spam filtering question?
Greetings folks, shellworld.net the shell service where I do most of my internet work is using Ubuntu. For reasons that I find rather confusing spam assassin is well no longer filtering at the level it did previously. Has something happened to the program ? Is there a better spam filtering option for shell servers that I might suggest to our administrator? The Ubuntu distribution is in the 16 range, I can supply the exact edition if that helps. Thanks, Karen
Re: spam filtering question?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Dec 09, 2016 at 10:27:50PM -0500, Karen Lewellen wrote: > Greetings folks, > shellworld.net the shell service where I do most of my internet work > is using Ubuntu. > For reasons that I find rather confusing spam assassin is well no > longer filtering at the level it did previously. Hm. The question is far too unspecific. Spam itself changes pretty quickly. > Has something happened to the program ? I'd rather venture that "spam" has changed, which itself is a very broad statement: the kind of spam you might get depends strongly on where you are looking from (I know: having/being responsible for more than one address, the spam those addresses "see" varies wildly Heck -- I do report spam hitting *this* list and another sister list (pkg-mate.debian.org) and they're consistently different!). Whatever Spamassassin is doing will depend strongly on its filters, and expecting that the "one size fits all" filters delivered by your distro will be satisfactory to you is placing a high bet. Chances are that you'll want to tune those filters yourself. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlhLxpgACgkQBcgs9XrR2kYU0ACbBMSkjrT5U7EfUU9I4zdR0b5F 3kUAn1j8abqJ3gKfspwpchizlVw3gKpN =AOaF -END PGP SIGNATURE-
Re: spam filtering question?
On 12/9/16, Karen Lewellen wrote: > Greetings folks, > shellworld.net the shell service where I do most of my internet work is > using Ubuntu. > For reasons that I find rather confusing spam assassin is well no longer > filtering at the level it did previously. > Has something happened to the program ? > Is there a better spam filtering option for shell servers that I might > suggest to our administrator? > The Ubuntu distribution is in the 16 range, I can supply the exact > edition if that helps. A question re the question: What kind of response did you receive from your favored Ubuntu user help list(s)? Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with plastic sporks *
Re: spam filtering question?
On Fri, Dec 09, 2016 at 10:27:50PM -0500, Karen Lewellen wrote: > Greetings folks, > shellworld.net the shell service where I do most of my internet work is > using Ubuntu. > For reasons that I find rather confusing spam assassin is well no longer > filtering at the level it did previously. > Has something happened to the program ? Most likely to the type of spam you ar receiving. > Is there a better spam filtering option for shell servers that I might > suggest to our administrator? Uhhh, suggesting some software to your admin based on answers you got on a vague question? I only can imagine what the answers in his head will be. Here is my suggestion: Have an honest conversation with your administrator(s). Voice your concern that the amount of unsolicited mass email (not unwanted messages! - big difference!) has increased. Given the right amount of resources he will take the right measures. > The Ubuntu distribution is in the 16 range, I can supply the exact edition > if that helps. > Thanks, > Karen > -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: spam filtering question?
What favored Ubuntu help list? I stated at the outset that I use a service. I do not administrate that service. On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: On 12/9/16, Karen Lewellen wrote: Greetings folks, shellworld.net the shell service where I do most of my internet work is using Ubuntu. For reasons that I find rather confusing spam assassin is well no longer filtering at the level it did previously. Has something happened to the program ? Is there a better spam filtering option for shell servers that I might suggest to our administrator? The Ubuntu distribution is in the 16 range, I can supply the exact edition if that helps. A question re the question: What kind of response did you receive from your favored Ubuntu user help list(s)? Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with plastic sporks *
Re: spam filtering question?
Is sa-learn being run, and if so is it no longer effective? On Sat, 10 Dec 2016, Karen Lewellen wrote: Date: Sat, 10 Dec 2016 16:46:19 From: Karen Lewellen To: Cindy-Sue Causey Cc: Debian Users Subject: Re: spam filtering question? Resent-Date: Sat, 10 Dec 2016 21:47:05 + (UTC) Resent-From: debian-user@lists.debian.org What favored Ubuntu help list? I stated at the outset that I use a service. I do not administrate that service. On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: On 12/9/16, Karen Lewellen wrote: Greetings folks, shellworld.net the shell service where I do most of my internet work is using Ubuntu. For reasons that I find rather confusing spam assassin is well no longer filtering at the level it did previously. Has something happened to the program ? Is there a better spam filtering option for shell servers that I might suggest to our administrator? The Ubuntu distribution is in the 16 range, I can supply the exact edition if that helps. A question re the question: What kind of response did you receive from your favored Ubuntu user help list(s)? Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with plastic sporks * --
Re: spam filtering question?
On 2016-12-10, Karen Lewellen wrote: > What favored Ubuntu help list? > I stated at the outset that I use a service. I do not administrate that > service. She feels there's a creeping Ubuntu conspiracy and that seeing your shell service uses the Ubuntu distribution, your question belongs on an Ubuntu list. Of course, your question isn't about Ubuntu but spamassassin (but spamassassin running under some 16 range of Ubuntu, the latter of which we wouldn't know about in these parts). You might say: well, spamassassin is spamassassin, but then again that logic could be extended perhaps to a lot of software, which might mean in principle we'd be fielding oodles of questions here from Ubuntu users about the oodles of software common to both Debian and Ubuntu (a Debian-based distribution, as we all know). These are all just explicative remarks and I personally ain't complaining. Good luck with your filtering efforts. > > On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: > >> On 12/9/16, Karen Lewellen wrote: >>> Greetings folks, >>> shellworld.net the shell service where I do most of my internet work is >>> using Ubuntu. >>> For reasons that I find rather confusing spam assassin is well no longer >>> filtering at the level it did previously. >>> Has something happened to the program ? >>> Is there a better spam filtering option for shell servers that I might >>> suggest to our administrator? >>> The Ubuntu distribution is in the 16 range, I can supply the exact >>> edition if that helps. >> >> >> A question re the question: What kind of response did you receive from >> your favored Ubuntu user help list(s)? >> >> Cindy :) >> >> -- >> Cindy-Sue Causey >> Talking Rock, Pickens County, Georgia, USA >> >> * runs with plastic sporks * >> -- “It is enough that the arrows fit exactly in the wounds that they have made.” Franz Kafka
Re: spam filtering question?
On Sat, Dec 10, 2016 at 04:46:19PM -0500, Karen Lewellen wrote: > What favored Ubuntu help list? > I stated at the outset that I use a service. I do not administrate that > service. > > Never mind her, she's a fear biter. When you mentioned "ubuntu" her reflexes kicked in. Anywho... Explain your setup a bit more in detail. You say you "use a service". Is that a just a virtual server running ubuntu? Or is this a mail server service which just happen to run on top of ubuntu? And how is your contract structured? Does it include support? And if so what kind of support? I still think focusing on spamassassin is not helpful. Mail setup and spam control is a concerted effort. If I setup a mail service spamassassin is only the final sieve. By the time mail is handed to spamassassin already 90% of spam is weeded out. But this step is usually the one users even notice because the rest of measures happen before the mail is even accepted by the MTA. Ask you provider if they use the right blacklists (zen.spamhaus.org and spamcop.net is a reasonable set). Make sure the make basic checks: - from mail address is valid - spf is valid for the relaying mail host or the fqdn of the mail address resolves to the relaying MTA. Based on the communication requirements I even tighten access much more, that requires however detailed knowledge of where mails will come from. If you tighten it too much you might exclude some communication partners and that might be bad. Also greylisting might lower the amount of spam entering the system. In recent two years however this became less efficient since a lot of spammers have a full mail setup allowing them to queue the mail. If you feel that your current provider is not helpful I can recommend two excellent provider (both in Germany) which allow customized services based on your needs. (hosting a mail gateway or just a number of mailboxes) - Mailbox.org - posteo.de There is one here in the US which is ok pobox.com They offer similar services -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: spam filtering question?
Hi there, Yes I am running sa-learn and indeed is no longer being effective. Part of the spam I believe is tied to a couple of hacks of major sites, when Linkedin was hacked and when yahoo groups had problems. I can simply dump the ones that are fake orders or documents or tickets, the ones that look like they come from old linked in data. The tactical flashlight adds and the like though should filter with sa-learn. I have asked Ken our administrator about the problem, which is part of why I raised the question. He too is puzzled as to why sa-learn is not doing the job say as well as it did when shellworld was still running freebsd. Kare On Sat, 10 Dec 2016, Jude DaShiell wrote: Is sa-learn being run, and if so is it no longer effective? On Sat, 10 Dec 2016, Karen Lewellen wrote: Date: Sat, 10 Dec 2016 16:46:19 From: Karen Lewellen To: Cindy-Sue Causey Cc: Debian Users Subject: Re: spam filtering question? Resent-Date: Sat, 10 Dec 2016 21:47:05 + (UTC) Resent-From: debian-user@lists.debian.org What favored Ubuntu help list? I stated at the outset that I use a service. I do not administrate that service. On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: > On 12/9/16, Karen Lewellen wrote: > > Greetings folks, > > shellworld.net the shell service where I do most of my internet work > > is > > using Ubuntu. > > For reasons that I find rather confusing spam assassin is well no > > longer > > filtering at the level it did previously. > > Has something happened to the program ? > > Is there a better spam filtering option for shell servers that I might > > suggest to our administrator? > > The Ubuntu distribution is in the 16 range, I can supply the exact > > edition if that helps. > > > A question re the question: What kind of response did you receive from > your favored Ubuntu user help list(s)? > > Cindy :) > > -- > Cindy-Sue Causey > Talking Rock, Pickens County, Georgia, USA > > * runs with plastic sporks * > > --
Re: spam filtering question?
On 2016-12-11, Henning Follmann wrote: > On Sat, Dec 10, 2016 at 04:46:19PM -0500, Karen Lewellen wrote: >> What favored Ubuntu help list? >> I stated at the outset that I use a service. I do not administrate that >> service. >> >> > > Never mind her, she's a fear biter. When you mentioned "ubuntu" her reflexes > kicked in. > I'm unfamiliar with the expression "fear biter," but here we're discussing spamassassin running under Ubuntu 16 something or other and so, though I disagreed with her concerning her complaint about the Debian debootstrap wiki, here I must say that Ms. Georgia has her point, which was made gently, if a bit obliquely, whereas your own was driven home rather rudely and dismissively. -- “It is enough that the arrows fit exactly in the wounds that they have made.” Franz Kafka
Re: spam filtering question?
The only thing I can think to do is to filter on Messag_id: field contents and run all incoming email through formail to force what comes in to be in proper format before any spam filters get it. Ken did tell me awhile back that overseas undesireables wanted to use shellworld.net for criminal purposes and he refused their request then all of the spam started. On Sun, 11 Dec 2016, Karen Lewellen wrote: Date: Sun, 11 Dec 2016 12:38:18 From: Karen Lewellen To: Jude DaShiell Cc: Cindy-Sue Causey , Debian Users Subject: Re: spam filtering question? Hi there, Yes I am running sa-learn and indeed is no longer being effective. Part of the spam I believe is tied to a couple of hacks of major sites, when Linkedin was hacked and when yahoo groups had problems. I can simply dump the ones that are fake orders or documents or tickets, the ones that look like they come from old linked in data. The tactical flashlight adds and the like though should filter with sa-learn. I have asked Ken our administrator about the problem, which is part of why I raised the question. He too is puzzled as to why sa-learn is not doing the job say as well as it did when shellworld was still running freebsd. Kare On Sat, 10 Dec 2016, Jude DaShiell wrote: Is sa-learn being run, and if so is it no longer effective? On Sat, 10 Dec 2016, Karen Lewellen wrote: Date: Sat, 10 Dec 2016 16:46:19 From: Karen Lewellen To: Cindy-Sue Causey Cc: Debian Users Subject: Re: spam filtering question? Resent-Date: Sat, 10 Dec 2016 21:47:05 + (UTC) Resent-From: debian-user@lists.debian.org What favored Ubuntu help list? I stated at the outset that I use a service. I do not administrate that service. On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: > On 12/9/16, Karen Lewellen wrote: > > Greetings folks, > > shellworld.net the shell service where I do most of my internet work > > is > > using Ubuntu. > > For reasons that I find rather confusing spam assassin is well no > > longer > > filtering at the level it did previously. > > Has something happened to the program ? > > Is there a better spam filtering option for shell servers that I might > > suggest to our administrator? > > The Ubuntu distribution is in the 16 range, I can supply the exact > > edition if that helps. > > > A question re the question: What kind of response did you receive from > your favored Ubuntu user help list(s)? > > Cindy :) > > -- > Cindy-Sue Causey > Talking Rock, Pickens County, Georgia, USA > > * runs with plastic sporks * > > -- --
Re: spam filtering question?
