alexalmazan.com

Plesk Spamassassin permits the establishment of ‘personal settings’ for individual configured mail users. Problems arise as the default configure ‘required_score’ value for calssifying spam defaults to ‘7’. This is a quick means of changing the score for all hosted mail users from 7.00 to 4.00:

Get to the SQL CLI as the Plesk admin user and inspect the current established settings

[root@server1 log]# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7578332 to server version: 4.0.18-Max

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select * from spamfilter_preferences where preference='required_score';

This should display all user settings. You may have to issue something similar to the following query to get those with a score of 4.00 or higher

mysql> select * from spamfilter_preferences where preference='required_score'&& value != '4.00';

Use an update statement to change the values in the database table

mysql>  update spamfilter_preferences set value='4.00' where value='7.00';

It is also adviseable to set spamassassin to reject messages tagged as spam. To do so, issue the following via the SQL cli.

mysql>update spamfilter set reject_spam='true' where reject_spam='false';

Once this is all in place, you must use ‘mchk’ to re-issue the .qmail files

[root@server1 log]#/usr/local/psa/admin/bin/mchk --with-spam

Once this is finished, issue

[root@server1 log]#service qmail restart && service psa-spamassassin restart && service xinetd restart && service courier-imap restart 

The scores should now be at the value selected.

These handy bits of one line foo are straight from one of the smartest and strangest admins I have had the pleaure of meeting. He is always crafting these sort of tools for use.

Tally of who failed SMTP Auth login:

grep "smtp_auth: .* connect from" /var/log/messages | awk '{print $2"/"$1"/2007:"$3"\t"$9"\t"$10}' | sed -e "s/\[//g" -e "s/\]//g" 

And their IPs

grep "smtp_auth: SMTP connect from" /var/log/messages | awk '{print $10}' | sed -e "s/\[//g" -e "s/\]//g" | sort -n | uniq -c | sort -nr | head -20

Tally of who succeeded SMTP Auth login:

grep "smtp_auth: smtp_auth: SMTP user " /var/log/messages | grep "logged in from " | awk '{print $2"/"$1"/2007:"$3"\t"$9"\t"$16}' | sed -e "s/\[//g" -e "s/\]//g" 

And their IPs

grep "smtp_auth: smtp_auth: SMTP user " /var/log/messages | grep "logged in from " | awk '{print $16}' | sed -e "s/\[//g" -e "s/\]//g" | sort -n | uniq -c | sort -nr | head -20