[qmailtoaster] Re: message Viagra score = 11.1 and required = 10, how to block this

[Eric Shubert]

Nicole,

There are 2 spamassassin scoring values that effect what the system does 
to spam.


The first is contained in /etc/mail/spamassassin/local.cf:
required_score 3.7
This controls the score required for spamassassin to consider the 
message spam. When a message scores this value or higher, spamassassin 
rewrites the message header according to:

rewrite_header Subject [SPAM]
which is also in the local.cf file. Note, when you make changes to this 
file, you need to restart spamassassin (using "qmail-spam restart").


The second value is contained in the /var/qmail/simcontrol file:
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
The spam_hits variable controls the score at which messages will be 
outright rejected by smtp, and not accepted by the server for delivery.


Does this clear things up for you?

--
-Eric 'shubes'

nicole thomson wrote:

Hi team


now 80% of the spam mails have got blocked clearly. thanks a ton to 
those who procured help .



Now the mess created by VIAGRA/Pfizer mails are the only visible to the 
users. ('|'),



I use spamdyke+spamassassin along with qmailtoaster. After reading Jake 
Vickers article in one of the viagra related query, i added rules 
as 70_your_rulseset.cf /etc/mail/spamassassin and spamassassin --lint 
and did qmail-spamd restart. Still the mails are getting delivered with 
viagra messages.




body JV_Pharm1d_Drug /cansee/i

describe JV_Pharm1d_Drug Missing a space in "can see"

score JV_Pharm1d_Drug 1.0

header JV_Pharm1e_Drug Subject =~ /Pharmaceutical/i

describe JV_Pharm1e_Drug Pill ad subject line

score JV_Pharm1e_Drug 1.0

header JV_Pharm1f_Drug Subject =~ /Viagra/i

describe JV_Pharm1f_Drug Viagra ad subject line

score JV_Pharm1f_Drug 1.0

header JV_Pharm1g_Drug Subject =~ /80%/i

describe JV_Pharm1g_Drug Visitor name personal 80% OFF

score JV_Pharm1g_Drug 1.0



Even though the score shows 11.1 against required 10, i dont know how to 
block or drop the same?


Can you please help me.



following are the header values of the spam message.



X-Spam-Status: Yes, score=11.1 required=10.0 
tests=BAYES_99,HTML_IMAGE_ONLY_32,



HTML_IMAGE_RATIO_02,HTML_MESSAGE,JV_Pharm1g_Drug,MIME_HTML_ONLY,MISSING_DATE,



MISSING_MID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RDNS_NONE autolearn=no


version=3.2.5

X-Spam-Report:

*  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 
100%


*  [score: 1.]

*  0.0 MISSING_MID Missing Message-Id: header

*  0.0 MISSING_DATE Missing Date: header

*  1.0 JV_Pharm1g_Drug Visitor name personal 80% OFF

*  1.8 HTML_IMAGE_ONLY_32 BODY: HTML: images with 
2800-3200 bytes of words


*  0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of 
text to image area


*  0.0 HTML_MESSAGE BODY: HTML included in message

*  1.5 MIME_HTML_ONLY BODY: Message only has text/html 
MIME parts


*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay 
in bl.spamcop.net 


*  [Blocked - see 
>]


*  0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from 
dynamic IP address


*  [217.128.132.50 listed in dnsbl.sorbs.net 
]


*  0.1 RDNS_NONE Delivered to trusted network by a host 
with no rDNS




Windows 7: Find the right PC for you. Learn more. 




--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: message Viagra score = 11.1 and required = 10, how to block this

[nicole thomson]

Sorry for the delayed response Eric
here is my simcontrol file data
]# cat 
/var/qmail/control/simcontrol:clam=yes,spam=yes,spam_hits=10,spam_passthru=no,attach=.mp3:.src:.bat:.pif:.exe:.scr

here is my spamassassin.conf (local.cf)
]# cat /etc/mail/spamassassin/local.cf# These values can be overridden by 
editing ~/.spamassassin/user_prefs.cf# (see spamassassin(1) for details)# These 
should be safe assumptions and allow for simple visual sifting# without risking 
lost emails.
ok_locales all#skip_rbl_checks 1
required_score 10report_safe 0rewrite_header Subject ***SPAM***
use_pyzor 1
use_auto_whitelist 1
use_bayes 1use_bayes_rules 1bayes_auto_learn 1header _LOCAL_I_HATE_VIAGRA1 
Subject =~ /v.?[i1].?...@].?g.?[\@a]?.?r@a]/iscore _LOCAL_I_HATE_VIAGRA2 
25.0



Still i am getting these VIAGRA mess. in spamdyke, i havent enabled RBL .
>>>
here is the header of the spam messages
X-Spam-Flag: YESX-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on 
mail.mydomain.comX-Spam-Level: **X-Spam-Status: Yes, score=14.0 
required=10.0 tests=BAYES_99,HTML_IMAGE_ONLY_32, 
HTML_IMAGE_RATIO_02,HTML_MESSAGE,JV_Pharm1g_Drug,MIME_HTML_ONLY,MISSING_DATE,   
MISSING_MID,RCVD_IN_BL_SPAMCOP_NET,RDNS_NONE,URIBL_BLACK,URIBL_SBL,URI_HEX  
autolearn=spam version=3.2.5X-Spam-Report:  *  2.0 URIBL_BLACK Contains an 
URL listed in the URIBL blacklist*  [URIs: electronni.cn]*  3.5 
BAYES_99 BODY: Bayesian spam probability is 99 to 100%   *  [score: 1.] 
 *  0.0 MISSING_MID Missing Message-Id: header   *  0.0 MISSING_DATE Missing 
Date: header*  1.0 JV_Pharm1g_Drug Visitor name personal 80% OFF*  
0.4 URI_HEX URI: URI hostname has long hexadecimal sequence  *  1.8 
HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words  *  0.4 
HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area *  0.0 
HTML_MESSAGE BODY: HTML included in message  *  1.5 MIME_HTML_ONLY BODY: 
Message only has text/html MIME parts   *  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: 
Received via a relay in bl.spamcop.net   *  [Blocked - see 
<http://www.spamcop.net/bl.shtml?63.138.185.146>] *  1.5 URIBL_SBL Contains an 
URL listed in the SBL blocklist*  [URIs: radikal.ru]   *  0.1 
RDNS_NONE Delivered to trusted network by a host with no rDNSReceived: (qmail 
5576 invoked by uid 508); 19 Jan 2010 20:16:23 -Received: by simscan 1.3.1 
ppid: 5571, pid: 5572, t: 0.3404s scanners: attach: 1.3.1 clamav: 
0.94.2/m:Received: from unknown (HELO pcah.us) (63.138.185.146)  by mail with 
SMTP; 19 Jan 2010 20:16:23 -From: VIAGRA (c) Best Supplier 



--Nic

> To: qmailtoaster-list@qmailtoaster.com
> From: e...@shubes.net
> Date: Fri, 8 Jan 2010 08:38:01 -0700
> Subject: [qmailtoaster]  Re: message Viagra score = 11.1 and required = 10, 
> how to block this
> 
> Nicole,
> 
> There are 2 spamassassin scoring values that effect what the system does 
> to spam.
> 
> The first is contained in /etc/mail/spamassassin/local.cf:
> required_score 3.7
> This controls the score required for spamassassin to consider the 
> message spam. When a message scores this value or higher, spamassassin 
> rewrites the message header according to:
> rewrite_header Subject [SPAM]
> which is also in the local.cf file. Note, when you make changes to this 
> file, you need to restart spamassassin (using "qmail-spam restart").
> 
> The second value is contained in the /var/qmail/simcontrol file:
> :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
> The spam_hits variable controls the score at which messages will be 
> outright rejected by smtp, and not accepted by the server for delivery.
> 
> Does this clear things up for you?
> 
> -- 
> -Eric 'shubes'
> 
> nicole thomson wrote:
> > Hi team
> > 
> > 
> > now 80% of the spam mails have got blocked clearly. thanks a ton to 
> > those who procured help .
> > 
> > 
> > Now the mess created by VIAGRA/Pfizer mails are the only visible to the 
> > users. ('|'),
> > 
> > 
> > I use spamdyke+spamassassin along with qmailtoaster. After reading Jake 
> > Vickers article in one of the viagra related query, i added rules 
> > as 70_your_rulseset.cf /etc/mail/spamassassin and spamassassin --lint 
> > and did qmail-spamd restart. Still the mails are getting delivered with 
> > viagra messages.
> > 
> > 
> > 
> > body JV_Pharm1d_Drug /cansee/i
> > 
> > describe JV_Pharm1d_Drug Missing a space in "can see"
> > 
> > score JV_Pharm1d_Drug 1.0
> > 
> > header JV_Pharm1e_Drug Subject =~ /Pharmaceutical/i
> > 
> > describe JV_Pharm1e_Drug Pill ad subject line
> > 
> > score JV_Pharm1e_Drug 1.0
> > 
> > head