::: FORUM ManuFrog :::: Spam Assasin - ::: FORUM ManuFrog :::

Hoppa till innehåll

Sida 1 av 1
  • Du kan inte skapa ett nytt ämne
  • Du kan inte svara i detta ämne

Spam Assasin instruktion på engelska

#1 Medlemmen är offline   Erik 

  • Administrator
  • PipPipPipPipPipPip
  • Grupp: Admin
  • Inlägg: 7 585
  • Gick med: 13-juli 03

Postad 03 november 2004 - 23:31

Tänkte att det kunde vara bra med en instruktion på hur man ställer in SpamAssasin på bästa sätt. På engelska visserligen, men bättre än ingenting. ;)

-------------------------------------------------------------
05-03-2004, 02:39 PM Source: http://www.surmunity.com



--------------------------------------------------------------------------------
DEL 1

I figured I'd pop in here and provide a little 'Spam Assassin' micro tutorial.

Spam assassin is a very powerful tool, and if you use it to the fullest, you'll find that it can eliminate a very significant number of the spam emails, even the ones that are currently running around out there with tons of <worthless tags> and garbage text.

In fact, this morning I woke up and there were ZERO spams in my inbox.

This is a multi step / multi day process, however. If you're interested, read on.

(also, I don't take all the credit for this. A guy from my old host wrote the script that you'll see at the bottom of this message. Props to he who is known as 'freeranger')

STEP ONE:
click the spam assassin icon
click enable spam assassin
When the screen refreshes, you should see the bold black and red text:
Spam Assassin is currently: enabled
DO NOT enable 'spambox'.

Click 'configure spam assassin' now.

STEP TWO: Configuring Spam Assassin basic
The screen for configuring spam assassin looks complicated, but it's not.

At this time we'll only worry about 'whitelist' and a few other options.

The whitelist is a list of email domains or accounts that you always want to get mail from. I don't recommend putting entire domains in if you have certain addresses that you know and want. This helps prevent address-spoofing spam.

First, let's have spam asssassin flag messages that it thinks are spam for us.
Find the box that says rewrite-subject.
delete any value in that box, and enter the number 1.

Second, find the box that says subject_tag.
This is where you enter the 'flag' message that will be put at the beginning of any suspected spams subject line. Enter (without the quotes) "**Possible-Spam**" here.

Third, find the box marked required_hits.
Here you enter the minimum score that a message must have to trigger the flagging you just set up above. Mine is set to 4.5, but initially - to prevent a bunch of false positives, I would set it to 5 or 6.

Fourth, find the whitelist_from box. You'll see 4 boxes to enter whitelist_from addresses. You're not limited to four, by the way. Enter up to four here, then scroll down to the bottom of the screen and hit SAVE. Cpanel will now add 4 more blank lines for whitelist_from addresses. Continue here until all of your necessary whitelist names are her. NOTE you don't need to whitelist everyone. This is helpful however to whitelist people who are in AOL, Hotmail, or Yahoo - or any other domain that is often seen as SPAM. My personal whitelist is only 12 entries.

Don't forget to hit SAVE at the bottom of the Spam Assassin configuration page, or all your work is lost. When you save, it refreshes the page - so you can then click the 'home' icon to return to Cpanel.

Congratulations You've just completed basic spam-assassin configuration.

From this moment on, email that comes to your domain will be examined by Spam Assassin. If Spam Assassin determines, through various rules tests, that it thinks you have a spam - (each test adds 'points) and it reaches the point threshold that you've set, the email subjects will be flagged "**POSSIBLE-SPAM**buy c;all'is today = know doctorz needed"
--------------------------------------
DEL 2

Alright. You've followed the instructions so far, and you've got Spam Assassin flagging your email.

I mentioned earlier that you can also have messages that have a certain SPAM score (or higher) automatically tossed into the great bit-bucket. We'll learn how to do this now.

First, have a look inside a flagged spam message:


Content preview:  chemotherapy communion furrier hinterland switzer
  snapshot stronghold kenneth cavern choose carboloy stood crane armament
  cathedra laze kaleidoscope sanatorium armillaria textural memorandum
  juggle URI:http://www.hotgle.info/
  URI:http://www.hotgle.info/images/oobb.gif [...] 

Content analysis details:   (7.8 points, 4.5 required)

 pts rule name			  description
---- ---------------------- --------------------------------------------------
 5.4 BAYES_99			   BODY: Bayesian spam probability is 99 to 100%
							[score: 0.9999]
 0.2 HTML_MESSAGE		   BODY: HTML included in message
 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
				[Blocked - see <http://www.spamcop.net/bl.shtml?68.95.20.248>]
 0.7 RCVD_IN_DSBL		   RBL: Received via a relay in list.dsbl.org
							[<http://dsbl.org/listing?ip=68.95.20.248>]

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

Notice - this message scored 7.8 points, which is above my flagging threshold of 4.5. The breakdown of which Spam Assassin rules played in the scoring of this message is also shown in messages that score above your threshold.

