The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam in image format

Discussion in 'General Discussion' started by konrath, Aug 30, 2006.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil

    Attached Files:

  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    Re:

    hi,
    Iam also just being Spanked by my clients for this STUPID STUPID image based SPAM,

    these spammers also include a new unique junk text which makes it hard to filter it based on words, phrases.

    Iam sure many people here must be having these issues.


    any Ideas ??


    See ya,
    mohit
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I can't recommend enough the MailScanner set up offered by Chirpy and Sarah over at Way To The Web. I find Sarah to be one of the friendliest and most helpful admins around. Their set up works very, very well. Check out http://www.configserver.com/cp/mailscanner.html for more info

    For some things I have had to add my own tweaks. Most notably rules in SpamAssassin that help for the targeted spam some of my clients are innundated with. For image spam you can go with some of the OCR solutions, check out the Fuzzy OCR plugin - http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
     
  4. Xdred

    Xdred Member

    Joined:
    Jun 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I am also running the MailScanner package provided by configserver. We are blocking nearly 100% of the image spam using sare rules for spamassian in combination with modified scores and a few custom local rulesets. Also running select RBLs in exim blocks a lot of the stuff. Take a look at Fred's rules on rulesemporium. This guy has some of the best rules I've seen. So to sum it up using all of the above and maintaning a well trained Bayes database does the trick.

    Xdred
     
  5. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    Xdred

    Do you mind letting me know what sare rules you have implemented and how you implement them? We too have configserver's MailScanner package but are getting slammed with this image spam.

    Thanks a bunch.
     
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
  7. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Back in August I was using fuzzyOCR, I have since switched to ImageInfo and SARE stock rules to combat this and it is working well for us so far.
     
  8. wa4fat

    wa4fat Well-Known Member

    Joined:
    Dec 30, 2001
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Effective image spam strategy

    I've found the imageinfo Spamassassin plugin to be highly effective in flagging almost all of those insidious image spam emails.

    For those who may be unfamiliar, here's how to install it.

    - Shell into your Spamassassin directory (mine is located here: /etc/mail/spamassassin)
    - type: wget http://www.rulesemporium.com/plugins/ImageInfo.pm
    - type: wget http://www.rulesemporium.com/plugins/imageinfo.cf

    (This downloads the ImageInfo.pm and imageinfo.cf files from the excellent Rules Emporium site.)

    - Next, you'll need to edit the Spamassassin initialization file, init.pre, located in your spamasassin directory, so:

    type: edit init.pre (or use your editor of choice) and add the following:

    loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pm

    You'll need to change the path to ImageInfo.pm if yours is located somewhere else, and be sure this statement is on a single line.

    To finish, you'll want to restart EXIM. (If you run the fine MailScanner software from the ConfigServer folks, be sure to restart it as well.)

    Further info: Depending on your particular SpamAssassin scoring scheme, you may wish to tweak some of the imageinfo scores. I bumped up the score for DC_IMG_HTML_RATIO and DC_IMG_TEXT_RATIO to 1.25 from their default 1.0

    To add a custom score like this, you simply add the following to your local.cf file

    score DC_IMG_HTML_RATIO 1.25
    score DC_IMG_TEXT_RATIO 1.25

    Oh, and I gather you're already running one of more RBLs ... but you'll also want to use RAZOR (http://razor.sourceforge.net/) which is already part of the MailScanner package available here: http://www.configserver.com/

    Finally, if anyone is interested, I'd be happy to share my other SpamAssassin scoring tweaks ... but you'll find using imageinfo a wonderful weapon on its own.

    Now if we could only educate the public to never, EVER, buy from spammers ... sigh.

    Good luck! -- Bill
     
    MaraBlue likes this.
Loading...

Share This Page