Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: dave simmons on March 31, 2014, 12:03:09 PM
-
In the last couple of weeks the amount of incoming spam getting passed through our server has increased noticeably. By this I mean that users are receiving spam from senders which used to be blocked by the spam filter.
I have looked in the junkmail folders and there are examples of the same sort of mail from the same sender which used to score 6 or more (spam level is set at 5 in server-manager) and which are now scoring 0.4 - 0.6
Server is 8 without extra contribs, all updates applied.
Not a big problem, but has anyone else noticed this? What could have changed? Or is it something the spammers have changed?
Edit: I've been looking in the documentation to see how I can block particular domains (all the spam is coming from 3 domains). It's not clear to me how to do this.
I've also seen the Email Whitelist/Blacklist contrib but note that it is no longer supported so haven't wanted to risk installing.
If someone could post the correct syntax to block all mail from a domain, I would be very grateful :)
-
For what it's worth -
I've (twice in 10 - 12 years) seen an improvement in spam filtering after deleting the bayes database and letting it rebuild -- presumably due to some sort of bayes poisoning.
Other than that, I've recently (the last 6 - 12 months) seen an increase in SPAM with correct SPF and DKIM information -- presumably relayed by a spammer through a "real" mail server that's been compromised.
And, if you haven't done so recently you may want to review your RBL List selections - some of the servers that are configured by default in SME 8 are no longer active.
-
where is the bayes database located? looking to delete it, but don't know where it is.
TAI
Bob
-
Check your bayes stats using:
sa-learn --dump magic
The database is in /var/spool/spamd/.spamassassin/bayes
Turn bayes OFF , delete your database, create an empty database, and turn bayes back on: config setprop spamassassin UseBayes 0
signal-event email-update
#
'rm' /var/spool/spamd/.spamassassin/bayes*
config setprop spamassassin UseBayes 1
expand-template /etc/mail/spamassassin/local.cf
sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
chmod 640 /var/spool/spamd/.spamassassin/bayes_*
signal-event email-update
Note: I don't know if all of the 'disable'/'recreate'/'enable' stuff is necessary, and I haven't tested this exact command.
Most of the above command was taken from http://wiki.contribs.org/Email#Bayesian_Autolearning
-
Thanks. Now i will wait and see what happens
-
dave simmons
I've also seen the Email Whitelist/Blacklist contrib but note that it is no longer supported so haven't wanted to risk installing.
The Email WBL contrib installs OK on sme8 or 8.1.
It's effectiveness has been reduced somewhat by changes/improvements in sme server, but you can still use it safely & it may assist you to reduce the spam by blocking certain groups of senders etc.
Edit: Remember this contrib is just a GUI interface to the config files that exist in sme server, so you can change these files directly at the command line followed by signal-event email-update or signal-event post-upgrade,signal-event reboot.
Looking at http://wiki.contribs.org/Email_Whitelist-Blacklist_Control
You are probably wanting to edit the qmail badmailfrom file
which is located at
/var/qmail/control/...
edit it to include
@spamdomain.com
one entry per line
end of edit:
Remember it's a game of cat chasing the dog or dog chasing the cat, you block & spammers change their tactics etc, but the WBL contrib can help if you want to do the chasing. These comments apply to any type of blocking mechanism.
Also look at this
http://wiki.contribs.org/SME_Server:Documentation:FAQ:Section05#Block_incoming_IP_address
-
The situation has improved greatly after following mmccarns' instructions.
Thanks to all