Topic: Spamfilter seems to have stopped working!

[dave simmons]

Finally got it working again!!

Followed over to the bug forum, saw that it was already reported.

Unfortunately, the config on the server was pretty much screwed, so I couldn't get it going following the advice on the bug forum.  Did a fresh install and it works.

One question - if any of the technical guys are still following this link - I have been following the log of spamassassin, and I see that there are spams coming supposedly from our domain.  I can see they're not really coming from our domain (unknown IP address and .ru domain extension).  My question is the following - is our domain name in danger of being blacklisted because of this?

I realise that this is not really to do with SME but I am hoping that someone will still be able to answer. I have looked at spamcop, but there I can only search on IP address (our IP addresses are OK - not listed).

Thanks in advance!

Dave

[raem]

dave

...I see that there are spams coming supposedly from our domain.  I can see they're not really coming from our domain (unknown IP address and .ru domain extension). ....is our domain name in danger of being blacklisted because of this?

Spammers do fake the domain they send from, but the IP is usually real, so spammers who use your domain as their return address won't generally cause your domain to get listed, except perhaps by some overzealous list maintainers.

I believe that it is possible (but more difficult) to fake the IP they send from, so it is possible (although not so common) to get your static IP listed due to spammers activities.
Certainly spammers do use dynamic IPs, to attack & run, which usually results in temporary listing of the IP until it gets delisted. This can cause an inconvenience for users of dynamic IP accounts & it really depends how interested/active ISPs are to stop spammers activities & fix these sort of problems. Many dynamc IPs are listed automatically these days, necessitating the need for sme users with dynamic IP's, to send email via the ISP's smtp server.

The more likely way that your static IP will get listed is due to overzealous list maintainers, who can list your static IP for a variety of reasons. There have been numerous situations where good quality users who do not send spam get listed on "poor quality " lists (eg five-ten).
Spamcop blocks a lot of the big name free email accounts.
So for this reason choose the lists you use carefully, to avoid blocking senders you really want to receive from.

If you do get listed, then you need to request a delisting with that particular list maintainer, which can sometimes take a while. The workaround for this situation is to send your mail via your ISPs smtp server, even if you have a static IP.

Read my old howto, see the section Real Time Blacklist or Blocklist (RBL) Information
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm

[drurydj]

Dave did you get this resolved?  I also had key mismatch.   Updated key and sa-update.

Running SME 7.2 upgraded along the way. 

I have same type of issue..

X-Virus-Checked: Checked by ClamAV on hvacc.net
X-Spam-Status: No, hits=1.4 required=4.0
   tests=SARE_ADULT2

<content removed>

alia harel

[drurydj]

Sorry.  Don't know how to read form (ack).

sv t /service/spamd fixed issue..

Dan

[dave simmons]

I eventually got it resolved by completely reinstalling the machine, and recreating users and re-transferring the website.  I have learned that reinstalling from backup also brings configuration files over, so I did not do that.  For me it wasn't much work - one domain and 6 users.  Of course, if there are many domains/users this could be a nightmare.

The solutions in this post, and also in bug report 3351 did not work for me. This was probably because I was also trying other things I found by searching the net, and that by trying other things I made the problem worse.

A clean reinstall (7.2 CD downloaded , followed by applying all the updates automatically via the server-manager) did not solve the problem - as soon as I created the domain and users, the spam started coming in again.  What I had to do was apply the sa update and import the GPG KEY manually (i.e. via a console session - not via the server-manager web interface).  I HAD activated the spam filter in the server-manager!

Only after I did the sa update manually did the machine start identifying spam correctly.  This means that a freshly-installed SME machine with updates will not filter spam without manual intervention.

***Should I report this as a bug?****

I would also be interested to hear from other users who have had this experience - whether they have been able to sort it out by following the solution either here or in the bug report.

