Topic: Sudden SPAM increase - due to updates, general increase of SPAM, or just me?

[judgej]

I am trying to get to the bottom of a huge increase in spam getting through my SME server over the last few weeks.

I applied the latest updates a few weeks ago, and spam getting through has increased from a trickle to a hundred a day. Roughly the same amount of spam seems to be arriving at the server.

The last time this happened, it was something in an update that broke the spam filter, and a manual fix was needed until a proper fix was released. Maybe this has happened here, maybe the updates are a coincidence?

So - my question is, is it just me, or has anyone else noticed this? I raised a bug - http://bugs.contribs.org/show_bug.cgi?id=3865 - and will log any findings on that.

[ScottieDog]

I have also noticed a substantial increase in SPAM. Has this been resolved yet ?

[raem]

judgej

I raised a bug - http://bugs.contribs.org/show_bug.cgi?id=3865 - and will log any findings on that.

Whats the point of lodging a bug report if you don't follow up with information as requested on 15 Feb 2008 by chris burnat ?
ie
config show qpsmtpd

If the problem is resolved then please report that to the same bug report,so the bug can be closed.

[raem]

ScottieDog

I have also noticed a substantial increase in SPAM.

Spammers are constantly changing their tactics, so you may need to tweak settings to suit or perhaps your current settings are not correct/appropriate.
What does this command show ?
config show qpsmtpd

[JensK]

I have the same problem. Since 7.3 update (i believe) i have had an enormous increase in the amount of spam in the main mailfolder. They are not detected as spam and sorted to the junkmailfolder.

I have noticed that even mails with the inserted string *SPAM* in the header sometimes shows up in the normal folders of the mailboxes and thus is not sorted into the junkmail folder.

config show qpsmtpd shows:

Code: [Select]

qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=sbl-xbl.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=dsn.rfc-ignorant.org
    access=public
    qplogsumm=disabled
    status=enabled

What do I do to stop spam from getting into the normal folders of the mailbox?

[raem]

JensK

Looking at your settings, RBL spam blocking is not enabled (which it is not by default), so I suggest you enable that as a minimum.
You will see a huge reduction in spam.
The spamhaus list name has changed slightly too.
See
http://wiki.contribs.org/index.php?title=SME_Server:Documentation:Technical_Manual:Booklet#Email
and
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers
and
http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers

Be careful if you add more lists, as some are agressive and you will end up blocking legitimate emails.

As a minimal implementation do:

config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update

What do I do to stop spam from getting into the normal folders of the mailbox?

This will depend on your spam filter (spamassassin) settings.
By default this is not enabled.

Show output of
config show spamassassin

This can be configured in server manager Email panel, I suggest you choose Custom, and create conservative settings similar to these, adjust to suit your preferences.

spamassassin=service
    BayesAutoLearnThresholdNonspam=0.10
    BayesAutoLearnThresholdSpam=4.00
    DNSAvailable=yes
    MessageRetentionTime=35
    OkLanguages=all
    OkLocales=all
    RejectLevel=14
    ReportSafe=0
    Sensitivity=custom
    SkipRBLChecks=0
    SortSpam=enabled
    Subject=[SPAM]
    SubjectTag=disabled
    TagLevel=4
    UseBayes=1
    status=enabled

Also see
http://wiki.contribs.org/Email#Setup_Blacklists_.26_Bayesian_Autolearning
and
http://wiki.contribs.org/Email#The_entire_Sonoracomm_howto_from_Google.27s_text_cache


After you do all the above, you should see a very small amount of spam.

[ScottieDog]

Ray,

Thanks for the previous post. I will try this on my server as well. Should I still log information in the bug tracker ?

[raem]

ScottieDog

Should I still log information in the bug tracker ?

I think your issue is likely to be misconfiguration rather than a bug, but first show the output of
config show spamassassin

before you make any changes !

[cactus]

Should I still log information in the bug tracker ?

IMHO that is the only place where you should discuss this issue. If you fail to follow-up instructions in the bugtracker the ball is in your court and opening a forum thread instead is certainly not the right option, you should simply have provied the reuqested information in the bug report.

Opening a thread in the forums will shatter information (or people willing to help out as well as future readers having perhaps the same issue.

Is therefore suggest closing this thread and continuing in before mentioned bug report.

[raem]

cactus

judgej was the original poster from a month ago and he was the one who failed to follow up in the bugtracker.

Scottiedog & JensK are new (today) posters.

JensK at least, clearly has some user configuration issues (eg RBL not enabled) so would be likely to receive a lot of spam without there being any bug.

Troubleshooting using the two commands mentioned are really a minimal level of support to determine if there are user configuration issues, or not.

If that identifies user configuration errors, then the issue is fixed. If that shows no apparent user issues, then by all means head off to the bugtracker.

Is it necessary to assume every question has to be a bug, when clearly user error or ignorance is involved in many cases ?

[cactus]

judgej was the original poster from a month ago and he was the one who failed to follow up in the bugtracker.

Scottiedog & JensK are new (today) posters.

Oops, perhaps too quick with my replies...

[ScottieDog]

Cactus & Ray,

Firstly, I have been using SME (e-smith) since version 4, so I don't consider myself to be a "newbie". You will notice from the number of posts, that I rarely participate in forums, as 99% of the time my server runs just fine. I always run the latest update when they are available. The only contrib I have added is for others to have ftp access to their own i-bay. Otherwise I have changed no other settings from a default install.

Inference of user error or ignorance is a bit broad sweeping. Just because I don't sit in front of the forums all day, does not make me ignorant or automatically make errors. You both need to remember forums are exactly that. A means of sharing information. In a prefect world all bug reports would be in bug tracker & every post in the correct location. Then again, in a perfect world nothing would go wrong with the server..  Please be tolerant of users who do not spend 24/7 in front of their SME servers.

Having said all that, your efforts to help fix the problems is appreciated. A mix of skills & interaction is what makes the open-source community so vibrant.

James

[raem]

ScottieDog

Please don't be so touchy and quick to react, you seem to take my words as a personal insult when they are certainly not.

...Otherwise I have changed no other settings from a default install.
....Inference of user error or ignorance is a bit broad sweeping. Just because I don't sit in front of the forums all day, does not make me ignorant or automatically make errors.....
.....Please be tolerant of users who do not spend 24/7 in front of their SME servers.

I don't believe there was any intolerance. No one said you were ignorant or prone to making errors.
As you say, your system is default, and as I said the default settings for sme have RBL off and spam filtering disabled, so it's very easy for any user to have not configured these.
This could have been due to user error (ie wrong choice of setting parameters) or ignorance (ie didn't realise that RBL & spam filtering were off).

The only way to determine that is to ask for output from the db commands mentioned.

[ScottieDog]

Ray,

Point taken. I would be "ignorant" to changes required from a default install that help with the spam issue. Having said that, my issue showed the same as the OP. Spam suddenly increased early 2008 for no apparent reason after installing some of the notified updates.

I will get to the server soon as post results as requested.

James

[JensK]

Hi ray.
Thank you for the reply. I have tried the parameters immediately.

I hope it helps. The big question is how come these settings weren't updates correctly?
/Jens