Note also that this one had a BAYES score. That's what we're working toward. Getting spam assassin to learn the spammers tricks and toss them! Without the BAYES score this message would have scored only 2.4 points and would have been delivered to my inbox. But more on that later.

If you look at the message header you'll see:

Subject: Notice_from_mailserver--Possible_SPAM Your eBay auct1on payment 
Date: Tue, 04 May 2004 14:48:35 +0200
Message-Id: <DAE095E7499CEBD[at]12move.nl>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on pass5.dizinc.com
X-Spam-Level: *******
X-Spam-Status: Yes, hits=7.8 required=4.5 tests=BAYES_99,HTML_MESSAGE,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL autolearn=no version=2.63

(though I do wish that Surpass would set up the RDNS to resolve to my domain, it shows Pass5.dizinc.com here...)

Note the line: X-Spam-Level: *******.
We're going to use that to our advantage. The number of stars is the value of WHOLE POINTS that the message scored. There are 7 here. We want to create a rule that will automatically TOSS any message that scores 8 points or higher.

To do this, we'll move back to Cpanel and click on the MAIL icon.
In the list of options, choose E-mail filtering

If you have previously input filters, they'll show here, and below them you'll see:

[ Add Filter ] | [ Go Back ]
Select Add Filter


The Add filter dialog is pretty simple. The Filter drop down defaults to subject. Change this to "Any Header".

The next box over is where you enter your test criteria. You can cut and paste the line below:

X-Spam-Level: ********

If you want a higher threshold, add a star. If you want a lower one (not recommended at the beginning - some email's that I get from PCWeek score as high as 7.9!) subtract a star.

Leave the Destination as 'discard'.

Now click ACTIVATE.

There. You've done it. If you followed the examples literally, you'll now flag all messages that score over 4.5 points, and automatically trash messages scoring over 8 points.
-----------------------------------------------
::: Have great day! //Erik at psychofrog.se and Webbhotell ManuFrog :::
0

#2 Medlemmen är offline   Erik 

  • Administrator
  • PipPipPipPipPipPip
  • Grupp: Admin
  • Inlägg: 7 585
  • Gick med: 13-juli 03

Postad 03 november 2004 - 23:38

DEL 3

We'll assume that you've followed all the steps through now. You should have noticed a drop in spam due to the 'autodelete' of high scoring messages. But a significant number of messages have still been coming through....

Citat

harem-keeper kempfs jzeroca


Largest Selection Of Online Medications!

They got Vi.co.din, X.[at]nax, and V.aliu.m..and other popular products..

Enjoy deep discount meds here.

J K http://be.info.offersbank.com/abc/ok/


Quiit service is ava1-iable at website..

It was a very foggy day in London. The fog was so thick that it was
impossible to see more than a foot or so. buses, cars and taxis were not
able to run and were standing by the side of the road. People were trying to
find their way about on foot but were losing their way in the fog. Mr. Smith
had a very important meeting at the House of Commons and had to get there
but no one could take him. He tried to walk there but found he was quite
lost. Suddenly he bumped into a stranger. The stranger asked if he could
help him. Mr. Smith said he wanted to get to the



Spammers stuff random words, paragraphs, quotes, etc. into the body of the message - or use 'hidden text' in HTML formatted messages (font size 1px, etc.) to get around normal Spam Assassin (and other spam checkers) rules.

Thankfully, Spam Assasin can learn from these messages and start trapping them too...

In your control panel, open your file manager. You'll see a folder .spamassassin.
Click on the FOLDER icon for spam assassin. That will open the folder.
Postad bild


Click on the file user_prefs, and in the right column select EDIT FILE.
Postad bild

Now, add the following lines:
Code:
# Enable the Bayes system
use_bayes			   1
# Enable or disable network checks
skip_rbl_checks		 0
use_razor2			  1
use_dcc				 1
use_pyzor			   1
The above lines enable checks against known/reported spammer id's, and the top one enables the bayes 'logic analysis' system.
Now click SAVE on the bottom of the screen.

Now to teach SPAM ASSASSIN...

In the file manager, navigate up to the user_root directory (click up one level). If you see the folder public_html in the list window you're in the right place.

Click create new folder
make a folder named "script" (without the quotes, of course...)

