Re: [qmailtoaster] need help with spam assassin
thanks jake. i have checked the option enable spam detection for users but i do not see a spam folder in their webmail account.i have also followed your video on recompiling the the qmail installation to enable spambox option. any idea why the spam folder is not appearing in the respective users we account?did i do somthing wrong regards nishant amin On Sun, Apr 18, 2010 at 2:56 AM, Jake Vickers j...@qmailtoaster.com wrote: On 04/15/2010 04:32 AM, nishant amin wrote: hi guys i am having a unique situation hear. i have spamdyke up and running and its rejecting a huge amount of spam.i still have some spam comming through (from domains with valid rdns) i have enabled reject-ip-in-cc-rdns in spamdyke.conf. i then setup an email to which all the users who get spam can forward that spam to it.is there a way i can have spam assassin look at the inbox of that specific email account and learn such that such emails do not come in again. NB://somthing i have noticed is that once the users forward spam to that account the headres are some how changed..hence i can to get the original senders details in the headers all i see in the headers is my proxy ip since most users forward spam to me through webmail.. kindly point me in the right direction. The users need to log into webmail and move the spam to their Spam folder. If they forward it, most email clients will mangle the headers and make learning from a message after it's forwarded is useless. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] need help with spam assassin
On 04/19/2010 01:06 AM, nishant amin wrote: thanks jake. i have checked the option enable spam detection for users but i do not see a spam folder in their webmail account.i have also followed your video on recompiling the the qmail installation to enable spambox option. any idea why the spam folder is not appearing in the respective users we account?did i do somthing wrong If the folder does not exist, it will be created when the first qualifying email is received. In other words, it will be created when the first spam message is received for the user that needs to go into the folder. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] need help with spam assassin
On 04/15/2010 04:32 AM, nishant amin wrote: hi guys i am having a unique situation hear. i have spamdyke up and running and its rejecting a huge amount of spam.i still have some spam comming through (from domains with valid rdns) i have enabled reject-ip-in-cc-rdns in spamdyke.conf. i then setup an email to which all the users who get spam can forward that spam to it.is there a way i can have spam assassin look at the inbox of that specific email account and learn such that such emails do not come in again. NB://somthing i have noticed is that once the users forward spam to that account the headres are some how changed..hence i can to get the original senders details in the headers all i see in the headers is my proxy ip since most users forward spam to me through webmail.. kindly point me in the right direction. The users need to log into webmail and move the spam to their Spam folder. If they forward it, most email clients will mangle the headers and make learning from a message after it's forwarded is useless. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] need help with spam assassin
hi guys i am having a unique situation hear. i have spamdyke up and running and its rejecting a huge amount of spam.i still have some spam comming through (from domains with valid rdns) i have enabled reject-ip-in-cc-rdns in spamdyke.conf. i then setup an email to which all the users who get spam can forward that spam to it.is there a way i can have spam assassin look at the inbox of that specific email account and learn such that such emails do not come in again. NB://somthing i have noticed is that once the users forward spam to that account the headres are some how changed..hence i can to get the original senders details in the headers all i see in the headers is my proxy ip since most users forward spam to me through webmail.. kindly point me in the right direction. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Need help with spam
That is the exact mail I am getting. I just downloaded the stock list from rulesemporium. Ran spamassassin -lint and then restarted spamd, Hopefully today I'll see a drop in the number I get :) Ole N.Johansen wrote: Hello, I got the same problem whateverthis spam is. It has been sent as plain text message only. Thanks for any ideas, B/R Ole J Copy of content: --- Symbol: MXXR Current price: Around $0.018 Short Term Target:$0.10 Long Term Target: $0.45 Results from MXXR's latest drilling will be announced very soon. Excitement is building, and the inside word is that the results will exceed expectations! In order to benefit from this lucrative opportunity you need to get in now, before the big news release. There's still time, but not much. The news could be out as early as Tuesday, November 13th. THIS is the one you've been waiting for! Do yourself a favor and make that big score! - On Tue, November 14, 2006 00:56, Jake Vickers wrote: Ryan Gibbons wrote: My server (not just my domain) is getting hit hard with spam related to stock quotes. It is plan text, no links no html, and of course the envlope changes each time. I have go through with sa-learn and try to mark them individually but they are still getting through, some are even being learned as ham b/c they are generated a score of over -3, (*note to self, I might want to bump that up) and very few are being marked anything lower then 3. On overage, it is coming across as zero. Thunderbird sees it has spam, so it is possible to catch these, I just don't know enough about spamassassin to create a rule set to catch it. I use rules de jour and moderate RBL block list. Anybody have any hits, If you want to see the message, let me know and I can put it up here. Look on the rulesemporium website for the stock list, which plugs into Rules du Jour. That should catch them for you. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
I'm not sure about your specific environment, but in my experience the things that helped me the most in blocking spam are: - enable network tests - enable the URIDNSBL plugin (init.pre) - using sa-update with the spamassassin and SARE rule sets. The SARE rules helped the most with stock quote spams. I have most of the other plugins running, as well as having installed Pyzor and FuzzyOCR. I'm pretty happy so far! The one thing I would want is better spam processing performance. If a huge wash of spam hits the server, the server load goes up to 2 or 3 (shouldn't happen on a dual-core 3.2GHz receiving as little mail as we do). Here is the output from the sa-stats program (http://www.rulesemporium.com/programs/sa-stats-1.0.txt) from my server for the past 24 hours: Email: 5034 Autolearn: 417 AvgScore: 12.18 AvgScanTime: 6.02 sec Spam: 3518 Autolearn: 341 AvgScore: 18.24 AvgScanTime: 6.11 sec Ham: 1516 Autolearn:76 AvgScore: -1.89 AvgScanTime: 5.79 sec Time Spent Running SA: 8.41 hours Time Spent Processing Spam:5.97 hours Time Spent Processing Ham: 2.44 hours TOP SPAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 279669.47 79.48 46.24 2URIBL_BLACK 157732.20 44.832.90 3RCVD_IN_SORBS_DUL153030.91 43.491.72 4URIBL_JP_SURBL 138927.59 39.480.00 5RCVD_IN_NJABL_DUL138728.01 39.431.52 6MY_CID_AND_STYLE 136227.10 38.720.13 7SARE_GIF_ATTACH 133527.55 37.953.43 8EXTRA_MPART_TYPE 122924.89 34.931.58 9TVD_FW_GRAPHIC_ID1 120123.86 34.140.00 10PART_CID_STOCK 119723.78 34.030.00 11MY_CID_ARIAL_STYLE 114122.67 32.430.00 12MY_CID_AND_ARIAL2114122.69 32.430.07 13URIBL_OB_SURBL 102720.44 29.190.13 14MIME_HTML_ONLY 100422.77 28.549.37 15SARE_GIF_STOX 96319.19 27.370.20 16URIBL_SC_SURBL93718.63 26.630.07 17HTML_IMAGE_ONLY_2882716.71 23.510.92 18URIBL_WS_SURBL80616.29 22.910.92 19URIBL_SBL 79315.85 22.540.33 20PART_CID_STOCK_LESS 68113.53 19.360.00 -- TOP HAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 70169.47 79.48 46.24 2NO_REAL_NAME 66514.882.39 43.87 3MIME_HTML_ONLY14222.77 28.549.37 4BAYES_00 130 2.740.238.58 5AWL 128 3.060.748.44 6HTML_FONT_BIG 128 9.249.588.44 7SPF_HELO_PASS 59 4.594.893.89 8HTML_IMAGE_RATIO_0253 2.822.533.50 9SARE_UNI 52 1.230.283.43 10SARE_GIF_ATTACH5227.55 37.953.43 11INFO_TLD 50 3.082.983.30 12HTML_TAG_EXIST_TBODY 45 1.150.372.97 13URIBL_BLACK4432.20 44.832.90 14MISSING_HB_SEP 41 1.611.142.70 15USER_IN_WHITELIST 35 0.700.002.31 16UNPARSEABLE_RELAY 35 3.323.752.31 17EMPTY_MESSAGE 32 1.130.712.11 18FORGED_RCVD_HELO 27 3.954.891.78 19RCVD_IN_SORBS_DUL 2630.91 43.491.72 20BAYES_50 26 0.870.511.72 -- Quinn On Mon, 13 Nov 2006 15:24:55 -0600, Ryan Gibbons wrote: My server (not just my domain) is getting hit hard with spam related to stock quotes. It is plan text, no links no html, and of course the envlope changes each time. I have go through with sa-learn and try to mark them individually but they are still getting through, some are even being learned as ham b/c they are
Re: [qmailtoaster] Need help with spam
Ryan Gibbons wrote: My server (not just my domain) is getting hit hard with spam related to stock quotes. It is plan text, no links no html, and of course the envlope changes each time. I have go through with sa-learn and try to mark them individually but they are still getting through, some are even being learned as ham b/c they are generated a score of over -3, (*note to self, I might want to bump that up) and very few are being marked anything lower then 3. On overage, it is coming across as zero. Thunderbird sees it has spam, so it is possible to catch these, I just don't know enough about spamassassin to create a rule set to catch it. I use rules de jour and moderate RBL block list. Anybody have any hits, If you want to see the message, let me know and I can put it up here. Look on the rulesemporium website for the stock list, which plugs into Rules du Jour. That should catch them for you.
Re: [qmailtoaster] Need help with spam
Quinn Comendant wrote: Email: 5034 Autolearn: 417 AvgScore: 12.18 AvgScanTime: 6.02 sec Spam: 3518 Autolearn: 341 AvgScore: 18.24 AvgScanTime: 6.11 sec Ham: 1516 Autolearn:76 AvgScore: -1.89 AvgScanTime: 5.79 sec Time Spent Running SA: 8.41 hours Time Spent Processing Spam:5.97 hours Time Spent Processing Ham: 2.44 hours TOP SPAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 279669.47 79.48 46.24 2URIBL_BLACK 157732.20 44.832.90 3RCVD_IN_SORBS_DUL153030.91 43.491.72 4URIBL_JP_SURBL 138927.59 39.480.00 5RCVD_IN_NJABL_DUL138728.01 39.431.52 6MY_CID_AND_STYLE 136227.10 38.720.13 7SARE_GIF_ATTACH 133527.55 37.953.43 8EXTRA_MPART_TYPE 122924.89 34.931.58 9TVD_FW_GRAPHIC_ID1 120123.86 34.140.00 10PART_CID_STOCK 119723.78 34.030.00 Not to be off-topic Quinn, but did you install SA from source? I thought the sa-stats.pl script couldn't be used since Qmail doesn't use syslog time. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
Jake Vickers wrote: Quinn Comendant wrote: Email: 5034 Autolearn: 417 AvgScore: 12.18 AvgScanTime: 6.02 sec Spam: 3518 Autolearn: 341 AvgScore: 18.24 AvgScanTime: 6.11 sec Ham: 1516 Autolearn:76 AvgScore: -1.89 AvgScanTime: 5.79 sec Time Spent Running SA: 8.41 hours Time Spent Processing Spam:5.97 hours Time Spent Processing Ham: 2.44 hours TOP SPAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 279669.47 79.48 46.24 2URIBL_BLACK 157732.20 44.832.90 3RCVD_IN_SORBS_DUL153030.91 43.491.72 4URIBL_JP_SURBL 138927.59 39.480.00 5RCVD_IN_NJABL_DUL138728.01 39.431.52 6MY_CID_AND_STYLE 136227.10 38.720.13 7SARE_GIF_ATTACH 133527.55 37.953.43 8EXTRA_MPART_TYPE 122924.89 34.931.58 9TVD_FW_GRAPHIC_ID1 120123.86 34.140.00 10PART_CID_STOCK 119723.78 34.030.00 Not to be off-topic Quinn, but did you install SA from source? I thought the sa-stats.pl script couldn't be used since Qmail doesn't use syslog time. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I wouldnt use pyzor .. well if you dont have a busy server you could but if you suddenly have a spam mass maling that could explain a bit of your load I am getting this on model name : Intel(R) Pentium(R) D CPU 3.40GHz Email: 117563 Autolearn: 27505 AvgScore: 8.43 AvgScanTime: 1.90 sec Spam: 70393 Autolearn: 15034 AvgScore: 14.18 AvgScanTime: 1.84 sec Ham: 47170 Autolearn: 12471 AvgScore: -0.16 AvgScanTime: 1.99 sec Time Spent Running SA:62.05 hours Time Spent Processing Spam: 36.04 hours Time Spent Processing Ham:26.01 hours .. you can run stats this way jake perl sa-stats-1.0.pl -l /var/log/qmail/spamd/ -f @400* or -f current whatever you prefer Cheers -P - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
No, it is spamassassin-toaster. I just modified these two lines in sa-stats: if (!defined $LOG_DIR) { $LOG_DIR=/var/log/qmail/spamd } if (!defined $FILE) { $FILE='^current$' } # regex It seems to work though. Quinn On Mon, 13 Nov 2006 19:12:02 -0500, Jake Vickers wrote: Not to be off-topic Quinn, but did you install SA from source? I thought the sa-stats.pl script couldn't be used since Qmail doesn't use syslog time. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
Good to know. I haven't explored to much, but I'll start by setting use_pyzor 0 and seeing if the scan time speeds up. My AvgScanTime is roughly 3x as much as yours. What is your SA configuration? Plugins? local.cf? Why so fast? Q On Tue, 14 Nov 2006 01:21:13 +0100, Philip Nix Guru wrote: Email: 117563 Autolearn: 27505 AvgScore: 8.43 AvgScanTime: 1.90 sec Spam: 70393 Autolearn: 15034 AvgScore: 14.18 AvgScanTime: 1.84 sec Ham: 47170 Autolearn: 12471 AvgScore: -0.16 AvgScanTime: 1.99 sec - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
