The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is Apache SpamAssassin even relevant against todays modern spam techniques?

Discussion in 'E-mail Discussions' started by 20GT, Jul 23, 2014.

  1. 20GT

    20GT Member

    Joined:
    Jul 15, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I ask this because my spam is getting a -19 spam score.

    X-Spam-Status: No, score=-2.0
    X-Spam-Score: -19
    X-Spam-Bar: --

    The spam is using massive amounts of different unicodes characters to avoid account level filtering
    It is also using white text on a white background.

    seems impervious to Spamassassin.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you have root access to this server? If so, you may want to look into adding some custom SpamAssassin or system filter rules to block this particular type of email.

    Thank you.
     
  3. 20GT

    20GT Member

    Joined:
    Jul 15, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Yes I do have root access. Could you help me configure according to this header (my mail edited for security)

    Code:
    Return-path: <garcinia_cambogia-temp1=<MyDomain>.us@domain.net>
    Envelope-to: [email]temp1@<MyDomain>.us[/email]
    Delivery-date: Wed, 23 Jul 2014 15:15:00 -0500
    Received: from deal.domain.net ([23.252.106.120]:44303)
    	by host113.kvchosting.com with esmtp (Exim 4.80.1)
    	(envelope-from <garcinia_cambogia-temp1=<MyDomain>.us@domain.net>)
    	id 1XA2wA-001gT3-T6
    	for [email]temp1@<MyDomain>.us[/email]; Wed, 23 Jul 2014 15:15:00 -0500
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=domain.net;
     h=Mime-Version:Content-Type:Message-Id:Date:From:To:Subject; i=garcinia-cambogia@domain.net;
     bh=NtrxuemOgKmDbLQeFRnfDo/DOks=;
     b=YoekIKLODTCzn+lLJKqQZtbY99SQqbNzqH5I31LlsqR55AMKpgFIoIFIg2wIcn
       VhTJewWkMBz+TR/bChHCLvCvYdj2xA3NthtsRBAu1DioK545EOTkdUfiLbgS68W/64X8JVLVY/iF
       7H/JubuqnWRdQz21BxY=
    Received: by deal.domain.net id hq0brk0001gu for <temp1@<MyDomain>.us>; Wed, 23 Jul 2014 20:14:20 +0000 (envelope-from <garcinia_cambogia-temp1=<MyDomain>.us@domain.net>)
    Mime-Version: 1.0
    Content-Type: multipart/alternative; boundary="b18c-72bd-7de2-4ae9-6fa8-3ae9-3c8a-a0db"
    Message-Id: <bd0aa8c39ea38af69ea42ed7db27c81b.3a11c0a1bcac8cb1@buddybuzz.net>
    Date: Wed, 23 Jul 2014 20:14:20 +0000
    From: Garcinia Cambogia<garcinia-cambogia@domain.net>
    To: [email]temp1@<MyDomain>.us[/email]
    Subject: =?utf-8?B?RldEOkxvc2UgeW91ciBiZWxseSBmYXQgZm9yIGdvb2Qh?=..
    X-Spam-Status: No, score=-2.0
    X-Spam-Score: -19
    X-Spam-Bar: --
    X-Ham-Report: Spam detection software, running on the system "host113.server.com", has
     identified this incoming email as possible spam.  The original message
     has been attached to this so you can view it (if it isn't spam) or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
     
     
     Content analysis details:   (-2.0 points, 5.0 required)
     
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
     -0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
     -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                                 [score: 0.0000]
      0.0 HTML_MESSAGE           BODY: HTML included in message
     -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                                 domain
     -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
      0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
    X-Spam-Flag: NO
     
    #3 20GT, Jul 24, 2014
    Last edited by a moderator: Jul 24, 2014
  4. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    262
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    At minimum you can add *@domain.net to you spamassassin blacklist or set an account level filter to discard emails with the from containing domain.net
     
  5. 20GT

    20GT Member

    Joined:
    Jul 15, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I think I would be constantly chasing them very few are the same

    Code:
    Return-path: <pointofsale-temp1=<Removed>.us@doimain.com>
    Envelope-to: temp1@<Removed>.us
    Delivery-date: Thu, 24 Jul 2014 13:56:37 -0500
    Received: from value.doimain.com ([5.135.47.45]:60701)
    
    	by host113.server.com with esmtp (Exim 4.80.1)
    
