Recently, the mail server here was attacked by Chinese spam mail with domain name @qq.com, @qq.ocm, @123.com, @163.com, etc. I can't straight set rules to delete emails from those domains as some emails are genuine.
This mail server doesn't use SpamAssassin, so I plan to move current Hmail to other PC and set SA there. I am using latest Jam Software SpamAssassin Windows.
I referred to below link on the instruction to setup SA:
Below are my questions:
1. I have manually separate the Spam and Ham and train bayes database via trainbayes.bat file. (Few thousands of the Chinese spam mail and 3 are ham.) Will it be able to mark the chinese spam mail score and delete them accordingly?
2. For global rules setting:
a) I want to forward emails contains [Spam] in subject to another email so I can check the mail whether spam or ham. Any idea?
3. Do you have any customs .cf file that configured to protect against Chinese spam mail?
4. In local.cf, I set use_bayes 1, bayes_auto_learn 0, report_safe 0, required_score 5.0, rewrite_header Subject [_HITS_].
a) May I know what's the use of add_header all Report _REPORT_ *?
b) Is it ok for me to set the bayes_auto_learn as 0 because I am scared on false positive email?
c) If found false positive, what should I do? Should I get the eml file to let SA learn or just set whitelist_from in local.cf?
5. Can I have multiple .cf files for SA Windows version? Because I was thinking to set whitelist/ blacklist rule on separate cf file.
6. How to make spamd log rotate daily? I read some users make it along when performing sa-update, does it work? (viewtopic.php?f=21&t=28133#p183044)
7. I read some of the thread mentioning KAM.cf updates which is still good, how can I set to download for sa-update?
8. For Hmail setting, I plan to follow Mr jimimaseye way by setting Use SA score: false-
5, Hmail spam mark threshold-5 but delete threshold- 20. Under SpamAssassin tab, what should I put for "Host Name"? localhost or 127.0.0.1? I set SA on the same PC that installs Hmail.
9. I have around 300 users and the email flow is quite fast. If SA is being set to use, normally how long will SA take to process an email?
I am so sorry for such a long list, but really appreciated if can settle this one. Cheers guys and sorry for trouble.