buncha things... add a dnsbl.cf in your /etc/mail/spamassassin directory paste the following (which may or may not be updated, but hit's alot): ----------------------snip----------------------------- #dnsbl.cf - Place this file in /etc/mail/spamassassin/dnsbl.cf #Note that files are loaded in alphabetical order, any entries in local.cf #will override the entries in this configuration file. # EASYNET_NL is the Easynet.nl List: http://blackholes.easynet.nl . header RCVD_IN_EASY rbleval:check_rbl('relay', 'blackholes.easynet.nl.') describe RCVD_IN_EASY Received via EASYed relay tflags RCVD_IN_EASY net # use *.blackholes.us DNSBL's # $Id: blackholes.cf,v 1.2 2002/08/07 06:23:58 pancrace Exp $ header RCVD_IN_ARGENTINA eval:check_rbl('country', 'argentina.blackholes.us.') describe RCVD_IN_ARGENTINA Received from Argentina header RCVD_IN_BRAZIL eval:check_rbl('country', 'brazil.blackholes.us.') describe RCVD_IN_BRAZIL Received from Brazil header RCVD_IN_CHINA eval:check_rbl('country', 'china.blackholes.us.') describe RCVD_IN_CHINA Received from China header RCVD_IN_JAPAN eval:check_rbl('country', 'japan.blackholes.us.') describe RCVD_IN_JAPAN Received from Japan header RCVD_IN_KOREA eval:check_rbl('country', 'korea.blackholes.us.') describe RCVD_IN_KOREA Received from Korea header RCVD_IN_NIGERIA eval:check_rbl('country', 'nigeria.blackholes.us.') describe RCVD_IN_NIGERIA Received from Nigeria header RCVD_IN_RUSSIA eval:check_rbl('country', 'russia.blackholes.us.') describe RCVD_IN_RUSSIA Received from Russia header RCVD_IN_SINGAPORE eval:check_rbl('country', 'singapore.blackholes.us.') describe RCVD_IN_SINGAPORE Received from Singapore header RCVD_IN_TAIWAN eval:check_rbl('country', 'taiwan.blackholes.us.') describe RCVD_IN_TAIWAN Received from Taiwan header RCVD_IN_THAILAND eval:check_rbl('country', 'thailand.blackholes.us.') describe RCVD_IN_THAILAND Received from Thailand score RCVD_IN_ARGENTINA 3.0 score RCVD_IN_BRAZIL 3.0 score RCVD_IN_CHINA 3.0 score RCVD_IN_JAPAN 3.0 score RCVD_IN_KOREA 3.0 score RCVD_IN_NIGERIA 3.0 score RCVD_IN_RUSSIA 3.0 score RCVD_IN_SINGAPORE 3.0 score RCVD_IN_TAIWAN 3.0 score RCVD_IN_THAILAND 3.0 header RCVD_IN_BROADWING eval:check_rbl('isp', 'broadwing.blackholes.us.') describe RCVD_IN_BROADWING Received from Broadwing network space header RCVD_IN_CIBERLYNX eval:check_rbl('isp', 'ciberlynx.blackholes.us.') describe RCVD_IN_CIBERLYNX Received from Ciberlynx network space header RCVD_IN_CW eval:check_rbl('isp', 'cw.blackholes.us.') describe RCVD_IN_CW Received from Cable and Wireless network space header RCVD_IN_ELI eval:check_rbl('isp', 'eli.blackholes.us.') describe RCVD_IN_ELI Received from ELI network space header RCVD_IN_EPOCH eval:check_rbl('isp', 'epoch.blackholes.us.') describe RCVD_IN_EPOCH Received from Epoch network space header RCVD_IN_HE eval:check_rbl('isp', 'he.blackholes.us.') describe RCVD_IN_HE Received from Hurricane Electric network space header RCVD_IN_INFLOW eval:check_rbl('isp', 'inflow.blackholes.us.') describe