Getting tons of spam with negative scores

Discussion in 'Installation/Configuration' started by unsichtbare, Dec 9, 2008.

  1. unsichtbare

    unsichtbare Member HowtoForge Supporter

    It seems like the volume of spam on my server is up about 400% in the last couple weeks. Here's what the headers look like:
    Code:
    X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
	clients1.azwebdesigns.com
X-Spam-Level: 
X-Spam-Status: No, score=-87.3 required=5.0 tests=BAYES_50,
	HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,
	MIME_HTML_ONLY,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,
	URIBL_JP_SURBL,URIBL_SBL,URIBL_WS_SURBL,USER_IN_WHITELIST autolearn=no
	version=3.2.4
    How can I filter this?

    -J
     
    unsichtbare, Dec 9, 2008
    #1
  2. chipsafts

    chipsafts New Member

    adjust the SA configuration so that it gives you the test results as well as which tests returned values.
    Than figure out from there which test scores are out of whack
     
    chipsafts, Dec 9, 2008
    #2
  3. topdog

    topdog Active Member

    It could be bayes poisoning you need to dump your bayes database and also check this rule USER_IN_WHITELIST it could be reversing the score on all the other rules.
     
    topdog, Dec 10, 2008
    #3
  4. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Sounds great! How do I dump the DB? Is: /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf the correct path to adjust SpamAssassin?

    -J
     
    unsichtbare, Dec 12, 2008
    #4
  5. chipsafts

    chipsafts New Member

    installing webmin from www.webmin.com will probably help you quite a bit with the SA data and configurations.
     
    chipsafts, Dec 15, 2008
    #5
  6. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Where is the value USER_IN_WHITELIST coming from? I have tried changing my SpamAssasin configuration to no avail, still tons of spam and it is always from a user to that user: from mike to mike

    Thanks for the replies!
    -J

    Code:
    Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
	clients1.azwebdesigns.com
X-Spam-Level: 
X-Spam-Status: No, score=-81.8 required=5.0 tests=BAYES_80,BODY_ENHANCEMENT2,
	HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_XBL,
	RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,
	URIBL_SC_SURBL,USER_IN_WHITELIST autolearn=no version=3.2.4
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: by clients1.azwebdesigns.com (Postfix)
	id EAC891B515E; Mon, 15 Dec 2008 08:38:15 -0700 (MST)
Delivered-To: [email protected]
Received: from 6d5e70435c3a448.domain (unknown [123.8.100.224])
	by clients1.azwebdesigns.com (Postfix) with SMTP id D0B9A1B5150;
	Mon, 15 Dec 2008 08:38:14 -0700 (MST)
To: <[email protected]>
Subject: Discount ID: 2675
From: <[email protected]>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-Id: <[email protected]>
Date: Mon, 15 Dec 2008 08:38:14 -0700 (MST)
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 0.92/8762/Mon Dec 15 07:57:35 2008
     
    unsichtbare, Dec 16, 2008
    #6

Share This Page