Return-Path: Received: from bulckens.com ([91.183.137.138] verified) by mail.tffenterprises.com (CommuniGate Pro SMTP 6.1.7) with ESMTPS id 19186023 for cgpsa-discuss@mail.tffenterprises.com; Tue, 28 Nov 2017 01:16:14 -0800 Received-SPF: none receiver=mail.tffenterprises.com; client-ip=91.183.137.138; envelope-from=patrick@bulckens.com Received: by bulckens.com (CommuniGate Pro PIPE 6.1.11) with PIPE id 1837756; Tue, 28 Nov 2017 10:16:03 +0100 X-ExtScanner: Niversoft's AddFooter filter Received: from [192.168.252.95] (account trikke@bulckens.com HELO [192.168.252.95]) by bulckens.com (CommuniGate Pro SMTP 6.1.11) with ESMTPSA id 1837751 for cgpsa-discuss@mail.tffenterprises.com; Tue, 28 Nov 2017 10:16:01 +0100 From: Patrick Sneyers Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [CGPSA] Test Date: Tue, 28 Nov 2017 10:16:01 +0100 References: To: CGPSA Discussion List In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3273) > Op 28 nov. 2017, om 08:02 heeft Daniel M. Zimmerman = het volgende geschreven: >=20 > I do wish SpamAssassin updates were more frequent, though. If anybody = has specific rulesets, update sites, blacklists, etc., that have been = working well for them, I=E2=80=99d love to hear about them. My Setup. FortiGate FireWall - AV on, reject - AS on, add header CGP - Server wide rules on SA "Stars" header (+++++) - Server wide rule for ditching bayes_999 hits CGP Blacklists (reject) zen.spamhaus.org b.barracudacentral.org bl.spamcop.net ix.dnsbl.manitu.net Blacklist by DNS name (reject) *pppoe* *.dhcp.* *ppp* *dyn* *dial-up* *.ippool.* *dial*.ru* *host name is unknown* *no-reverse-dns* SA - All network test on - trusted_networks and internal_networks set correctly - Razor2 - Botnet plugin (John Rudd) https://github.com/eilandert/Botnet.pm - Custom rule for FortiGate SPAM header - Custom rule for CGP SPF headers - bayes on - DKIM off (not useful in any way) - some score tweaks - sa-learn (cron) on user & system spam/ham folders - Local non-recursive caching DNS server. You can't use a public/ISP DNS = with those network tests in SA, as you will get blocked I use pdns_recursor https://www.powerdns.com/recursor.html **************************************** local.cf = ##########################################################################= # #______________________________ Customized by Patrick Sneyers = patrick@bulckens.com ______________________________=20 # _______________ PS likes the headers like this # _______________ First we clear all clear_headers # _______________ Then we put 'em back in the way we like 'em # _______________ add headers add_header spam Level _STARS(+)_ add_header all Flag _YESNOCAPS_ add_header all Status _YESNO_, score=3D_SCORE_ required=3D_REQD_ = autolearn=3D_AUTOLEARN_ # _______________ add complete report to headers - only on for = debugging/monitoring # add_header all Report _REPORT_ # _______________ rewrite subject rewrite_header Subject SPAM -- =20 # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) trusted_networks <> trusted_networks <> trusted_networks <> # Backup MX internal_networks <> # custom DNS - used for network tests dns_server 127.0.0.1 dns_server <> # Set file-locking method (flock is not safe over NFS, but is faster) # # lock_method flock # Set the threshold at which a message is considered spam (default: = 5.0) # required_score 4.8 # Use Bayesian classifier (default: 1) # use_bayes 1 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1 bayes_path /var/CommuniGate/settings/SpamAssassin/.spamassassin/bayes bayes_auto_learn_threshold_nonspam -2.0 bayes_auto_learn_threshold_spam 7.6 # Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version bayes_ignore_header X-Spam-Report bayes_ignore_header X-FortiGate_SPAM bayes_ignore_header X-SpamInfo # _______________ Fortigate ASE -> # fortigate setup: Security = Profiles -> email filter -> SMTP_in profile header FORTIGUARD X-FortiGuard =3D~ /./ describe FORTIGUARD FortiGuard ASE hit score FORTIGUARD 2.9 # _______________ SPF Fail custom rules for CGP -> # 20150622 changed from REJECT to ADD HEADER in CGP settings. Avoid = rejecting real customers with bad setups. header SPF_FAIL Received-SPF =3D~ /^fail/i describe SPF_FAIL SPF FAIL - relay does not match = SPF records score SPF_FAIL 3.0 # _______________ Override default scores # BAYES is wel trained... score BAYES_00 -3.0 score BAYES_95 3.4 score BAYES_99 4.3 score BAYES_999 0.8 # Slightly up RAZOR2 - very reliable - PS 20150630 score RAZOR2_CF_RANGE_E8_51_100 2.6 score RAZOR2_CF_RANGE_51_100 1.1 score RAZOR2_CHECK 1.8=09 # various overrides score MISSING_HEADERS 1.8 score SPF_SOFTFAIL 0.9 score RP_MATCHES_RCVD -0.0 score FSL_MIME_NO_TEXT 0.0 # _______________ URIBL urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL = blacklist tflags URIBL_BLACK net score URIBL_BLACK 3.0 urirhssub URIBL_GREY multi.uribl.com. A 4 body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') describe URIBL_GREY Contains an URL listed in the URIBL greylist tflags URIBL_GREY net score URIBL_GREY 1.0 ------------------------------------------------------------------------=09= zwartopwit.be - Drukkerij Bulckens http://www.zwartopwit.be Beestig drukwerk van A tot XXL Industriezone Herentals Grensstraat 9, 2270 Herenthout +32 (0) 14 28 58 78 ------------------------------------------------------------------------