    	(envelope-from <pointofsale-temp1=<Removed>.us@doimain.com>)
    	id 1XAOBt-0002lc-Sx
    	for temp1@<Removed>.us; Thu, 24 Jul 2014 13:56:37 -0500
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=doimain.com;
     h=Content-Type:MIME-Version:From:To:Subject:Message-ID:References:In-Reply-To:Date; i=pointofsale@doimain.com;
     bh=ggY7OIaNlEuBVTjC1t8JbxfltOA=;
     b=sNDxOCgTDuybMGuCD4Pm2f5/FpD/pqnXsbMsn0hSHZzNL0veTVzr9+yfLbtexAZAzumV1/sFjWIk
       b2dy4gycMyqCRxIachja5CwkWsn4o2y4FN7HEkjarqXNm1Or7T5ZA2Epez44wE8j3OghhmZwUSTh
       1ESs/Nt/Dcr0WDWnxhs=
    Content-Type: multipart/alternative;
    	boundary="===============6058696209973185747=="
    MIME-Version: 1.0
    From: Point of Sale <pointofsale@doimain.com>
    To: temp1@<Removed>.us
    Subject: Point of sale. Organize your retail business.
    Message-ID: <bd0aa8c39ea38af69ea42ed7db27c81b@doimain.com>
    Thread-Topic: Point of sale. Organize your retail business.
    References: <bd0aa8c39ea38af69ea42ed7db27c81b@doimain.com>
    In-Reply-To: <bd0aa8c39ea38af69ea42ed7db27c81b@doimain.com>
    Date: Thu, 24 Jul 2014 18:56:27 +0000
    X-Spam-Status: No, score=-2.0
    X-Spam-Score: -19
    X-Spam-Bar: --
    X-Ham-Report: Spam detection software, running on the system "host113.server.com", has
     identified this incoming email as possible spam.  The original message
     has been attached to this so you can view it (if it isn't spam) or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
    
     
     Content analysis details:   (-2.0 points, 5.0 required)
     
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
     -0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
     -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                                 [score: 0.0000]
      0.0 HTML_MESSAGE           BODY: HTML included in message
     -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                                 domain
     -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
      0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
    X-Spam-Flag: NO
    
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. 20GT

    20GT Member

    Joined:
    Jul 15, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I will use anything I can. how do i set up a subject filter?
    subjects.jpg
     
    #7 20GT, Jul 24, 2014
    Last edited: Jul 25, 2014
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could setup an "Account Level Filter" in cPanel where if the subject has a certain word or character and the SPAM score is a certain level, then the message is discarded.

    Thank you.
     
  9. 20GT

    20GT Member

    Joined:
    Jul 15, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hmmm I can try that, as the spammer massively tricks the SA into thinking it is not spam and gives it a score of -2. Ever since my SA is now writing in the headers correctly the lowest legitimate email has been a -1.5. that is cutting it close.
    if not for the spammer being over zealous of making sure his letters get thru and getting a score of -2
    if they easy up a bit maybe going for a score of 0. account level filtering will no longer work.
    I didn't see an option to rewrite the subject header to insert Q34543 my individual spam header identifier so my email program can filter it to a spam folder i can check.

    Now I'm sorry for going on a tangent and trying to solve my own spam problems first, but back to the original posted question.

    Is Apache SpamAssassin even relevant against todays modern spam techniques? I would say NO
    since it is giving it a score of -2
    Is they no way to modify what SA looks for, such as
    1. white text on white background
    1. multiple uses of unicode fonts

    Thanks Mike for all your help
    PS is there a forum that you know of dedicated to SA
     
  10. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I've found that Spam Assassin is not good enough any more. Within the last few months, the number of customers complaining about the level of spam arriving in their inboxes has increased dramatically. When I look at the emails myself, I'm astounded at how they managed to get past Spam Assassin.

    I've considered switching to MailScanner, via ConfigServer's installation service (see ConfigServer MailScanner Service ), however the disclaimer at the bottom of the page is a bit scary:

    - Scott
     
  11. PDW

    PDW Well-Known Member

    Joined:
    Dec 29, 2003
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    From what I was reading over at Configservers their Mailscanner does still use the same SpamAssasin that Cpanel is using to reject spam. There is a discussion over there about all the spam over the last 3 weeks or so that has been getting through. Same problem for me as well.
     
  12. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    We've been using the CS MS install for more than 10 years with excellent results. Yes it does use SA included with cPanel, but MS itself is infinitely configurable and ConfigServer is proactive about any cPanel related issues. The MailWatch interface included with their implementation of MS has proven invaluable.

    The disclaimer related to cPanel is SOP in cases where 3rd party software is used in conjunction with a proprietary control panel.
     
    Infopro and sneader like this.
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    @sawbuck, agreed.
     
Loading...

Share This Page