Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1042
  • Last Modified:

Is Spamassassin still useful in 2009?

Last weekend, we switched over our email to a new hosting company.  They use SpamAssassin, but there is still a lot of spam getting through.  But looking at the headers of some spam messages coming through, their scores are very low (see examples in code below).

My question is:
Is Spamassassin still useful in 2009?
If so, can anyone point a Spamassassin newbie like me to some useful tips for more advanced configuration (beyond just score filtering...)?
<snippet>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on our.host.com
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=5.0 tests=BAYES_20,HTML_MESSAGE,SPF_PASS,
	URIBL_JP_SURBL,URIBL_OB_SURBL shortcircuit=no autolearn=no version=3.2.4
</snippet>
 
<snippet>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on our.host.com
X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_00,FR_ALMOST_VIAG2,
	MILLION_USD,RDNS_NONE,US_DOLLARS_3 shortcircuit=no autolearn=no version=3.2.4
</snippet>

Open in new window

0
KTN-IT
Asked:
KTN-IT
2 Solutions
 
greyknight17Commented:
I personally have not used SpamAssassin before, but from what I understand, you might find this site useful. It has entries where you can select how you want it to be configured and it has a pretty detailed description of what each section does. It will generate a customized file for you after your selections are made.
0
 
mchkorgCommented:
Hi
I'm still using it efficiently in my company (150 pers.)
But, spamassassin by itself is not enough. You don't have specific rules.

Do consider setting up these rules: http://www.rulesemporium.com/rules.htm
And this "hidden" page (not referenced on the main site): http://www.rulesemporium.com/plugins.htm
Read the documentation about rules emporium.
Choose your rules (be careful between standard rules and paranoid rules that will create a lot of false-positives)

1) Create a /etc/spamassassin/channels.txt containing your rules. My example:
your_server:/etc/spamassassin# cat channels.txt
updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_evilnum1.cf.sare.sa-update.dostech.net
70_sare_evilnum2.cf.sare.sa-update.dostech.net
70_sare_genlsubj.cf.sare.sa-update.dostech.net
70_sare_header.cf.sare.sa-update.dostech.net
70_sare_highrisk.cf.sare.sa-update.dostech.net
70_sare_html.cf.sare.sa-update.dostech.net
70_sare_obfu.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_whitelist.cf.sare.sa-update.dostech.net
70_sc_top200.cf.sare.sa-update.dostech.net
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net

All the "70*" rules are from RulesEmporium (located on sa-update.dostech.net)
All this is explained by the author here: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt - a very short documentation

2) schedule an update, example in /etc/crontab:
0 5 * * * root  sa-update --allowplugins --channelfile /etc/spamassassin/channels.txt --nogpg /usr/local/bin/sa-compile

3) test it by yourself the first time. The downloaded rules will go there (on Debian): /var/lib/spamassassin/your_SA_release

4) you'll have to reload SA after this update, if you're using it as a daemon (not only the client mode). Add something like  && /etc/init.d/spamassassin reload:
0 5 * * * root  sa-update --allowplugins --channelfile /etc/spamassassin/channels.txt --nogpg /usr/local/bin/sa-compile && /etc/init.d/spamassassin reload

5) About the ImageInfo plugin (detects text hidden in images for example), I had some troubles in Debian because of some PERL module somewhere. I can explain if you encounter this problem.

6) wait for a few spam to enter. That should be quick :)

By the way, do consider "greylisting" to reduce the amount of incoming spam (It reduced by 90% in my case)

Regards
0
 
KTN-ITAuthor Commented:
Thanks for your help!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now