Results 1 to 5 of 5
  1. #1
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    SpamAssassin - Somebody Has It Beat?
    Today Spam on one of my email accounts has gone crazy wild. With SpamAssasin set to 5 I have been real happy with only a few getting around. This morning they are getting buy in droves. Anybody seeing a sudden up tick? I hope we don't have a PC generating all this.


  2. #2
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    There's a number of things that can cause this and most are related to your settings / configuration choices. Not all of these are under your control, depending on your hosting company / situation. If your host has a forum, best to check their first.

    I use SA (at 7 kill), among other things, and all is fine here.

  3. #3
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by Donuts
    There's a number of things that can cause this and most are related to your settings
    I did notice a setting that needing change. We are on a cPanel VPS and I had marked my email to "forward" instead of "discard" under the Set Default Address settings.

    This will at least keep the server from holding all those emails aimed at a domain where the username is made up like guessing@mydomain.com. I know it's not the answer to my problem but it's a step.
    I use SA (at 7 kill), among other things, and all is fine here.
    The messages that are getting through are not receiving a SA spam score so setting to 1 wouldn't stop them. That is the reason it seams someone has devised a work around for SA. There was over 2000 in the server spam box that SA had done a good job on, but yesterday there was a big jump in those that got through and they had all the obvious clues visible. Checking the headers showed that SA hadn't scored them at all.


  4. #4
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    If your VPS hosting gives you access to your WHM (or virtual issuing and control mechanisms, one layer up from your cPanels), check your RBL settings to see if you can screen your incoming at the SMTP level, avoid the Spam Assassin (SA) processing overhead and the space on your drive space. See the next paragraph's link to feel good about picking your best RBLs for RBL-based spam dumping, knowing you won't be flushing false positives much at all.

    If your VPS hosting doesn't give you WHM access (but does still allow you to configure your SA settings), bump the RBL scoring up, within your SA, regarding the RBLs you trust most, to get as much spam screened and dumped. Most RBL scoring is defaulted to 2.0 within SA, so even two positive RBLs only takes your SA score to 4.0, where you've said you've got your kill set at 5.0. Regarding RBL trustworthiness, see this resource:
    http://stats.dnsbl.com/

    SA also has a setting for minimum message size to check, usually defaulted to 200 chars. If you're getting a lot of spam in that has no SA scoring, and if these are messages with short character counts, configure that min size down some, to 100-150 range or lower, to enable (or bump up scoring on) RBL blocking to kill them regardless of intentionally short length. The big spammers know to keep it short to get in under the typical min message size threshholds, most of them can be RBL nuked, if scoring can be applied. If the problem remains, for short messages, after enabling RBL blocking (or if you're unable to RBL them out because your host doesn't allow you to control RBL settings), you can lower the minimum size if your host gives you access to your SA settings (or if you control the WHM that drives your SA). But, in that case, realize that short messages have less to grade, so therefore more spam is more easily missed as being marked as such, in which case you need to learn the ins and outs of SA better to make certain criteria more heavily weighted, so that things that can be detected and scored, to get the job done well for you.

    It was very worth the learning time for me, I hope it works out that way for you as well.

    No matter what comes, best of luck with it all.

    And 1,000 painful, simultaneous hemorrhoids wished on all spammers, who deserve a few bee stings right there too.

  5. #5
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by Donuts
    If your VPS hosting gives you access to your WHM (or virtual issuing and control mechanisms, one layer up from your cPanels), check your RBL settings to see if you can screen your incoming at the SMTP level, avoid the Spam Assassin (SA) processing overhead and the space on your drive space.
    I do have WHM control and couldn't find anything in the way of settings for RBL at first. A little search and found that it's tied in with Exim, and as you suggested I had better do a little studying before changing those settings. That looks like some powerful stuff, and I do see the SA settings. Max size is 200 just as you said.
    Thanks for the help--


  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. You Might As Well Beat Me Up Too!!!
    By teksun in forum Starting an Affiliate Program & Merchant Q&A
    Replies: 9
    Last Post: January 3rd, 2006, 05:48 PM
  2. And the beat goes on..
    By Orbitzgrrl in forum Virtual Family and Off-Topic
    Replies: 4
    Last Post: November 14th, 2003, 08:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •