Re: facebook Spam Question
twofers wrote: What could be going on here? Any ideas? Is it coincidence? TwoFers, did these start after mid-afternoon (1600 Eastern time) of Oct 26? If so, this is PURE coincidence. :) I checked four of my domains, including one which (by policy) has NEVER received any authentic Facebook/Twitter stuff, and ALL started receiving significant quantities (1.9% to 2.8% of total post-gateway-RBL spam) with the first appearing between 1601 and 1630. That's based on all emails (regardless of score) which survived gateway RBL checks. There are two campaigns: one with a viral attachment, one with a click-thru with Facebook as the subhost (most of those are being caught by Uribl and/or Surbl). What's neither coincidence NOR acceptable is that ANY of these are getting thru. They're trivially easy to kill, and SA has the tools to do so. Facebook does the Right Thing and publishes an SPF record, which is extremely easy (i.e. cheap) to test SELECTIVELY block on. Another option (if you'd rather not mess with SPF) is to just add some simple manual rules which high score anything with: 1. Facebook's domain in the From header and NOT in the SMTP Sender 2. Facebook's domain in the From header and NOT from its known IPs Either of those rules would catch 100% of these spams. I get the vague impression you're probably using a stock control panel installation of SpamAssassin, in which case you're probably seeing only a mid-80% killrate. SA is an extremely powerful tool, but the stock installs (typical of most webhosts) is crippled. SpamAssassin is meant to be tuned to YOUR unique email ecology, not left at generic settings. If you invest sufficient time to build a Ham corpus, and analyze ALL your missed spam on a regular basis, you'll quickly be able to tune things so the easy spams are taken care of. Maintenance time will drop off quickly, as your skill level increases. Only about 2% (or less) of all spam poses any kind of challenge. Um, most of the time. :) Ugh. I just checked Twitter, and no SPF record. :( Their DNS MX records are funky, all having Google hostnames, which is weird since they definitely _DO_ use their own servers (based on one of my Ham corpora). If you decide to add a manual IP-range rule for Facebook, I recommend you also add one for Twitter. I've only seen a tiny trickle of viral stuff forged as coming from them, but they're a logical target. Pre-emptive first strike... with spam, there's no reason not to. :) Good luck! - Chip
Re: facebook Spam Question
On Sun, 2009-11-08 at 10:39 +, Chip M. wrote: Ugh. I just checked Twitter, and no SPF record. :( No? What's this? ;; ANSWER SECTION: twitter.com.600 IN TXT v=spf1 ip4:128.121.145.168 ip4:128.121.146.128/27 mx ptr a:postmaster.twitter.com mx:one.textdrive.com include:cmail1.com include:aspmx.googlemail.com include:support.zendesk.com -all
Re: facebook Spam Question
On søn 08 nov 2009 11:44:05 CET, rich...@buzzhost.co.uk wrote On Sun, 2009-11-08 at 10:39 +, Chip M. wrote: Ugh. I just checked Twitter, and no SPF record. :( No? twitter might use another domain for signup ?, no :) same as facebook.com does not use this domain for signup emails facebook use spf and dkim, if one likes to verify its sent from them -- xpoint
Re: facebook Spam Question
On 8-Nov-2009, at 03:39, Chip M. wrote: TwoFers, did these start after mid-afternoon (1600 Eastern time) of Oct 26? If so, this is PURE coincidence. :) I checked four of my domains, including one which (by policy) has NEVER received any authentic Facebook/Twitter stuff, and ALL started receiving significant quantities (1.9% to 2.8% of total post-gateway-RBL spam) with the first appearing between 1601 and 1630. Oh yeah, I got a slew of those as well. -- Your stepmom is cute Shut up, Ted Remember when she was a senior and we were freshmen? Shut up Ted!
New to Spamassassin. Have a few ?s...
I'm looking into a free spam filter that can do the following. Will Spamassassin do these things? 1) Will it filter multiple domains so I can filter for many different companies? 2) Will it send individual users an email once a day (for example) to inform them of the spam that was captured in case they were not actually spam? 3) Will it allow users to add people to an individual whitelist so they can handle their own spam settings? 4) I understand it connects in to ClamAV using a plugin. How easy is it to install the plugin so I can also scan for viruses for folks? Thanks for any help. I don't want to spend a fortune on a spam filter if I can find a free filter that will do everything I would need. -- View this message in context: http://old.nabble.com/New-to-Spamassassin.-Have-a-few--s...-tp26260803p26260803.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: New to Spamassassin. Have a few ?s...
