Hi there - i've been running EFA for a few months now and it's working well, except i'm getting far too much spam through to my users.
I could do with some tips on what i can do to make the system more strict about what it lets through.
As it is at the moment, it's pretty much as it is "out of the box". I've attached a picture showing one user with his list of emails today - they are ALL spammy, but only a couple of them have been picked up as spam by the system.
Any suggestions?
Making EFA more strict
-
bettajames
- Posts: 5
- Joined: 18 May 2015 15:03
Making EFA more strict
- Attachments
-
- efashot.jpg (428.83 KiB) Viewed 9537 times
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Making EFA more strict
You can lower your spam scores in MailScanner.
Lower these values to make EFA more strict.
Code: Select all
Required SpamAssassin Score = 4
High SpamAssassin Score = 7
Re: Making EFA more strict
Rather than change the scores, I'd try to find out why the system wasn't marking them as spam in the first place.
When I first had my installation running, a lot of my blacklist/spamlist checks weren't actually running because of how my DNS server was configured. Like you, a lot of spam game through as "clean". Once I identified the problem, and had the spam checks operating correctly, it became much less of a problem.
Perhaps you can look at your spam reports for those messages. You could even forward one of those messages to someone else to see how their system scores the message.
Just a thought.
When I first had my installation running, a lot of my blacklist/spamlist checks weren't actually running because of how my DNS server was configured. Like you, a lot of spam game through as "clean". Once I identified the problem, and had the spam checks operating correctly, it became much less of a problem.
Perhaps you can look at your spam reports for those messages. You could even forward one of those messages to someone else to see how their system scores the message.
Just a thought.
Re: Making EFA more strict
I use GeoIP filtering and it is VERY VERY efficient.
For example, I assign higher score to emails sent from pretty much everywhere in the world except a few selected countries (like USA, UK, France or Netherlands)..
For me adding a score of 3.00 to Spamassassin causes many spam emails to go to spam folder..
For example, I assign higher score to emails sent from pretty much everywhere in the world except a few selected countries (like USA, UK, France or Netherlands)..
For me adding a score of 3.00 to Spamassassin causes many spam emails to go to spam folder..
Re: Making EFA more strict
That's great if you know you'll only have communications from those countries, but for companies that do business internationally, it'll lead to a lot of false positives, do others will have to be more careful about the countries they specify.
How did you enable and configure this filter?
How did you enable and configure this filter?
Re: Making EFA more strict
Sorry for late reply. I agree that you have to be careful and you need to select your list of countries very carefully. However I support around 500 users and the list of countries that we deal with is pretty limited.
First determine the countries you want to increase spam score for. As mentioned before I have figured out the best score for me to be 3.00
List COUNTRY codes:
https://www.unc.edu/~rowlett/units/codes/country.htm
Now open this file with your text editor (I use VI)
/etc/mail/spamassassin/local.cf
at the bottom of the file type:
header RELAYCOUNTRY_BAD X-Relay-countries =~ /^(NG|AF|AX|AL)/
score RELAYCOUNTRY_BAD 3.00
in this example I blocked a few countries (their double letter codes can be found on the weblink above), just separate them with |
The score I assigned to be added to total score is 3.00
First determine the countries you want to increase spam score for. As mentioned before I have figured out the best score for me to be 3.00
List COUNTRY codes:
https://www.unc.edu/~rowlett/units/codes/country.htm
Now open this file with your text editor (I use VI)
/etc/mail/spamassassin/local.cf
at the bottom of the file type:
header RELAYCOUNTRY_BAD X-Relay-countries =~ /^(NG|AF|AX|AL)/
score RELAYCOUNTRY_BAD 3.00
in this example I blocked a few countries (their double letter codes can be found on the weblink above), just separate them with |
The score I assigned to be added to total score is 3.00
Re: Making EFA more strict
Are the tweaks listed in the link below supported with SpamAssasin on EFA?
http://www.xfiles.dk/catching-more-spam ... mAssassin/
http://www.xfiles.dk/catching-more-spam ... mAssassin/
Re: Making EFA more strict
Has anyone got any more information on this....reference my previous post?
Re: Making EFA more strict
Easy enough to check
so the following plugins are not loaded.
- IP::Country::Fast
- Mail::SpamAssassin::Plugin::TextCat
Are they installed on the system?
so yes, the modules are available.
So if you include the unloaded two modules, then efa/spamassassin would likely support the tweaks suggested on that page.
Personally. those tweaks don't seem to be all that great to me, but someone else might like them.
Now let's see what modules we have installed:The following modules should be present in the file init.pre
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
loadplugin IP::Country::Fast
loadplugin Mail::SpamAssassin::Plugin::TextCat
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
Code: Select all
https://<efabox>/mailscanner/sa_lint.php
...
Apr 29 10:57:07.030 [11739] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC
...
Apr 29 10:57:07.083 [11739] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
- IP::Country::Fast
- Mail::SpamAssassin::Plugin::TextCat
Are they installed on the system?
Code: Select all
[root@efa spamassassin]# locate TextCat
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/TextCat.pm
[root@efa spamassassin]# locate Fast
...
/usr/share/perl5/vendor_perl/IP/Country/Fast
/usr/share/perl5/vendor_perl/IP/Country/Fast.pm
/usr/share/perl5/vendor_perl/IP/Country/Fast/cc.gif
/usr/share/perl5/vendor_perl/IP/Country/Fast/ip.gifSo if you include the unloaded two modules, then efa/spamassassin would likely support the tweaks suggested on that page.
Personally. those tweaks don't seem to be all that great to me, but someone else might like them.
Re: Making EFA more strict
I read through those tweaks, they advocate using ok_locales too. Anyone got more info on that? Apparently en means all Western character sets in general => https://spamassassin.apache.org/full/3. ... _Conf.html
What locales would fall inside this and what would not? Any link where I can read up on locales?
What happens if a mail is received that is no within ok_locales? the only thing I could find is this, is there more?
What locales would fall inside this and what would not? Any link where I can read up on locales?
What happens if a mail is received that is no within ok_locales? the only thing I could find is this, is there more?
Code: Select all
score CHARSET_FARAWAY_HEADER 3.200