After making the folder, navigate into it and select Create New File
enter the file name 'learnspam', and select type "shell script".
Change permissions for the file to be 755 also.

Copy the following code into the file edit window:

#!/bin/sh
echo "Learning SPAM"
for FILE in `find $HOME -name SPAM -print`
do
echo "Processing $FILE"
sa-learn --spam --mbox $FILE
done

echo "Learning HAM"
for FILE in `find $HOME -name HAM -print`
do
echo "Processing $FILE"
sa-learn --ham  --mbox $FILE
rm $FILE
touch $FILE
done
echo "Done"


OBS! På våra nyare servrar (ManuFrog) körs inte "mbox" längre utan "maildir" systemet för mailservern.
Då måste koden ändras till följande:
#!/bin/sh
echo "Learning SPAM"
for FILE in `find $HOME -name SPAM -print`
do
echo "Processing $FILE"
sa-learn --spam --dir $FILE
done

echo "Learning HAM"
for FILE in `find $HOME -name HAM -print`
do
echo "Processing $FILE"
sa-learn --ham  --dir $FILE
rm $FILE
touch $FILE
done
echo "Done"


---------------------------------------
DEL 4

Now you have a script that will teach Spam Assassin to recognize spam. But the Spam Assassin program won't activate the BAYES rules until it has learned at least 150-200 SPAM and 'ham' (non spam) messages.

The best way to compile that many messages is to have each user 'pre check' their email with HORDE before downloading messages to their computer.

To do this you must disable 'auto-checking' from your mail program (outlook express, etc). Then, open webmail for your account. Open the inbox, then select Folders. Create 2 new folders - SPAM and HAM. You must use those folder names exactly, because that is what the script is searching for.

Now, when you find a message that IS spam in your inbox, MOVE it to the SPAM folder.

And copy a bunch of your 'good' mail messages to the HAM folder. Copy is the best thing here, because the script will purge that folder after each run.

Of course, with HORDE you can look at the contents of these folders. They should have a similar number of messages in them when you start the process. As it runs, however, the spam folder will continue to contain older spam messages. The reason for this is that in the event Cpanel upgrades Spam Assassin, or your bayes-database gets corrupted for any other reason, you want to have a library of about 500 spam messages to 'relearn'. You should go through the SPAM folder every month or so and delete the oldest messages once you have 500 in the folder.

Personally, I try to have 40 HAM's in the folder each time the script runs on my domain - 3 times per week.

You can accumulate MORE spam by modifying the "autodelete" rule from the last section.

If you remove that rule and instead tell the mail filter to forward ALL MESSAGES scoring over 10 to a separate EMAIL address (mine is 'mailtrap'), then logging into the mail trap account every couple of days and moving 'his' messages to 'his' spam folder will help SA learn REAL spam...

If you get a message that is a FALSE POSITIVE - meaning it scored as spam but was not ment to be, make sure you copy that into the HAM folder.

Setting the Cron Job
Click the CRON JOB icon in Cpanel.

Click STANDARD mode. You'll see a screen like this:
Postad bild

Enter your mail address in the 'mail to' box

Set up your CRON job to run every couple of days at a certain time. I set mine up for NOON because a significant portion of SPAM seems to arrive between 11pm and 10 am... and I want to get it while it's fresh... So, if you set yours up to run 3 times a week (hold the CTRL key to select multiple days) your screen will look like this:
Postad bild

Press 'save crontab' button. NOTE - see the path? that is the 'userID' for cpanel that is wiped out there... so replace it with whatever yours is... this is the path to the learning script.

You're done.

If you've followed these instructions and mimicked my installation exactly, you'll have an email from the 'cron daemon' 3 times per week, telling you how many messages it processed:

Learning SPAM
Processing /home/youraccount/mail/domain-name/john/SPAM
Learned from 13 message(s) (110 message(s) examined).
Processing /home/youraccount/mail/domain-name/mailtrap/SPAM
Learned from 62 message(s) (138 message(s) examined).
Learning HAM
Processing /home/youraccount/mail/domain-name/john/HAM
Learned from 17 message(s) (20 message(s) examined).
Done

And as Bayes kicks in, you'll start seeing stuff like this in the message header...

