We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
SpamAssassin Rules We All NEED
Re: SpamAssassin Rules We All NEED
thank you!! :)
Re: SpamAssassin Rules We All NEED
As of today I have REMOVED the following:
This code was automatically placing emails with embedded images and Amazon's e-mails into the spam folder. Embedded images in e-mails is something very common these days.
This code was automatically placing emails with embedded images and Amazon's e-mails into the spam folder. Embedded images in e-mails is something very common these days.
Code: Select all
#
# Do a check for odd letter combinations
#
# The following rules were borrowed from an older version of SA.
rawbody __PGP_BEGIN /^-----BEGIN PGP SIGNATURE-----$/
rawbody __PGP_MIDDLE /^[0-9A-Za-z+\/]{64}$/
rawbody __PGP_END /^-----END PGP SIGNATURE-----$/
meta __PGP_SIGNATURE (__PGP_BEGIN && __PGP_MIDDLE && __PGP_END)
# Prevent hits with Double forwards, or messages with attachments not parsed out.
rawbody __FVGT_rb_ATTACHMENT /Content-Disposition: attachment/i
# Core obfu rules, these are generated from multiple US dictionary files.
body __FVGT_b_OBFU_J /j[bcfgw]/i
body __FVGT_b_OBFU_OTHER /(vj|vk|xj|xk|yy|zf|zj)/i
body __FVGT_b_OBFU_Q0 /[jkpqtvwz]q/i
body __FVGT_b_OBFU_Q1 /q[afhjkmnsy]/i
body __FVGT_b_OBFU_V /[fgqw]v/i
body __FVGT_b_OBFU_X /[cgjkqsvz]x/i
body __FVGT_b_OBFU_Z /[fjkpqx]z/i
meta __FVGT_m_MULTI_ODD2 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 1)
meta __FVGT_m_MULTI_ODD3 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 2)
meta __FVGT_m_MULTI_ODD4 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 3)
meta __FVGT_m_MULTI_ODD5 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 4)
# Core meta rules, these combine multiple variations of above rules.
meta FVGT_m_MULTI_ODD2 (__FVGT_m_MULTI_ODD2 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD2 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD3 (__FVGT_m_MULTI_ODD3 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD3 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD4 (__FVGT_m_MULTI_ODD4 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD4 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD5 (__FVGT_m_MULTI_ODD5 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD5 Contains multiple odd letter combinations
score FVGT_m_MULTI_ODD2 1.1
score FVGT_m_MULTI_ODD3 1.3
score FVGT_m_MULTI_ODD4 1.3
score FVGT_m_MULTI_ODD5 1.4
Re: SpamAssassin Rules We All NEED
Hello
Can any experienced one please check the suggested cPanel policy by someone: http://toao.net/566-improving-spamassas ... statistics
Perhaps VestaCP will improve in spam tackling. Thanks a lot
Bg
Can any experienced one please check the suggested cPanel policy by someone: http://toao.net/566-improving-spamassas ... statistics
Perhaps VestaCP will improve in spam tackling. Thanks a lot
Bg
Code: Select all
score BAYES_40 1
score BAYES_50 2
score BAYES_60 3
score BAYES_80 4
score BAYES_95 5
score BAYES_99 6
score SPF_FAIL 5
score SPF_PASS 0
score SPF_NEUTRAL 0
score URIBL_BLACK 10
describe URIBL_BLACK Contains a URL listed in black.uribl.com
score RCVD_IN_SBL 10
describe RCVD_IN_SBL Rcvd via a relay in Spamhaus SBL (Direct UBE)
score RCVD_IN_XBL 10
describe RCVD_IN_XBL Last ext relay in Spamhaus XBL (exploits)
score RCVD_IN_PBL 10
describe RCVD_IN_PBL Last ext relay in Spamhaus PBL (Non-MTA IPs)
score URIBL_DBL_SPAM 10
describe URIBL_DBL_SPAM Contains a URL listed in the Spamhaus DBL
score RCVD_IN_BRBL_LASTEXT 10
describe RCVD_IN_BRBL_LASTEXT Last external relay in Barracuda RBL
score RCVD_IN_BL_SPAMCOP_NET 0 1.246 0 1.347 # false positives - occasionally blocks Hotmail. Default was 15.
