Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: judgej on February 06, 2008, 03:09:39 PM
-
I am trying to get to the bottom of a huge increase in spam getting through my SME server over the last few weeks.
I applied the latest updates a few weeks ago, and spam getting through has increased from a trickle to a hundred a day. Roughly the same amount of spam seems to be arriving at the server.
The last time this happened, it was something in an update that broke the spam filter, and a manual fix was needed until a proper fix was released. Maybe this has happened here, maybe the updates are a coincidence?
So - my question is, is it just me, or has anyone else noticed this? I raised a bug - http://bugs.contribs.org/show_bug.cgi?id=3865 - and will log any findings on that.
-
I have also noticed a substantial increase in SPAM. Has this been resolved yet ?
-
judgej
I raised a bug - http://bugs.contribs.org/show_bug.cgi?id=3865 - and will log any findings on that.
Whats the point of lodging a bug report if you don't follow up with information as requested on 15 Feb 2008 by chris burnat ?
ie
config show qpsmtpd
If the problem is resolved then please report that to the same bug report,so the bug can be closed.
-
ScottieDog
I have also noticed a substantial increase in SPAM.
Spammers are constantly changing their tactics, so you may need to tweak settings to suit or perhaps your current settings are not correct/appropriate.
What does this command show ?
config show qpsmtpd
-
I have the same problem. Since 7.3 update (i believe) i have had an enormous increase in the amount of spam in the main mailfolder. They are not detected as spam and sorted to the junkmailfolder.
I have noticed that even mails with the inserted string *SPAM* in the header sometimes shows up in the normal folders of the mailboxes and thus is not sorted into the junkmail folder.
config show qpsmtpd shows:
qpsmtpd=service
Bcc=disabled
BccMode=cc
BccUser=maillog
DNSBL=disabled
LogLevel=8
MaxScannerSize=25000000
RBLList=sbl-xbl.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
RHSBL=disabled
RequireResolvableFromHost=no
SBLList=dsn.rfc-ignorant.org
access=public
qplogsumm=disabled
status=enabled
What do I do to stop spam from getting into the normal folders of the mailbox?
-
JensK
Looking at your settings, RBL spam blocking is not enabled (which it is not by default), so I suggest you enable that as a minimum.
You will see a huge reduction in spam.
The spamhaus list name has changed slightly too.
See
http://wiki.contribs.org/index.php?title=SME_Server:Documentation:Technical_Manual:Booklet#Email
and
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers
and
http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers
Be careful if you add more lists, as some are agressive and you will end up blocking legitimate emails.
As a minimal implementation do:
config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update
What do I do to stop spam from getting into the normal folders of the mailbox?
This will depend on your spam filter (spamassassin) settings.
By default this is not enabled.
Show output of
config show spamassassin
This can be configured in server manager Email panel, I suggest you choose Custom, and create conservative settings similar to these, adjust to suit your preferences.
spamassassin=service
BayesAutoLearnThresholdNonspam=0.10
BayesAutoLearnThresholdSpam=4.00
DNSAvailable=yes
MessageRetentionTime=35
OkLanguages=all
OkLocales=all
RejectLevel=14
ReportSafe=0
Sensitivity=custom
SkipRBLChecks=0
SortSpam=enabled
Subject=[SPAM]
SubjectTag=disabled
TagLevel=4
UseBayes=1
status=enabled
Also see
http://wiki.contribs.org/Email#Setup_Blacklists_.26_Bayesian_Autolearning
and
http://wiki.contribs.org/Email#The_entire_Sonoracomm_howto_from_Google.27s_text_cache
After you do all the above, you should see a very small amount of spam.
-
Ray,
Thanks for the previous post. I will try this on my server as well. Should I still log information in the bug tracker ?
-
ScottieDog
Should I still log information in the bug tracker ?
I think your issue is likely to be misconfiguration rather than a bug, but first show the output of
config show spamassassin
before you make any changes !
-
Should I still log information in the bug tracker ?
IMHO that is the only place where you should discuss this issue. If you fail to follow-up instructions in the bugtracker the ball is in your court and opening a forum thread instead is certainly not the right option, you should simply have provied the reuqested information in the bug report.
Opening a thread in the forums will shatter information (or people willing to help out as well as future readers having perhaps the same issue.
Is therefore suggest closing this thread and continuing in before mentioned bug report.
-
cactus
judgej was the original poster from a month ago and he was the one who failed to follow up in the bugtracker.
Scottiedog & JensK are new (today) posters.
JensK at least, clearly has some user configuration issues (eg RBL not enabled) so would be likely to receive a lot of spam without there being any bug.
Troubleshooting using the two commands mentioned are really a minimal level of support to determine if there are user configuration issues, or not.
If that identifies user configuration errors, then the issue is fixed. If that shows no apparent user issues, then by all means head off to the bugtracker.
Is it necessary to assume every question has to be a bug, when clearly user error or ignorance is involved in many cases ?
-
judgej was the original poster from a month ago and he was the one who failed to follow up in the bugtracker.
Scottiedog & JensK are new (today) posters.
Oops, perhaps too quick with my replies...
