lots of spam getting through lately???

[rmackay]

Hello, I have noticed a LOT of spam getting through lately and when I look at a header, it doesn't look like very many tests are being run. The only thing that was done recently was the update to 3.1.7.

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
server3
X-Spam-Level: ****
X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_00,URIBL_JP_SURBL,
URIBL_OB_SURBL autolearn=no version=3.1.7


Are there any checks I can run or things I can enable here?

Thanks in advance.

 

[Jeff-C]

same here - huge increase in spam getting past spamassassin

Same here - over the past month I've noticed a huge increase in spam getting past spamassassin. My 5 personal accounts on different sites have gone from around 10 spams per day to around 250 spams per day making it past spamassassin. These are mostly stock alert spams either using simple text that doesn't look overly spammy or else an image at the top and then random quoted text below.

 

[Lyttek]

I had similar problems... using MailScanner. Had to wipe and start over with the Bayes database. Since then, spam slipping through has dropped down to about 2-5%.

 

[mctDarren]

Yep, same here. We wiped Bayes database (MailScanner) and wrote up our own local.cf rules to keep out that targeted spam to certain boxes. It's a never ending uphill climb, and my legs are extremely weary....

 

[HappymanUK]

Yep, same here. We wiped Bayes database (MailScanner) and wrote up our own local.cf rules to keep out that targeted spam to certain boxes. It's a never ending uphill climb, and my legs are extremely weary....

I'm experiencing similar problems. What did you do to 'wipe' the Bayes database and rebuild ?

Thanks
Daniel

 

[brendanrtg]

Most of the irritating spams nowadays comes with graphical attachments.

Anyone know of any script or ideas as to how we can DISABLE attachments in emails? The RECEIVING END, of course.

 

[Lyttek]

I'm experiencing similar problems. What did you do to 'wipe' the Bayes database and rebuild ?

Thanks
Daniel

sa-learn --clear

http://www.die.net/doc/linux/man/man1/sa-learn.1.html

 

[ramprage]

Well i implemented Razor with DCC and rulesemporium based filters, as well as a few custom filters, good as gold now

 

[Solokron]

That and the body text "Quote: "

Where would be the best place to add a rule to bump up the spamassassin score on any email including such in the body text?

Most of the irritating spams nowadays comes with graphical attachments.

Anyone know of any script or ideas as to how we can DISABLE attachments in emails? The RECEIVING END, of course.

 

[ryno267]

That and the body text "Quote: "

Where would be the best place to add a rule to bump up the spamassassin score on any email including such in the body text?

Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as::

"Current price:"
"Currently:"
"Projected:"
"i hope this is your e-mail"

and added this one too:

$h_X-Spam-Status: begins "Yes"

 

[Solokron]

I'd prefer to bump up the spamassassin score globally on the server.

Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as::



and added this one too:

 

[AndyReed]

Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as

Sounds good idea; but there is nothing like a very good set of SA rules. We implemented about 15 SA rules to purge SPAM, especially Image Spam. So far, the rules we installed kill 98% of the SPAM. I have never seen such an increase of SPAM like this year. It is NUTS.

 

[mctDarren]

I have never seen such an increase of SPAM like this year. It is NUTS.

Agreed. Image spam especially. And the stuff that slips through is so hilariously unreadable you have to wonder why they tried it in the first place.

 

[jamesbond]

I decided to disable the BAYES system to see if that improves the situation. I noticed that most of the spam that slipped through has negative BAYES_00 or BAYES_10 scores, thus lowering the total score.

 

[mickalo]

Sounds good idea; but there is nothing like a very good set of SA rules. We implemented about 15 SA rules to purge SPAM, especially Image Spam. So far, the rules we installed kill 98% of the SPAM. I have never seen such an increase of SPAM like this year. It is NUTS.

If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far

Mickalo

 

[AndyReed]

If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far

It is next to impossible to eliminate SPAM 100% of the time. As you may know, spammers are smart and adapt quickly to the new changes in technology. Over the years we have been in business, we collected and created many SA rules that we continue to modify to keep pace with spammers' innovations and fight back. It is a work in progress.

 

[Ashley-P]

I noticed a spam problem on Monday when I started getting phonecalls before I even got to work, it just seemed odd how things had changed so quickly (see munin graphs) Turned out some of my exim conf got removed after a cp update!

For some good info have a look here for a howto (if you havn't seen it before)

Spam+Virus Protection for cPanel server using
Exim+Exiscan+Clamav+RBL+Spamassassin+SARE+Razor+DCC

http://www.rvskin.com/index.php?page=public/antispam


Ash

 

[justhost]

If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far

Mickalo

How do you implement this Image Spam rule when using MailScanner? We are getting absoltely SMASHED with these new image spam messages over the past few days. I desperately need to get this curbed.

If you have other Rule Suggestions please let me know also.

Thank you.

 

[gupi]

Well, from my personal experience, I can state that a pretty big bayes database (over 27k spam, about 9k ham), is a good help, even in image-based spam.

So I've raised the bayes score to 6 (in a 12 point scale, as indicated in the RVSkin antispam tutorial), and added the subject tagging to all messages over this score. So, 99.9% of the spam that PASSES the global SA, is tagged as suspicious and can be filtered on client side.

Until now, no 'good' messages were deleted, though a few were tagged as spam, until bayes filter were re-trained.

 

[Guile]

Has anyone tried this plugin for SA?

Plugin that provides the ability to write SA rules based on number of images and size of images in an email.
http://www.rulesemporium.com/plugins.htm#imageinfo