help with "Re: RX ..."
Hello,I'm running Red Hat EL4 with SA 3.1.4 and postfix/procmail.Since yesterday I moved the mailserver to a new datacenter, and I'm not sure if it's related, but but now I get more spam then ever. The server is connected with 1 NIC on a private subnet and routed via the firewall to the internet, I allready denied access from one local IP with iptables that sended ALOT of spam to my users. Alot of spam still gets properly filtered by SA but some spam manages to get in the inboxes. Mostely messages containing a subject wich starts like Re:RXWhat is the best way to block these kind of spams? My score is 3,0 atm but these spammails hardly get a core higher then 1 I have pasted some more detailed info below from the headers (my IP's and adressess are scrambled for privacy purposes).Thanks for all suggestions!IvagoHeader info+ Return-Path: <[EMAIL PROTECTED] > X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on SOKAHO2.studioo.be X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,FORGED_RCVD_HELO, HTML_MESSAGE autolearn=ham version=3.1.4 X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from kcg-inc.com (ALagny-152-1-35-110.w83-112.abo.wanadoo.fr [83.112.228.110 ]) by mail.studioo.be (Postfix) with SMTP id D55B4103FDC for <[EMAIL PROTECTED]>; Sun, 27 Aug 2006 21:57:30 +0200 (CEST) Received: by 192.168.xxx.64 with SMTP id QTRtOfzW; for <[EMAIL PROTECTED]>; Sun, 27 Aug 2006 12:59:10 -0700 Message-ID: <[EMAIL PROTECTED]> Reply-To: "Hagen Mckechnie" <[EMAIL PROTECTED]> From: "Hagen Mckechnie" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: RXnyhe Date: Sun, 27 Aug 2006 12:59:10 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0001_01C6C9D8.96D1AB40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Status: RO X-UID: 12839 Content-Length: 2363 X-Keywords:
problem with RX subjects
Hello,I'm running RH EL4 with SA 3.1.4 and postfix/procmail.Last week I moved that mailserver to a datacenter and I'm not sure if it's related, but since then I get more spam then ever. The server is now connected with 1 NIC on a 192.168.*.* subnet and routed via a h/w firewall to the internet, but I don't think SA cares about the local IP's anyway?Alot of spam still gets properly filtered by SA but some spam manages to get in the inboxes. Mostely messages containing a subject wich starts like Re:RX and other subjects containint capital RX What is the best way to block these kind of spams? My score is 3,0 atm but these spammails hardly get a core higher then 1I have pasted some more detailed info below from the headers (my IP's and adressess are scrambled for privacy purposes). Thanks for all suggestions!IvagoHeader info+Return-Path: <[EMAIL PROTECTED] >X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on SOKAHO2.removed.beX-Spam-Level:X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,FORGED_RCVD_HELO, HTML_MESSAGE autolearn=ham version=3.1.4 X-Original-To: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED]Received: from kcg-inc.com ( ALagny-152-1-35-110.w83-112.abo.wanadoo.fr [83.112.228.110 ]) by mail.removed.be (Postfix) with SMTP id D55B4103FDC for < [EMAIL PROTECTED]>; Sun, 27 Aug 2006 21:57:30 +0200 (CEST)Received: by 192.168.xxx.64 with SMTP id QTRtOfzW; for <[EMAIL PROTECTED]>; Sun, 27 Aug 2006 12:59:10 -0700 Message-ID: <[EMAIL PROTECTED]>Reply-To: "Hagen Mckechnie" <[EMAIL PROTECTED]>From: "Hagen Mckechnie" < [EMAIL PROTECTED]>To: [EMAIL PROTECTED]Subject: Re: RXnyheDate: Sun, 27 Aug 2006 12:59:10 -0700MIME-Version: 1.0Content-Type: multipart/alternative; boundary="=_NextPart_000_0001_01C6C9D8.96D1AB40" X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2800.1106X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106Status: ROX-UID: 12839Content-Length: 2363X-Keywords:
procmailrc question
