|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
From: Philippe Vogel (filiaap
freenet.de)
Date: Sat May 07 2005 - 08:59:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
First of all spamassassin has to learn what you consider as spam and
what you consider as ham (no spam). If you don't teach both you may
get false positives.
I use cyrus + postfix + cyrus + amavisd-new + serverbased
imap-filter-rules for my users - but this setup may be a littlebit too
complex ;). In short: One rules sorts spam into spam-folder of the
user's imap-folder (it will be deleted manually in case the
spam-filter recognises too much as spam). I made a spamassassin
imap-folder for each user and a cron-script learnes the bayes for each
user every day from this folder.
Here is my script for postfix/cyrus/spamassassin:
[Begin Script]
#!/bin/bash
#
# Spamassassin Cron-Script
#
# Target: Learn spam and add to spam-db for all users with their own spam.
#
# learn spam and clear spamassassin-folder ...
#
/usr/bin/sa-learn --spam /var/spool/imap/user/*/Spamassassin/*.
su - cyrus -c '/usr/lib/cyrus/bin/ipurge -i -b 1 user.*.Spamassassin'
#
# find users ...
#
LOCUSERS=`find /home -group users -maxdepth 1`
for LOCALUSERS in $LOCUSERS; do
LUSERS=$LUSERS" "${LOCALUSERS:6}
done
#
# Copy global config for all users
#
for namen in $LUSERS; do
test -d "/home/$namen/.spamassassin" || { mkdir
/home/$namen/.spamassassin; }
cp -R /root/.spamassassin/bayes* /home/$namen/.spamassassin
chown -R $namen:users /home/$namen/.spamassassin
done
#echo 'Starte Postfix neu:'
#/etc/init.d/postfix restart
echo 'User-Spamdb updated!'
[End Script]
If you don't use imap you can use a pop3-account and move your spam as
admin to another users mailbox (maybe user = spam) and execute the
following (you have to change the folder at the end to your settings!!!):
#learn spam:
/usr/bin/sa-learn --spam /var/spool/mail/spam
#learn ham:
/usr/bin/sa-learn --ham /var/spool/mail/mailbox-with-ham-and-no-spam
This mailbox should not include ham otherwise you get false positives!
If you want to create a config-file with most options for spamassassin
you may use this form:
http://www.yrex.com/spam/spamconfig.php
Otherwise you should examine the manpages and search a lot with google.
Spamfiltering in general based on postifx:
Make acl's to filter mails (postfix will reject this mails):
- - use amavisd-new to scan for viruses (f-prot is free for use for
private users under linux)
- - disable notification of virus in amavis and disable any other
notifications in spamassassin (postfix should ony rejet this and don't
give any answers)
- - reject executable extensions (I do this via amavid-new) -> good bye
virus
- - use a rbl-server for blocking announced spam-providing servers
- - non-existing url's (dns-check)
- - Implement spamassassin or any other spam-filter.
In general: Don't answer to any spam of any kind.
With this policy I get about max. 3 spam-mails per day (before a lot
more). After learning ham I don't get much lase positives (now exactly
0%).
Bet way to learn ham is to learn all your mails from your mailbox
containing no spam!
Reguards
Philippe
- --
Diese Nachricht ist digital signiert und enthält weder Siegel noch
Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
- --
Diese Nachricht ist digital signiert und enthält weder Siegel noch
Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQD1AwUBQnzJ20Ng1DRVIGjBAQIPnwb/bSLKhjDTTzg1tdEjCdZltkO5V2IqVmFF
hvYxqnv5qWSpsC1oAko84wJ0bXTqjwPz8WPqwU0Qjh1XKn91OwAK8szsbWlzcOEy
Mgv+Em8dSR057ttv5KiGYzllbI5kFCpb1eYoBaTqxPk0zGuxt08a/JVrmRUAPwIe
6R6uqrnnShSp8XhY474sbFa2hzczLEiP77dQlQ+MsGxASb2l2HKNAitJNP78bXvq
W2UMxdSOAdiIqKQwHhmNyAcd+6VInAHRb5qYjOQvtvX6jV597s8eo3+5MKI8MzbW
8SHsss9MVvA=
=nWE1
-----END PGP SIGNATURE-----
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]