Content analysis details:   (6.4 points, 4.5 required)

 pts rule name			  description
---- ---------------------- --------------------------------------------------
 1.5 RCVD_NUMERIC_HELO	  Received: contains a numeric HELO
 0.2 HTML_MESSAGE		   BODY: HTML included in message
 1.7 BAYES_80			   BODY: Bayesian spam probability is 80 to 90%
							[score: 0.8364]
 3.0 FORGED_RCVD_HELO	   Received: contains a forged HELO


Notice - without the BAYES score this message would not even have been flagged! We're succeeding in marking up MORE SPAM!
Thanks for listening... I hope you all enjoyed your lesson in 'how to make Spam Assassin work for you'.
::: Have great day! //Erik at psychofrog.se and Webbhotell ManuFrog :::
0

#3 Medlemmen är offline   Jove 

  • Member
  • PipPipPip
  • Grupp: Members
  • Inlägg: 5
  • Gick med: 03-juli 05

  Postad 03 december 2006 - 22:46

Hej!

Jag försöker konfiga Spamassassin på bästa sätt enligt instruktionen.
Det står att man skall använda Horde för att lära Spamassassin vad som är spam och inte genom att kopiera spam till en folder kallad SPAM och "riktiga" mail till en folder kallad HAM.
Går det att göra detta även i t.ex Ilohamail?
Är det samma folders som används både för Ilohamail och Horde?

Min erfarenhet är att Ilohamail funkar bättre för de som sitter bakom brandväggar t.ex.

Finns det något effektivare verktyg än Spamassassin tillgängligt på Manufrogs servers idag?

:rolleyes:

Mvh Jove
0

#4 Medlemmen är offline   Jaktis 

  • Rookie
  • PipPip
  • Grupp: Members
  • Inlägg: 3
  • Gick med: 25-april 06

Postad 01 juni 2007 - 22:03

Hej alla!

Jag har konfigurerat Spamassassin enligt ovan, ändrat kodsnutten så att det stämmer mot "maildir" istf. "mbox", allt verkar fungera felfritt förutom att när cron-jobbet är kört så istället för exemplets kvittens:
Learning SPAM
Processing /home/youraccount/mail/domain-name/john/SPAM
Learned from 13 message(s) (110 message(s) examined).
Processing /home/youraccount/mail/domain-name/mailtrap/SPAM
Learned from 62 message(s) (138 message(s) examined).
Learning HAM
Processing /home/youraccount/mail/domain-name/john/HAM
Learned from 17 message(s) (20 message(s) examined).
Done


så får jag bara detta kvitto:
Learning SPAM
Learning HAM
Done


Någon som har lösningen på detta?

Mvh Thomas
0

#5 Medlemmen är offline   Jaktis 

  • Rookie
  • PipPip
  • Grupp: Members
  • Inlägg: 3
  • Gick med: 25-april 06

  Postad 08 juni 2007 - 12:29

[edit] raderar all frustrerad text och ersätter den med glad text ;-) [/edit]

Med Eriks länktips: http://www.surmunity...ead.php?t=22427 och lite eget experimenterande så kommer här lösningen på hur man får scriptet att fungera, mata in följande kod i din learnspam-fil så kommer det att fungera. Obs! ersätt "username" (på 2 ställen i koden) med ditt användarnamn på servern.

Lycka till! och ha en god sommar!
//T :whistle:

#!/bin/sh

for SPAMFOLDER in `find /home/username/mail -name .SPAM -print`
		do
				echo " "
				echo -e "\tProcessing verified spam in $SPAMFOLDER"
				echo -n -e "\t\t"
				find $SPAMFOLDER/cur -type f -name \*S | sa-learn --spam --no-sync -f -
				echo -e "\t\tMoving messages marked as read..."
				cd $SPAMFOLDER
				cd ../.Trash
				echo -n -e "\t\tCurrent Directory: "; pwd
				echo -n -e "\t\t"
				for MSG in `find $SPAMFOLDER/cur -type f -name \*S`
						do
								#echo -e -n "\t\t\t"; mv -v $MSG cur/
								echo -n "."; mv $MSG cur/

				done
done

echo " "
echo "Learning from HAM"
for HAMFOLDER in `find /home/username/mail -name .HAM -print`
		do
				echo " "
				echo -e "\tProcessing $HAMFOLDER/cur"
				echo -n -e "\t\t"
				find $HAMFOLDER/cur -type f -name \*, -or -name \*S | sa-learn --ham --no-sync -f -
				echo -e "\t\tRemoving ham messages..."
				echo -n -e "\t\t"
				for MSG in `find $HAMFOLDER/cur -type f  -name \*, -or -name \*S`
						do
								#rm -v $MSG
								echo -n "."; rm $MSG
				done
done

echo " "
echo "Synchronising spam database"
#sa-learn --sync --progress

0

Dela med dig av detta ämne:


Sida 1 av 1
  • Du kan inte skapa ett nytt ämne
  • Du kan inte svara i detta ämne


2 användare läser detta ämne
0 medlemmar, 2 gäster, 0 anonyma medlemmar