Re: [qmailtoaster] Cutting down on spam
Quoting Casey : Yet, I'm still receiving complaints from a few. I think my spamassassin boxes need some tuning, but I'm not sure where to start. How are others handling spamassassin training? I just noticed that "use_bayes", "use_bayes_rules", and "bayes_auto_learn" were all previously set to "0", so I enabled them all over the weekend..but I have the feeling theres a bit more to it than that. For example, what would be the best way to train SA on servers that are handling hundreds of domains? I use dspam and it does a good job. P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Cutting down on spam
Casey wrote: Hi all, Been getting some complaints recently from a couple of customers that have been receiving a bit more spam than usual. Just wanted to see how others had their spamdyke/simscan/spamassassin/clamav configured. Spamdyke is definitely doing its job and doing it well on my gateway servers, as you can see below: Gateway1 This report was generated Mon Nov 21 00:11:55 2011 244499 70.34% DENIED_RDNS_MISSING 37848 10.88% DENIED_RDNS_RESOLVE 25915 7.45% DENIED_GRAYLISTED 24359 7.00% ALLOWED 9045 2.60% TIMEOUT 5106 1.46% DENIED_RBL_MATCH -- Breakdown --- - 698 0.20% DENIED_SENDER_NO_MX 41 0.01% DENIED_OTHER 28 0.00% ERROR 17 0.00% DENIED_SENDER_BLACKLISTED 11 0.00% DENIED_TOO_MANY_RECIPIENTS Summary Allowed: 24359 7.00% Timeout: 9045 2.60% Errors : 28 0.00% Denied : 314135 90.38% Total : 347567 100.00% Gateway2 This report was generated Mon Nov 21 00:06:33 2011 235998 86.06% DENIED_RDNS_MISSING 23896 8.71% DENIED_RDNS_RESOLVE 8414 3.06% DENIED_GRAYLISTED 3570 1.30% TIMEOUT 1092 0.39% ALLOWED 692 0.25% DENIED_RBL_MATCH -- Breakdown --- - 484 0.17% DENIED_SENDER_NO_MX 57 0.02% DENIED_OTHER 14 0.00% ERROR Summary Allowed: 1092 0.39% Timeout: 3570 1.30% Errors : 14 0.00% Denied : 269541 98.29% Total : 274217 100.00% Gateway3 This report was generated Mon Nov 21 00:05:16 2011 11899 41.92% DENIED_RDNS_RESOLVE 10505 37.01% DENIED_RDNS_MISSING 3237 11.40% DENIED_GRAYLISTED 1970 6.94% TIMEOUT 334 1.17% DENIED_RBL_MATCH -- Breakdown --- - 219 0.77% DENIED_SENDER_NO_MX 196 0.69% ALLOWED 23 0.08% DENIED_OTHER 1 0.00% DENIED_EARLYTALKER Summary Allowed: 196 0.69% Timeout: 1970 6.94% Errors : 0 0.00% Denied : 26218 92.36% Total : 28384 100.00% Yet, I'm still receiving complaints from a few. I think my spamassassin boxes need some tuning, but I'm not sure where to start. How are others handling spamassassin training? I just noticed that "use_bayes", "use_bayes_rules", and "bayes_auto_learn" were all previously set to "0", so I enabled them all over the weekend..but I have the feeling theres a bit more to it than that. For example, what would be the best way to train SA on servers that are handling hundreds of domains? Our gateway servers don't actually have the users or mail stored on them, they simply accept mail for the domains listed in rcpthosts, and send them to the appropriate servers using smtproutes. So I'm not sure how this factors in. Any help would be appreciated. Thanks, Casey While I agree with Eric that what might be one persons spam and not another. I have found that the SPAM filter in Thunderbird is very effective at catching just SPAM. I would like to add those rules to my toaster to enhance it's SPAM catching ability. Now with many spammers using correct DNS entries it's getting by Spamdyke. Can we export/import those filters to the toasters capabilities of culling SPAM? It is still placed in a SPAM folder and can be periodically checked by customers to ensure ham is not getting tossed, so I dn't see it being a real bad thing. -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 http://yother.com Check out the new Volvo classified resource http://www.volvoclassified.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qmailtoaster.com --down?
Anyone else having trouble accessing qmailtoaster.com today? Trying to run qtp-newmodel on one of my toaster boxes and can't get past "Getting package list...". Unable to access it from the browser either. Thanks, -- Casey - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] block a phishing email
Hi, I'm not unable to block a phishing email. smtp log contains these records 2011-11-23 01:52:27.470596500 tcpserver: ok 3227 mailbox.mydomain.xx:xxx.xxx.xxx.xxx:25 :173.0.59.30::60803 2011-11-23 01:52:27.827007500 CHKUSER accepted sender: from remote rcpt <> : sender accepted 2011-11-23 01:52:27.827757500 CHKUSER accepted rcpt: from remote rcpt : found existing recipient 2011-11-23 01:52:27.827772500 policy_check: remote i...@jserves.co.cc -> local xx...@mydomain.xx (UNAUTHENTICATED SENDER) 2011-11-23 01:52:27.827803500 policy_check: policy allows transmission 2011-11-23 01:52:31.149553500 simscan:[3227]:CLEAN (0.00/5.00):3.3212s:PREMIO NOTIFICA 960.000.00:173.0.59.30:i...@jserves.co.cc:xx...@mydomain.xx clamav detects email is virus free 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/msg.1322009547.828470.3231: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/addr.1322009547.828470.3231: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/textfile0: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/textfile1: OK 11-23 01:52:31 /var/qmail/simscan/1322009547.828470.3231/ziz.pdf: OK but spamassassin don't process the phishing email: spam log contains no records! 11-23 02:51:50 [28246] info: prefork: child states: II 11-23 02:53:09 [10722] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 47239 11-23 02:53:09 [10722] info: spamd: processing message <189de6692a6bc541daf3ed45d...@async.facebook.com> for clamav:89 11-23 02:53:10 [10722] info: spamd: clean message (1.8/5.0) for clamav:89 in 1.6 seconds, 8083 bytes. 11-23 02:53:10 [10722] info: spamd: result: . 1 - BAYES_50,HTML_MESSAGE,RDNS_NONE,SARE_UNSUB13 scantime=1.6,size=8083,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47239,mid=<189de6692a6bc541 daf3ed45d...@async.facebook.com>,bayes=0.50,autolearn=no 11-23 02:53:10 [28246] info: prefork: child states: II I've added some spam rules to block this email blacklist_from i...@jserves.co.cc header BLOCCO_SUBJECT_01 Subject=~ /\b960.000.00\b/i score BLOCCO_SUBJECT_01 5 body BLOCCO_BODY_21 /Gentilmente Aprire l'allegato in formato pdf per le informazioni sulla tua lotteria vincente/i scoreBLOCCO_BODY_21 4 describe BLOCCO_BODY_21 BLOCCO "lotteria vincente 1" body BLOCCO_BODY_22 /lotteria vincente/i scoreBLOCCO_BODY_22 3 describe BLOCCO_BODY_22 BLOCCO "lotteria vincente 2" i check spamaasssisin rules and these are ok so i tried to calc spam score and i'm obtain 126.8!!! X-Spam-Status: Yes, score=126.8 required=5.0 tests=BAYES_99,BLOCCO_BODY_21, BLOCCO_BODY_22,BLOCCO_SUBJECT_01,FORGED_MUA_OUTLOOK,MSOE_MID_WRONG_CASE, PYZOR_CHECK,RDNS_NONE,SUBJ_ALL_CAPS,URIBL_BLACK,USER_IN_BLACKLIST autolearn=unavailable version=3.2.5 Phishing email contain a pdf. This is the source: [..] From: "apuestas" Subject: PREMIO NOTIFICA 960.000.00 Date: Thu, 17 Nov 2011 18:18:18 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_007B_01C2A9A6.1CD1EEB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-Id: <2018021500.929e15b8...@jserves.co.cc> To: undisclosed-recipients:; This is a multi-part message in MIME format. --=_NextPart_000_007B_01C2A9A6.1CD1EEB0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit Ciao Vincitore Gentilmente Aprire l'allegato in formato pdf per le informazioni sulla tua lotteria vincente Cordiali saluti --=_NextPart_000_007B_01C2A9A6.1CD1EEB0 Content-Type: application/octet-stream; name="ggg.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ziz.pdf" [..] MUE3Q0QyNjdFNUIzMzM0M0Y+XS9JbmZvIDYgMCBSL0xlbmd0aCAzOS9Sb290 IDggMCBSL1NpemUgNy9UeXBlL1hSZWYvV1sxIDMgMF0+PnN0cmVhbQ0KaN5i YgACJkY2vjAmBgbeRCDB2AMiPjEx/np8FshiYAQIMAA7aQUUDQplbmRzdHJl YW0NZW5kb2JqDXN0YXJ0eHJlZg0KMTE2DQolJUVPRg0K --=_NextPart_000_007B_01C2A9A6.1CD1EEB0-- [..] so my question is: why simscan don't performs spamasassin email check? thank you Michele