View Full Version : SpamAssassin

09-28-2003, 05:25 PM
I've set up my DA installation to use the spamassassin included by default by DA...

It was an easy install...

I ran ./spam.sh from the DA scripts directory, and then uncommented the spamassasin parts of the /etc/exim.conf file, as was explained to me in an email from John at the beginning of the month.

Has anyone else run it? What should I expect to see? Should emails be bounced? Or filed somewhere? Or should they arrive either as attachments or marked as spam in the headers...

I've gotten one piece of spam so far, with no special headers, but I did find this in the topmost received line:

Received: from mail by da1.ns-one.net with spam-scanned (Exim 3.36 #1) id 1A3lEG-0002hK-00
However I found the same thing in the topmost received line in non-spam messages, so I'm not sure yet what I should be looking for.

Does anyone know if the default settings should work as is, or if I need to change them?



The Prohacker
09-28-2003, 07:17 PM
This is what it should look like:

Spam detection software, running on the system "vodka.nixhost.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details.

Content preview: Not Catching Enough Attention? www.submitpower.com will
attract heavy traffic to your website. Submit your website to 300,000
search engines and directories today! Click at
http://www.submitpower.com/index.html to sign up now! [...]

Content analysis details: (6.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.6 HTML_WEB_BUGS BODY: Image tag intended to identify you
0.1 HTML_60_70 BODY: Message is 60% to 70% HTML
0.9 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 HTML_IMAGE_ONLY_06 BODY: HTML: images with 400-600 bytes of words
0.2 HTTP_WITH_EMAIL_IN_URL URI: 'remove' URL contains an email address
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[ listed in dnsbl.njabl.org]
0.6 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source
[ listed in dnsbl.njabl.org]
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
[Inaccurate or missing WHOIS data]
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://spamcop.net/bl.shtml?>]

The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.

09-28-2003, 07:56 PM
Thanks, Prohacker.

Did you install it using the instructions I posted? Or did you do something else, such as change any configuration files?

Does the email come to the address it would have come to otherwise?

The reason i ask is that I haven't gotten any emails yet identified that way, and I started it several hours ago.



09-29-2003, 06:16 AM
It's now Monday morning and I've gotten my usual bunch of overnight spam.

All of it filtered through spamassassin, at least according to the headers, but none of it marked as spam.

Prohacker, did you install according to the instructions or some other way?

Would you post or email me the contents of your working spamassissin configuration file?



The Prohacker
09-29-2003, 10:53 AM
This is my user_pref file:

required_hits 5
rewrite_subject 1
subject_tag [Spam]

09-29-2003, 07:33 PM

Where should the file be for global mail handling?

I've got sample files at:




but no "working" file anywhere else.



04-29-2004, 12:30 PM
I'm wondering the same thing, since mail users are not physical users under DA.

DirectAdmin Support
04-29-2004, 02:44 PM