chaser

I started mucking around with my pre 11 config after discovering some legitimate mail not coming through. And now my simple mind is confused by the cPanel 11 lingo.

I've a mailtrap account I set up to check for false positives.

In SpamAssassin, its Enabled, Spam auto delete is disabled & Spambox is disabled. Configuration was set to 5, but I upped it to 10.

Next I go to Account Level Filtering and set up a Filter Name SpamAssassin, with Rule "Spam Status" "begins with" "Yes". Action "Redirect to email" mailtrapmydomain.com.

Is this good?

Many thanks for your help and any suggestions.

__________________
...
cr-webs.com :: Pass8



All things in moderation
... INCLUDING moderation

Neil

Try;
Spamassassin enabled
Filters -auto delete spam disabled
Spambox disabled

Account level filtering;

Filter Name: (whatever you want)

Rules
Spam Bar
Contains
++++++ (or however + you want, 1 + per number - used to be *)

Actions
Redirect to email
(email address you want to send the 6+ spam to)

Activate

Go into the file manager (document root option and make sure Show Hidden Files is ticked) and find;
SpamAssassin directory
open for editing the user prefs file
delete everything in the file and paste the following into it


required_score 4.0
rewrite_header subject _HITS_ SpamValue (_REQD_):-
score BEST_PORN 4.0
score DRUGS_ERECTILE 4
score FUZZY_REFINANCE 4
score HTML_10_20 4
score HTML_FONT_FACE_BAD 3.5
score HTML_FONT_SIZE_TINY 4.0
score HTML_FONT_TINY 4.0
score HTML_IMAGE_ONLY_04 4
score HTML_IMAGE_ONLY_08 4
score HTML_IMAGE_ONLY_12 4
score HTML_IMAGE_ONLY_16 4
score HTML_IMAGE_ONLY_20 4
score HTML_IMAGE_ONLY_24 4
score HTML_IMAGE_ONLY_28 4
score HTML_IMAGE_ONLY_32 4
score HTML_MIME_NO_HTML_TAG 4
score HTML_TINY_FONT 4.0
score MALE_ENHANCE 4.0
score MIME_BASE64_TEXT 4.0
score PORN_16 4.0
score RCVD_IN_BL_SPAMCOP_NET 4
score RCVD_IN_NJABL_PROXY 4
score RCVD_IN_SORBS_DUL 4
score STOCK_ALERT 4.0
score STRONG_BUY 4
score SUBJ_ILLEGAL_CHARS 0
score SUSPICIOUS_RECIPS 4
score UNPARSEABLE_RELAY 4
score UPPERCASE_25_50 3.5
score URIBL_JP_SURBL 4.0
score URIBL_OB_SURBL 4
score URIBL_SBL 4
score US_DOLLARS_3 4.0
skip_rbl_checks 0
use_bayes 0
use_bayes 1
use_dcc 1
use_pyzor 1
use_razor2 1


Save the file (top of page) and check it works.

If you find you still get legit mail dumped out to the spam account then you can up the ++++++ (6 of them) to ++++++++++ (10) but then you may as well not have it anyway, otherwise if it is only a couple of emails you are always losing and they are from the same source, add them as a whitelist entry to the bottom of the user prefs file in the form;

use_pyzor 1
use_razor2 1
whitelist_from *whoeveritis.com

and thanks to cowboy etc. for the filter settings that work.

__________________
D17/D21/P59/P62/VPSX - "Faith can move mountains" (Faiths a big girl....) - I'm not paranoid, I know they are out to get me!

Neil

Update...both customers and myself have seen a huge increase in spam getting through since the upgrade to CP11 etc. spam which pre-CP11 did not get through now does and the only difference it the upgrade.
Having now had a bit of spare time and a spare account or two to play with, the results are not good.
Enter severe values into filters (html only +10) and set the start value as 4.0 and the dump level as 6.0+ and html only still appears (and it is not on the whitelist. )
It looks like preference settings are ignored and even those set as a whotelist entry are in 'wing and prayer' territory.
I suppose it should be expected when the manufacturers instructions on setting up a filter refer to terms or filters which do not exist but really, send two emails at the same time from the same account to the same recipient, check the route and find it is the same etc. but one is labelled spam and the other is not ....hmmmm....
The idea of simply putting ****SPAM**** is plain dumb unless you are sure that it IS spam which it is usually not.
e.g.
Set start level as 4.0
Set html only as 10.0
Set ++++++ (6+) to divert to a spare mailbox
Send some html only mail and...it is not marked or diverted
Better still, set a (x.com) to forward email to (y.com) and mail from (x.com) bypasses spamassassin completely and gets delivered to (y.com) mailbox untouched.

Ideas folks?

__________________
D17/D21/P59/P62/VPSX - "Faith can move mountains" (Faiths a big girl....) - I'm not paranoid, I know they are out to get me!

Bigjohn

i've got my Spam Assassin trained down quite well.

I'm using Cowboy's script which automatically discards 20+ scores.
Anything over 5.0 is copied to the temporary address.

In the temp address, I confirm it's spam by moving it to the spam or HAM folder.

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

Neil

I am simply using the base settings;
Mark when >4.0
Move to spare (bin) if >5.9
Whitelist has the main problem addresses (about 6 of them)
Thats it and CP11 spamassassin cannot cope, the most annoying one though is that if you forward mail to another domain then it is not checked at all.

It used to be so simple, the email header was simply prefixed with "XX.X Spamscore (Reqd:Y.Y):" which allowed you to immediatley see the value and filter on the first 4 characters if needed.

Now if you stop and restart spamassassin you get:

X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on dime17.dizinc.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.2 required=3.9 tests=BAYES_00,FH_FROMEML_NOTLD,
MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_S UBJECT,NO_HEADERS_MESSAGE,
NO_RECEIVED,NO_RELAYS autolearn=no version=3.2.3
From: "Spam Assassin" <spamassassinlocalhost>

Spam Assassin has been enabled on this account

It picks up the required score but that is all.

__________________
D17/D21/P59/P62/VPSX - "Faith can move mountains" (Faiths a big girl....) - I'm not paranoid, I know they are out to get me!

shogun

Can someone send me a linkt to "Cowboy's script". I cannot find it. I have tried the instructions Neil posted on this thread but I cannot see any changes in number of SPAM

There MUST be some way to fight spam effectively!!!

__________________
www.skodun.is

H

Spammer IP -> Physical address -> Swat team -> Prison

Bigjohn

You can find the "automatic discard" scripts / evolutions in this thread:
Whitelist based on subject line?

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

Bigjohn

The header only breaks out the rules and and such for messages that score MORE than your requirement.

The problem with the script I have to discard spam is it uses "above" - if x is above 4.5... and that really only matches on whole numbers...

John

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!