Cool. I've added it with these changes to the next qmailtoaster-plus release. If anyone's itching for it right away, I can cut a release. Otherwise, I'll wait for a few more changes before cutting v0.2.1. Quinn Comendant wrote: No, it is spamassassin-toaster. I just modified these two lines in sa-stats: if (!defined $LOG_DIR) { $LOG_DIR=/var/log/qmail/spamd } if (!defined $FILE) { $FILE='^current$' } # regex It seems to work though. Quinn On Mon, 13 Nov 2006 19:12:02 -0500, Jake Vickers wrote: Not to be off-topic Quinn, but did you install SA from source? I thought the sa-stats.pl script couldn't be used since Qmail doesn't use syslog time. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
Same plugins with the official init.pre and its 3 plugs enabled v310.pre standard v312.pre standard 1 extra plugin imageinfo (http://www.rulesemporium.com/plugins.htm) no pyzor , no dcc but razor2 a bunch of rules from rules emporium TRUSTED_RULESETS=SARE_REDIRECT_POST300 TRIPWIRE SARE_RANDOM ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_FRAUD SARE_ADULT SARE_GENLSUBJ SARE_HEADER SARE_HTML SARE_STOCKS SARE_OEM and a few extra custom rules (mainly to avoid special words to be considered as spam for some of our customers) That's about it The scan time is usually lower, that's biased coz I had a little issue for 30minutes with the bayes db my average is around AvgScanTime: 1.59 sec AvgScanTime: 1.59 sec AvgScanTime: 1.58 sec -P Quinn Comendant wrote: Good to know. I haven't explored to much, but I'll start by setting use_pyzor 0 and seeing if the scan time speeds up. My AvgScanTime is roughly 3x as much as yours. What is your SA configuration? Plugins? local.cf? Why so fast? Q On Tue, 14 Nov 2006 01:21:13 +0100, Philip Nix Guru wrote: Email: 117563 Autolearn: 27505 AvgScore: 8.43 AvgScanTime: 1.90 sec Spam: 70393 Autolearn: 15034 AvgScore: 14.18 AvgScanTime: 1.84 sec Ham: 47170 Autolearn: 12471 AvgScore: -0.16 AvgScanTime: 1.99 sec - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Need help with spam
Hello, I got the same problem whateverthis spam is. It has been sent as plain text message only. Thanks for any ideas, B/R Ole J Copy of content: --- Symbol: MXXR Current price: Around $0.018 Short Term Target:$0.10 Long Term Target: $0.45 Results from MXXR's latest drilling will be announced very soon. Excitement is building, and the inside word is that the results will exceed expectations! In order to benefit from this lucrative opportunity you need to get in now, before the big news release. There's still time, but not much. The news could be out as early as Tuesday, November 13th. THIS is the one you've been waiting for! Do yourself a favor and make that big score! - On Tue, November 14, 2006 00:56, Jake Vickers wrote: Ryan Gibbons wrote: My server (not just my domain) is getting hit hard with spam related to stock quotes. It is plan text, no links no html, and of course the envlope changes each time. I have go through with sa-learn and try to mark them individually but they are still getting through, some are even being learned as ham b/c they are generated a score of over -3, (*note to self, I might want to bump that up) and very few are being marked anything lower then 3. On overage, it is coming across as zero. Thunderbird sees it has spam, so it is possible to catch these, I just don't know enough about spamassassin to create a rule set to catch it. I use rules de jour and moderate RBL block list. Anybody have any hits, If you want to see the message, let me know and I can put it up here. Look on the rulesemporium website for the stock list, which plugs into Rules du Jour. That should catch them for you. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]