The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

blocking email that Spam Assassin targets

Discussion in 'E-mail Discussions' started by jimjoe, Dec 2, 2002.

  1. jimjoe

    jimjoe Well-Known Member

    Joined:
    Jan 31, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    I would have thought that you could enable Spam Assassin, and then block any messages that have *****SPAM***** in the subject, since Assassin puts that in the subject. But all those emails are still coming through. Is the blocker not able to filter out *****SPAM***** since it wasn't part of the actual virgin email?

    I noticed Outlook has the same problem. (it doesn't catch about 85% of them).

    Is there any way to block all email that Spam Assassin identifies? If not, what good does it do to tag the email anyway? You still have to delete each and every one.

    Thanks! Jim
     
  2. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Jim,
    I've run into a similar issue. What did was set up a folder SPAM in Outlook Express. Then set up a filter that all mail with the ****SPAM**** in the subject automatically goes into that folder. It is a good idea to do this and occasionally look at that mail. For instance, when my wife sends something from Hotmail (her e-mail comes as html which adds points to the spam factor) without a subject line (again, more points) it counts as SPAM and is flagged. I've had legit mail end up being killed by Spam Assassin...sometimes it isn't the best tool to have in place.
     
  3. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    If you're talking about the on-server filters you can set to block certain headers I believe that they either:
    a. Get used before things get passed through spam assassin.
    b. Don't get used at all when you use spam assassin.

    I'm no good at reading the exim.conf file, but from what I saw it's one of those two above.
     
  4. jimjoe

    jimjoe Well-Known Member

    Joined:
    Jan 31, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Tom,

    I did set up a filter for junk mail for &*****SPAM*****&, but it only catches about 15% of that mail. If i do a test and create an email from scratch with &*****SPAM*****& in the header, outlook WILL filter that. But when it's done by spam assassin, it doesn't recognize most of them.

    I went to the filters.txt folder and added
    Subject contains &*****SPAM*****&

    and then turned junk mail ON.

    Is there another way to handle this better?

    Thanks!
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    You could also put a .filter in the /home/user with the following tag in it.

    $header_subject: contains &*****SPAM*****&

    But you will also need to whitelist the sites you trust that sometimes get trapped as spam or lose them.

    In /etc/mail/spammassassin edit local.cf

    whitelist_from *@domain.com //for example
     
  6. MUTTLEY

    MUTTLEY Registered

    Joined:
    Apr 11, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Seems to me it would be a good idea, as Spam Assasin has a point system, that they should allow you to fully block any email thats over X amount of points. I agree that as the spam does get through and your still required to review each and every one, the point seems kind of lost.

    - Ray
    www.undergroundplanet.com
     
  7. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    I didn't take the time to confirm, but I "think" I remember reading that SpamAssassin puts the number of *'s in the subject according to how many points or hits the message got.

    That way the subject will show that the more *'s in the subject, the "more spammy " the message was.

    I suspect that if your filter is set for a certain number if *'s on each side of "spam" your filters are only catching those messages that had that number of hits. You could look a the ones that are missing your filters and count the *'s and see if there is a difference.

    Like I said, I could be wrong but I think I remember reading this somewhere.
     
  8. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    414
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Not so, at least with the default settings. Perhaps there is a tweak somewhere that does that, which would be helpful.

    But, better yet would be a line somewhere in the SA code which allows you to set a 'high' level to be deleted. So, all email that scores above 10 points can get deleted automatically.
     
  9. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    I found what I remembered reading.

    From: http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html

     
  10. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    414
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Thanks,

    looks like it's back to reading that manual again.

    maybe there's something in there for deleting mail over a certain number also.
     
  11. dbakstad

    dbakstad Member

    Joined:
    Jun 22, 2003
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I am searching for the best alternative for moving email users from a Cobalt Raq to a new platform. Our raq has an integrated version of Spamassassin / MailScanner installed, and provided by vendor solarspeed.net. Users can configure spamassassin settings thru a gui including point value, whitelist, blacklist, defang mime and terse/regular reporting. They also can select how spamassassin treats spam, and choices are: disable the filter, rewrite the header with spam designation "******SPAM******" but still deliver the message, or delete messages which are spam (points exceed the threshhold value). Many of our users delete the spam, and will not accept just tagging it. So, I'm studying these forums to determine if cpanel is a platform that can replace our raq servers. I'm not technical, but thought what I know about the raq implementation of spamassassin might be helpful to those looking for a way to delete the spam.