Hi all, i''ve been using spamassassin for over a year now and I'm really happy with this solution. At he moment my maximum SA score is 3.0 and this seems to stop 99% of spam without marking wanted mail as spam. Now I get like +200 mails in my spam folder marked as [SPAM] but would like to delete these mails instead of filtering them in a folder, so I poked around with my .procmailrc but it doesn't seem to work OK. This is spam delete option would be only for me and not for other people using the mailserver so I have this in my /home/ivago/.procmailrc file: MAILDIR=$HOME/Mail LOGFILE=$HOME/Mail/log :0: * ^X-Spam-Status: Yes Spam :0: * ^Subject:.*\<[SPAM]\> /dev/null I just added the 3 last lines as seen on a webpage but it doesn't work, any suggestions what I exactely need to put in there? kind regards, ivago
blacklisting
Hi, I'm trying to blacklist some domians who sent me spam, I added following lines in local.cf like I do to whitelist a domain. whitelist_from_rcvd [EMAIL PROTECTED] vsko.be whitelist_from_rcvd [EMAIL PROTECTED] vlhorb.be whitelist_from_rcvd [EMAIL PROTECTED] omcdgent.be blacklist_from_rcvd [EMAIL PROTECTED] but I keep getting spam from those 2 blacklisted domains. Any suggestions for the syntax? kind regards, ivago
Re: blacklisting
*EVERY* time you edit your config files, run spamassassin --lint. It should run quietly and just exit if all is well. If there's a problem parsing your config, it will print a message to that effect. so I added blacklist_from [EMAIL PROTECTED] to my local.cf and ran 'spamassassin -lint' but I got following warning and killed the program with CTRL-C after 10' cause nothing else happened. Is this normal behaviour? [11325] warn: The -l option has been deprecated and is no longer supported, ignoring. so I just did a 'spamassassin]# /etc/init.d/spamassassin restart' wich also adapts the changes made in local.cf kind regards, ivago PS My spamassassin version is 3.1.7
block subject + subdomain
Hello, I have 2 kinds of spam that still gets through with a 3.0 score setup. - the first kind of spam is with subject that contain RX and is mostly like a reply so 'Re:blahblahRXblah' It does come from different smtp servers so denying the host is not an option. - the second kind of spam that still gets through is mail from [EMAIL PROTECTED] So the SUBdomain changes but the main domain is emv1.net , I allready blaclisted those subdomains in my rc.local but can I also use a wildcard? Now I just blacklist each subdomain like: blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] thanks in advance for all suggestions! ivago
Re: Drug spam, some caught some not - none caught by drug rules
On Fri, 26 Jan 2007, Jim Maul wrote: > Those are the DEFAULT rules. Do not add/remove/modify anything in this > folder. > > custom rules go in /etc/mail/spamassassin/ So basicly you just need to 'cd /etc/mail/spamassissin' and 'wget http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf' into this folder and restart spamassissin? or do I need to refer to his KAM.cf file in local.cf or something so SA knows it's there? kind regards, ivago
Re: An lot of these messages getting through
2007/3/30, Bill Randle <[EMAIL PROTECTED]>: Yes, I created them by hand. -Bill Bill, do we need to add these lines in local.cf? at the moment I just add every domainname of every stock mail that gets in my inbox but that's not really working great blacklist_from *altimawebsystems.com blacklist_from *ngt.net blacklist_from *ntertops.com blacklist_from *orientalimage.com blacklist_from *quipusbolivia.org blacklist_from *capitalmonitor.com blacklist_from *cbmpos.com blacklist_from *gloverstamp.com blacklist_from *netearth.net blacklist_from *hanryu.com grtz, divago ps I was wondering if these spammers are also subscribed to this list? cuz it's quite easy like this for them to see wich methods are the most efficient ... at least for some time :)
