# spam filter doubts?



## klabacita (May 10, 2010)

Hi people.

 Well tomorrow I will setup my first spam filter for postfix. This will have amavisd-new, sa, clamav and maybe FuzzyOCR.

 My test spam server have been working for 2 weeks no issue.

 I have some doubts that will like to verify.

 1; Once u setup everything, what is the staring position of each service, speaking about:

postfix, mavisd-new, sa, clamav.

 I'm running sa perl script not the compile daemon.

 2; sa update, we have to run the cron job daily and every time u run the sa update we have to restart sa?

 3; FuzzyOCR, I have seen a lot of tutorials running FuzzyOCR-devel not FuzzyOCR, exist a reason for this?

 Is all my doubt hope someone could clarify this, I will appreciated a lot, thanks :stud

P.S. This will be a spam gateway.


----------



## dennylin93 (May 10, 2010)

klabacita said:
			
		

> 1; Once u setup everything, what is the staring position of each service, speaking about:
> 
> postfix, mavisd-new, sa, clamav.



Can you clarify this a bit? I don't really understand what you're trying to ask.



> I'm running sa perl script not the compile daemon.
> 
> 2; sa update, we have to run the cron job daily and every time u run the sa update we have to restart sa?



You only need to run sa-update once after each installation. You may optionally run it if you wish to get updated rules though. The rules don't get updated very frequently though.




> 3; FuzzyOCR, I have seen a lot of tutorials running FuzzyOCR-devel not FuzzyOCR, exist a reason for this?



This is because only mail/p5-FuzzyOcr-devel supports the current version of SpamAssassin.


----------



## sixtydoses (May 10, 2010)

dennylin93 said:
			
		

> Can you clarify this a bit? I don't really understand what you're trying to ask.


Think he wants to know the starting sequence of those services.


----------



## DutchDaemon (May 10, 2010)

rcorder(8), e.g.
`$ rcorder /etc/rc.d/* /usr/local/etc/rc.d/*`


----------



## klabacita (May 12, 2010)

Sorry, working in my spam gateway.

 1; rcorder mmmm interesting, new thing for me, got it.
 2; sa-update not a daily task, got it.
 3; Fuzzy... mmm I install -devel and install less stuff which is good. 

  Thanks all of u for your info, appreciated, sorry for my english.


----------



## hydra (May 14, 2010)

FuzzyOCR is not allmighty (with all respect) and you do not need to sa-update every day (maybe once a month is enough).

Some tips:
- Block dynamic users.
- Learn how to use DCC/Pyzor/Razor.
- Use RBLs the smart way (do NOT block, just give plus points).
- Use the RelayCountry plugin for SpamAssassin and give some additional points for the common spammers (http://www.spamhaus.org/statistics/countries.lasso).
- Be sure to train your Bayes.
- Greylisting is your friend.


----------



## klabacita (May 16, 2010)

Thanks hydra.

 I'm learning this new field, I have Razor working, I will test each toy u mentioned and as soon as I learn how they work I will add to my production server.

 Thanks hydra again.


----------



## hydra (May 16, 2010)

Good luck, don't worry if it doesn't work the first time as you've imagined, it really takes time...


----------



## klabacita (May 17, 2010)

I forget to ask.

  mmmm, right now my spam gateway send me emails about what is doing, virus, banned etc. But doing this by email is to easy to do it.
  How do u move the quarantine emails, do u run a web interface like maia? or do u administer everything from the CLI?

  Thanks!!!


----------



## hydra (May 18, 2010)

I've set up the scores pretty high (7.0 for marking, 11.0 to quarantine) so I assume there is no badly marked message in the quarantine. I'd like to lower the scores and thus I'll need to implement Maia or something. Sharing your experiences with Maia would be nice


----------

