lots of spam getting through lately???

rmackay

Well-Known Member
Nov 26, 2002
75
0
156
Hello, I have noticed a LOT of spam getting through lately and when I look at a header, it doesn't look like very many tests are being run. The only thing that was done recently was the update to 3.1.7.

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
server3
X-Spam-Level: ****
X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_00,URIBL_JP_SURBL,
URIBL_OB_SURBL autolearn=no version=3.1.7


Are there any checks I can run or things I can enable here?

Thanks in advance.
 

Jeff-C

Well-Known Member
Mar 16, 2004
116
1
166
same here - huge increase in spam getting past spamassassin

Same here - over the past month I've noticed a huge increase in spam getting past spamassassin. My 5 personal accounts on different sites have gone from around 10 spams per day to around 250 spams per day making it past spamassassin. These are mostly stock alert spams either using simple text that doesn't look overly spammy or else an image at the top and then random quoted text below.
 

Lyttek

Well-Known Member
Jan 2, 2004
775
5
168
I had similar problems... using MailScanner. Had to wipe and start over with the Bayes database. Since then, spam slipping through has dropped down to about 2-5%.
 

mctDarren

Well-Known Member
Jan 6, 2004
665
9
168
New Jersey
cPanel Access Level
Root Administrator
Yep, same here. We wiped Bayes database (MailScanner) and wrote up our own local.cf rules to keep out that targeted spam to certain boxes. It's a never ending uphill climb, and my legs are extremely weary....
 

HappymanUK

Well-Known Member
May 3, 2003
255
1
168
Yep, same here. We wiped Bayes database (MailScanner) and wrote up our own local.cf rules to keep out that targeted spam to certain boxes. It's a never ending uphill climb, and my legs are extremely weary....
I'm experiencing similar problems. What did you do to 'wipe' the Bayes database and rebuild ?

Thanks
Daniel
 

brendanrtg

Well-Known Member
Oct 4, 2006
311
0
166
Most of the irritating spams nowadays comes with graphical attachments.

Anyone know of any script or ideas as to how we can DISABLE attachments in emails? The RECEIVING END, of course.
 

Solokron

Well-Known Member
Aug 8, 2003
852
2
168
Seattle
cPanel Access Level
DataCenter Provider
That and the body text "Quote: "

Where would be the best place to add a rule to bump up the spamassassin score on any email including such in the body text?

Most of the irritating spams nowadays comes with graphical attachments.

Anyone know of any script or ideas as to how we can DISABLE attachments in emails? The RECEIVING END, of course.
 

ryno267

Well-Known Member
Mar 3, 2004
212
0
166
Chandler, AZ
cPanel Access Level
Root Administrator
That and the body text "Quote: "

Where would be the best place to add a rule to bump up the spamassassin score on any email including such in the body text?
Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as::

"Current price:"
"Currently:"
"Projected:"
"i hope this is your e-mail"
and added this one too:

$h_X-Spam-Status: begins "Yes"
 

Solokron

Well-Known Member
Aug 8, 2003
852
2
168
Seattle
cPanel Access Level
DataCenter Provider
I'd prefer to bump up the spamassassin score globally on the server.

Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as::



and added this one too:
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as
Sounds good idea; but there is nothing like a very good set of SA rules. We implemented about 15 SA rules to purge SPAM, especially Image Spam. So far, the rules we installed kill 98% of the SPAM. I have never seen such an increase of SPAM like this year. It is NUTS.
 

jamesbond

Well-Known Member
Oct 9, 2002
737
1
168
I decided to disable the BAYES system to see if that improves the situation. I noticed that most of the spam that slipped through has negative BAYES_00 or BAYES_10 scores, thus lowering the total score.
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Sounds good idea; but there is nothing like a very good set of SA rules. We implemented about 15 SA rules to purge SPAM, especially Image Spam. So far, the rules we installed kill 98% of the SPAM. I have never seen such an increase of SPAM like this year. It is NUTS.
If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far :)

Mickalo
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far :)
It is next to impossible to eliminate SPAM 100% of the time. As you may know, spammers are smart and adapt quickly to the new changes in technology. Over the years we have been in business, we collected and created many SA rules that we continue to modify to keep pace with spammers' innovations and fight back. It is a work in progress.
 

Ashley-P

Member
Jun 4, 2006
10
0
151
I noticed a spam problem on Monday when I started getting phonecalls before I even got to work, it just seemed odd how things had changed so quickly (see munin graphs) Turned out some of my exim conf got removed after a cp update!

For some good info have a look here for a howto (if you havn't seen it before)

Spam+Virus Protection for cPanel server using
Exim+Exiscan+Clamav+RBL+Spamassassin+SARE+Razor+DCC

http://www.rvskin.com/index.php?page=public/antispam


Ash
 

Attachments

justhost

Well-Known Member
Sep 2, 2003
108
0
166
Halifax, Nova Scotia
If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far :)

Mickalo
How do you implement this Image Spam rule when using MailScanner? We are getting absoltely SMASHED with these new image spam messages over the past few days. I desperately need to get this curbed.

If you have other Rule Suggestions please let me know also.

Thank you.
 

gupi

Well-Known Member
Apr 27, 2004
125
0
166
Well, from my personal experience, I can state that a pretty big bayes database (over 27k spam, about 9k ham), is a good help, even in image-based spam.

So I've raised the bayes score to 6 (in a 12 point scale, as indicated in the RVSkin antispam tutorial), and added the subject tagging to all messages over this score. So, 99.9% of the spam that PASSES the global SA, is tagged as suspicious and can be filtered on client side.

Until now, no 'good' messages were deleted, though a few were tagged as spam, until bayes filter were re-trained.