Jake Vickers wrote:
List Admin wrote:
My server is just getting slammed with spam. I wanted to see if
anyone could throw out some pointers or perhaps I am missing something.
1. I recently upgrade to the latest version of QTP. I ran
qtp-sa-update. Now when I run it, it just says "Already installed!
Exiting." Am I suppose to be running something else now?
2. I have spambox enabled via QmailAdmin for each mailbox. All
mails marked as spam are sent to this box for each user. That spam is
dealt along with the next step....
3. On a daily basis I have my users forward non-spam to
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> and spam to
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Every morning my script
moves all mail from each users spambox into the same directory as
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. I then run the following
command:
This is my process yet still lots of spam gets through unmarked.
Am I missing something here? I now have fake PDFs coming through
which are also causing problems for users
Can anyone recommend anything on top of what I am doing or perhaps I
am doing something wrong.
Thanks
It takes a while to train the Bayes. Give it a few days. It needs
>200 hams AND spams to function correctly. The more you train it, the
better it will be.
As far as qtp-sa-update. That script installed a cron for you that
will update your Spamassassin rules automatically or you. Nothing else
to do.
Having the users forward the messages to an account like that is "a
bad thing to do" according to the guys on the spamassassin mailing
list. You need to bounce the messages to those address, not forward.
By forwarding, programs like Outlook rewrite the headers, so your
Bayes thinks that the spam messages are being sent from the user that
is sending them. DSpam is supposed to work around this by keeping a
local cache of the original email, and when the user forwards it, it
will look up the original message by a serial number (for lack of a
better way to put it - I'm doing this from memory so bear with
mistakes) and learns from it that way.
Your biggest bangs for your buck are adding blacklists and enabling
SURBL.
The PDF spams are a new addition to the spam world. They've been
going on for several weeks now. The boys over at Rules Emporium have
some rules written specifically for them that work okay, but you need
to ask for access to these rules - they're not open to everyone.
There's also a place to get additional rules for clamav that everyone
on the spamassassin mailing list is saying works really well on those
PDF emails. I have not tried them yet - maybe when things calm down
in a couple weeks here.
Good luck!
For picturespam fuzzyocr seems very effective. Really reccomend it.
Probably takes more juice than other methods, but that seems best way to
nail those stock spam. You should really get the giftext-segfault.patch
since it segfaults alot on centos 64bit 4.5 without it. There are quite
a lot of limits and optimizations you can tune so you don't have to be
all paranoid and save some cpu clocks [http://fuzzyocr.own-hero.net/]
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on sun.xservu.com
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.4 required=5.0 tests=AWL,DATE_IN_FUTURE_12_24,
FUZZY_OCR,HTML_MESSAGE,SUB_HELLO autolearn=unavailable version=3.1.8
X-Spam-Report:
* 1.8 SUB_HELLO Subject starts with "Hello"
* 2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after
Received: date
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 9.0 FUZZY_OCR BODY: Mail contains an image with common spam
text inside
* Words found:
"levitra" in 1 lines
"cialis" in 1 lines
"viagra" in 2
* lines
(6 word occurrences found)
* -0.6 AWL AWL: From: address is in the auto white-list
Right now I'm using calmav PDF spam signatures for 3rd day so I can't
really say what's the state, since I haven't got any PDF spam after
clamav update and i get them only ~3 a week.
[http://www.sanesecurity.co.uk/clamav/usage.htm]. Nice tutorial
[http://www.howtoforge.com/ispconfig_sanesecurity_clamav_debian_ubuntu].
