Topic: Spam Filtering missing some type of new spam

[rexgaylord]

It may just be a coincidence, but since upgrading to 7.2, my incidence of spam seems to have gone sky high to aliases that I never use, but the spammers seem to be able to query my box for users and aliases some how.  These spam messages are coming in with 0 hits, see below:

X-Spam-Status: No, hits=0.0 required=5.0
   tests=

Mail filtering does seem to still be working though.  See he header info below:

X-Spam-Status: Yes, hits=7.4 required=5.0
   tests=FUZZY_OCR,SARE_GIF_ATTACH
X-Spam-Flag: YES


Is anybody else seeing this and have any suggestions?

[sgt-spam]

We're seeing a LARGE increase in spam also.

Mainly PDF attachment garbage, but other image-based messages too.

I try to keep up with the updates, but lately when I do an update and the system requests the reboot to reconfigure, it doesn't seem to update anything.  I still get the same packages available for update email...

I've not filed anything in the bug tracker.

There is at least one other spam related message in the forum here - not sure if that person filed a bug report either.

[mmccarn]

Many of my clients - with and without SME servers - have been seeing significant increases the the amount of SPAM that is bypassing their spam filters.

I found that training the bayes filters using the LearnAsSpam.pl script eliminated most of the spam after a day or two of carefully training the bayes filters for these new spams.

More on LearnAsSpam.pl: http://bugs.contribs.org/show_bug.cgi?id=1701

[rexgaylord]

Somebody had opened up a bug and I added to it, but it was suggested that the problem may be related to the servers that had the fuzzy_ocr contrib prior to it being implemented in the main 7.2 distro and occurs after the upgrade.  I backed up my server, did a fresh 7.2 install and restored my data and the problem with spam went away.  I suggested the bug be closed and then about 2 days later the problem returned.  The about 2 days ago I saw a yum update install related to spamassassin and the problem was resolved again.  Nothing else in Bugzilla about it since 7/27.

[rexgaylord]

The yum updates that I installed when problem went away again were:

perl-MailTools.noarch                    1.77-1.el4.centos      smeupdates      
spamassassin.i386                        3.2.2-42.el4           smeupdates

[Amir Inbar]

The last 2 days many of my clients had received a HUGE amount of spam - some have the fuzzyocr plugin installed and some don't.
Some of them are using 7.2 and some 7.1.3

What is going on ?
Is the spam assassin module working or is there a bug ?
How can i prevent those enormous amounts of spam to reach my clients ?
Teaching a server what message IS spam and what is NOT is not an option since there are many servers and editing spam list manually each time a spam epidemic is bursting is not quite practical.

Any solution will be much appreciated !

Thank you,

Amir

[kevinb]

I am just starting to prepare some tests to this effect.

I have two machines (7.2 and up-to-date) with nearly identical contribs. On one the SA does not block my three spam test emails (luckily they use Thunderbird and it does a good job with the spam). On the other the white list does not work (they use webmail and are getting hammered with spam). Virus filtering on both boxes works fine.

Kevin

[Amir Inbar]

OK

Done some reading (RTFM).
It appears that "RHSBL is disabled by default in SME!" - that means that the Right-Hand Side Black Lists are not being checked against the mail senders or domains thus enabling spam that SA is not recognizing as spam to go through.
I have enabled those lists by :

config delprop qpsmtpd SBLList
config setprop qpsmtpd SBLList bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com\
:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com\
:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org\
:blackhole.securitysage.com
signal-event email-update

and all seems to be fine now.

I have also apply the IP address matching for the black lists (DNSBL) by :

config delprop qpsmtpd RBLList
config setprop qpsmtpd RBLList bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org\
:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org\
:multihop.dsbl.org:psbl.surriel.com:zen.spamhaus.org
signal-event email-update

Amir

[femc]

I am having the same problems. I had installed :
- sme7.2 yum updated some 2 weeks ago
- fetchmail
- wbl
worked more or less ( not as good as with the 6.01.01 ). Now after a full yum update on 7.9.07 all spam is un-tagged, spam-fitler seems no more to work.

I am considering to go back to 6.01.01 - but just hate it to install an older version

hdmueller

[raem]

femc

see
http://bugs.contribs.org/show_bug.cgi?id=3351

and read it ALL carefully & completely as there are various fixes proposed, and other bugs linked to, that also contain fixes. You need to implement all of the various fixes discussed in 2 or 3 or so different bugs referred to in that thread.

I think there is a seperate issue with fetchmail, so look for bugs reports re that.

[byte]

Now after a full yum update on 7.9.07 all spam is un-tagged, spam-fitler seems no more to work.

As always please report any potential bugs (and have a look in the bug tracker) as there is an issue which is fixed....

http://bugs.contribs.org/show_bug.cgi?id=3206