local.cf 6.16 KB
Newer Older
ale's avatar
ale committed
1
2
3
4
5
6
7
8
9
10
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# rewrite_header Subject *****SPAM*****
# report_safe 1

godog's avatar
godog committed
11
# The overlay networks are trusted, which implies that email originating
ale's avatar
ale committed
12
13
# from them (not just relayed through) will usually not be considered
# spam.
14
15
16
trusted_networks{% for o in net_overlays %} {{ o.network }}{% endfor %}

internal_networks{% for o in net_overlays %} {{ o.network }}{% endfor %}
ale's avatar
ale committed
17
18
19
20
21
22

lock_method flock

report_safe 0
ok_locales all

ale's avatar
ale committed
23
24
25
# Use a "service-like" hostname for headers. Does not need to exist.
report_hostname spamassassin.investici.org

ale's avatar
ale committed
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
envelope_sender_header X-Envelope-From

required_hits 3

#loadplugin Mail::SpamAssassin::Plugin::AWL
#auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
#user_awl_dsn DBI:mysql:ai_spam:localhost
#user_awl_sql_username spam
#user_awl_sql_password password

use_bayes 0
#bayes_ignore_header X-Bogosity
#bayes_ignore_header X-Spam-Flag
#bayes_ignore_header X-Spam-Status
#bayes_learn_to_journal 1
#bayes_min_ham_num 20
#bayes_min_spam_num 20
#bayes_use_hapaxes 0
#bayes_auto_learn 1 
#bayes_auto_learn_threshold_nonspam 0 
#bayes_auto_learn_threshold_spam 5.00 
#bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
#bayes_sql_dsn DBI:mysql:ai_spam:localhost
#bayes_sql_username spam
#bayes_sql_password bodArn4Flact

52
user_scores_dsn DBI:mysql:ai_spam:127.0.0.1:3308
53
54
user_scores_sql_username spamassassin
user_scores_sql_password {{ spamassassin_db_password }}
ale's avatar
ale committed
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

# I check RBL li fa gia' Postfix.
skip_rbl_checks 1
use_pyzor 1

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

ale's avatar
ale committed
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# ADSP overrides, to allow us to enforce strict DKIM checks.
adsp_override ebay.com
adsp_override *.ebay.com
adsp_override ebay.co.uk
adsp_override *.ebay.co.uk
adsp_override paypal.com
adsp_override *.paypal.com
adsp_override amazon.com
adsp_override ealerts.bankofamerica.com
adsp_override americangreetings.com
adsp_override egreetings.com
adsp_override bluemountain.com
adsp_override hallmark.com   all
adsp_override *.hallmark.com all
adsp_override youtube.com    custom_high
adsp_override google.com     custom_low
adsp_override gmail.com      custom_low
adsp_override googlemail.com custom_low
adsp_override yahoo.com      custom_low
adsp_override yahoo.com.au   custom_low
adsp_override yahoo.it       custom_low

score DKIM_ADSP_ALL		2.5
score DKIM_ADSP_NXDOMAIN	3

score DKIM_ADSP_CUSTOM_LOW	1
score DKIM_ADSP_CUSTOM_MED	3.5
score DKIM_ADSP_CUSTOM_HIGH	8

score T_DKIM_INVALID 3

# Score SPF failures.
ale's avatar
ale committed
123
score SPF_NONE          1.0
ale's avatar
ale committed
124
125
126
127
128
score SPF_FAIL		3.0
score SPF_SOFTFAIL	2.0
score SPF_HARDFAIL	5.0

# Score URIBL failures.
ale's avatar
ale committed
129
score URIBL_BLACK	5.7
ale's avatar
ale committed
130
131
132
133
134
score URIBL_DBL_SPAM	5.0
score URIBL_JP_SURBL	5.0
score URIBL_RHS_DOB	2.5
score URIBL_SC_SURBL	5.0
score URIBL_WS_SURBL	5.0
ale's avatar
ale committed
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

### Rule customization and tuning.

# Skip spam checking on list bounces
whitelist_to *-bounces@*

# Questa regola scatta perche' i frontend sono considerati trusted
# (in teoria non dovrebbero, mistero)
score RP_MATCHES_RCVD 0.0

# bug di questa regola assegna 3.4 punti di spam ai messaggi con data 2010-2099
score FH_DATE_PAST_20XX 0.0

# togliamo sta cosa che rompe le palle per indirizzi tipo machdb.investici.org:3000
score WEIRD_PORT 0.0

# questo rompe le palle su tutti i msg che vengono dall'smtp di fastweb
score RCVD_ILLEGAL_IP 0.0

# questo non si capisce perche' ma fa andare in spam buona parte dei msg di zabbix
score BASE64_LENGTH_79_INF 0.0

# questo becca come spam da viagra frasi come "via gramsci"
score FR_ALMOST_VIAG2 0.0

# questo avrebbe 1.8 come punteggio e non si capisce bene cosa faccia, lo caliamo un po'.
score HTML_COMMENT_SAVED_URL 0.5

# punteggio di 2.9 che pero' si attiva spesso sui msg firmati con GPG
score TVD_SPACE_RATIO 0.5

# email.it ad esempio fa questa cosa dell'helo numerico
score RCVD_NUMERIC_HELO  0.5

# freemail non ci piace
score FREEMAIL_REPLYTO 0.5
ale's avatar
ale committed
171
score FREEMAIL_FORGED_FROMDOMAIN 3.0
ale's avatar
ale committed
172
173
174
175

# Message has X-MSMail-Priority, but no X-MimeOLE  (1.9 mi pare troppo)
score MISSING_MIMEOLE 0.5

ale's avatar
ale committed
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# Define a rule that triggers in case of from name spoofing.
ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
    header	__PLUGIN_FROMNAME_SPOOF		eval:check_fromname_spoof()
    header	__PLUGIN_FROMNAME_EQUALS_TO	eval:check_fromname_equals_to()
    meta	FROMNAME_SPOOF_EQUALS_TO	(__PLUGIN_FROMNAME_SPOOF && __PLUGIN_FROMNAME_EQUALS_TO)
    describe	FROMNAME_SPOOF_EQUALS_TO	From:name is spoofed to look like To: address
    score	FROMNAME_SPOOF_EQUALS_TO	1.2
endif

# Rule that matches OpenPhish/PhishTank URLs.
ifplugin Mail::SpamAssassin::Plugin::Phishing
    phishing_openphish_feed /var/lib/spamassassin/openphish-feed.txt
    #phishing_phishtank_feed /var/lib/spamassassin/phishtank-feed.csv
    body     URI_PHISHING      eval:check_phishing()
    describe URI_PHISHING      Phishing URL found
endif
ale's avatar
ale committed
192
193
194
195
196
197
198
199
200

{% if uribl_domain_name != 'uribl.com' %}
# Override URIBL lookups with a custom zone.
urirhssub       URIBL_BLACK     multi.{{ uribl_domain_name }}.        A   2
urirhssub       URIBL_GREY      multi.{{ uribl_domain_name }}.        A   4
urirhssub       URIBL_RED       multi.{{ uribl_domain_name }}.        A   8
urirhssub       URIBL_BLOCKED   multi.{{ uribl_domain_name }}.        A   1
{% endif %}