I have a friend who is waiting to apply updates to his server, because the problem only started after we applied the last updates.  Obviously not applying updates is also not a good idea, but he has many more users & domains, and was having a massive problem with spam before moving to SME.

Ray Mitchell - if you're still following - what do you suggest regarding applying the updates?  I see a lot of technical discussion in the bug report, but no definite resolution.  

[raem]

dave

what do you suggest regarding applying the updates?  I see a lot of technical discussion in the bug report, but no definite resolution.

Read my earlier posts Reply #71 & #74, I think it's pretty clear what to do if you read those.
Of course you should apply updates, they are released to fix issues.
The fix looks to be one of either manually doing the combination of an sa_update & restart spamd, or restart spamd only, and the best way of achieving this is being looked at.

The issue appears to be identified although not yet conclusively, that's why you need to report any further observations or experiences to the bug tracker. Your feedback is important to help resolve the bug.
Please do so, and stop reporting the issue here, the developers are the people who fix the bugs and they are not reading these forum posts, but they are reading the bug reports.

Is that understandable ?

[raem]

dave

A clean reinstall (7.2 CD)... I HAD activated the spam filter.... Only after I did the sa update manually did the machine start identifying spam correctly....

The following comments are seperate to the bug issue being discussed here.
You make no mention of enabling DNS/RBL lists on your freshly installed sme7.2
If you don't enable RBL's & you have enabled the spam filter, then your server will be quite busy processing all the spam emails using spamassassin.
If you enable RBL's then many of those spam emails will be rejected by the smtp server ie your system won't accept them, thus giving spamassassin & your processor & memory a lot less work to do.
Enabling conservative RBL lists is highly recommended. I'm sure the instructions are in the FAQ or manual.

[chris burnat]

"Enabling conservative RBL lists is highly recommended. I'm sure the instructions are in the FAQ or manual."

Beware:
Conservative RBL are documented in the email section of the FAQ:
http://wiki.contribs.org/Email#Real-time_Blackhole_List_.28RBL.29

A more comprehensive list can be found at:
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers
They are not as conservative, and may not be what you want (as I have found out recently)...

[dave simmons]

Ray

Should I start a new bug report or try to add to the existing bug?

It may be part of the same problem or it may be different.  I don't have enough techical knowledge to know.

P.S.  Should my login for this forum work for the bug report or do I have to also register?  (I've tried with my login and pw for this forum and it didn't seem to work).  I received a mail about reactivation yesterday, and I thought that I had followed the instructions - I can post here .

Sorry if these seem to be stupid questions.

FYI - I don't think I've enabled the DNS/RBL lists, but I'm happy that everythings working.

[raem]

Enabling conservative RBL lists is highly recommended

By conservative I mean
do not enable RHSBL lists, and only enable
DNSBL lists and use zen.spamhaus.org and whois.rfc-ignorant.org

Anything more than that and you are likely to reject mail from legitimate senders.
Read my original howto for background which is a little out of date now with regard to lists ie some are defunct.
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20qpsmtpd%20&%20RBL%20for%20sme%20server.html

config show qpsmtpd

qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=enabled
    Instances=5
    LogLevel=8
    MaxScannerSize=55000000
    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org
    RHSBL=disabled
    RequireResolvableFromHost=yes
    SBLList=dsn.rfc-ignorant.org
    access=public
    status=enabled

[raem]

dave

Add your comments/feedback to the existing bug.
The developers will advise if it is a different bug and suggest that a new bug be opened, if needed.
We are talking about commenting on the same bug referred to in the same bug report so I don't know why you would think to create a new bug report anyway.

Bugzilla has a seperate registration & login requirement, you will need to register a new account with loginame=your email address.

I don't think I've enabled the DNS/RBL lists, but I'm happy that everythings working.

You should enable the ones I have suggested as a minimum, you will be amazed at the reduction in spam that results ie 75 - 95% reduction in practice. See the FAQ or my old howto for the commands to use.