evolix/wiki
22
0
Fork 0
Code Releases Activity
wiki/HowtoSpamAssassin.md
Gregory Colpart 222b87b983 relecture
2017-10-22 19:31:54 +02:00

186 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
categories: mail
title: Howto SpamAssassin
...
* Documentation : <http://spamassassin.apache.org/doc.html>
[SpamAssassin](http://spamassassin.apache.org/) est un filtre pour évaluer si des emails sont des spams.
## Installation
Nous utilisons la version [Apache-ITK](http://mpm-itk.sesse.net/) depuis des années en production sur de nombreux serveurs critiques. Apache-ITK permet de préciser pour chaque VirtualHost un utilisateur, un groupe et une option *MaxClients* spécifiques, ce qui est utile pour la sécurité d'un serveur multi-sites.
~~~
# apt install spamassassin spamc
~~~
## Configuration
~~~
required_score 5
report_safe 0
rewrite_header Subject [SPAM]
add_header all Report _REPORT_
# filtre bayesien
# mkdir -p /var/spool/spam
use_bayes 1
bayes_auto_learn 1
bayes_path /var/spool/spam/bayes
bayes_file_mode 0777
# AWL : AutoWhitelist
# mkdir -p /var/spool/spam
loadplugin Mail::SpamAssassin::Plugin::AWL
use_auto_whitelist 1
auto_whitelist_path /var/spool/spam/auto_whitelist
auto_whitelist_file_mode 0666
# LANG TESTS
Mail::SpamAssassin::Plugin::TextCat
ok_languages en fr es it
ok_locales en fr es it
score BODY_8BITS 1.500
score CHARSET_FARAWAY 3.200
score CHARSET_FARAWAY_HEADER 3.200
score HTML_CHARSET_FARAWAY 0.500
score MIME_CHARSET_FARAWAY 2.450
score UNWANTED_LANGUAGE_BODY 2.800
# DCC
# use_dcc 1 => un plugin maintenant...
score DCC_CHECK 2.9
# RAZOR : <http://razor.sourceforge.net>
use_razor2 1
razor_timeout 10
score RAZOR2_CHECK 2.9
score RAZOR2_CF_RANGE_51_100 1.3
# pyzor : <http://pyzor.sourceforge.net/>
use_pyzor 0
# RBL (Realtime Blackhole List)
skip_rbl_checks 0
score RCVD_IN_BL_SPAMCOP_NET 3
# misc
score HELO_DYNAMIC_IPADDR 0.3
score BIZ_TLD 0.1
score PRIORITY_NO_NAME 0.2
# disable HTML tests
score HTML_MESSAGE 0
score HTML_00_10 0
score HTML_10_20 0
score HTML_20_30 0
score HTML_30_40 0
score HTML_40_50 0
score HTML_50_60 0
score HTML_60_70 0
score HTML_70_80 0
score HTML_80_90 0
score HTML_90_100 0
#score HTML_COMMENT_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score MIME_HTML_ONLY 0.1
# From <http://maxime.ritter.eu.org/Spam/user_prefs>
# Trop de faux negatifs avec BAYES_(0|1|2|3|4)*
score BAYES_00 0 0 -0.01 -0.01
score BAYES_01 0 0 -0.01 -0.01
score BAYES_10 0 0 -0.01 -0.01
score BAYES_20 0 0 -0.01 -0.01
score BAYES_30 0 0 -0.01 -0.01
score BAYES_40 0 0 -0.01 -0.01
score BAYES_44 0 0 -0.01 -0.01
score BAYES_50 0 0 0.1 0.1
score BAYES_56 0 0 0.5 0.5
score BAYES_60 0 0 1.0 1.0
score BAYES_70 0 0 2.5 2.5
score BAYES_80 0 0 3.5 3.5
score BAYES_90 0 0 4.5 4.5
score BAYES_99 0 0 8.0 8.0
score RCVD_IN_SORBS_DUL 0.3
score SUBJ_ILLEGAL_CHARS 0
score RCVD_IN_NJABL_DUL 0.3
score ADDRESS_IN_SUBJECT 0.1
score HELO_LH_HOME 1.0
#internal_networks 192.168.XXX/24
trusted_networks 31.170.8.33 31.170.8.15 62.212.111.216 88.179.18.233 85.118.59.50
#score ALL_TRUSTED 0.3
score HELO_DYNAMIC_IPADDR 0.3
score FORGED_MUA_OUTLOOK 0.5
# Eudora sucks
score EXTRA_MPART_TYPE 0.1
score MIME_BOUND_EQ_REL 0.1
score MIME_QP_LONG_LINE 0.1
# SMTP senders *have* dynamic IP addresses
# A.B.C.D.dnsbl.sorbs.net -> 127.0.0.10
score RCVD_IN_DYNABLOCK 0
score HELO_DYNAMIC_IPADDR 0.3
score RCVD_IN_SORBS 0.1
score RCVD_IN_PBL 0.1
score RCVD_IN_SORBS_DUL 0
# old bug...
score FH_DATE_PAST_20XX 0.0
~~~
### AWL : AutoWhiteList
SpamAssassin a un puissant outil dAWL si lon définit bien une liste demails / expéditeurs avant de linitialiser.
Néanmoins, il faut le maintenir.
Pour lister sa whitelist (couple email / 2 1er octets de lIP)
~~~
# sa-awl /var/spool/spam/auto_whitelist
AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE
AVG est le score moyen
TOTSCORE est le score total des mails
COUNT est le nombre de mails
~~~
Pour supprimer les entrées “vues” moins de 2 fois :
~~~
# sa-awl --clean --min 2 /var/spool/spam/auto_whitelist
~~~
Pour supprimer des entrées particulières :
~~~
# spamassassin --remove-addr-from-whitelist=foo@bar
SpamAssassin auto-whitelist: removing address: foo@bar
~~~
## Administration
### Whitelist / blacklist
Par utilisateur (`~/.spamassassin/user_prefs`) ou global :
~~~
whitelist_from jdoe@example.org
whitelist_from *@example.com
blacklist_from bad@example.net
~~~
View git blame Copy permalink