Re: [qmailtoaster] ****SPAM****

Wed, 11 Jun 2008 00:03:18 -0700 

Eric Shubert wrote:

Kisakye ALex wrote:

Hello,
Am getting alot of spam mail these days into my toaster am running
spamdyke at the front and yes spam assassin is on. Funny that a couple
of weeks ago spam had tremendously gone down when I implemented
spamdyke. On some of the messages that are tagged spam, the actual email
is blank?? is spam assassin  wiping out the content??

Any help is welcome...
thanks

ALex



Kinda hard to tell much from what you've said so far.
What distro/toaster versions ?
Contents of:
/etc/spamdyke/spamdyke.conf ?
/etc/mail/spamassassin/local.cf ?
/var/qmail/control/simcontrol ?
Sample of spam log ?

Anything else you'd like to share which might provide a hint, like the
contents of the headers of one of the blank spams?


Thanks Eric, sorry for the shallow info

Am running CentOS 4 toaster version is
--
#rpm -qa | grep toaster
libdomainkeys-toaster-0.68-1.3.3
courier-authlib-toaster-0.59.2-1.3.6
ezmlm-toaster-0.53.324-1.3.3
maildrop-toaster-2.0.3-1.3.5
squirrelmail-toaster-1.4.13-1.3.9
simscan-toaster-1.3.1-1.3.6
daemontools-toaster-0.76-1.3.3
vpopmail-toaster-5.4.17-1.3.4
libsrs2-toaster-1.0.18-1.3.3
qmail-pop3d-toaster-1.03-1.3.15
courier-imap-toaster-4.1.2-1.3.7
control-panel-toaster-0.5-1.3.4
ezmlm-cgi-toaster-0.53.324-1.3.3
qmailmrtg-toaster-4.2-1.3.3
maildrop-toaster-devel-2.0.3-1.3.5
vqadmin-toaster-2.3.4-1.3.3
spamassassin-toaster-3.2.4-1.3.13
ripmime-toaster-1.4.0.6-1.3.3
qmailtoaster-plus.repo-0.1-1
ucspi-tcp-toaster-0.88-1.3.5
qmail-toaster-1.03-1.3.15
autorespond-toaster-2.0.4-1.3.3
qmailadmin-toaster-1.2.11-1.3.4
isoqlog-toaster-2.1-1.3.4
clamav-toaster-0.93-1.3.18
qmailtoaster-plus-0.3.0-1.4.4
--

spamdyke.conf
--
#check-dnsrbl=zombie.dnsbl.sorbs.net
#check-dnsrbl=dul.dnsbl.sorbs.net
#check-dnsrbl=bogons.cymru.com
check-dnsrbl=zen.spamhaus.org
check-dnsrbl=bl.spamcop.net
check-dnsrbl=list.dsbl.org
graylist-dir=/var/spamdyke/graylist
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
local-domains-file=/var/qmail/control/rcpthosts
log-level=2
log-target=0
max-recipients=5
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
----

contents of

/etc/mail/spamassassin/local.cf

ok_locales all
skip_rbl_checks 1

required_score 5
report_safe 0
rewrite_header Subject ***SPAM***

use_pyzor 1

use_auto_whitelist 1

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
--
contents of /var/qmail/control/simcontrol 

:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
---

And this is a header from one of the emails


From:   - Tue Jun 10 13:53:15 2008
X-Account-Key:  account2
X-UIDL:         1213094543.26404.abram.domain.com,S=1345
X-Mozilla-Status:       0001
X-Mozilla-Status2:      00000000
X-Mozilla-Keys:         
Return-Path:    <[EMAIL PROTECTED]>
Delivered-To:   [EMAIL PROTECTED]
Received:       (qmail 26402 invoked by uid 89); 10 Jun 2008 10:42:23 -0000
Received: by simscan 1.3.1 ppid: 26302, pid: 26343, t: 60.5942s scanners: attach: 1.3.1 clamav: 0.93 
/m:     46/d:7046 spam: 3.2.4
X-Spam-Flag:    YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on abram.domain.com 
X-Spam-Level:   ********
X-Spam-Status: Yes, score=9.0 required=5.0 tests=EMPTY_MESSAGE,MISSING_DATE, MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE, TVD_SPACE_RATIO autolearn=no version=3.2.4 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 0.0 MISSING_DATE Missing Date: header * 2.5 MISSING_HB_SEP Missing blank line between message header and body * 1.6 MISSING_HEADERS Missing To: header * 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO * 1.3 MISSING_SUBJECT Missing Subject: header * 0.6 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS Received: from unknown (HELO ole.kenic.or.ke) (198.32.67.19) by abram.domain.com with SMTP; 10 Jun 2008 10:41:22 -0000 Received-SPF: none (abram.domain.com: domain at my.co.ke does not designate permitted sender hosts) 
Subject:        ***SPAM***
X-Spam-Prev-Subject:    (nonexistent)



thanks


ALex




---------------------------------------------------------------------
    QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to