Computerflake wrote: I'm looking into a free spam filter that can do the following. Will Spamassassin do these things? 1) Will it filter multiple domains so I can filter for many different companies? Sure. Depending on how you set it up, you can even have per-domain customization of the whole ruleset. 2) Will it send individual users an email once a day (for example) to inform them of the spam that was captured in case they were not actually spam? Directly? No.. SpamAssassin, by itself, is really just a scanning engine with header modification abilities. It does not do email management, quarantines, etc at all. It receives a message, evaluates it, and modifies it based on the results, nothing more, nothing less. (this is done to make SA flexible.. it's a mail pipe, so you can glue it into almost anything.) Generally matters like this are handled by integration tools such as MailScanner, amavisd-new, etc, although I do not know of any that provide comprehensive quarantine management. That said, I've never desired such, so I've not looked at length for one. (I mostly just tag mail, and let users filter at the client level as they see fit.) See also: http://wiki.apache.org/spamassassin/IntegratedInMta 3) Will it allow users to add people to an individual whitelist so they can handle their own spam settings? Yes, provided the tools integrate it in a per-user manner. 4) I understand it connects in to ClamAV using a plugin. How easy is it to install the plugin so I can also scan for viruses for folks? Personally, I'd suggest letting an integration tool call ClamAV and SpamAssassin independently. The clamav plugin for SA is functional, and not difficult to set up, but it's not what I would consider an ideal solution. All it does is cause viruses to show up as a SA rule named CLAMAV. However, Since SpamAssassin can't drop mail directly, you'll still need to get an integration tool to detect that marker in the header and delete the message. Thanks for any help. I don't want to spend a fortune on a spam filter if I can find a free filter that will do everything I would need.
Re: About log generation
Jose Luis Marin Perez wrote: Dear friends, There is some configuration of SA to generate different logs and these are for each mail domain? spamd, like most well behaved unix daemons, uses syslog. It doesn't write logfiles directly. The old-school approach to this would be to run several instances of spamd, one per domain, have each log to a separate local* syslog facility, and have syslogd write each to a separate logfile. A more modern approach might be possible using some of the newer syslogd's that can be configured based on message content, not just facility.severity. However, that assumes you can tell from the log message alone.. I'm not sure offhand if spamd has that info in the syslog messages. The antispam system analyzes emails from different domains and what I want is to generate statistics for each domain. Thanks Jose Luis Discover the new Windows Vista Learn more! http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
Re: New to Spamassassin. Have a few ?s...
Directly? No.. SpamAssassin, by itself, is really just a scanning engine with header modification abilities. It does not do email management, quarantines, etc at all. It receives a message, evaluates it, and modifies it based on the results, nothing more, nothing less. (this is done to make SA flexible.. it's a mail pipe, so you can glue it into almost anything.) Generally matters like this are handled by integration tools such as MailScanner, amavisd-new, etc, although I do not know of any that provide comprehensive quarantine management. That said, I've never desired such, so I've not looked at length for one. (I mostly just tag mail, and let users filter at the client level as they see fit.) See also: http://wiki.apache.org/spamassassin/IntegratedInMta Wow. Really? Barracuda and Sonicwall both include this feature and it's one of the most popular features my clients (who own these products) enjoy. I'll have to take a look at the products you mentioned. Anyone else have any experience with these types of functions? -- View this message in context: http://old.nabble.com/New-to-Spamassassin.-Have-a-few--s...-tp26260803p26261237.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: New to Spamassassin. Have a few ?s...
On Sun, Nov 8, 2009 at 11:43 PM, Computerflake gledf...@phhw.com wrote: Directly? No.. SpamAssassin, by itself, is really just a scanning engine with header modification abilities. It does not do email management, quarantines, etc at all. It receives a message, evaluates it, and modifies it based on the results, nothing more, nothing less. (this is done to make SA flexible.. it's a mail pipe, so you can glue it into almost anything.) Generally matters like this are handled by integration tools such as MailScanner, amavisd-new, etc, although I do not know of any that provide comprehensive quarantine management. That said, I've never desired such, so I've not looked at length for one. (I mostly just tag mail, and let users filter at the client level as they see fit.) See also: http://wiki.apache.org/spamassassin/IntegratedInMta Wow. Really? Barracuda and Sonicwall both include this feature and it's one You're comparing apples to oranges. SA can be used as one part of a system that does the same things that those products do. It is not, by itself, the same thing. Barracuda is to automobile as SA is to gasoline engine. of the most popular features my clients (who own these products) enjoy. I'll have to take a look at the products you mentioned. Anyone else have any experience with these types of functions? -- View this message in context: http://old.nabble.com/New-to-Spamassassin.-Have-a-few--s...-tp26260803p26261237.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: New to Spamassassin. Have a few ?s...
On Sun, Nov 8, 2009 at 19:30, Computerflake gledf...@phhw.com wrote: I'm looking into a free spam filter that can do the following. Will Spamassassin do these things? 1) Will it filter multiple domains so I can filter for many different companies? 2) Will it send individual users an email once a day (for example) to inform them of the spam that was captured in case they were not actually spam? 3) Will it allow users to add people to an individual whitelist so they can handle their own spam settings? 4) I understand it connects in to ClamAV using a plugin. How easy is it to install the plugin so I can also scan for viruses for folks? Thanks for any help. I don't want to spend a fortune on a spam filter if I can find a free filter that will do everything I would need. Try this: http://www.maiamailguard.com Kurt
