Anti Spam Settings

Use this forum for discussions about SpamAssassin and anti-spam in general.
Onlyme!
New user
New user
Posts: 3
Joined: 2012-10-13 16:50

Re: Anti Spam Settings

Post by Onlyme! » 2012-10-17 18:21

Ok had another think about it and decided to make it a little less aggressive and safer.

Had another look at the past spam we have received.
The bulk of it is just small messages for viagra, pharmacy, support etc.
We are not really seeing anything exceed 50Kb (at the moment).

Code: Select all

Spam Mark Threshold      = 4
Spam Delete Threshold    = 8
Max Message Size to Scan = 256
Only the 'add to message subject' selected, word added: [ JUNK ]

Use SPF            = 1
Check host in HELO = 1
Check DNS MX       = 1
Verify DKIM        = 1

zen.spamhaus.org  | Score = 4
b.barracudacentral.org | Score = 4
recent.spam.dnsbl.sorbs.net  | Score = 4

multi.surbl.org | Score = 2

Freie Luft
New user
New user
Posts: 3
Joined: 2014-11-14 15:08

Re: Anti Spam Settings

Post by Freie Luft » 2014-11-21 15:00

Spim sometimes really make people angry,thank you for the good tips.

YasharF
New user
New user
Posts: 23
Joined: 2010-12-19 10:54

Re: Anti Spam Settings

Post by YasharF » 2016-11-21 03:02

ObiWan wrote:
^DooM^ wrote:
a spin; as for the URIBLs, I think that adding "dbl.spamhaus.org" and "black.uribl.com" won't hurt; in particular, the spamhaus DBL helps cutting off the so called "snowshoe" spamruns

HTH
Is URIBL same as SURBL as far as hMailserver is concerned? In other words, should the UI say URIBL instead of SURBL? If not, where do URIBLs are supposed to be entered in the UI?

Thanks

User avatar
mattg
Moderator
Moderator
Posts: 20131
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Anti Spam Settings

Post by mattg » 2016-11-21 06:10

YasharF wrote:Is URIBL same as SURBL as far as hMailserver is concerned?
Yes

YasharF wrote:In other words, should the UI say URIBL instead of SURBL?
No, it probably should say both or even more that just the two of them. Or perhaps it should something else completely.

I use all of these, and not all are traditional URIBL or SURBL lists

multi.surbl.org
dbl.spamhaus.org
uribl.spameatingmonkey.net
uribl.swinog.ch
ubl.nszones.com
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
ras07
Normal user
Normal user
Posts: 196
Joined: 2010-03-11 08:51

Re: Anti Spam Settings

Post by ras07 » 2016-11-21 07:05

mattg wrote:
I use all of these, and not all are traditional URIBL or SURBL lists

multi.surbl.org
dbl.spamhaus.org
uribl.spameatingmonkey.net
uribl.swinog.ch
ubl.nszones.com
I've tried uribl.swinog.ch in the past, but hardly ever got any hits with it. Is there something special you need to do with it? The instructions on their web site are pretty sparse.

User avatar
mattg
Moderator
Moderator
Posts: 20131
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Anti Spam Settings

Post by mattg » 2016-11-21 09:15

I've just had a quick look through today's log

Most Spam is rejected before it gets to SURBL lookups, but the first five I found where there was a SURBL lookup that gave a positive result, all had positives from swinog.ch, and no-one else.

My DNS BLs seems to blockmost

swinog.ch seems to work fine for me
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

YasharF
New user
New user
Posts: 23
Joined: 2010-12-19 10:54

Re: Anti Spam Settings

Post by YasharF » 2016-11-21 10:24

mattg wrote:
I use all of these, and not all are traditional URIBL or SURBL lists

multi.surbl.org
dbl.spamhaus.org
uribl.spameatingmonkey.net
uribl.swinog.ch
ubl.nszones.com

Regarding the last one on the list, ubl.nszones.com, I think Spamhaus is calling them out as "fake": https://www.spamhaus.org/organization/s ... szones.com

User avatar
mattg
Moderator
Moderator
Posts: 20131
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Anti Spam Settings

Post by mattg » 2016-11-22 01:30

good enough for me - I'll drop them
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3190
Joined: 2006-08-21 15:38
Location: Denmark

Re: Anti Spam Settings

Post by SorenR » 2016-11-23 14:44

Can't remember if I posted this before ... A little something for SpamAssassin.

Code: Select all

# SEM-BACKSCATTER
header          RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net')
tflags          RCVD_IN_SEMBACKSCATTER net
describe        RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
score           RCVD_IN_SEMBACKSCATTER 0.5

# SEM-BLACK
header          RCVD_IN_SEMBLACK eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net')
tflags          RCVD_IN_SEMBLACK net
describe        RCVD_IN_SEMBLACK Received from an IP listed by SEM-BLACK
score           RCVD_IN_SEMBLACK 0.5

# SEM-URI
urirhssub       SEM_URI uribl.spameatingmonkey.net. A 2
body            SEM_URI eval:check_uridnsbl('SEM_URI')
describe        SEM_URI Contains a URI listed by SEM-URI
tflags          SEM_URI net
score           SEM_URI 0.5

# SEM-URIRED
urirhssub       SEM_URIRED urired.spameatingmonkey.net. A 2
body            SEM_URIRED eval:check_uridnsbl('SEM_URIRED')
describe        SEM_URIRED Contains a URI listed by SEM-URIRED
tflags          SEM_URIRED net
score           SEM_URIRED 0.5

# SEM-FRESH
urirhssub       SEM_FRESH fresh.spameatingmonkey.net. A 2
body            SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
describe        SEM_FRESH Contains a domain registered less than 5 days ago
tflags          SEM_FRESH net
score           SEM_FRESH 0.5
And ...

Code: Select all

urirhsbl        URIBL_SC_SWINOG uribl.swinog.ch.   A
body            URIBL_SC_SWINOG eval:check_uridnsbl('URIBL_SC_SWINOG')
describe        URIBL_SC_SWINOG URI's listed in uribl.swinog.ch.
tflags          URIBL_SC_SWINOG net
score           URIBL_SC_SWINOG 0 0.900 0 1.500
And ...

Code: Select all

header          RCVD_IN_SWINOG_SPAM eval:check_rbl('swinog', 'dnsrbl.swinog.ch.', '127.0.0.3')
describe        RCVD_IN_SWINOG_SPAM Listed in dnsrbl.swinog.ch.
tflags          RCVD_IN_SWINOG_SPAM net
score           RCVD_IN_SWINOG_SPAM 2.500
I have evaluated SWINOG for SURBL and found that it trap sites like LinkedIn and such so it's not really suited for my use.
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

Post Reply