contabo basic VPS1 6Gb memory and Hetzern Dedicaed 64Gb memory
OS type and version
AlmaLinux 9.3
Webmin version
2.111
Virtualmin version
7.10.0
Hi Everyone,
I’m looking for any pointers for making Spam Assassin more efficient… it’s letting in far too much obvious spam for my liking.
This is a default SA setup, I’ve changed nothing so far. I know I can add custom rules (Webmin, Servers, Spam Assassin Mail Filters, Header and Body tests) which are added to the /etc/mail/spamassassin/local.cf file. Doe anyone have any additional custom rules they use as default they are willing to share, or recommendations to any public custom rules files they use?
I also seem to have some messages that are not going through the SA filter (as they are getting no SA score), like this,
Whereas, I’d normally get the spam score as below,
Thanks for the reply. I hadn’t turned on Greylisting yet, but I think I will. I’m coming from a cPanel background myself (using mailscanner) and had tweaked everything over the years so that we were getting very little spam though there.
I think you are right in that it isn’t punishing SPF failures (and I think it only give like a +.1 score for SPF passes…). I’ll have a play adding in a penalty score for those that fail SPF.
I’ve mentioned this before. Default SA doesn’t process emails over 512K so spammers pad the email. I set mine to 1M and that seemed to stop that problem.
this was a valid solution as not everyone’s virtualmin will be setup like mine. I also did not know it had been changed and I also have not check to see if the unlimited value actually works as I have not actually used mail properly on my server yet.
to enhance detection, make sure to sa-learn your Ham and spam folders that you can set up to confirm which emails are spam and which are legitimate. Also make sure to run the daily rules updates and check the log occasionally because any errors or bad rules will appear there. The daily log will also show you how the bayes data is growing over time and learning, the user files being used, the rules being used, the updated rules and more. It is a good check to see what is happening (or not). I dump the log to my email daily and check it occasionally to spot errors.
I also automatically dump spam into a SPAM folder which sits for a maximum of 10 days for review. If they are not spam then I remove them. If they spam then I run a CRON job to learn from those emails then delete them. It works very well and very few spam emails appear. If new ones appear they get handled within a week or two.
Can you share any details of your CRON job to process a spam folder… I’ve been saving up all my instances of spam (detected or where I’ve manually moved them into the spam folder), so I’ve a history of what’s getting caught (or not).
I’ll do some googling on checking if the daily rules updates are executing.
Virtualmin has a spamassassin setting for each user to create a spam folder and auto dump spam into that folder:
In /etc/cron.daily folder is spamassassin.sh which runs nightly and updates spamassassin. my cron is:
To process the spam after 10 days I run this cron job (taken from another internet post). There are versions of this script to run all users but this is one user only:
the first job deletes spam mail after 10 days.
2nd and 3rd jobs learn spam from your spam folder (read and unread folders) for that user.
4th job learns “ham” mail (non spam) from an optional ham folder. I use that to help learn what is non-spam.
One of the best tools is the spamassassin/local.cf file with all the weights and expressions to determine the weight of spam triggers. You can update the config on virtualmin but I learned to update my own rules directly in the file and I added regex checks for specific problems I was having. For example, I can check subjects for having three words in any order because the sender kept mixing them up and it was not caught quickly enough. This would not be typical but I was trying to learn something.
The config file is large but if you have persistent problems you can add the test and some weights and it will clean up your inbox quickly. You can apply globally to all users or each user independently. All of my info comes from searches for SA scripts and help.
How regularly are you running your SA-Learn tasks? For example, you are deleteing spam older than 10 days, so if you are running it more regularly than every ten days, are you effectively learning the same messages, or is it smart enough to know its already learnt them?
By default, the new install of Virtualmin has no cron jobs related to Spam Assassin, so I am creating these from scratch.
Thanks for all your pointers so far - I’ve only ever really played with setting (basic) rules in the local.cf on my old cPanel server (where we also had mailscanner). I’ve never gotten my head around regex, but I like you example, as I can see an easy way to trap some repeat offenders that are getting through.
The cron job is daily. The learning understands previous emails and doesn’t store new tokens for the same email. After 10 days (pick your number) the job deletes a spam email from the spam box. The bayes tokens will increase with time as you identify spam and learn from them. Plus, spamassassin updates the main set of rules and weights so it should be very effective, very quickly.
