mohit

Well-Known Member
Jul 12, 2005
553
0
166
Sticky On Internet
Re:

hi,
Iam also just being Spanked by my clients for this STUPID STUPID image based SPAM,

these spammers also include a new unique junk text which makes it hard to filter it based on words, phrases.

Iam sure many people here must be having these issues.


any Ideas ??


See ya,
mohit
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
I can't recommend enough the MailScanner set up offered by Chirpy and Sarah over at Way To The Web. I find Sarah to be one of the friendliest and most helpful admins around. Their set up works very, very well. Check out http://www.configserver.com/cp/mailscanner.html for more info

For some things I have had to add my own tweaks. Most notably rules in SpamAssassin that help for the targeted spam some of my clients are innundated with. For image spam you can go with some of the OCR solutions, check out the Fuzzy OCR plugin - http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
 

Xdred

Member
Jun 9, 2005
9
0
151
I am also running the MailScanner package provided by configserver. We are blocking nearly 100% of the image spam using sare rules for spamassian in combination with modified scores and a few custom local rulesets. Also running select RBLs in exim blocks a lot of the stuff. Take a look at Fred's rules on rulesemporium. This guy has some of the best rules I've seen. So to sum it up using all of the above and maintaning a well trained Bayes database does the trick.

Xdred
 

justhost

Well-Known Member
Sep 2, 2003
108
0
166
Halifax, Nova Scotia
I am also running the MailScanner package provided by configserver. We are blocking nearly 100% of the image spam using sare rules for spamassian in combination with modified scores and a few custom local rulesets. Also running select RBLs in exim blocks a lot of the stuff. Take a look at Fred's rules on rulesemporium. This guy has some of the best rules I've seen. So to sum it up using all of the above and maintaning a well trained Bayes database does the trick.

Xdred
Xdred

Do you mind letting me know what sare rules you have implemented and how you implement them? We too have configserver's MailScanner package but are getting slammed with this image spam.

Thanks a bunch.
 

wa4fat

Well-Known Member
Dec 30, 2001
51
1
308
Effective image spam strategy

I've found the imageinfo Spamassassin plugin to be highly effective in flagging almost all of those insidious image spam emails.

For those who may be unfamiliar, here's how to install it.

- Shell into your Spamassassin directory (mine is located here: /etc/mail/spamassassin)
- type: wget http://www.rulesemporium.com/plugins/ImageInfo.pm
- type: wget http://www.rulesemporium.com/plugins/imageinfo.cf

(This downloads the ImageInfo.pm and imageinfo.cf files from the excellent Rules Emporium site.)

- Next, you'll need to edit the Spamassassin initialization file, init.pre, located in your spamasassin directory, so:

type: edit init.pre (or use your editor of choice) and add the following:

loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pm

You'll need to change the path to ImageInfo.pm if yours is located somewhere else, and be sure this statement is on a single line.

To finish, you'll want to restart EXIM. (If you run the fine MailScanner software from the ConfigServer folks, be sure to restart it as well.)

Further info: Depending on your particular SpamAssassin scoring scheme, you may wish to tweak some of the imageinfo scores. I bumped up the score for DC_IMG_HTML_RATIO and DC_IMG_TEXT_RATIO to 1.25 from their default 1.0

To add a custom score like this, you simply add the following to your local.cf file

score DC_IMG_HTML_RATIO 1.25
score DC_IMG_TEXT_RATIO 1.25

Oh, and I gather you're already running one of more RBLs ... but you'll also want to use RAZOR (http://razor.sourceforge.net/) which is already part of the MailScanner package available here: http://www.configserver.com/

Finally, if anyone is interested, I'd be happy to share my other SpamAssassin scoring tweaks ... but you'll find using imageinfo a wonderful weapon on its own.

Now if we could only educate the public to never, EVER, buy from spammers ... sigh.

Good luck! -- Bill
 
  • Like
Reactions: MaraBlue