Re: SpamAssassin Rules We All NEED
Posted: Thu May 12, 2016 9:03 pm
thank you!! :)
Community Forum
https://forum.vestacp.com/
Code: Select all
#
# Do a check for odd letter combinations
#
# The following rules were borrowed from an older version of SA.
rawbody __PGP_BEGIN /^-----BEGIN PGP SIGNATURE-----$/
rawbody __PGP_MIDDLE /^[0-9A-Za-z+\/]{64}$/
rawbody __PGP_END /^-----END PGP SIGNATURE-----$/
meta __PGP_SIGNATURE (__PGP_BEGIN && __PGP_MIDDLE && __PGP_END)
# Prevent hits with Double forwards, or messages with attachments not parsed out.
rawbody __FVGT_rb_ATTACHMENT /Content-Disposition: attachment/i
# Core obfu rules, these are generated from multiple US dictionary files.
body __FVGT_b_OBFU_J /j[bcfgw]/i
body __FVGT_b_OBFU_OTHER /(vj|vk|xj|xk|yy|zf|zj)/i
body __FVGT_b_OBFU_Q0 /[jkpqtvwz]q/i
body __FVGT_b_OBFU_Q1 /q[afhjkmnsy]/i
body __FVGT_b_OBFU_V /[fgqw]v/i
body __FVGT_b_OBFU_X /[cgjkqsvz]x/i
body __FVGT_b_OBFU_Z /[fjkpqx]z/i
meta __FVGT_m_MULTI_ODD2 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 1)
meta __FVGT_m_MULTI_ODD3 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 2)
meta __FVGT_m_MULTI_ODD4 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 3)
meta __FVGT_m_MULTI_ODD5 ((__FVGT_b_OBFU_J + __FVGT_b_OBFU_OTHER + __FVGT_b_OBFU_Q0 + __FVGT_b_OBFU_Q1 + __FVGT_b_OBFU_V + __FVGT_b_OBFU_X + __FVGT_b_OBFU_Z) > 4)
# Core meta rules, these combine multiple variations of above rules.
meta FVGT_m_MULTI_ODD2 (__FVGT_m_MULTI_ODD2 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD2 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD3 (__FVGT_m_MULTI_ODD3 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD3 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD4 (__FVGT_m_MULTI_ODD4 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD4 Contains multiple odd letter combinations
meta FVGT_m_MULTI_ODD5 (__FVGT_m_MULTI_ODD5 && !__FVGT_rb_ATTACHMENT && !__PGP_SIGNATURE)
describe FVGT_m_MULTI_ODD5 Contains multiple odd letter combinations
score FVGT_m_MULTI_ODD2 1.1
score FVGT_m_MULTI_ODD3 1.3
score FVGT_m_MULTI_ODD4 1.3
score FVGT_m_MULTI_ODD5 1.4
Code: Select all
score BAYES_40 1
score BAYES_50 2
score BAYES_60 3
score BAYES_80 4
score BAYES_95 5
score BAYES_99 6
score SPF_FAIL 5
score SPF_PASS 0
score SPF_NEUTRAL 0
score URIBL_BLACK 10
describe URIBL_BLACK Contains a URL listed in black.uribl.com
score RCVD_IN_SBL 10
describe RCVD_IN_SBL Rcvd via a relay in Spamhaus SBL (Direct UBE)
score RCVD_IN_XBL 10
describe RCVD_IN_XBL Last ext relay in Spamhaus XBL (exploits)
score RCVD_IN_PBL 10
describe RCVD_IN_PBL Last ext relay in Spamhaus PBL (Non-MTA IPs)
score URIBL_DBL_SPAM 10
describe URIBL_DBL_SPAM Contains a URL listed in the Spamhaus DBL
score RCVD_IN_BRBL_LASTEXT 10
describe RCVD_IN_BRBL_LASTEXT Last external relay in Barracuda RBL
score RCVD_IN_BL_SPAMCOP_NET 0 1.246 0 1.347 # false positives - occasionally blocks Hotmail. Default was 15.
Code: Select all
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
Code: Select all
userforward:
Will test it within the next couple of days and post here if it works!SS88 wrote:I think in exim.conf you have to put the router before everything else (I could be wrong - you can test). This is for Debian 7.
So
Would go before this part:Code: Select all
localuser_spam: driver = accept transport = local_spam_delivery condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
That means spam messages are dealt with first before any forwarding, etc.Code: Select all
userforward:
Fantastic!mike08 wrote:Yep, this actually solved the situatio, changing the order of the routers is all I needed, now mails only in the inbox are being forwarded :)
fedekrum wrote:Sorry to be such a pain!!! I am a complete newbie on SA, but regarding the last post, can you provide a
1-cut this from file :xxxxx
2 Place the cursor after yyyyyy
3-Paste xxxxx
Why I am asking for this?
Because I think that moving the wrong paragraph to the wrong place can result in some other problem.
Thanks !! (and If I missed something, please be nice with me !! :)
Code: Select all
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
Code: Select all
userforward:
Code: Select all
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
no_more
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
userforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply