Mesazhi #4262 i Listës së E-mailave cgpsa-discuss@mail.tffenterprises.com
Nga: Patrick Sneyers <patrick@bulckens.com>
Lënda: Re: [CGPSA] Test
Data: Tue, 28 Nov 2017 10:16:01 +0100
Për: CGPSA Discussion List <cgpsa-discuss@mail.tffenterprises.com>
 Koka e Mesazhit

Origjina elektronike

> Op 28 nov. 2017, om 08:02 heeft Daniel M. Zimmerman <dmz@tffenterprises.com> het volgende geschreven:
>
> I do wish SpamAssassin updates were more frequent, though. If anybody has specific rulesets, update sites, blacklists, etc., that have been working well for them, I’d love to hear about them.

My Setup.

FortiGate FireWall
- AV on, reject
- AS on, add header

CGP
- Server wide rules on SA "Stars" header (+++++)
- Server wide rule for ditching bayes_999 hits

CGP Blacklists (reject)
zen.spamhaus.org
b.barracudacentral.org
bl.spamcop.net
ix.dnsbl.manitu.net

Blacklist by DNS name (reject)
*pppoe*
*.dhcp.*
*ppp*
*dyn*
*dial-up*
*.ippool.*
*dial*.ru*
*host name is unknown*
*no-reverse-dns*

SA
- All network test on
- trusted_networks and internal_networks set correctly
- Razor2
- Botnet plugin (John Rudd) https://github.com/eilandert/Botnet.pm
- Custom rule for FortiGate SPAM header
- Custom rule for CGP SPF headers
- bayes on
- DKIM off (not useful in any way)
- some score tweaks

- sa-learn (cron) on user & system spam/ham folders

- Local non-recursive caching DNS server. You can't use a public/ISP DNS with those network tests in SA, as you will get blocked
I use pdns_recursor https://www.powerdns.com/recursor.html

****************************************

local.cf

###########################################################################

#______________________________ Customized by Patrick Sneyers patrick@bulckens.com  ______________________________



# _______________ PS likes the headers like this
# _______________ First we clear all
clear_headers

# _______________ Then we put 'em back in the way we like 'em
# _______________ add headers
add_header spam Level _STARS(+)_
add_header all Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_

# _______________ add complete report to headers - only on for debugging/monitoring
# add_header all Report _REPORT_

# _______________ rewrite subject
rewrite_header Subject SPAM --  

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0

#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
trusted_networks <<IP LAN>>
trusted_networks <<IP Backup MX>>
trusted_networks <<IP other trusted external>>

# Backup MX
internal_networks <<IP Backup MX>>

# custom DNS - used for network tests
dns_server 127.0.0.1
dns_server <<IP of secondary pdns_recursor DNS server>>

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock

#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 4.8

#   Use Bayesian classifier (default: 1)
#
use_bayes 1

#   Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
bayes_path /var/CommuniGate/settings/SpamAssassin/.spamassassin/bayes
bayes_auto_learn_threshold_nonspam -2.0
bayes_auto_learn_threshold_spam 7.6

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Level
bayes_ignore_header X-Spam-Checker-Version
bayes_ignore_header X-Spam-Report
bayes_ignore_header X-FortiGate_SPAM
bayes_ignore_header X-SpamInfo

#    _______________ Fortigate ASE ->
# fortigate setup: Security Profiles -> email filter -> SMTP_in profile
header FORTIGUARD X-FortiGuard =~ /./
describe FORTIGUARD FortiGuard ASE hit
score FORTIGUARD 2.9

#    _______________ SPF Fail custom rules for CGP ->
#   20150622 changed from REJECT to ADD HEADER in CGP settings. Avoid rejecting real customers with bad setups.

header SPF_FAIL     Received-SPF =~ /^fail/i
describe SPF_FAIL SPF FAIL - relay does not match SPF records
score SPF_FAIL     3.0

#   _______________ Override default scores

# BAYES is wel trained...
score BAYES_00   -3.0
score BAYES_95 3.4
score BAYES_99 4.3
score BAYES_999 0.8


#   Slightly up RAZOR2 - very reliable - PS 20150630
score RAZOR2_CF_RANGE_E8_51_100 2.6
score RAZOR2_CF_RANGE_51_100 1.1
score RAZOR2_CHECK 1.8

# various overrides
score MISSING_HEADERS 1.8
score SPF_SOFTFAIL 0.9
score RP_MATCHES_RCVD   -0.0
score FSL_MIME_NO_TEXT 0.0

# _______________ URIBL

urirhssub       URIBL_BLACK  multi.uribl.com.        A   2
body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK')
describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist
tflags          URIBL_BLACK  net
score           URIBL_BLACK  3.0

urirhssub       URIBL_GREY  multi.uribl.com.        A   4
body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
tflags          URIBL_GREY  net
score           URIBL_GREY  1.0




------------------------------------------------------------------------
zwartopwit.be - Drukkerij Bulckens
http://www.zwartopwit.be
Beestig drukwerk van A tot XXL

Industriezone Herentals
Grensstraat 9, 2270 Herenthout
+32 (0) 14 28 58 78
------------------------------------------------------------------------
Regjistrohu (për LAJME Automatike) Regjistrohu (për KLASIFIKIME) Pajtohu (për INDEKSIME) Ç'regjistrohu Shkruaji Administratorit të Listës