The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

lots of spam getting through lately???

Discussion in 'General Discussion' started by rmackay, Nov 8, 2006.

  1. rmackay

    rmackay Well-Known Member

    Joined:
    Nov 26, 2002
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Hello, I have noticed a LOT of spam getting through lately and when I look at a header, it doesn't look like very many tests are being run. The only thing that was done recently was the update to 3.1.7.

    X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
    server3
    X-Spam-Level: ****
    X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_00,URIBL_JP_SURBL,
    URIBL_OB_SURBL autolearn=no version=3.1.7


    Are there any checks I can run or things I can enable here?

    Thanks in advance.
     
  2. Jeff-C

    Jeff-C Well-Known Member

    Joined:
    Mar 16, 2004
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    same here - huge increase in spam getting past spamassassin

    Same here - over the past month I've noticed a huge increase in spam getting past spamassassin. My 5 personal accounts on different sites have gone from around 10 spams per day to around 250 spams per day making it past spamassassin. These are mostly stock alert spams either using simple text that doesn't look overly spammy or else an image at the top and then random quoted text below.
     
  3. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    I had similar problems... using MailScanner. Had to wipe and start over with the Bayes database. Since then, spam slipping through has dropped down to about 2-5%.
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Yep, same here. We wiped Bayes database (MailScanner) and wrote up our own local.cf rules to keep out that targeted spam to certain boxes. It's a never ending uphill climb, and my legs are extremely weary....
     
  5. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    I'm experiencing similar problems. What did you do to 'wipe' the Bayes database and rebuild ?

    Thanks
    Daniel
     
  6. brendanrtg

    brendanrtg Well-Known Member

    Joined:
    Oct 4, 2006
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Most of the irritating spams nowadays comes with graphical attachments.

    Anyone know of any script or ideas as to how we can DISABLE attachments in emails? The RECEIVING END, of course.
     
  7. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
  8. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Well i implemented Razor with DCC and rulesemporium based filters, as well as a few custom filters, good as gold now
     
  9. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    That and the body text "Quote: "

    Where would be the best place to add a rule to bump up the spamassassin score on any email including such in the body text?

     
  10. ryno267

    ryno267 Well-Known Member

    Joined:
    Mar 3, 2004
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chandler, AZ
    cPanel Access Level:
    Root Administrator
    Just go into your cpanel and add an email filter to dump anything in the body that says "Quote:"... i've already setup a few like that such as::

    and added this one too:

     
  11. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    I'd prefer to bump up the spamassassin score globally on the server.

     
  12. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Sounds good idea; but there is nothing like a very good set of SA rules. We implemented about 15 SA rules to purge SPAM, especially Image Spam. So far, the rules we installed kill 98% of the SPAM. I have never seen such an increase of SPAM like this year. It is NUTS.
     
  13. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Agreed. Image spam especially. And the stuff that slips through is so hilariously unreadable you have to wonder why they tried it in the first place.
     
  14. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I decided to disable the BAYES system to see if that improves the situation. I noticed that most of the spam that slipped through has negative BAYES_00 or BAYES_10 scores, thus lowering the total score.
     
  15. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    If I may ask, what new SA rules did you add. We also added the Image Spam, and that has almost elimiated all of it ... so far :)

    Mickalo
     
  16. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is next to impossible to eliminate SPAM 100% of the time. As you may know, spammers are smart and adapt quickly to the new changes in technology. Over the years we have been in business, we collected and created many SA rules that we continue to modify to keep pace with spammers' innovations and fight back. It is a work in progress.
     
  17. Ashley-P

    Ashley-P Member

    Joined:
    Jun 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I noticed a spam problem on Monday when I started getting phonecalls before I even got to work, it just seemed odd how things had changed so quickly (see munin graphs) Turned out some of my exim conf got removed after a cp update!

    For some good info have a look here for a howto (if you havn't seen it before)

    Spam+Virus Protection for cPanel server using
    Exim+Exiscan+Clamav+RBL+Spamassassin+SARE+Razor+DCC

    http://www.rvskin.com/index.php?page=public/antispam


    Ash
     

    Attached Files:

  18. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    How do you implement this Image Spam rule when using MailScanner? We are getting absoltely SMASHED with these new image spam messages over the past few days. I desperately need to get this curbed.

    If you have other Rule Suggestions please let me know also.

    Thank you.
     
  19. gupi

    gupi Well-Known Member

    Joined:
    Apr 27, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    Well, from my personal experience, I can state that a pretty big bayes database (over 27k spam, about 9k ham), is a good help, even in image-based spam.

    So I've raised the bayes score to 6 (in a 12 point scale, as indicated in the RVSkin antispam tutorial), and added the subject tagging to all messages over this score. So, 99.9% of the spam that PASSES the global SA, is tagged as suspicious and can be filtered on client side.

    Until now, no 'good' messages were deleted, though a few were tagged as spam, until bayes filter were re-trained.
     
  20. Guile

    Guile Well-Known Member

    Joined:
    Apr 25, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
Loading...

Share This Page