Hello to all,
I have been using Efa Project for almost 3 years, I am still satisfied, but I have noticed that many
dangerous phishing emails (from banks in general) are filtered as clean. There is here in the forum,
a simple guide on how to do the best configuration of Efa Project and avoid most of the emails that
Efa does not recognize as spam?
Thanks to all.
best practise or best configuration
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: best practise or best configuration
eFa really provides a default set of rules (spamassassin, clamav-unofficial-sigs) that gets you started.
The two biggest ways to combat spam are to add RBLs to your configuration (either with postfix/postscreen or in MailScanner, depending on whether you want the performance benefit of blocking at the MTA level) and creating custom rules for SpamAssassin.
If you are able to share a Report from one or more of these emails I could help you get going in the right direction.
The two biggest ways to combat spam are to add RBLs to your configuration (either with postfix/postscreen or in MailScanner, depending on whether you want the performance benefit of blocking at the MTA level) and creating custom rules for SpamAssassin.
If you are able to share a Report from one or more of these emails I could help you get going in the right direction.
Re: best practise or best configuration
This is a recent example:
Re: best practise or best configuration
Another one:
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: best practise or best configuration
The first thing I spot is a DKIM_INVALID. So, you could assign a higher score to incoming emails that have a DKIM_INVALID.
I'll look at these in greater detail later and give you some suggestions and steps to take.
I'll look at these in greater detail later and give you some suggestions and steps to take.
Re: best practise or best configuration
Hi @shawniverson,
I don't find a guide how to set DKIM scores inside Efa, do you have some?
I don't find a guide how to set DKIM scores inside Efa, do you have some?
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: best practise or best configuration
Any score in SpamAssassin can be overridden or used in what is known as a meta rule.
https://cwiki.apache.org/confluence/dis ... itingrules
You can place your rules in local.cf or a custom file under /etc/mail/spamassassin of your choosing.
So, you could do this, for example:
Or this:
https://cwiki.apache.org/confluence/dis ... itingrules
You can place your rules in local.cf or a custom file under /etc/mail/spamassassin of your choosing.
So, you could do this, for example:
Code: Select all
score DKIM_INVALID 5.0
Code: Select all
meta MY_CUSTOM_RULE DKIM_INVALID && PHP_SCRIPT
describe MY_CUSTOM_RULE sending a PHP script and having bad DKIM is bad
score MY_CUSTOM_RULE 5.0
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: best practise or best configuration
I also think you would benefit using good RBLs, which can be done in a variety of ways:
Postscreen is the preferred method these days but takes some configuration and care:
http://www.postfix.org/POSTSCREEN_README.html
http://rob0.nodns4.us/postscreen.html
Or you can do it simply using Postfix, just not as powerfully as Postscreen:
https://docs.rackspace.com/support/how- ... n-postfix/
/etc/MailScanner/MailScanner.conf can also use RBLs, this is more CPU intensive but is a good start to see what is getting caught in the RBLs
Also, SpamAssassin can use RBLs to and you can assign scores based on RBL lookups
Postscreen is the preferred method these days but takes some configuration and care:
http://www.postfix.org/POSTSCREEN_README.html
http://rob0.nodns4.us/postscreen.html
Or you can do it simply using Postfix, just not as powerfully as Postscreen:
https://docs.rackspace.com/support/how- ... n-postfix/
/etc/MailScanner/MailScanner.conf can also use RBLs, this is more CPU intensive but is a good start to see what is getting caught in the RBLs
Also, SpamAssassin can use RBLs to and you can assign scores based on RBL lookups
Re: best practise or best configuration
Thx @shawniverson, I'll give them a look.