# =============== MailScanner: spam.assassin.prefs.conf =============== # Version 2.13.1 # SpamAssassin preferences for MailScanner users should be placed in # this file to avoid being overwritten by a SpamAssassin upgrade. # For a complete listing of configurable parameters, please see: # http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html # =============== SpamAssassin Preferences =============== # # the file installed by SpamAssassin: # /etc/mail/spamassassin/local.cf # Should be disabled # typically use these commands: # mv /etc/mail/spamassassin/local.cf \ # /etc/mail/spamassassin/local.cf.saved # When running SpamAssassin or sa-learn from the command line, # or a script, you should always specify that SpamAssassin use # this file to load SpamAssassin preferences, i.e: # sa-learn --ham -p /etc/MailScanner/spam.assassin.prefs.conf \ # --mbox ham_mbox # spamassassin -D -p etc/MailScanner/spam.assassin.prefs.conf \ # --lint # Additional SpamAssassin rule files should be placed in: # /etc/mail/spamassasssin (default location) # or in the directory specified in MailScanner.conf setting: # SpamAssassin Local Rules Dir = # dns_available { yes | test[: name1 name2...] | no } (default: test) # By default, SpamAssassin will query some default hosts on the internet # to attempt to check if DNS is working on not. The problem is that it can # introduce some delay if your network connection is down, and in some # cases it can wrongly guess that DNS is unavailable because the test # connections failed. SpamAssassin includes a default set of 13 servers, # among which 3 are picked randomly. dns_available yes # =============== White list and Black list addresses =============== # While you can white list here but see below for a better place. # White list addresses should be added in # /etc/MailScanner/rules/spam.whitelist.rules # Black list addresses should be added in # /etc/MailScanner/rules/spam.blacklist.rules # FSL Notes: we need to set the default rule for: # Is Definitely Spam = no # to: # %rules-dir/spam.blacklist.rules # and create a default rules-dir/spam.blacklist.rules file # =============== OK Locales =============== ok_locales en # FSL Notes: we only support English this is unnecessary # =============== Bayesian Filtering =============== # By default, the Bayesian engine is used. This is a real CPU hog # and uses a lot of system resources to work. # On a small overloaded system, you might need to disable it. # use_bayes 0 # If your root filesystem is filling up because SpamAssassin is putting # large databases in /.spamassassin or /root/.spamassassin, you can # move them using the following lines to point to their new locations. # The last part of the path is not a directory name, but actually the # start of the filenames. So with the settings below, the Bayes files # will be created as /var/spool/spamassassin/bayes_msgcount, etc. # FSL Note: we need to coordinate the Bayes File Placement # With MailWatch bayes_path /var/spool/MailScanner/spamassassin/bayes # This is actually used as a mask, not a raw chmod setting. # Thanks for Matt Kettler for spotting this one. bayes_file_mode 0660 # Bump up SpamAssassin scores on the high and low end # score BAYES_00 -15.0 # score BAYES_05 -5.0 score BAYES_95 5.0 score BAYES_99 15.0 # To disable bayes autolearn # bayes_auto_learn 0 # For feeding spam and and ham for saved messages, mailboxes # or directories: # This MUST be customized for each site :( # Change unconfigured-debian-site to match your %org-name% as # set in MailScanner.conf bayes_ignore_header ORG_NAME-MailScanner bayes_ignore_header ORG_NAME-MailScanner-SpamCheck bayes_ignore_header ORG_NAME-MailScanner-SpamScore bayes_ignore_header ORG_NAME-MailScanner-Information # When using the scheduled Bayes expiry feature, in MailScanner.conf # you probably want to turn off auto-expiry in SpamAssassin as it will # rarely complete before it is killed for taking too long. # You will just end up with # MailScanner: big bayes_toks.new files # wasting space. # FSL Note: we run Bayes expire from a cron job bayes_auto_expire 0 # If you are using a UNIX machine with all database files on local disks, # and no sharing of those databases across NFS filesystems, you can use a # more efficient, but non-NFS-safe, locking mechanism. Do this by adding # the line "lock_method flock" to the /etc/mail/spamassassin/local.cf # file. This is strongly recommended if you're not using NFS, as it is # much faster than the NFS-safe locker. lock_method flock # The --auto-whitelist and -a options for "spamd" and "spamassassin" to # turn on the auto-whitelist have been removed and replaced by the # "use_auto_whitelist" configuration option which is also now turned on by # default. use_auto_whitelist 0 # =============== RBSL related items =============== # By default, SpamAssassin will run RBL checks. If your ISP already # does this, stop RBL checks in SpamAssassin by un-commenting the # following line # skip_rbl_checks 1 # paths to utilities pyzor_path /usr/bin/pyzor dcc_path /usr/bin/dccproc # Uncomment the lines below to stop using the specific service # To stop Razor2 checks, uncomment the following line # use_razor2 0 # To stop DCC checks, uncomment the following line # use_dcc 0 # To stop Pyzor checks, uncomment the following line # use_pyzor 0 # The timeouts for blacklists and Razor are rather generous in the # default state that SpamAssassin is shipped. Reducing these # stops a lot of timeouts from removing SpamAssassin scores # altogether. rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 # If you specify these scores, SpamAssassin will do RBL checks as well # as MailScanner, which just wastes CPU power and network bandwidth. # Either do them here by un-commenting the rules below # (if you have paid for them) or else uncomment the "skip_rbl_checks" # # line above and let MailScanner do the checks instead. score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 # =============== SpamAssassin Header Processing =============== # SpamAssassin will attempt to discover the address used in the 'MAIL FROM:' # phase of the SMTP transaction that delivered this message, if this data # has been made available by the SMTP server. This is used in the EnvelopeFrom # pseudo-header, and for various rules such as SPF checking. # This should be explicitly set for MailScanner envelope_sender_header X-MailScanner-From # =============== Adding SpamAssassin Rules =============== # Add your own customized scores for some tests below. The default # scores are read from the installed "spamassassin.cf" file, but you # can override or disable the here. # To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html # These next 3 lines will add a local rule to SpamAssassin to help # protect you from the friendlygreetings.com nasty-gram which will # send lots of spam from your PC if you let it. Not really a virus, # but you don't want your users all clicking on it. header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS 100.0 header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS2 100.0 # =============== Disable SpamAssassin Rules =============== # To disable a SpamAssassin rule simply add an uncommented # line similar to: # score SUBJ_ILLEGAL_CHARS 0.0 # =============== Change SpamAssassin Rules scores =============== # To Change a SpamAssassin rule Score simply add an uncommented # line similar to: # score SUBJ_ILLEGAL_CHARS 2.1 # =============== Special Case Rules =============== # IE explorer spoofing uri IE_VULN /%([01][0-9a-f]|7f).*@/i score IE_VULN 100.0 describe IE_VULN Internet Explorer vulnerability # added Mon Jan 12 16:14:04 EST 2004 to stop the forgers of # Not needed ins SA 3.0 # HABEAUS headers # score HABEAS_SWE -2.0 #### Special Case Rules ##### # =============== Historic Rules =============== # Osirusoft RBSL is dead # score RCVD_IN_OSIRUSOFT_COM 0.0 # score X_OSIRU_OPEN_RELAY 0.0 # score X_OSIRU_DUL 0.0 # score X_OSIRU_SPAM_SRC 0.0 # score X_OSIRU_SPAMWARE_SITE 0.0 # score X_OSIRU_DUL_FH 0.0 # score RCVD_IN_RFCI 0.0 # score DNS_FROM_RFCI_DSN 0.0 # =============== Your Edits Go Here =============== score RCVD_IN_RSL 0 # Steve@fsl.com edit Sun Jan 16 12:17:16 CST 2005 # disable the ALL_TRUSTED ruleset that comes with SA 3.x. # It's generating too many false positives # If you have problems where ALL_TRUSTED is matching external email, # including spam, then SpamAssassin has become confused about which hosts are # a part of your trusted_networks. The most common cause of this is having a # gateway mail exchanger that has a reserved IP and gets NATed by your # firewall. Fortunately the problem is easy to fix by manually declaring a # trusted_networks setting. See man Mail::SpamAssassin::Conf for details. # Once manually set, SA won't try to guess. # # If that does not fix your problem, the other possibility is you have an MTA # that generates malformed Received: headers. If you've modified your # Received: header format, please put it back to the standard format. # SpamAssassin is quite tolerant of deviations from the RFC 2822 format, but # there are some combinations it can't handle. If the malformed headers are # being made by some form of network appliance that you can't fix, report a # bug to your vendor, and as a short-term fix set the score of ALL_TRUSTED to # 0. However, realize that other problems may occur as a result of the # mis-parsed headers and the root cause does need fixing. # #score ALL_TRUSTED 0 pyzor_options --homedir /var/spool/postfix/ razor_config /var/spool/postfix/.razor/razor-agent.conf trusted_networks 192.168.1.0/24 127.0.0.1