Spamassassin broken??

11 posts / 0 new
Last post
#1 Wed, 11/22/2006 - 07:35
DanLong

Spamassassin broken??

Since DDay for the Spamhaus deadline a particular line of spam has been getting through, but the las t couple of weeks the volume has seemed to grow exponentially. I'm getting over 200 mails on 4 addresses a day now all seemingly coming from the same one or two spammers.

Are these guys that good or is the spamassassin too old? Everytime I go through usermin and click an email "report and delete" the prompt comes up as zero learned. I have spamassassin at level 5 so it's not loose.

anyone else got this problem or a solution?

Wed, 11/22/2006 - 18:01
Joe
Joe's picture

Hey Dan,

Sounds like maybe the training isn't working as it should.

I'll ask Jamie to drop in on this thread.

I've also noticed a lot of extra spam lately--particularly random image pump and dump stock spam. I dunno what to do about it...the spammers are definitely getting much more technically savvy. We're considering some other spam filtering packages for inclusion (CRM-114 has been recommended very highly, though it only gets really good with training, while SA is actually pretty good even with no training).

--

Check out the forum guidelines!

Wed, 11/22/2006 - 19:31
Joe
Joe's picture

Hi Dan,
Spam load is unfortunately way up lately - I've seen an increase myself, and the spammers are actively avoiding filters with junk text in messages. Greylisting is one possible solution, but Webmin/Virtualmin can't yet set it up automatically..

Reporting mail as spam should work though, unless you try to report a message that is already known to the spam DBs. Do you get any other error message when reporting?

--

Check out the forum guidelines!

Thu, 11/23/2006 - 20:07
BillClune

hands down this is the best solution.
www.roaringpenguin.com it is not free but the spam ENDS!!
many of my customers have gone from hunderds a day each to 2 a
week.

Thu, 11/23/2006 - 20:29
DanLong

That may be the case but we still want to stay yummy here. Besides a visit to the website doesn't give a great deal of information to indicate this solution is even dealing with the current outbreak.

As noted, VMPro on CentOS 3.7 is currently at Spamassassin 2.55 and the current version is 3.17 which may be enough to fix the problem as it is. Hopefully the upgrade to CentOS 3.8 will help that.

I fear this is more of a spam solicitation in itself :-(

Thu, 11/30/2006 - 20:22
DanLong

Hi Joe,
After further review spamassassin is broken, and on these host probably never worked. I realized there are no Spamassassin headers on the emails meaning it probably isn't getting read. All the settings seem to be correct and the spamd fires but the amavisd is nowhere to be found. But then I can't find any razor or Pyzor files around.

How do I check to see if it's running and if it's reading mail?

Thu, 11/30/2006 - 22:54 (Reply to #6)
Joe
Joe's picture

Hey Dan,

amavisd is not used by Virtualmin Professional. We use procmail for all mail processing.

But, if you're not getting SA headers, then something is definitely going astray. razor and pyzor are not currently installed or configured by Virtualmin.

There is a spamassassin test string that will always get filtered...I won't include it here, since it would lead to users who receive forum posts via email to end up with somewhat goofy bayes data.

Here's the link:

http://spamassassin.apache.org/gtube/

What's in your maillog when you send a message to one of your accounts? We're looking for delivery to procmail-wrapper, along with a few variables. From there, it's possible to crank up logging in procmail to see what it does with the mail once it sees it.

--

Check out the forum guidelines!

Fri, 12/01/2006 - 09:36
DanLong

Hi joe,

Remember I changed over to Sendmail over the summer. I now, created a test mail account that gets delivered to regardless of Procmail settings while using the GTUBE:

to= , delay=00:00:01, xdelay=00:00:00, mailer=local, pri=32828, dsn=2.0.0, stat=Sent

I even set procmail to forward the email instead of deleting but it still get delivered to the mailbox

Fri, 12/01/2006 - 22:58
DanLong

Hi Joe,

Methinks we might have found a bug. When I was setting up a new template I found a spam setting I don't recall. A choice between spam assassin standalone or spam assassin as a client. It had been set to stndalone so I moved it to client and the email account says spam filtering has been disabled in red. But lo and behold, it's processing the spam headers and filtering the spam.

Sat, 12/02/2006 - 10:28
DanLong

Well, now that I've hashed and rehashed this out, I do have filtering occuring to some degree.

I moved the domain that was getting hit so bad to the Slack server and got back to a reasonable amount of spam slippage. Over night I moved the domain back to the VM server and it is now resolving along with getting the spam back ( though reviewed by SA now), just not as many at once. Apparently the old version 2.55 on my machine isn't cutting it anymore having just moved off the other machine with SA 3.10.

Is there a chance for an SA upgrade or is that a CentOS 3x issue?

Thanks,
Dan

Sat, 12/02/2006 - 12:23
Joe
Joe's picture

There is a bug in the current version of Virtualmin, which causes it to display that warning about spam filtering being disabled when a user is close to his quota, even when spamc is used. I will fix this in the next release, as filtering only fails when using the standalone spamassassin program.

--

Check out the forum guidelines!