-
Cactus & Ray,
Firstly, I have been using SME (e-smith) since version 4, so I don't consider myself to be a "newbie". You will notice from the number of posts, that I rarely participate in forums, as 99% of the time my server runs just fine. I always run the latest update when they are available. The only contrib I have added is for others to have ftp access to their own i-bay. Otherwise I have changed no other settings from a default install.
Inference of user error or ignorance is a bit broad sweeping. Just because I don't sit in front of the forums all day, does not make me ignorant or automatically make errors. You both need to remember forums are exactly that. A means of sharing information. In a prefect world all bug reports would be in bug tracker & every post in the correct location. Then again, in a perfect world nothing would go wrong with the server.. Please be tolerant of users who do not spend 24/7 in front of their SME servers.
Having said all that, your efforts to help fix the problems is appreciated. A mix of skills & interaction is what makes the open-source community so vibrant.
James
-
ScottieDog
Please don't be so touchy and quick to react, you seem to take my words as a personal insult when they are certainly not.
...Otherwise I have changed no other settings from a default install.
....Inference of user error or ignorance is a bit broad sweeping. Just because I don't sit in front of the forums all day, does not make me ignorant or automatically make errors.....
.....Please be tolerant of users who do not spend 24/7 in front of their SME servers.
I don't believe there was any intolerance. No one said you were ignorant or prone to making errors.
As you say, your system is default, and as I said the default settings for sme have RBL off and spam filtering disabled, so it's very easy for any user to have not configured these.
This could have been due to user error (ie wrong choice of setting parameters) or ignorance (ie didn't realise that RBL & spam filtering were off).
The only way to determine that is to ask for output from the db commands mentioned.
-
Ray,
Point taken. I would be "ignorant" to changes required from a default install that help with the spam issue. Having said that, my issue showed the same as the OP. Spam suddenly increased early 2008 for no apparent reason after installing some of the notified updates.
I will get to the server soon as post results as requested.
James
-
Hi ray.
Thank you for the reply. I have tried the parameters immediately.
I hope it helps. The big question is how come these settings weren't updates correctly?
/Jens
-
JensK
The big question is how come these settings weren't updates correctly?
Most/all user settings in sme are not changed when updates occur.
The default installation from CD does not enable RBL or spam filtering, the admin user needs to make these changes either by command line (for RBL) or via server manager (for spam filter).
That's the way it is, some people do not want these enabled as default, so the developers felt it wiser to leave them disabled.
The real issue (& probably the most important issue from the developers point of view), is whether the upgrade process directly caused your problems. If so, that implies there is something wrong with the upgrade process & it needs fixing.
As your settings (after the upgrade) do not appear to be any different than a default install, then any issues you have may just be due to coincidental increased spammer activity and your "lack of knowledge/ignorance" of required settings.
Of course if you still have problems after tweaking your system as suggested, then you should report to the bugtracker. There are a number of spam type bugs, some relating to systems that have been upgraded from older sme7 versions and those that have had spam filter additions, so search & read the bugtracker first.
-
Hi Ray.
It seems like the amount of spam in the mail folders (except junkmail) is back to normal. I can se that the seetings in the mailboxes about where to put spam was set to none in stead of junkmail.
I am not certain that it is not me that have done this by error. My server is a family server that has been running and upgraded since version e-smith 4.x
That you for the continuing commitment to delevelop and document contrib.org/sme
/jensk
-
Ray,
Ran "show config qpsmtpd" on my server. Results the same as JensK. I followed your instructions in Post # 5 for the first part.
Server showed default settings for "show config spamassassin". I tried following your instructions, but could not see how to change all the settings. When running "show config spamassassin", this is my current config.
spamassassin=service
DNSAvailable=yes
MessageRententionTime=90
OkLanguages=all
OkLocales=all
RejectLevel=14
ReportSafe=0
Sensitivity=custom
SkipRBLChecks=0
SortSpam=enabled
Subject=[SPAM]
SubjectTag=enabled
TagLevel=4
UseBayes=0
Status=enabled
Can you advise where I have gone wrong.
James
-
ScottieDog
Ran "show config qpsmtpd" on my server.
I think you mean
config show qpsmtpd
Results the same as JensK. I followed your instructions in Post # 5 for the first part.
I assume that means you did
config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update
OK then.
I tried following your instructions, but could not see how to change all the settings.
RejectLevel=14
TagLevel=4
UseBayes=0
Can you advise where I have gone wrong.
The settings you have look OK, the spam filter is enabled with conservative settings to totally reject messages with a score of 14 or higher, and move messages with a score of from 4 to <14 to the junkmail folder.
As far as the Bayes setting is concerned, you need to manually implement that add on using the Sonoraccom Howto
Also see
http://wiki.contribs.org/Email#Setup_Blacklists_.26_Bayesian_Autolearning
and
http://wiki.contribs.org/Email#The_entire_Sonoracomm_howto_from_Google.27s_text_cache
It's best to go straight to the source though
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
There is a db command to alter the retention time for messages in the junkmail folder ie number of days held before they are deleted, see the second link above
db configuration setprop spamassassin MessageRetentionTime 15
signal-event email-update
svc -t /service/qpsmtpd