Topic: Image base Spam emails

[piyushjani]

Hi,
We are facing a major problem of  receiving spam emails . We are using spamassassin as spam filter, but my problem is that when a spam message comes with image file attached or embedded into it , spamassassin does not detect it & pass on to user.
Can SME 7.0 help me taking care of these type of problems

Thanks in advance
Piyush Jani

[mmccarn]

I get good results with the procedure outlined in this post: http://forums.contribs.org/index.php?topic=33824.0.

There is also mention in that post of ASSP - you may want to check that out, as it is multi-platform (windows, linux, (os x?)) and is designed to do what I'm forcing SME to do - act as a spam-filtering SMTP gateway.

[CharlieBrady]

There is also mention in that post of ASSP - you may want to check that out, as it is multi-platform (windows, linux, (os x?))

I don't see any advantage with it being multi-platform, and that likely means that it is not optimised for linux.

... and is designed to do what I'm forcing SME to do - act as a spam-filtering SMTP gateway.

That's also exactly what qpsmtpd is designed to do.

I'm not making any criticism of ASSP, but I also haven't been convinced that it has any advantages. Certainly when I first looked at it it had significant problems.

Do you think ASSP should be used rather than qpsmtpd? If so, why?

[piyushjani]

Thanks for your email

I have been to those links of ASSP, and also tried to search for image base spam control. I didn't find it any where  

Does any one has tried using SME for image base spam control. Because in that image words are written , which has not business meaning its all pertaining to sex , durgs & porno.

Thanks & Regards
Piyush Jani

[cactus]

Thanks for your email

I have been to those links of ASSP, and also tried to search for image base spam control. I didn't find it any where  

Does any one has tried using SME for image base spam control. Because in that image words are written , which has not business meaning its all pertaining to sex , durgs & porno.

Thanks & Regards
Piyush Jani

I use spamassassin with Bayes filtering and it fights image based spam pretty good after the usual learning curve. To speed up the learning curve I fed the ASSP spam list to the Bayes filter (I have found the link here on the forum once). I also installed the LearnAsSpam script and also modified a copy for a LearnAsHam script as some spam was falsely detected.

On top of that I have the default RBL servers enabled.

I don't have exact figures but after using it for a few months now I almost receive no spam messages anymore in my mailbox (1 per week tops, and most of the times this one is not an image based SPAM), about of a quarter of mails received on my small mailserver is SPAM of which about half is image based.

Relevant links:

ASSP spam archive: http://easynews.dl.sourceforge.net/sourceforge/assp/asspsmpl-0.1.tgz

More usefull links and information:
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32

[mmccarn]

Do you think ASSP should be used rather than qpsmtpd? If so, why?

I only mentioned ASSP in case piyushjani isn't already using SME -- perhaps, for him, it would be quicker or easier to install ASSP than to setup a SME server...  I have no opinion on the relative merits of qpsmtpd vs. assp as I have never used assp

tried to search for image base spam control

I second cactus's opinion.  I think you'll find (if you look at it) that your "image base spam" is really html formatted email.  If it is really email containing .jpg, .gif, .png or other graphic files, you could simply setup an attachment filter.

Here are 24 Hrs of stats from one of my SME 7 boxes configured as shown in my earlier post (courtesy of the mailstats script).  Note that "Misc.rejected" is artificially inflated due to 5760 smokeping EchoPingSMTP probesevery (20 probes every 5 minutes)

Code: [Select]

RBL rejected                     :      912 ( 11.50%)
Pattern filter rejected          :        0 (  0.00%)
Misc.rejected                    :     6082 ( 76.68%)
Infected by Virus                :       31 (  3.30%)
Spam rejected (over reject level):      139 ( 35.55%)
Spam detected (over tag level)   :      391 ( 41.68%)
Ham detected (under tag level)   :      489 ( 52.13%)
Total emails accepted            :      768 ( 81.88%)
                                 --------------------
Total emails processed           :      938 (   39.08/hr)

[cactus]

tried to search for image base spam control

I second cactus's opinion.  I think you'll find (if you look at it) that your "image base spam" is really html formatted email.  If it is really email containing .jpg, .gif, .png or other graphic files, you could simply setup an attachment filter.

