Results 1 to 5 of 5
April 20th, 2008, 06:52 PM #1SpamAssassin - Somebody Has It Beat?
Today Spam on one of my email accounts has gone crazy wild. With SpamAssasin set to 5 I have been real happy with only a few getting around. This morning they are getting buy in droves. Anybody seeing a sudden up tick? I hope we don't have a PC generating all this.
April 21st, 2008, 09:56 AM #2
There's a number of things that can cause this and most are related to your settings / configuration choices. Not all of these are under your control, depending on your hosting company / situation. If your host has a forum, best to check their first.
I use SA (at 7 kill), among other things, and all is fine here.
April 21st, 2008, 10:59 AM #3Originally Posted by Donuts
This will at least keep the server from holding all those emails aimed at a domain where the username is made up like firstname.lastname@example.org. I know it's not the answer to my problem but it's a step.I use SA (at 7 kill), among other things, and all is fine here.
April 21st, 2008, 05:32 PM #4
If your VPS hosting gives you access to your WHM (or virtual issuing and control mechanisms, one layer up from your cPanels), check your RBL settings to see if you can screen your incoming at the SMTP level, avoid the Spam Assassin (SA) processing overhead and the space on your drive space. See the next paragraph's link to feel good about picking your best RBLs for RBL-based spam dumping, knowing you won't be flushing false positives much at all.
If your VPS hosting doesn't give you WHM access (but does still allow you to configure your SA settings), bump the RBL scoring up, within your SA, regarding the RBLs you trust most, to get as much spam screened and dumped. Most RBL scoring is defaulted to 2.0 within SA, so even two positive RBLs only takes your SA score to 4.0, where you've said you've got your kill set at 5.0. Regarding RBL trustworthiness, see this resource:
SA also has a setting for minimum message size to check, usually defaulted to 200 chars. If you're getting a lot of spam in that has no SA scoring, and if these are messages with short character counts, configure that min size down some, to 100-150 range or lower, to enable (or bump up scoring on) RBL blocking to kill them regardless of intentionally short length. The big spammers know to keep it short to get in under the typical min message size threshholds, most of them can be RBL nuked, if scoring can be applied. If the problem remains, for short messages, after enabling RBL blocking (or if you're unable to RBL them out because your host doesn't allow you to control RBL settings), you can lower the minimum size if your host gives you access to your SA settings (or if you control the WHM that drives your SA). But, in that case, realize that short messages have less to grade, so therefore more spam is more easily missed as being marked as such, in which case you need to learn the ins and outs of SA better to make certain criteria more heavily weighted, so that things that can be detected and scored, to get the job done well for you.
It was very worth the learning time for me, I hope it works out that way for you as well.
No matter what comes, best of luck with it all.
And 1,000 painful, simultaneous hemorrhoids wished on all spammers, who deserve a few bee stings right there too.
April 21st, 2008, 08:43 PM #5Originally Posted by Donuts
Thanks for the help--