Re: SpamAssassin Rules We All NEED
So, I have faced a new problem regarding spam, and that is related to forwarding emails.
These rules listed in this thread work perfect to filter all those incoming emails as spam if they are so, however what happens if some customers have setup email forwarding to their accounts under vestacp?
As an example I have customers who have set their emails on vesta to forward emails to gmail, yahoo, hotmail, etc. Some of them receive many spam emails which are categorized in the Junk folder within vestacp thanks to this config, however these emails are being forwarded to other email providers causing them to block our IPs because of the forwarding.
I found some config settings within exim that can are preventing emails to be forwarded if they are categorized as spam by spam assassin under directadmin, but not sure how can I implement this to vestacp instance: https://help.directadmin.com/item.php?id=156
http://forum.directadmin.com/showthread.php?t=42111
Is there someone with a better knowledge on this scenario?
Running on Debian 7 64 bits and vestacp 16
These rules listed in this thread work perfect to filter all those incoming emails as spam if they are so, however what happens if some customers have setup email forwarding to their accounts under vestacp?
As an example I have customers who have set their emails on vesta to forward emails to gmail, yahoo, hotmail, etc. Some of them receive many spam emails which are categorized in the Junk folder within vestacp thanks to this config, however these emails are being forwarded to other email providers causing them to block our IPs because of the forwarding.
I found some config settings within exim that can are preventing emails to be forwarded if they are categorized as spam by spam assassin under directadmin, but not sure how can I implement this to vestacp instance: https://help.directadmin.com/item.php?id=156
http://forum.directadmin.com/showthread.php?t=42111
Is there someone with a better knowledge on this scenario?
Running on Debian 7 64 bits and vestacp 16
Re: SpamAssassin Rules We All NEED
I think in exim.conf you have to put the router before everything else (I could be wrong - you can test). This is for Debian 7.
So
Would go before this part:
That means spam messages are dealt with first before any forwarding, etc.
So
Code: Select all
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
Code: Select all
userforward:
Re: SpamAssassin Rules We All NEED
Will test it within the next couple of days and post here if it works!SS88 wrote:I think in exim.conf you have to put the router before everything else (I could be wrong - you can test). This is for Debian 7.
So
Would go before this part:Code: Select all
localuser_spam: driver = accept transport = local_spam_delivery condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
That means spam messages are dealt with first before any forwarding, etc.Code: Select all
userforward:
Re: SpamAssassin Rules We All NEED
Yep, this actually solved the situatio, changing the order of the routers is all I needed, now mails only in the inbox are being forwarded :)
Re: SpamAssassin Rules We All NEED
Fantastic!mike08 wrote:Yep, this actually solved the situatio, changing the order of the routers is all I needed, now mails only in the inbox are being forwarded :)
I'm going to update all my exim.conf files as well. Might be an idea to have this as a feature.
Re: SpamAssassin Rules We All NEED
Sorry to be such a pain!!! I am a complete newbie on SA, but regarding the last post, can you provide a
1-cut this from file :xxxxx
2 Place the cursor after yyyyyy
3-Paste xxxxx
Why I am asking for this?
Because I think that moving the wrong paragraph to the wrong place can result in some other problem.
Thanks !! (and If I missed something, please be nice with me !! :)
1-cut this from file :xxxxx
2 Place the cursor after yyyyyy
3-Paste xxxxx
Why I am asking for this?
Because I think that moving the wrong paragraph to the wrong place can result in some other problem.
Thanks !! (and If I missed something, please be nice with me !! :)
Re: SpamAssassin Rules We All NEED
fedekrum wrote:Sorry to be such a pain!!! I am a complete newbie on SA, but regarding the last post, can you provide a
1-cut this from file :xxxxx
2 Place the cursor after yyyyyy
3-Paste xxxxx
Why I am asking for this?
Because I think that moving the wrong paragraph to the wrong place can result in some other problem.
Thanks !! (and If I missed something, please be nice with me !! :)
Cut this from exim.conf
Code: Select all
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
Code: Select all
userforward:
Code: Select all
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
no_more
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
userforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply