Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Rules du Jour - spamassassin

  1. #1
    sturgis is offline Senior Member
    Join Date
    Jan 2007
    Location
    France
    Posts
    71
    Rep Power
    8

    Arrow Rules du Jour - spamassassin

    Hi,
    I guess that I'm not the only one getting a lot of spam in my mailboxes.
    I read about the "rules du jour" method to complement spamassassin and I was wondering if I implemented it in the right way.
    I followed this wiki:

    Howtos Spam Assassin Rules Du Jour Configuration
    From 5dollarwhitebox.org Media Wiki
    Jump to: navigation, search

    This is the basics on how to install and configure Rules Du Jour for Spam Assassin:


    Code:
    install_rdj.pl: http://devel.5dollarwhitebox.org/scripts/install_rdj.pl
    Code:
    linuxbox #] wget http://devel.5dollarwhitebox.org/scripts/install_rdj.pl
    
    linuxbox #] perl install_rdj.pl --install
    Get Rules Du Jour:

    Code:
    linuxbox] # wget http://sandgnat.com/rdj/rules_du_jour
    
    linuxbox] # mv rules_du_jour /usr/local/sbin/rules_du_jour
    
    linuxbox] # chmod 750 /usr/local/sbin/rules_du_jour

    Configure Rules Du Jour

    Code:
    linuxbox] # mkdir /etc/rulesdujour
    
    linuxbox] # vi /etc/rulesdujour/config

    The following is a basic configuration for Rules Du Jour

    Code:
    SA_DIR="/opt/zimbra/conf/spamassassin"
    MAIL_ADDRESS="root"
    SINGLE_EMAIL_ONLY="true";
    SA_RESTART="/etc/init.d/psa-spamassassin restart"
    TRUSTED_RULESETS="
            TRIPWIRE
            ANTIDRUG
            SARE_EVILNUMBERS0
            RANDOMVAL
            SARE_ADULT
            SARE_FRAUD
            SARE_BML
            SARE_SPOOF
            SARE_BAYES_POISON_NXM
            SARE_OEM
            SARE_RANDOM
            SARE_OBFU0
            SARE_SPAMCOP_TOP200
            "
    Run Rules Du Jour

    Code:
    linuxbox] # rules_du_jour
    Crontab it

    run

    'crontab -e -u root' and add something similar to the following:

    Code:
    1 1 * * * /usr/local/sbin/rules_du_jour 2&>1 > /dev/null
    Do I have to do something differently to make it work with zimbra. I did this and it worked, but I don't know if it does actually the job.
    Thanks!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by sturgis View Post
    .... I did this and it worked, but I don't know if it does actually the job.
    Thanks!
    That would depend on whether you see a reduction in spam in your inbox. Actuall the RDJ script only update files that you probably have in your Zimbra config anyway, those files are also not updated very often. You also don't say what other features of Zimbra that you use (such as RBL list) or if you tag/kill percentages have been changed.

    FWIW, I see no spam in my inbox and the Junk folder has about 30 messages in it with a 30 day retention - so I guess 1 per day on average.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    sturgis is offline Senior Member
    Join Date
    Jan 2007
    Location
    France
    Posts
    71
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    That would depend on whether you see a reduction in spam in your inbox. Actuall the RDJ script only update files that you probably have in your Zimbra config anyway, those files are also not updated very often. You also don't say what other features of Zimbra that you use (such as RBL list) or if you tag/kill percentages have been changed.

    FWIW, I see no spam in my inbox and the Junk folder has about 30 messages in it with a 30 day retention - so I guess 1 per day on average.
    Thanks for your answer.
    I changed the tag kill to 66/20
    I use
    •reject_invalid_hostname
    •reject_non_fqdn_hostname
    •reject_non_fqdn_sender
    And:
    •reject_rbl_client dnsbl.njabl.org
    •reject_rbl_client cbl.abuseat.org
    •reject_rbl_client bl.spamcop.net
    •reject_rbl_client sbl.spamhaus.org
    •reject_rbl_client relays.mail-abuse.org

    Nevertheless I get a lot of spam, specially those with pictures of pharmacy etc...

    How do I eliminate those? Sometimes I have the feeling that trainsa does not work.

    I thought that this rules du jour would help... but the wiki was not for zimbra.

    I suggested to use Stop spam with the Anti-Spam-SMTP-Proxy (ASSP) in the next relese, to whitlist, blacklist and so... I hope zimbra guys consider my proposal...

    By they way, my junk mail (and all users ones) are getting bigger and bigger. Is there a way to empty it automatically?
    Last edited by sturgis; 06-24-2007 at 06:39 AM.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    You shouldn't see much spam with those settings, I don't use any of those I've just changed smtpd_reject_unlisted_recipient in the zmmta.cf file to 'yes'. and my tag/kill are set to 25/66. In current versions of Zimbra we have disabled DPSAM by default as there was a performance problem on larger sites, I've also re-enabled that.

    The lifetime of mail in the Junk folder is controlled by the 'lifetime' option in the admin ui on the COS/Advanced tab. There is an article here about using RDJ with Zimbra, I did use it a while back but have since discontinued it.
    Last edited by phoenix; 11-27-2007 at 10:12 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    sturgis is offline Senior Member
    Join Date
    Jan 2007
    Location
    France
    Posts
    71
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    You shouldn't see much spam with those settings, I don't use any of those I've just changed smtpd_reject_unlisted_recipient in the zmmta.cf file to 'yes'. and my tag/kill are set to 25/66. In current versions of Zimbra we have disabled DPSAM by default as there was a performance problem on larger sites, I've also re-enabled that.

    The lifetime of mail in the Junk folder is controlled by the 'lifetime' option in the admin ui on the COS/Advanced tab. There is an article here about using RDJ with Zimbra, I did use it a while back but have since discontinued it.
    Phoenix,
    I have waited a couple of days and there are no results. I keep receiving an average of to image spam emails in my account every day. I don't know abut the rest of my users... but I know I do.
    WHat do you think is wrong in the implementation above, and how could I get rid of these disturbing emails?
    Thanks
    Last edited by phoenix; 11-27-2007 at 10:12 AM.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Well, it's impossible to say without seeing some headers from the message to see if the anti-spam is working. Did you also make this change "smtpd_reject_unlisted_recipient yes" to zmmta.cf that I mentioned earlier?
    Last edited by phoenix; 11-27-2007 at 10:13 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Quote Originally Posted by sturgis View Post
    Thanks for your answer.

    I use
    •reject_rbl_client sbl.spamhaus.org
    Change that to zen.spamhaus.org and you should get better results.

    Also, our /etc/rulesdujour/config file looks like this:

    #
    # Configuration File for Updating SpamAssassin with the
    # Rules Du Jour Script /usr/local/sbin/rules_du_jour.
    # Script is run once a day via cron and will update
    # spamassassin rule sets by adding the third-party
    # rule sets listed below. See http://www.exit0.us/index.php?pagename=RulesDuJour
    # for more information
    #
    # Version 1.00 - 2005-11-28 - L. Mark Stone - Initial configuration.
    # Version 1.01 - 2006-10-11 - L. Mark Stone - Modified for use with Zimbra.
    TRUSTED_RULESETS="TRIPWIRE SARE_BML SARE_FRAUD SARE_OEM SARE_STOCKS SARE_BAYES_POISON_NXM SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_REDIRECT_POST300 SARE_HTML0 SARE_HTML1 SARE_HTML_ENG SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_OBFU1 SARE_SPOOF SARE_RANDOM"
    SA_DIR="/opt/zimbra/conf/spamassassin"
    RULES_DU_JOUR_SCRIPT="/usr/sbin/rules_du_jour"
    MAIL_ADDRESS="Use_Your_Own_Address@Your_Own_Domain .com"
    SA_RESTART="/opt/zimbra/bin/zmamavisdctl restart"
    SA_LINT=" "



    Hope that helps.

    All the best,
    Mark
    Last edited by LMStone; 06-27-2007 at 01:15 PM.

  8. #8
    sturgis is offline Senior Member
    Join Date
    Jan 2007
    Location
    France
    Posts
    71
    Rep Power
    8

    Default

    Quote Originally Posted by LMStone View Post
    Change that to zen.spamhaus.org and you should get better results.

    Also, our /etc/rulesdujour/config file looks like this:

    #
    # Configuration File for Updating SpamAssassin with the
    # Rules Du Jour Script /usr/local/sbin/rules_du_jour.
    # Script is run once a day via cron and will update
    # spamassassin rule sets by adding the third-party
    # rule sets listed below. See http://www.exit0.us/index.php?pagename=RulesDuJour
    # for more information
    #
    # Version 1.00 - 2005-11-28 - L. Mark Stone - Initial configuration.
    # Version 1.01 - 2006-10-11 - L. Mark Stone - Modified for use with Zimbra.
    TRUSTED_RULESETS="TRIPWIRE SARE_BML SARE_FRAUD SARE_OEM SARE_STOCKS SARE_BAYES_POISON_NXM SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_REDIRECT_POST300 SARE_HTML0 SARE_HTML1 SARE_HTML_ENG SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_OBFU1 SARE_SPOOF SARE_RANDOM"
    SA_DIR="/opt/zimbra/conf/spamassassin"
    RULES_DU_JOUR_SCRIPT="/usr/sbin/rules_du_jour"
    MAIL_ADDRESS="Use_Your_Own_Address@Your_Own_Domain .com"
    SA_RESTART="/opt/zimbra/bin/zmamavisdctl restart"
    SA_LINT=" "



    Hope that helps.

    All the best,
    Mark
    Thanks Mark,
    I just changed it. I'll wait for a week and I'll post the results. For the time being already one image spam came...
    sturgis

  9. #9
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    IMHO, receiving a few spams a day is a good indication that you are not suffering from false positives.

    We have doctors and lawyers on our system; they talk about drugs, illegal activities and other topics that in many systems are likely to get flagged as spam. That's not acceptable, so we have to be very careful about anti-spam configrations.

    If you read the RDJ documentation, you will see that there are a lot of rules in the form "Rule0, Rule1, Rule2, Rule3", where the base rule checks for the same thing, but the higher the number the more messages will be flagged as spam and the greater the likelihood of false positives. We don't use anything higher than a 1, but many systems use 2s and a few 3s with few false positives. With our customers, we can't do that. YMMV of course. :-)

    All the best,
    Mark

  10. #10
    padraig's Avatar
    padraig is offline Elite Member
    Join Date
    Jul 2006
    Location
    ireland
    Posts
    388
    Rep Power
    9

    Default smtpd_reject_unlisted_recipient

    Quote Originally Posted by phoenix View Post
    Well, it's impossible to say without seeing some headers from the message to see if the anti-spam is working. Did you also make this change "smtp_reject_unlisted_recipient yes" to zmmta.cf that I mentioned earlier?
    Hi Bill,
    should this be smtpd_reject_unlisted_recipient ( not smtp_reject_unlisted_recipient) & if this is not set to yes will RHL be ignored

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Spamassassin: How to test homemade rules?
    By Tenshi in forum Administrators
    Replies: 11
    Last Post: 06-29-2010, 12:37 PM
  2. Zimbra's SpamAssassin implementation
    By dvb in forum Administrators
    Replies: 4
    Last Post: 09-07-2009, 02:07 PM
  3. zmtrainsa - can't find site rules
    By reza225 in forum Administrators
    Replies: 9
    Last Post: 07-09-2007, 12:19 PM
  4. Personal rules
    By Assaf in forum Administrators
    Replies: 1
    Last Post: 01-16-2007, 07:56 AM
  5. Per user spamassassin settings possible?
    By redhat in forum Administrators
    Replies: 1
    Last Post: 08-11-2006, 03:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •