Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Odd SpamAssassin behaviour
« previous next »
Pages: [1]   Go Down

Odd SpamAssassin behaviour

  • 2 Replies
  • 696 Views

Ed Form

Odd SpamAssassin behaviour
« on: August 19, 2003, 08:14:58 PM »
I've been getting streams of messages from some Brazillian spammer for
about 2 weeks now. The messages are always in threaded groups and always
headed...

   From "Michelle"
   To michellextga@terra.com.br
   Re: Oi!

The groups are between four and six messages in Portugese, and nothing I
can do in Spamassassin seems to stop them. I have specifically blacklisted
the address they say they're coming from but it doesn't do any good.

I'm running a Windows XP workstation behind a Dev6b3 server. The version
of Spamassassin I run was installed in 5.6U4 and carried on working
properly when I updated into the 6 development betas - it catches between
60 and 80 spam messages a day - but these Brazillian pests keep on getting
through.

I can't see how this can be an SME issue, but I've reported it to SMEBugs anyway.

Has anyone any ideas?

Ed Form
Logged

Greg Zartman

Re: Odd SpamAssassin behaviour
« Reply #1 on: August 19, 2003, 09:01:56 PM »
> 60 and 80 spam messages a day - but these Brazillian pests
> keep on getting
> through.

I've found the same thing Ed.  By itself, SA isn't perfect at detecting spam.   Some folks have figured out what they need to do to score low spam scores from spamassassin.    To see how the message is scoring and why, copy the message to your root directory and issue the following command:
spamassassin -t < message_name

Where message_name is the email in question.  After a sort pause, SA should spit out a bunch of information about the scan.   This report might shed some light on what's going on.   I've had messages that contain alot of spam content actually score negative spam scores due to inclusions of things that tell SA that the message is a good one.

You may what to look at some of the mailfront contribs out there.  Charlie Brady put something together that lays the groundwork for blocking messages at the mail queue.

Regards,

Greg Zartman
Logged

Patrick T Hickey

Re: Odd SpamAssassin behaviour
« Reply #2 on: August 20, 2003, 12:54:30 AM »
I installed this mailfront rule which uses the DSBL lists...

http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/dsbl

and it works beautifully with SA. It takes advantage of the aforementioned mailfront rules and whacks its share of SPAM at the front end. To verify it is working use this, compliments of D May......


# tail -100 /var/log/smtpfront-qmail/current | /usr/local/bin/tai64nlocal


regards,

patrick
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Odd SpamAssassin behaviour