RCVD_IN_INFLOW Received from Inflow network space header RCVD_IN_INTERNAP eval:check_rbl('isp', 'internap.blackholes.us.') describe RCVD_IN_INTERNAP Received from Internap network space header RCVD_IN_LEVEL3 eval:check_rbl('isp', 'level3.blackholes.us.') describe RCVD_IN_LEVEL3 Received from Level 3 network space header RCVD_IN_RACKSPACE eval:check_rbl('isp', 'rackspace.blackholes.us.') describe RCVD_IN_RACKSPACE Received from Rackspace network space header RCVD_IN_RR eval:check_rbl('isp', 'rr.blackholes.us.') describe RCVD_IN_RR Received from Road Runner network space header RCVD_IN_SKYNETWEB eval:check_rbl('isp', 'skynetweb.blackholes.us.') describe RCVD_IN_SKYNETWEB Received from SkynetWeb network space header RCVD_IN_VALUEWEB eval:check_rbl('isp', 'valueweb.blackholes.us.') describe RCVD_IN_VALUEWEB Received from Valueweb/Cybergate network space header RCVD_IN_VERIO eval:check_rbl('isp', 'verio.blackholes.us.') describe RCVD_IN_VERIO Received from Verio network space #header RCVD_IN_WANADOOFR eval:check_rbl('isp', 'wanadoo-fr.blackholes.us.') #describe RCVD_IN_WANADOOFR Received from Wanadoo.fr network space header RCVD_IN_XO eval:check_rbl('isp', 'xo.blackholes.us.') describe RCVD_IN_XO Received from XO/Concentric network space header RCVD_IN_SORBS eval:check_rbl('isp', 'dnsbl.sorbs.net.') describe RCVD_IN_SORBS Received from IP in dnsbl.sorbs.net header RCVD_IN_SPEWS eval:check_rbl('isp', 'l1.spews.dnsbl.sorbs.net.') describe RCVD_IN_SPEWS Received from IP in Spews.sorbs.net header RCVD_IN_ROGERS eval:check_rbl('isp', 'rogers.blackholes.us.') describe RCVD_IN_ROGERS Received from rogers network space score RCVD_IN_BROADWING 0.5 score RCVD_IN_CIBERLYNX 0.5 score RCVD_IN_CW 0.5 score RCVD_IN_ELI 0.5 score RCVD_IN_EPOCH 0.5 score RCVD_IN_HE 0.5 score RCVD_IN_INFLOW 0.5 score RCVD_IN_INTERNAP 0.5 score RCVD_IN_LEVEL3 0.5 score RCVD_IN_RACKSPACE 0.5 score RCVD_IN_RR 0.5 score RCVD_IN_SKYNETWEB 0.5 score RCVD_IN_VALUEWEB 0.5 score RCVD_IN_VERIO 0.5 #score RCVD_IN_WANADOOFR 0.5 score RCVD_IN_XO 0.5 score RCVD_IN_SORBS 0.5 score RCVD_IN_ROGERS 0.5 score RCVD_IN_CBL 0.5 score RCVD_IN_SBL 0.5 score RCVD_IN_BL_SPAMCOP_NET 1.5 score RCVD_IN_EASY 2.0 score RCVD_IN_SPEWS 2.0 score RCVD_IN_DSBL 2.0 #Single Zone BL's first #CBL.ABUSEAT.ORG is a DNSBL of senders who have sent to spamtrap addresses. #This one is pretty good at hitting crap spammers not caught by some others, #especially clueless cable modem spammers. header RCVD_IN_CBL rbleval:check_rbl('relay', 'cbl.abuseat.org') describe RCVD_IN_CBL DNSBL: sender has sent spam to spamtraps tflags RCVD_IN_CBL net # Multizone / Multi meaning BLs next # SORBS, like MAPS RBL+ is a multi-meaning BL, so it is treated separately header RCVD_IN_SORBS rbleval:check_rbl('sorbs', 'dnsbl.sorbs.net.') describe RCVD_IN_SORBS Received via a relay in dnsbl.sorbs.net tflags RCVD_IN_SORBS net # X prefix was used to insure that it was run at the end, but it's not needed # anymore since we run the rule with rblreseval -- Marc header