Did anyone else notice that he is missing spam_hits in his config file? Does it default to something without it?
HIS: cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt MINE: # cat /var/qmail/control/simcontrol :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh See response above; Michael Colvin wrote: > Like Eric mentioned, at this point, you need to take a look at the headers > of the spam e-mails that your users are getting. You need to find > something > in the type of e-mails you're getting that you can filter on... > > Or, as also mentioned, it might be an internal user that is bypassing some > of the filtering because they are authenticated... > > At this point, you need to look at the specific spam, and use specific > techniques to filter it, not simply add more RBL's, or blacklists, etc. > It's likely that just making one small tweak will eliminate most of your > spam. > > > Michael J. Colvin > NorCal Internet Services > www.norcalisp.com > > > > >> -----Original Message----- >> From: Rafael Andrade [mailto:raf...@riosulense.com.br] >> Sent: Tuesday, November 03, 2009 8:50 AM >> To: qmailtoaster-list@qmailtoaster.com >> Subject: Re: [qmailtoaster] Re: Spam Help Plz >> >> Hello, Eric and all list, >> >> First thank u for the answer >> >> My users receiving lots of spams dont have a specific sender domain, or >> default spam type. >> >> My spamdyke is running see: >> >> spamdyke-stats /var/log/maillog >> Allowed: 35619 >> Denied : 140729 >> Sum: 176348 >> % Spam : 79.80% >> >> in logfile: >> Nov 3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from: >> misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip: >> 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown) >> >> I`m using lots of Rbls to try reduce the spam numbers but not working >> correctly. >> >> Does anybody have some idea? >> >> >> Thanks so much >> >> Rafael >> >> Eric Shubert escreveu: >> > Rafael Andrade wrote: >> >> Hello all, >> >> >> >> Im using qmailtoaster two years a go, and i`m very satisfied... >> >> some days a go my users receiving lots of spams, Tagged in subjects >> >> (spamassassin) or not. >> >> >> >> What could I be making to get better? >> >> >> >> Actually im using Qmailtoaster + Spamdyke with greylist. >> >> >> >> Excuse for english. >> >> >> >> My confs below: >> >> >> >> cat /etc/tcprules.d/tcp.smtp >> >> 127.:allow,RELAYCLIENT="" >> >> >> 192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_R >> CPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ >> >> >> >> >> Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/con >> trol/domainkeys/%/private",NOP0FCHECK="1" >> >> >> >> >> xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120 >> ",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE >> >> >> >> >> UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainke >> ys/%/private",NOP0FCHECK="1" >> >> >> >> >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRO >> NGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG >> >> >> >> N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1" >> >> >> >> cat /var/qmail/control/simcontrol >> >> >> :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w >> mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p >> >> >> >> >> l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr >> :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. >> >> >> >> idw:.ipt >> >> >> >> cat /etc/spamdyke/spamdyke.conf >> >> # rbl >> >> dns-blacklist-entry=bl.spamcop.net >> >> dns-blacklist-entry=zen.spamhaus.org >> >> dns-blacklist-entry=dnsbl.sorbs.net >> >> dns-blacklist-entry=bogons.cymru.com >> >> dns-blacklist-entry=ix.dnsbl.manitu.net >> >> dns-blacklist-entry=cbl.abuseat.org >> >> dns-blacklist-entry=dnsbl.njabl.org >> >> >> >> >> >> # graylist >> >> #graylist-dir=/etc/spamdyke/graylist.d >> >> graylist-dir=/home/vpopmail/graylist.d >> >> graylist-level=always >> >> graylist-max-secs=2678400 >> >> graylist-min-secs=180 >> >> greeting-delay-secs=5 >> >> >> >> >> >> local-domains-file=/var/qmail/control/rcpthosts >> >> #log-level=debug >> >> log-level=info >> >> log-target=syslog >> >> #log-target=stderr >> >> max-recipients=50 >> >> #policy-url=http://my.policy.explanation.url/ >> >> reject-empty-rdns >> >> #reject-ip-in-cc-rdns >> >> reject-missing-sender-mx >> >> reject-unresolvable-rdns >> >> tls-certificate-file=/var/qmail/control/servercert.pem >> >> # blacklist and whitelist ip >> >> ip-blacklist-file=/etc/spamdyke/blacklist_ip >> >> ip-whitelist-file=/etc/spamdyke/whitelist_ip >> >> >> >> # blacklist and whitelist keywords >> >> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords >> >> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords >> >> >> >> # blacklist and whitelist senders >> >> sender-blacklist-file=/etc/spamdyke/blacklist_senders >> >> sender-whitelist-file=/etc/spamdyke/whitelist_senders >> >> >> >> # blacklist and whitelist rdns >> >> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns >> >> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns >> >> >> >> # whitelist dns >> >> dns-whitelist-file=/etc/spamdyke/whitelist_dns >> >> >> >> # blacklist and whitelist recipients >> >> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients >> >> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients >> >> >> >> >> >> ----------------------------------------------------------------------- >> ---------- >> > >> > >> > (Wow - that's a lot of RBLs) >> > >> > Are you sure that spamdyke's running? >> > I like to use >> > log-target=stderr >> > so I can see spamdyke's messages in the smtp log along with the other >> > related messages. Make sure spamdyke is running. >> > >> > Looks to me like you have the screws turned down pretty tight spam >> > wise. I think the next step would be to look at a representative >> > sample of the spam you're receiving, to see why it's getting through. >> > >> > Perhaps there is a workstation or server on your network that's been >> > compromised and is sending out the spam. Examining the headers of the >> > spams you're receiving to see where they originate. >> > >> >> -------------------------------------------------------------------------- >> ------- >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and >> installations. >> If you need professional help with your setup, contact them today! >> -------------------------------------------------------------------------- >> ------- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: qmailtoaster-list- >> unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list- >> h...@qmailtoaster.com >> > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > Kent Busbee Director of Technology Northlake Christian School --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com