Hi Karen, > shellworld.net the shell service where I do most of my internet work is > using Ubuntu. This is a Debian list but we are smart enough to differ between Ubuntu specific problems and general question about strategies. From my point of view I order yours into strategies. > Has something happened to the program ? There has nothing happend to the program. The type of spam you are receiving has changed. I don't know much about your mail setup but spam has to fight on different levels when processing mails. > Is there a better spam filtering option for shell servers that I might > suggest to our administrator? If I looked up the right smtp host on your side you are running Postifx. Enable Postscreen in Postfix which will kill a number of spambots based on your test. This will kill for example servers on blacklists and impatient servers which don't greet or greet before you have said hello. Next defense line are smtp restrictions. Here you gonna check for invalid sender domains which don't exists and performing ptr checks. You can also do header checks like "kill every email with viagra in subject". But this is a little bit expensive. I don't do it at this point. Has your email passed all the checks it's now time for content scanners. As you noticed there is more than one. There are enterprise solutions but you can do this all with opensource stuff. You may want to consider doing the following checks and based on the score flag the email as spam or not: SPF and DKIM This is for looking up if the senders is allowed to send emails for this domain. This will not kill spam but you can include it in your scoring for spamassassin. For SPF checks spamassassin can do this. For DKIM use opendkim or amavisd-new. DMARC SPF and/or DKIM has failed? Look up the DMARC policy if there is one. Some people wanna know which hosts are abusing their names and tell you what to do with this email. Best thing if you are allowed to reject it. opendmarc is what you are looking for. Check for viruses or unwanted files I reject a lot of files like .exe, .src, .vbs etc. Email is not for file sharing and in 99,99% it's a virus. All other files have to pass the virus scanner and if it's containing a virus just reject it. amavisd-new and clamav are the tools you are looking for. Also every other virus scanner which is supported by amavisd-new Content scan Last but not least: Let spamassassin scan the email. If you get spam which is not tagged as spam train your spamassassin or change the scoring rules. Not all rules are enabled if you are using the default installation and not all are scoring hard enough. This is based on the spam you get. Cheers Flo signature.asc Description: OpenPGP digital signature
Re: spam filtering question?
On Fri, Dec 09, 2016 at 10:27:50PM -0500, Karen Lewellen wrote: > shellworld.net the shell service where I do most of my internet work is > using Ubuntu. > For reasons that I find rather confusing spam assassin is well no longer > filtering at the level it did previously. > Has something happened to the program ? Most likely the volume or nature of the spam you are receiving has changed, rather than the filters. If the SpamAssassin instance has the bayesian classifier enabled (you might be able to tell by the headers it adds to your mail), then it may learn some traits from the more recent spam, if there is a feedback loop in place for you to report spam. > Is there a better spam filtering option for shell servers that I might > suggest to our administrator? I find crm114 to be excellent. Depending on precicely how the shell server has mail setup, you might be able to set it up for yourself, running on top of the service offered by the shell service, as an additional layer of filtering. signature.asc Description: Digital signature
Re: spam filtering question?
On Saturday 10 December 2016 21:46:19 Karen Lewellen wrote: > What favored Ubuntu help list? You have asked an Ubuntu question on the Debian help list. I think that Cindy is suggesting that for Ubuntu questions, an Ubuntu help-list is more appropriate than a Debian help-list. > I stated at the outset that I use a service. I do not administrate that > service. No, but nor do we and tehey use Ubuntu, you say. Lisi > > On Sat, 10 Dec 2016, Cindy-Sue Causey wrote: > > On 12/9/16, Karen Lewellen wrote: > >> Greetings folks, > >> shellworld.net the shell service where I do most of my internet work is > >> using Ubuntu. > >> For reasons that I find rather confusing spam assassin is well no > >> longer filtering at the level it did previously. > >> Has something happened to the program ? > >> Is there a better spam filtering option for shell servers that I might > >> suggest to our administrator? > >> The Ubuntu distribution is in the 16 range, I can supply the exact > >> edition if that helps. > > > > A question re the question: What kind of response did you receive from > > your favored Ubuntu user help list(s)? > > > > Cindy :) > > > > -- > > Cindy-Sue Causey > > Talking Rock, Pickens County, Georgia, USA > > > > * runs with plastic sporks *