    The user directory contains the following:

    [root@mail chuck]# ls -al
    total 6
    drwxr-S--x 5 chuck site21 1024 Jun 27 16:29 .
    drwxrwsr-x 4 httpd site21 1024 May 6 09:51 ..
    -rw-r----- 1 chuck site21 49 May 6 11:09 .procmailrc
    drwxr-sr-x 2 chuck site21 1024 Jul 27 15:49 .razor
    drwx--S--- 2 chuck site21 1024 May 6 10:36 .spamassassin

    Folder .spamassassin contains the user_prefs file

    The .procmailrc file only exists for users that have selected the option to have their spam automatically deleted (not delivered to their mailbox). The contents of this file are:

    SHELL=/bin/sh

    :0:
    * ^X-Spam-Flag: YES
    /dev/null

    Hope this is helpful. If anyone has sucessfully implemented this functionality in the cpanel environment, I'd be interested in knowing this.

    Thanks, Dan

    cPanel.net Support Ticket Number:
     
  12. brdweb

    brdweb Registered

    Joined:
    Aug 3, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    You could also just filter the body of the message instead of the subject or header. Just filter the first sentence that spamassasin puts in :)

    cPanel.net Support Ticket Number:
     
  13. parhelic

    parhelic Well-Known Member

    Joined:
    Oct 27, 2002
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    I read through the thread, and I'm not really seeing a clear cut answer to the original question:

    Why is Cpanel's implementation of Spamassassin delivering spam which exceeds the point value and not deleting it?

    We have one customer who received an email flagged as spam by SA with a 46.5 point value and it STILL passed through!? It's clearly lacking the functionality that it was designed to have....


    Return-path: <user@some.server.com>
    Envelope-to: user@some.server.com
    Delivery-date: Fri, 22 Aug 2003 04:15:12 -0500
    Received: from user by some.server.com with local-bsmtp (Exim 4.20)
    id 19q80F-0006Is-DV
    for user@server.com; Fri, 22 Aug 2003 04:15:12 -0500
    Received: from localhost [127.0.0.1] by some.server.com
    with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp);
    Fri, 22 Aug 2003 04:15:12 -0500
    From: "Some Person" <user@domain.com>
    To: <user@domain.com>
    Subject: AVAILABLE REPORTS i xliccrxh wxren
    Date: Fri, 22 Aug 03 07:09:03 GMT
    Message-Id: <78ght-26l6q3g$$4r75dlp2-5-2@6xok.fm4lr>
    X-Spam-Flag: YES
    X-Spam-Status: Yes, hits=3D46.5 required=3D5.5
    tests=3DAS_SEEN_ON,BANG_MONEY,BAYES_80,BULK_EMAIL,CASHCASHCASH,
    COPY_ACCURATELY,EARN_MONEY,EXCUSE_3,FINANCIAL,
    FORGED_MUA_OUTLOOK,HTML_30_40,HTML_FONT_BIG,
    HTML_FONT_COLOR_BLUE,HTML_FONT_COLOR_RED,HTML_SHOUTING5,
    HTML_WITH_BGCOLOR,INITIAL_INVEST,INVALUABLE_MARKETING,JODY,
    MIME_HTML_ONLY,MISSING_MIMEOLE,MLM,NORMAL_HTTP_TO_IP,
    ORDER_REPORT,RCVD_IN_NJABL,RCVD_IN_OPM,REMOVE_PAGE,
    RISK_FREE,SECTION_301,SENT_IN_COMPLIANCE,X_NJABL_OPEN_PROXY
    autolearn=3Dspam version=3D2.55
    X-Spam-Level: **********************************************
    X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
    MIME-Version: 1.0
    Content-Type: multipart/mixed; =
    boundary=3D"----------=3D_3F45DF20.B2A7445E"
    X-Text-Classification: spam
    X-POPFile-Link: =
    <http://127.0.0.1:8080/jump_to_message?view=3Dpopfile56656=3D26.msg>


    :confused:

    cPanel.net Support Ticket Number:
     
  14. brdweb

    brdweb Registered

    Joined:
    Aug 3, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    In answer to your question. It defaults to sending you the mail, but only attaching the original mail to the point summary. If you don't want that to happen, simply change the spamassasin config.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page