Is Apache SpamAssassin even relevant against todays modern spam techniques?

20GT

Member
Jul 15, 2014
10
0
1
cPanel Access Level
Website Owner
I ask this because my spam is getting a -19 spam score.

X-Spam-Status: No, score=-2.0
X-Spam-Score: -19
X-Spam-Bar: --

The spam is using massive amounts of different unicodes characters to avoid account level filtering
It is also using white text on a white background.

seems impervious to Spamassassin.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello :)

Do you have root access to this server? If so, you may want to look into adding some custom SpamAssassin or system filter rules to block this particular type of email.

Thank you.
 

20GT

Member
Jul 15, 2014
10
0
1
cPanel Access Level
Website Owner
Yes I do have root access. Could you help me configure according to this header (my mail edited for security)

Code:
Return-path: <garcinia_cambogia-temp1=<MyDomain>[email protected]>
Envelope-to: [email][email protected]<MyDomain>.us[/email]
Delivery-date: Wed, 23 Jul 2014 15:15:00 -0500
Received: from deal.domain.net ([23.252.106.120]:44303)
	by host113.kvchosting.com with esmtp (Exim 4.80.1)
	(envelope-from <garcinia_cambogia-temp1=<MyDomain>[email protected]>)
	id 1XA2wA-001gT3-T6
	for [email][email protected]<MyDomain>.us[/email]; Wed, 23 Jul 2014 15:15:00 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=domain.net;
 h=Mime-Version:Content-Type:Message-Id:Date:From:To:Subject; [email protected];
 bh=NtrxuemOgKmDbLQeFRnfDo/DOks=;
 b=YoekIKLODTCzn+lLJKqQZtbY99SQqbNzqH5I31LlsqR55AMKpgFIoIFIg2wIcn
   VhTJewWkMBz+TR/bChHCLvCvYdj2xA3NthtsRBAu1DioK545EOTkdUfiLbgS68W/64X8JVLVY/iF
   7H/JubuqnWRdQz21BxY=
Received: by deal.domain.net id hq0brk0001gu for <[email protected]<MyDomain>.us>; Wed, 23 Jul 2014 20:14:20 +0000 (envelope-from <garcinia_cambogia-temp1=<MyDomain>[email protected]>)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="b18c-72bd-7de2-4ae9-6fa8-3ae9-3c8a-a0db"
Message-Id: <[email protected]>
Date: Wed, 23 Jul 2014 20:14:20 +0000
From: Garcinia Cambogia<[email protected]>
To: [email][email protected]<MyDomain>.us[/email]
Subject: =?utf-8?B?RldEOkxvc2UgeW91ciBiZWxseSBmYXQgZm9yIGdvb2Qh?=..
X-Spam-Status: No, score=-2.0
X-Spam-Score: -19
X-Spam-Bar: --
X-Ham-Report: Spam detection software, running on the system "host113.server.com", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 
 
 Content analysis details:   (-2.0 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                             domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
X-Spam-Flag: NO
 
Last edited by a moderator:

20GT

Member
Jul 15, 2014
10
0
1
cPanel Access Level
Website Owner
I think I would be constantly chasing them very few are the same

Code:
Return-path: <pointofsale-temp1=<Removed>[email protected]>
Envelope-to: [email protected]<Removed>.us
Delivery-date: Thu, 24 Jul 2014 13:56:37 -0500
Received: from value.doimain.com ([5.135.47.45]:60701)

	by host113.server.com with esmtp (Exim 4.80.1)

