Solved

Spamassassin sa-learn

Posted on 2004-09-18
13
439 Views
Last Modified: 2010-08-05
Hello All,

My question is sometime my own email consider as spam and sometime spams comes into my mailbox.

My question I heard about sa-learn but I am not too sure about that,

I've did man sa-learn but still I didnt understand.

it says something about ham and spam.

I am using Ensim box, and I've one email account name backup , in that folder all SPAM automatically goes to that email account.

So what exactly I have to do in order to protect my self from spam , I want spamassassin to know that only consider SPAM email as REAL SPAM not my clients nor my friends email.

Please kindly help me and let me know what's the procedure to AVOID SPAM and what's the procedure to deleiver NON-SPAM email to my INBOX.

Please guide me in detail as I am not a expert and I dont know too much about spamassassin.

Should I run the sa-learn like the following :-

sa-learn --showdots --mbox --spam backup
sa-learn --showdots --mbox --ham backup

If I do the above than sa-learn will automatically consider REALL SPAM email as SPAM or what ? If the above command is correct than how should I know, what I did is correct and what was the output of it.

Thank you
0
Comment
Question by:wcws
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 12095618
To use sa-learn need two mboxes (or files) , one for spam that spamassassin missed & one for good emails which spamassassin has marked as spam. You forward all emails to the relevant accounts. Ie  forward spam that spammassissin missed to a mbox or file called spam. Forward all proper emails which spammassin mistakenly marked as spam to a mbox or file called ham. Then run sa-learn --showdots --mbox --spam spam and
sa-learn --showdots --mbox --ham  ham.
0
 

Author Comment

by:wcws
ID: 12097016
how can I setup my mailscanner to use an auto learn option ? in that way I dont have to do anything manually ?

Please advise.
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 12097328
You cant. Spamassassin relies on you to tell it what is spam and what is not. You could set a cron job to have sa-learn parse your spam & ham mailboxes automatically but it will still be up to you to forward unidentified  spam to the spam mailbox and good emails mistakenly identified as spam to the ham mailbox.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:wcws
ID: 12097369
ok, so you are saying that I should create two email box

one : spam ( which is really 100% SPAM EMAILS )
second     : ham ( which is spam but MISSED by SPAMASSASSIn or GOOD EMAILS MARKED AS SPAM )

I am running a small server which is consisit of 40 customer meaning 40 domain names how I am going to know about there spam or ham emails.

Please advise
0
 
LVL 2

Expert Comment

by:dfk
ID: 12101891
Ah, ensim + mailscanner + spamassassin.

I suggest you read this document.  http://forums.ev1servers.net/showthread.php?s=942451ebe8112fa68a36020ce97e611b&threadid=20385

Best wishes
Mark Waterhouse
DFK Systems Limited
http://www.dfk-systems.com/
0
 

Author Comment

by:wcws
ID: 12102512
dfk : That link is a how to install MailScanner, there is nothing there explaining sa-learn.
0
 
LVL 2

Accepted Solution

by:
dfk earned 125 total points
ID: 12102650
wcws

You're right ;-)
I forgot what the initial question was as I read down the thread.


To answer your question regarding your virtual domains, there isnt an easy way.  Some people suggest having the users forward the 'spam' emails to a certain email address so as the system can autolearn these (via cron for example).  However, the problem here is with the MUA in question. Many MUA's (Outlook etc.) munge the headers and do not forward these on correctly.

If you allow spamassassin to use bayesian databases (in local.cf, use_bayes 1), you should start to notice a gradual decline in spam.  Our customers have quarantine directories setup and all 'suspected spam' messages go there.  It is then up to the user if they want to deliver that spam or not.

If you run 'sa-learn --dump magic', you will get an idea of how good your spam/ham bayesian classifier is.  Note: If the number of spam/ham messages is small (below 200), spamassassin - by default - will not modify your mails as the DB's are still learning.

You may also want to consider looking into other spam filters (dspam is very good - http://www.nuclearelephant.com/projects/dspam/).

Hope that better answers your question - apologies for not answering it first time!

Best wishes
Mark Waterhouse
DFK Systems Limited
http://www.dfk-systems.com/
0
 

Author Comment

by:wcws
ID: 12102819
I am running a ensim box so do you mean modify the local.cf in

/etc/mail/spamassassin/local.cf will that work globally every domain ?

Do you have your local.cf , can u paste it here so that I wil have an idea
0
 
LVL 2

Expert Comment

by:dfk
ID: 12103044
The local.cf file I have (on my ensim box) is indeed in /etc/mail/spamassassin/local.cf and contains my system whitelists (whitelist_from @dfk-systems.com).  However, depending on how you compiled spamassassin, the local.cf could be anywhere :-(

If you are still running MailScanner, all of this configuration is done in the MailScanner configuration files (perhaps in /opt/MailScanner/etc).  You can use the MailScanner rules to setup per-user/per-domain settings if required.

If your MailScanner.conf file has the following options set to Yes (or to a custom rule);
Virus Scanning = yes (or rule)
Spam Checks = yes (or rule)

then bayesian databases will be in operation as I dont believe MailScanner has an option to turn them off.

--Mark

0
 
LVL 4

Expert Comment

by:itcnbwise
ID: 12103434
FYI - I use spamassassin, and it's nice, but if you want to automatically remove incoming spam before users even get it, try using Vipul's Razor along with MailScanner - it works awesome: http://razor.sourceforge.net/
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 12106840
"one : spam ( which is really 100% SPAM EMAILS )
second     : ham ( which is spam but MISSED by SPAMASSASSIn or GOOD EMAILS MARKED AS SPAM )"

I am running a small server which is consisit of 40 customer meaning 40 domain names how I am going to know about there spam or ham emails.

"second" is wrong - ham is only real emails marked as spam incorrectly by spamassissin.
As for your customers, I assume the server you are hosting them on has its own valid domainname? Just get your customers to forward spam missed by spammassissin to spam@yourdomainname and good emails marked as spam by spamassissin to  ham@yourdomainname Then run sa-learn with the --spam option on the spam mailbox & sa-learn --ham on the ham mailbox. (You can setup a cronjob to get sa-learn to run automatically.)
 
0
 

Author Comment

by:wcws
ID: 12107041
how can I setup a cron job automatically.

Please advise
0
 
LVL 2

Expert Comment

by:dfk
ID: 12107208
owensleftfoot - the problem with having users forward emails is the reliance on them actually forwarding useful information. If they neglect to send the email with the full headers, all you succeed in doing is adding some of the content and incorrect headers.....useless against RBLs.

-- Mark
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question