope this finds you well.

best from Eric
0
I'm not aware of any examples, however these are the same customization options available to regular spamassassin, so there should be info out there.

I modified mine by checking headers for a while on incorrectly scored emails.
0
Got it!

So, this message just came through -- it is spam, and it appeared in the mailbox of a client who, these days, is really irritated at me for not controlling spam better. =) How can I analyze this message and then make an edit in SAIB local.cf?

Return-Path:
Received: from sbe207.slyhidemyaffair.ninja (ptr1.sentris.net [63.223.78.207]) by tarsier.viviotech.net with SMTP;
Tue, 14 Apr 2015 13:21:56 -0400
Date: Tue, 14 Apr 2015 10:25:24 -0700
Mime-Version: 1.0
From: Your Secret Proposition
Content-Type: text/plain; charset="UTF-8"
To:
Message-ID:
Subject: Sleep with Someone Else's Wife Tonight Invitation expires 04/14/2015.
Hu-Xya: b1c46e4638ebebf9a92f2834a03ec32aefb1c46e4638ebebf9a92f2834a03ec32a-t10423121
X-SmarterMail-Spam: SPF_None, ISpamAssassin 0 [raw: 0], SpamAssassin 0 [raw: 0], DK_None, DKIM_None
X-SmarterMail-SpamDetail: Content analysis details: (0.0 points, 5.0 required)
X-SmarterMail-SpamDetail: pts rule name description
X-SmarterMail-SpamDetail: ---- ---------------------- --------------------------------------------------
X-SmarterMail-SpamDetail: 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
X-SmarterMail-SpamDetail: See
X-SmarterMail-SpamDetail: http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
X-SmarterMail-SpamDetail: for more information.
X-SmarterMail-SpamDetail: [URIs: judybyron.com]
X-SmarterMail-TotalSpamWeight: 0
0
You should first off ensure you have implemented all aspects of Bruces spam document. I use spamassassin only to supplement and pick up messages that squeeze through. Also it looks like you have a dns issue that is not allow URIBL lookups to work properly.
0
I was wondering about that DNS issue. Hmmm...

I have carefully implemented all of Bruce's document -- but I will double check.

What do you think is going on with the DNS issue? Sorry to bug you about all of this stuff. =) I really appreciate your time. Eric
0
We run a local instance of DNS on our smartermail server, this is to ensure RBL and UIRBL request come from our own public IP. The problem happens when you use a public dns server, such as google. The RBLs will begin rejecting requests if it receives too many from a single IP.
0
Makes sense! I am working on this. Thank you again. =)

Reply to Thread