I ment really graphic based spam, no html formatted image-like looking e-mail. The text is really in a graphical representation and is filtered without using attachement filtering as I did not explicitely configure this and I am not aware of it being enabled by default for SME Server.

[cpuffalt]

Hi,
We are facing a major problem of  receiving spam emails . We are using spamassassin as spam filter, but my problem is that when a spam message comes with image file attached or embedded into it , spamassassin does not detect it & pass on to user.
Can SME 7.0 help me taking care of these type of problems

Thanks in advance
Piyush Jani

I've also been suffering from a similar epidemic of image-based spam emails getting past spamassassin.  Someone suggested enabling bayesian filtering and I've had it enabled for some time but due to the random text these spams contain it's ineffective.  

One possible solution might be the FuzzyOcrPlugin.  Has anyone successfully installed this on SME server?

Corey

[gregswallow]

> One possible solution might be the FuzzyOcrPlugin

I google'd and found like what looks to be some Fedora 5 SRPMS for gocr and FuzzyOcr here:
http://mirrors.redwire.net/pub/local-rpms/SRPMS/
(I am guessing because there is a requires: giflib-utils, and that rpm is only in FC5 I think - The same thing is called libungif-progs in CentOS.)
They should be able to be modified a bit and rebuilt for SME7.

Also, the latest version of the FuzzyOcr source code can be found here:
http://www.joval.info/proj/FuzzyOcr.html
(not linked on the Spamasassin page - note that the latest FuzzyOcr version requires spamasasssin 3.1.4 or later, which SME7 doesn't have yet.)

You should add that as a NFR in the bug tracker and mention all this info.  Looks interesting.

[stephen noble]

I'm using maildrop (or procmail) to sort any that gets through spamassassin to junkmail

the following sets up a global rule for all

note the quote marks around the db entry with spaces
and the back slash to escape the forward slash

I also have a rule for
'Content-Type: multipart\/mixed'

# db processmail set 41 pmGlobalRule deliver junkmail criterion 'Content-Type: multipart\/related' basis headers action sort copy no

# db processmail show 41
41=pmGlobalRule
    action=sort
    basis=headers
    criterion=Content-Type: multipart\/related
    deliver=junkmail
    copy no

# signal-event mailsorting-conf

http://www.dungog.net/sme/usermanager.php#proc

[gregswallow]

> You should add that as a NFR in the bug tracker and mention all this info.  Looks interesting.

I made some rpms for FuzzyOcr if anyone wants to try them - bug report is here:
http://bugs.contribs.org/show_bug.cgi?id=1985
Feedback on the bug report please.

[cpuffalt]

Greg,

Thanks for putting those rpms together.  I've installed them on my home server and will let you know how they work...

I've already been noticing spam mails containing animated gifs and garbage in the background so it looks like spammers are already trying to outsmart ocr...we'll see.

Regards,
Corey

[william_syd]

An interesting read.....

http://www.secureworks.com/analysis/spamthru/

[mrjhb3]

Greg,

Thanks for putting those rpms together.  I've installed them on my home server and will let you know how they work...

I've already been noticing spam mails containing animated gifs and garbage in the background so it looks like spammers are already trying to outsmart ocr...we'll see.

Regards,
Corey

Corey,

How has this been working?

John

[gregswallow]

Shad has updated the rpm - try this one (but check that directory for a newer version too):
http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/noarch/FuzzyOcr-3.4.2-1.noarch.rpm

plus..
http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i386/gocr-0.41-3.i386.rpm
and Spamassassin 3.1.7 from atrpms is required, and the perl modules required are from dag (rpmforge).

Feedback on the new rpm to the bug report as well please:
http://bugs.contribs.org/show_bug.cgi?id=1985