# =============== MailScanner: spam.assassin.prefs.conf =============== # SpamAssassin preferences for MailScanner users should be placed in # this file to avoid being overwritten by a SpamAssassin upgrade. # For a complete listing of configurable parameters, please see: # # http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html # =============== SpamAssassin Preferences =============== # This file is linked to mailscanner.cf. The mailscanner.cf link is put # into the site_rules directory by the MailScanner installation scripts. You # can find the directory where the link is, and where all your site-specific # SpamAssassin files should be, by running this perl script: # # perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new->first_existing_path(@Mail::SpamAssassin::site_rules_path)' # # If you don't have SpamAssassin installed, then I advise you install # it. Without it, you won't catch much spam. There is an easy-to-install # ClamAV and SpamAssassin installation package included on the MailScanner # downloads page on the web. # # This file is no longer read specially by MailScanner when it starts up # SpamAssassin, it relies on the link being in place to force SpamAssassin # to read the file automatically on its own during its startup code. So # you must have the link in place, or else this file is not read. # # To check your configuration, run the command # spamassassin -D --lint # ================== Settings For SpamAssassin =========================== # dns_available { yes | test[: name1 name2...] | no } (default: test) # By default, SpamAssassin will query some default hosts on the internet # to attempt to check if DNS is working on not. The problem is that it can # introduce some delay if your network connection is down, and in some # cases it can wrongly guess that DNS is unavailable because the test # connections failed. SpamAssassin includes a default set of 13 servers, # among which 3 are picked randomly. dns_available yes # =============== White list and Black list addresses =============== # While you can white list here but see below for a better place. # White list addresses should be added in # /etc/MailScanner/rules/spam.whitelist.rules # Black list addresses should be added in # /etc/MailScanner/rules/spam.blacklist.rules # FSL Notes: we need to set the default rule for: # Is Definitely Spam = no # to: # %rules-dir/spam.blacklist.rules # and create a default rules-dir/spam.blacklist.rules file # =============== OK Locales =============== # ok_locales en # =============== Bayesian Filtering =============== # By default, the Bayesian engine is used. This is a real CPU hog # and uses a lot of system resources to work. # On a small overloaded system, you might need to disable it. # use_bayes 0 # If your root filesystem is filling up because SpamAssassin is putting # large databases in /.spamassassin or /root/.spamassassin, you can # move them using the following lines to point to their new locations. # The last part of the path is not a directory name, but actually the # start of the filenames. So with the settings below, the Bayes files # will be created as /var/spool/spamassassin/bayes_msgcount, etc. # FSL Note: we need to coordinate the Bayes File Placement # With MailWatch # bayes_path should NOT be directory! # The Rules_du_jour script will choke if it is a directory. # It needs to be a full pathname, PLUS a partial filename. # In this example, the trailing "bayes" will be the "bayes*" + # files in the directory "/etc/MailScanner/bayes/" # Thanks to Matt Kettler for pointing this out. #bayes_path /etc/MailScanner/bayes/bayes # This is actually used as a mask, not a raw chmod setting. # Thanks for Matt Kettler for spotting this one. # Commented out: this if for MailWatch and Exim/Postfix users only. # bayes_file_mode 0770 # Bump up SpamAssassin scores on the high and low end # score BAYES_00 -15.0 # score BAYES_05 -5.0 # score BAYES_95 5.0 # score BAYES_99 15.0 # To disable bayes autolearn # bayes_auto_learn 0 # For feeding spam and and ham for saved messages, mailboxes # or directories: # This MUST be customized for each site :( # Change X-YOURDOMAIN-COM to match your %org-name% as # set in MailScanner.conf bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information # When using the scheduled Bayes expiry feature, in MailScanner.conf # you probably want to turn off auto-expiry in SpamAssassin as it will # rarely complete before it is killed for taking too long. # You will just end up with # MailScanner: big bayes_toks.new files # wasting space. # FSL Note: we run Bayes expire from a cron job #bayes_auto_expire 0 # If you are using a UNIX machine with all database files on local disks, # and no sharing of those databases across NFS filesystems, you can use a # more efficient, but non-NFS-safe, locking mechanism. Do this by adding # the line "lock_method flock" to the /etc/mail/spamassassin/local.cf # file. This is strongly recommended if you're not using NFS, as it is # much faster than the NFS-safe locker. lock_method flock # The --auto-whitelist and -a options for "spamd" and "spamassassin" to # turn on the auto-whitelist have been removed and replaced by the # "use_auto_whitelist" configuration option which is also now turned on by # default. use_auto_whitelist 0 # =============== RBSL related items =============== # By