	(envelope-from <pointofsale-temp1=<Removed>[email protected]>)
	id 1XAOBt-0002lc-Sx
	for [email protected]<Removed>.us; Thu, 24 Jul 2014 13:56:37 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=doimain.com;
 h=Content-Type:MIME-Version:From:To:Subject:Message-ID:References:In-Reply-To:Date; [email protected];
 bh=ggY7OIaNlEuBVTjC1t8JbxfltOA=;
 b=sNDxOCgTDuybMGuCD4Pm2f5/FpD/pqnXsbMsn0hSHZzNL0veTVzr9+yfLbtexAZAzumV1/sFjWIk
   b2dy4gycMyqCRxIachja5CwkWsn4o2y4FN7HEkjarqXNm1Or7T5ZA2Epez44wE8j3OghhmZwUSTh
   1ESs/Nt/Dcr0WDWnxhs=
Content-Type: multipart/alternative;
	boundary="===============6058696209973185747=="
MIME-Version: 1.0
From: Point of Sale <[email protected]>
To: [email protected]<Removed>.us
Subject: Point of sale. Organize your retail business.
Message-ID: <[email protected]>
Thread-Topic: Point of sale. Organize your retail business.
References: <[email protected]>
In-Reply-To: <[email protected]>
Date: Thu, 24 Jul 2014 18:56:27 +0000
X-Spam-Status: No, score=-2.0
X-Spam-Score: -19
X-Spam-Bar: --
X-Ham-Report: Spam detection software, running on the system "host113.server.com", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 root\@localhost for details.

 
 Content analysis details:   (-2.0 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                             domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
X-Spam-Flag: NO
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Have you considered a subject-based filter? It looks like common SPAM subjects are used in both examples you provided.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
You could setup an "Account Level Filter" in cPanel where if the subject has a certain word or character and the SPAM score is a certain level, then the message is discarded.

Thank you.
 

20GT

Member
Jul 15, 2014
10
0
1
cPanel Access Level
Website Owner
You could setup an "Account Level Filter" in cPanel where if the subject has a certain word or character and the SPAM score is a certain level, then the message is discarded.

Thank you.
Hmmm I can try that, as the spammer massively tricks the SA into thinking it is not spam and gives it a score of -2. Ever since my SA is now writing in the headers correctly the lowest legitimate email has been a -1.5. that is cutting it close.
if not for the spammer being over zealous of making sure his letters get thru and getting a score of -2
if they easy up a bit maybe going for a score of 0. account level filtering will no longer work.
I didn't see an option to rewrite the subject header to insert Q34543 my individual spam header identifier so my email program can filter it to a spam folder i can check.

Now I'm sorry for going on a tangent and trying to solve my own spam problems first, but back to the original posted question.

Is Apache SpamAssassin even relevant against todays modern spam techniques? I would say NO
since it is giving it a score of -2
Is they no way to modify what SA looks for, such as
1. white text on white background
1. multiple uses of unicode fonts

Thanks Mike for all your help
PS is there a forum that you know of dedicated to SA
 

sneader

Well-Known Member
Aug 21, 2003
1,195
67
178
La Crosse, WI
cPanel Access Level
Root Administrator
I've found that Spam Assassin is not good enough any more. Within the last few months, the number of customers complaining about the level of spam arriving in their inboxes has increased dramatically. When I look at the emails myself, I'm astounded at how they managed to get past Spam Assassin.

I've considered switching to MailScanner, via ConfigServer's installation service (see ConfigServer MailScanner Service ), however the disclaimer at the bottom of the page is a bit scary:

Note: cPanel will not provide support for email issues while MailScanner is part of the mail delivery system on a server.
- Scott
 

PDW

Well-Known Member
Dec 29, 2003
138
3
168
From what I was reading over at Configservers their Mailscanner does still use the same SpamAssasin that Cpanel is using to reject spam. There is a discussion over there about all the spam over the last 3 weeks or so that has been getting through. Same problem for me as well.
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
We've been using the CS MS install for more than 10 years with excellent results. Yes it does use SA included with cPanel, but MS itself is infinitely configurable and ConfigServer is proactive about any cPanel related issues. The MailWatch interface included with their implementation of MS has proven invaluable.

The disclaimer related to cPanel is SOP in cases where 3rd party software is used in conjunction with a proprietary control panel.
 
  • Like
Reactions: Infopro and sneader