Page 1 of 1
best practise or best configuration
Posted: 31 Oct 2021 07:34
by keysteal
Hello to all,
I have been using Efa Project for almost 3 years, I am still satisfied, but I have noticed that many
dangerous phishing emails (from banks in general) are filtered as clean. There is here in the forum,
a simple guide on how to do the best configuration of Efa Project and avoid most of the emails that
Efa does not recognize as spam?
Thanks to all.
Re: best practise or best configuration
Posted: 02 Nov 2021 01:17
by shawniverson
eFa really provides a default set of rules (spamassassin, clamav-unofficial-sigs) that gets you started.
The two biggest ways to combat spam are to add RBLs to your configuration (either with postfix/postscreen or in MailScanner, depending on whether you want the performance benefit of blocking at the MTA level) and creating custom rules for SpamAssassin.
If you are able to share a Report from one or more of these emails I could help you get going in the right direction.
Re: best practise or best configuration
Posted: 02 Nov 2021 20:47
by keysteal
This is a recent example:
- An example
- Schermata 2021-11-02 alle 21.42.04.png (369.35 KiB) Viewed 4804 times
Re: best practise or best configuration
Posted: 02 Nov 2021 20:50
by keysteal
Another one:
- Schermata 2021-11-02 alle 21.49.01.png (611.59 KiB) Viewed 4804 times
- Schermata 2021-11-02 alle 21.50.36.png (488.36 KiB) Viewed 4804 times
Re: best practise or best configuration
Posted: 03 Nov 2021 15:47
by shawniverson
The first thing I spot is a DKIM_INVALID. So, you could assign a higher score to incoming emails that have a DKIM_INVALID.
I'll look at these in greater detail later and give you some suggestions and steps to take.
Re: best practise or best configuration
Posted: 07 Nov 2021 09:42
by keysteal
Hi @shawniverson,
I don't find a guide how to set DKIM scores inside Efa, do you have some?
Re: best practise or best configuration
Posted: 09 Nov 2021 23:52
by shawniverson
Any score in SpamAssassin can be overridden or used in what is known as a meta rule.
https://cwiki.apache.org/confluence/dis ... itingrules
You can place your rules in local.cf or a custom file under /etc/mail/spamassassin of your choosing.
So, you could do this, for example:
Or this:
Code: Select all
meta MY_CUSTOM_RULE DKIM_INVALID && PHP_SCRIPT
describe MY_CUSTOM_RULE sending a PHP script and having bad DKIM is bad
score MY_CUSTOM_RULE 5.0
Re: best practise or best configuration
Posted: 10 Nov 2021 00:04
by shawniverson
I also think you would benefit using good RBLs, which can be done in a variety of ways:
Postscreen is the preferred method these days but takes some configuration and care:
http://www.postfix.org/POSTSCREEN_README.html
http://rob0.nodns4.us/postscreen.html
Or you can do it simply using Postfix, just not as powerfully as Postscreen:
https://docs.rackspace.com/support/how- ... n-postfix/
/etc/MailScanner/MailScanner.conf can also use RBLs, this is more CPU intensive but is a good start to see what is getting caught in the RBLs
Also, SpamAssassin can use RBLs to and you can assign scores based on RBL lookups
Re: best practise or best configuration
Posted: 14 Nov 2021 07:27
by keysteal
Thx @shawniverson, I'll give them a look.