2006-11-10

Tweaking the anti-spam setup

  1. Had to tweak the SA ruleset for LogWatch, specifically:
    header TONNS_LOGWATCH  Subject =~ /^LogWatch for /
    score TONNS_LOGWATCH -20.0
    Eventually, it should be a real whitelist entry, but since this is a dry-run, I'll just leave it at this.

  2. The LogWatch amavisd script is out-of-sync with the logs that amavisd generates. This fixed things:
    # pwd
    /etc/log.d/scripts
    # diff -u services.orig/amavis services/amavis
    --- services.orig/amavis 2005-08-22 21:16:47.000000000 -0400
    +++ services/amavis 2006-11-10 11:01:50.000000000 -0500
    @@ -60,7 +60,7 @@
    or ($ThisLine =~ /^cached [a-zA-Z0-9]+ /)
    or ($ThisLine =~ /^starting. amavisd at/) ) {
    # We don't care about these
    - } elsif ($ThisLine =~ /^Passed, /) {
    + } elsif ($ThisLine =~ /^Passed CLEAN, /) {
    $CleanMsgs++;
    } elsif (($FileName, $From) = ( $ThisLine =~ /^BANNED name\/type \(([^\)]+)\)\, \<([^\>]*)\>/ )) {

    @@ -82,7 +82,18 @@
    $Viruses{$Virus}{$From}++;
    }; # if

    - } elsif (($Fromspam, $Towards) = ( $ThisLine =~ /^SPAM, [\(\<]([^\>\)]+)[\)\>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) {
    + } elsif (($Fromspam, $Towards) = ( $ThisLine =~ /^Passed SPAM, \[[\d\.]+\] \[[\d\.]+\] [\(\<]([^\>\)]+)[\)\>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) {
    + $SpamMsgs++;
    +
    + if ($Detail >= 5) {
    + $Spamtypes{$Towards}++;
    + }; # if
    +
    + if ($Detail >= 10) {
    + $Spams{$Towards}{$Fromspam}++;
    + }; # if
    +
    + } elsif (($Fromspam, $Towards) = ( $ThisLine =~ /^Passed SPAM, [\(\<]([^\>\)]+)[\)\>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) {
    $SpamMsgs++;

    if ($Detail >= 5) {

No comments:

Ratings and Recommendations by outbrain