Sharing custom SpamAssassin Rules

d19dotca

@IniBudi Yes just copy & paste, but remember to replace the API key for Abusix if you want to use Abusix (otherwise just remove the section for Abusix). Everything else is good to copy & paste.

IniBudi

@d19dotca thank you for the present, I will try in my Cloudron.

BrutalBirdie

Big Love @d19dotca

imc67

@msbt said in Sharing custom SpamAssassin Rules:

Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
dnsbl.sorbs.net

Or is that empty on your side?

I think this is still a relevant question, @d19dotca your spam-rules are amazing, however you are "calling" ACL DSNBL's that are not default in a Cloudron install (https://docs.cloudron.io/email/#dnsbl) so I guess that they are not working until you add them?

I asked ChatGPT to analyse your latest rules and it advised to add the below ones to the DNSLBL Zones ACL (https://my.domain.com/#/email-settings). Is that in your opinion correct to make them all work?

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
all.spamrats.com
backscatter.spameatingmonkey.net
bl.spameatingmonkey.net
netbl.spameatingmonkey.net

d19dotca

@imc67 said in Sharing custom SpamAssassin Rules:

@msbt said in Sharing custom SpamAssassin Rules:

Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
dnsbl.sorbs.net

Or is that empty on your side?

I think this is still a relevant question, @d19dotca your spam-rules are amazing, however you are "calling" ACL DSNBL's that are not default in a Cloudron install (https://docs.cloudron.io/email/#dnsbl) so I guess that they are not working until you add them?

I asked ChatGPT to analyse your latest rules and it advised to add the below ones to the DNSLBL Zones ACL (https://my.domain.com/#/email-settings). Is that in your opinion correct to make them all work?

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
all.spamrats.com
backscatter.spameatingmonkey.net
bl.spameatingmonkey.net
netbl.spameatingmonkey.net

So just to clarify… if you add those to the DNSBL list in Cloudron mail settings, it will completely reject mail that has a hit on any of those services. That mail setting in Cloudron is used by Dovecot/Haraka, not SpamAssassin. The reason you don’t want all those DNSBLs there is because not all of them are super accurate (some are too aggressive), which is why they’re in the SpamAssassin rules instead.

Basically the DNSBL list for Cloudron should only be if you want anything that has a hit to be outright rejected and never arrive in your mailbox (not even the junk folder). I prefer to keep that to just Abusix and SpamHaus myself because they have proven to be very accurate in the sense that they return no false positives, so they’re “safe” in rejecting only the most obvious of spam.

Then everything else that passes through that part will simply be scanned by SpamAssassin against the other DNSBLs in the custom rules and are therefore not rejected but just categorized as either spam or ham. It’s safer that way.

But also totally up to you. If you trust the other DNSBLs, then certainly feel free to add them to the Cloudron DNSBL list, but just know that doing so will most likely result in rejected/dropped messages that you’ll never know about until you look at the mail sever logs.

Ultimately… the DNSBLs in the custom SpamAssassin rule set doesn’t really have anything to do with the DNSBL setting used in Cloudron, as they are different levels of filtering and unrelated to each other.

Hopefully that makes sense. I’m just waking up while writing this so let me know if I can clarify further as I may not be explaining myself perfectly, lol.

imc67

@d19dotca said in Sharing custom SpamAssassin Rules:

@imc67 said in Sharing custom SpamAssassin Rules:

@msbt said in Sharing custom SpamAssassin Rules:

Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
dnsbl.sorbs.net

Or is that empty on your side?

I think this is still a relevant question, @d19dotca your spam-rules are amazing, however you are "calling" ACL DSNBL's that are not default in a Cloudron install (https://docs.cloudron.io/email/#dnsbl) so I guess that they are not working until you add them?

I asked ChatGPT to analyse your latest rules and it advised to add the below ones to the DNSLBL Zones ACL (https://my.domain.com/#/email-settings). Is that in your opinion correct to make them all work?

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
all.spamrats.com
backscatter.spameatingmonkey.net
bl.spameatingmonkey.net
netbl.spameatingmonkey.net

So just to clarify… if you add those to the DNSBL list in Cloudron mail settings, it will completely reject mail that has a hit on any of those services. That mail setting in Cloudron is used by Dovecot/Haraka, not SpamAssassin. The reason you don’t want all those DNSBLs there is because not all of them are super accurate (some are too aggressive), which is why they’re in the SpamAssassin rules instead.

Basically the DNSBL list for Cloudron should only be if you want anything that has a hit to be outright rejected and never arrive in your mailbox (not even the junk folder). I prefer to keep that to just Abusix and SpamHaus myself because they have proven to be very accurate in the sense that they return no false positives, so they’re “safe” in rejecting only the most obvious of spam.

Then everything else that passes through that part will simply be scanned by SpamAssassin against the other DNSBLs in the custom rules and are therefore not rejected but just categorized as either spam or ham. It’s safer that way.

But also totally up to you. If you trust the other DNSBLs, then certainly feel free to add them to the Cloudron DNSBL list, but just know that doing so will most likely result in rejected/dropped messages that you’ll never know about until you look at the mail sever logs.

Ultimately… the DNSBLs in the custom SpamAssassin rule set doesn’t really have anything to do with the DNSBL setting used in Cloudron, as they are different levels of filtering and unrelated to each other.

Hopefully that makes sense. I’m just waking up while writing this so let me know if I can clarify further as I may not be explaining myself perfectly, lol.

WOW thank you very very much for this extraordinary clarification! I expected a necessary connection between the two but it isn’t. Thanks for your great work and explanation!

marcusquinn

Nice, so which would you recommend?

d19dotca

@marcusquinn said in Sharing custom SpamAssassin Rules:

Nice, so which would you recommend?

For the Cloudron DNSBL list? I personally am using Spamhaus and Abusix's Exploit list to completely reject only the most obvious of spam, leaving the rest to be filtered via SpamAssassin to the inbox or junk folder.

zen.spamhaus.org
{API_KEY}.exploit.mail.abusix.zone

marcusquinn

@d19dotca thanks - am i right in saying abusix no longer offers a free tier key?

humptydumpty

@marcusquinn I think it’s still available. I logged into my account. I see:
5,000 daily queries
Free

I visited the main site and went to guardian mail and it still says get started with 5000 queries so it seems all you need is to sign up with a free account.

marcusquinn

@humptydumpty got it. done - will see how that goes. Thanks both.