X_SORBS_OPEN_HTTP rbleval:check_rbl_results_for('sorbs', '127.0.0.2') describe X_SORBS_OPEN_HTTP DNSBL: sender is Confirmed Open Proxy tflags X_SORBS_OPEN_HTTP net header X_SORBS_SOCKS rbleval:check_rbl_results_for('sorbs', '127.0.0.3') describe X_SORBS_SOCKS DNSBL: send ip addy Confirmed Open Socks Proxy tflags X_SORBS_SOCKS net header X_SORBS_MISC rbleval:check_rbl_results_for('sorbs', '127.0.0.4') describe X_SORBS_MISC DNSBL: sender is Confirmed Open Misc Proxy tflags X_SORBS_MISC net header X_SORBS_SMTP rbleval:check_rbl_results_for('sorbs', '127.0.0.5') describe X_SORBS_SMTP DNSBL: sender is a Confirmed Open Relay tflags X_SORBS_SMTP net header X_SORBS_SPAM rbleval:check_rbl_results_for('sorbs', '127.0.0.6') describe X_SORBS_SPAM DNSBL: sender is a Confirmed spam Source tflags X_SORBS_SPAM net header X_SORBS_WEB rbleval:check_rbl_results_for('sorbs', '127.0.0.7') describe X_SORBS_WEB DNSBL: sender is Confirmed Spam Support Web Server tflags X_SORBS_WEB net header X_SORBS_ZOMBIE rbleval:check_rbl_results_for('sorbs', '127.0.0.9') describe X_SORBS_ZOMBIE DNSBL: sender is a Zombie Domain tflags X_SORBS_ZOMBIE net header X_SORBS_NOMAIL rbleval:check_rbl_results_for('sorbs', '127.0.0.12') describe X_SORBS_NOMAIL DNSBL: sender is a Confirmed No Mail Ever zone tflags X_SORBS_NOMAIL net ---------------------------snip-------------------------------- this in your local.cf, note some are probably not necessary to you, such as language, are your other rbls in place, and install dcc and razor that you can see noted -------------------------snip---------------------------- lock_method flock use_bayes 1 use_pyzor 0 #auto_learn 1 #rewrite_subject 1 required_hits 5.0 ok_languages en es #report_safe 1 ok_locales en rbl_timeout 5 razor_config /var/spool/filter/.razor/razor-agent.conf use_razor2 1 razor_timeout 5 #dns_available no bayes_auto_learn_threshold_spam 6.00 dcc_home /var/dcc ############################################################################ score NO_REAL_NAME 1.1 score USER_IN_WHITELIST -15.000 score DRUGS_ERECTILE 3.160 1.100 3.372 1.493 score DRUGS_ERECTILE_OBFU 2.833 3.046 2.816 3.408 ---------------snip-------------------------- check your init.pre for ------------snip-------------------- # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF #loadplugin Mail::SpamAssassin::Plugin::Razor2 ------------snip------------------ just a few things, i've tweaked so much over time, it's too much to put in an email but this should get you started. I cannot stress teaching via sa-learn, installing DCC and Razor2 Regards, tickticker Nathan England wrote: >Anyone have any good spamassassin tricks while I'm on the topic? >I have mine set to change the header of anything over a 4.0 but it is very >rare that anything is given over a 4.0. Even spam will only get a few points >over a 4.0 > >What are people doing to get a 20.0 as some tutorials say to set it at? > > -- Transforming Intelligent Construct Keen on Thorough Infiltration, Ceaseless Killing and Efficient Repair