default, SpamAssassin will run RBL checks. If your ISP already # does this, stop RBL checks in SpamAssassin by un-commenting the # following line # skip_rbl_checks 1 # paths to utilities #ifplugin Mail::SpamAssassin::Plugin::Pyzor #pyzor_path /usr/bin/pyzor #endif ifplugin Mail::SpamAssassin::Plugin::DCC dcc_path /usr/local/bin/dccproc endif # Uncomment the lines below to stop using the specific service # To stop Razor2 checks, uncomment the following line # use_razor2 0 # To stop DCC checks, uncomment the following line # use_dcc 0 # To stop Pyzor checks, uncomment the following line # use_pyzor 0 # The timeouts for blacklists and Razor are rather generous in the # default state that SpamAssassin is shipped. Reducing these # stops a lot of timeouts from removing SpamAssassin scores # altogether. #rbl_timeout 20 #razor_timeout 10 #pyzor_timeout 10 # If you specify these scores, SpamAssassin will do RBL checks as well # as MailScanner, which just wastes CPU power and network bandwidth. # Either do them here by un-commenting the rules below # (if you have paid for them) or else uncomment the "skip_rbl_checks" # # line above and let MailScanner do the checks instead. #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 # =============== SpamAssassin Header Processing =============== # SpamAssassin will attempt to discover the address used in the 'MAIL FROM:' # phase of the SMTP transaction that delivered this message, if this data # has been made available by the SMTP server. This is used in the EnvelopeFrom # pseudo-header, and for various rules such as SPF checking. # This should be explicitly set for MailScanner envelope_sender_header X-MailScanner-From # =============== Adding SpamAssassin Rules =============== # Add your own customized scores for some tests below. The default # scores are read from the installed "spamassassin.cf" file, but you # can override or disable the here. # To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html # These next 3 lines will add a local rule to SpamAssassin to help # protect you from the friendlygreetings.com nasty-gram which will # send lots of spam from your PC if you let it. Not really a virus, # but you don't want your users all clicking on it. # This is old now. # header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i # describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com # score FRIEND_GREETINGS 100.0 # header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i # describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com # score FRIEND_GREETINGS2 100.0 # =============== Disable SpamAssassin Rules =============== # To disable a SpamAssassin rule simply add an uncommented # line similar to: # score SUBJ_ILLEGAL_CHARS 0.0 # =============== Change SpamAssassin Rules scores =============== # To Change a SpamAssassin rule Score simply add an uncommented # line similar to: # score SUBJ_ILLEGAL_CHARS 2.1 # =============== Special Case Rules =============== # added Mon Jan 12 16:14:04 EST 2004 to stop the forgers of # Not needed ins SA 3.0 # HABEAUS headers # score HABEAS_SWE -2.0 #### Special Case Rules ##### # =============== Historic Rules =============== # Osirusoft RBSL is dead # score RCVD_IN_OSIRUSOFT_COM 0.0 # score X_OSIRU_OPEN_RELAY 0.0 # score X_OSIRU_DUL 0.0 # score X_OSIRU_SPAM_SRC 0.0 # score X_OSIRU_SPAMWARE_SITE 0.0 # score X_OSIRU_DUL_FH 0.0 # score RCVD_IN_RFCI 0.0 # score DNS_FROM_RFCI_DSN 0.0 # =============== Your Edits Go Here =============== # Steve@fsl.com edit Sun Jan 16 12:17:16 CST 2005 # disable the ALL_TRUSTED ruleset that comes with SA 3.x. # It's generating too many false positives # If you have problems where ALL_TRUSTED is matching external email, # including spam, then SpamAssassin has become confused about which hosts are # a part of your trusted_networks. The most common cause of this is having a # gateway mail exchanger that has a reserved IP and gets NATed by your # firewall. Fortunately the problem is easy to fix by manually declaring a # trusted_networks setting. See man Mail::SpamAssassin::Conf for details. # Once manually set, SA won't try to guess. # # If that does not fix your problem, the other possibility is you have an MTA # that generates malformed Received: headers. If you've modified your # Received: header format, please put it back to the standard format. # SpamAssassin is quite tolerant of deviations from the RFC 2822 format, but # there are some combinations it can't handle. If the malformed headers are # being made by some form of network appliance that you can't fix, report a # bug to your vendor, and as a short-term fix set the score of ALL_TRUSTED to # 0. However, realize that other problems may occur as a result of the # mis-parsed headers and the root cause does need fixing. # #score ALL_TRUSTED 0 # # Julian Field Fri Apr 28 2006 # # Added the "Black" and "Grey" URIBL lists from www.uribl.com # # #urirhssub URIBL_BLACK multi.uribl.com. A 2 #body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') #describe URIBL_BLACK Contains an URL listed in the URIBL blacklist #tflags URIBL_BLACK net #score URIBL_BLACK 3.0 # #urirhssub URIBL_GREY multi.uribl.com. A 4 #body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') #describe URIBL_GREY Contains an URL listed in the URIBL greylist #tflags URIBL_GREY net #score URIBL_GREY 0.25