You can also use this in the 'normal' EFA setup. Do NOT configure this in Postfix AND MailScanner at the same time!
In mailscanner.conf.
Code: Select all
Spam List = SPAMHAUS SPAMCOP SORBS
Spam Lists To Be Spam = 1 #this is default
Code: Select all
# You should register your IP before using the Barracuda list. It will work
# without registering your IP, but they might throttle your requests. The
# free registration ensures that you won't get throttled.
# http://barracudacentral.org/rbl
BARRACUDA b.barracudacentral.org
# aggregate list - http://www.sorbs.net/using.shtml
SORBS dnsbl.sorbs.net
# aggregate list - http://www.spamhaus.org/zen/
SPAMHAUS zen.spamhaus.org
# aggregate list - https://www.spamcop.net/bl.shtml
SPAMCOP bl.spamcop.net
How to check if these changes have any effect?
Define some filters in search and reports.
Now you will see you also catch spam with scores below the defined spam threshold.
Just select one and copy the filename and run this replacing date and message-ID.
sa-learn -D --spam /var/spool/MailScanner/quarantine/20180522/spam/AB76B403AC.A94ED &> /tmp/henk1.log
In this log there is a lot of info that you can use to check if EFA is working as you think it's is working
DNS, trusted networks, untrusted networks, etc, etc. Just take some time to examine the logfile.
Code: Select all
vi /tmp/henk1.log
Code: Select all
dns: URIBL_DBL_ABUSE_MALW lookup start
async: launching NS/EXAMPLE.nl for NS:EXAMPLE.nl
dns: bgsend, DNS servers: [127.0.0.1]:53
dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53
dns: providing a callback for id: 23081/IN/NS/EXAMPLE.nl
async: starting: URI-NS, NS:EXAMPLE.nl (timeout 15.0s, min 3.0s)
async: launching A/EXAMPLE.nl for A:EXAMPLE.nl
dns: bgsend, DNS servers: [127.0.0.1]:53
dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53
dns: providing a callback for id: 6689/IN/A/EXAMPLE.nl
async: starting: URI-A, A:EXAMPLE.nl (timeout 15.0s, min 3.0s)
dns: URIBL_SBL_A lookup start
uridnsbl: considering host=wl.spotify.com, domain=spotify.com
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.7 URIBL_PH_SURBL
dns: URIBL_PH_SURBL lookup start
async: query 110/IN/A/spotify.com.multi.uribl.com already underway, adding no.5 URIBL_BLACK
dns: URIBL_BLACK lookup start
async: query 110/IN/A/spotify.com.multi.uribl.com already underway, adding no.6 URIBL_RED
dns: URIBL_RED lookup start
async: query 46183/IN/A/spotify.com.dob.sibl.support-intelligence.net already underway, adding no.2 URIBL_RHS_DOB
dns: URIBL_RHS_DOB lookup start
async: query 110/IN/A/spotify.com.multi.uribl.com already underway, adding no.7 URIBL_GREY
dns: URIBL_GREY lookup start
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.8 URIBL_MW_SURBL
dns: URIBL_MW_SURBL lookup start
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.9 URIBL_ABUSE_SURBL
dns: URIBL_ABUSE_SURBL lookup start
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.10 URIBL_WS_SURBL
dns: URIBL_WS_SURBL lookup start
async: query 13595/IN/A/spotify.com.wild.pccc.com already underway, adding no.2 KAM_BODY_COMPROMISED_URIBL_PCCC
dns: KAM_BODY_COMPROMISED_URIBL_PCCC lookup start
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.11 URIBL_CR_SURBL
dns: URIBL_CR_SURBL lookup start
async: query 110/IN/A/spotify.com.multi.uribl.com already underway, adding no.8 URIBL_BLOCKED
dns: URIBL_BLOCKED lookup start
async: query 35005/IN/A/spotify.com.multi.surbl.org already underway, adding no.12 SURBL_BLOCKED
dns: SURBL_BLOCKED lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.11 URIBL_DBL_ABUSE_REDIR
dns: URIBL_DBL_ABUSE_REDIR lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.12 URIBL_DBL_ABUSE_BOTCC
dns: URIBL_DBL_ABUSE_BOTCC lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.13 URIBL_DBL_ERROR
dns: URIBL_DBL_ERROR lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.14 URIBL_DBL_ABUSE_SPAM
dns: URIBL_DBL_ABUSE_SPAM lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.15 URIBL_DBL_PHISH
dns: URIBL_DBL_PHISH lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.16 URIBL_DBL_BOTNETCC
dns: URIBL_DBL_BOTNETCC lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.17 URIBL_DBL_SPAM
dns: URIBL_DBL_SPAM lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.18 URIBL_DBL_ABUSE_PHISH
dns: URIBL_DBL_ABUSE_PHISH lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.19 URIBL_DBL_MALWARE
dns: URIBL_DBL_MALWARE lookup start
async: query 51361/IN/A/spotify.com.dbl.spamhaus.org already underway, adding no.20 URIBL_DBL_ABUSE_MALW
dns: URIBL_DBL_ABUSE_MALW lookup start
async: launching A/wl.spotify.com for A:wl.spotify.com
dns: bgsend, DNS servers: [127.0.0.1]:53
dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53
dns: providing a callback for id: 18168/IN/A/wl.spotify.com
async: starting: URI-A, A:wl.spotify.com (timeout 15.0s, min 3.0s)
dns: URIBL_SBL_A lookup start
plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x2c08f38) implements 'learner_close', priority 0
plugin: Mail::SpamAssassin::Plugin::TxRep=HASH(0x3006180) implements 'learner_close', priority 0
Learned tokens from 1 message(s) (1 message(s) examined)
An occasional false positive is possible, but when the sender is on a block list, he should take action.
(No need to mention that sa-learn can always be used to check )