Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: spam assassin rules

  1. #1
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default spam assassin rules

    I need help. I just cant seem to get a good handle on the spam. I followed the wiki on spam settings, I added different .cf files to the /opt/zimbra/conf/spamassassin and then restarted zimbra but I cant for the life of me get it to stop viagara emails! They always go to the inbox also, not to the spam folder. Spam is way down since I went thru the wiki, I mean users are now only getting 3 or 4 spams a day compared to 20 or 30 so I know something is working. So, I need to know, if I download a .cf file into the /conf/spam assassin folder if that is the correct place to put it? I am not by any mean a spam assassin or even a zimbra guru so I would love to be able to not have to spend so much time working on this....... What info can I provide that will help figure this out?
    thanks
    Bill B

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Are they emails with a embedded image (flag type) by any chance ? Search the forums for spamassassin and sanesecurity.

  3. #3
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Did you try blocking on word scan for ****** ?

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If you could post a example of one of the emails, including all headers, then I can run it through my setup. I have multiple SPAM blocking techniques in place and will be in a better position to advice.

  5. #5
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Also you might want to tune scores for some rules.

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Until we know what type of SPAM it is very difficult to tune SA scores without the potential of introducing FPs.

  7. #7
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default didnt see replies

    Quote Originally Posted by uxbod View Post
    Until we know what type of SPAM it is very difficult to tune SA scores without the potential of introducing FPs.
    Sorry about that. I didnt see any replies and thought no one was looking to help. I will have to log into the server and get some examples to post. I did notice that one of the spams with viagara was a gif.
    I will get some info and post it here soon.
    thank you
    Bill

  8. #8
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default viagara example that made it thru

    Return-Path: tbarrons@stmarysstclair.org
    Received: from ms1.stmarysstclair.org (LHLO ms1.stmarysstclair.org)
    (192.168.3.5) by ms1.stmarysstclair.org with LMTP; Sat, 12 Sep 2009
    21:40:56 -0400 (EDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by ms1.stmarysstclair.org (Postfix) with ESMTP id A736E264004
    for <tbarrons@stmarysstclair.org>; Sat, 12 Sep 2009 21:40:56 -0400 (EDT)
    X-Quarantine-ID: <rIaaMvwOdDgc>
    X-Virus-Scanned: amavisd-new at ms1.stmarysstclair.org
    X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char A9 hex): From: \251
    ****** \256 Offic[...]
    Received: from ms1.stmarysstclair.org ([127.0.0.1])
    by localhost (ms1.stmarysstclair.org [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id rIaaMvwOdDgc for <tbarrons@stmarysstclair.org>;
    Sat, 12 Sep 2009 21:40:49 -0400 (EDT)
    Received: from 198-236-124-91.pool.ukrtel.net (198-236-124-91.pool.ukrtel.net [91.124.236.198])
    by ms1.stmarysstclair.org (Postfix) with SMTP id C2AF8264003
    for <tbarrons@stmarysstclair.org>; Sat, 12 Sep 2009 21:40:48 -0400 (EDT)
    From: � ****** � Official Site <tbarrons@stmarysstclair.org>
    To: tbarrons@stmarysstclair.org
    Subject: Dear tbarrons@stmarysstclair.org 74% 0FF on Pfizer !
    MIME-Version: 1.0
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    Message-Id: <20090913014048.C2AF8264003@ms1.stmarysstclair.org >
    Date: Sat, 12 Sep 2009 21:40:48 -0400 (EDT)


    http://www.gsexeyuk.cn/1.gif

  9. #9
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    174
    Rep Power
    7

    Default

    here is a screenshot of my admin graphs..... how does this compare to others?Screenshot-1.jpg

  10. #10
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Not seen one of those image SPAMs for a while ... They are one of the first iterations and can easily be caught by using FuzzyOCR.

Similar Threads

  1. Mail delivery is very slow
    By chandu in forum Administrators
    Replies: 23
    Last Post: 09-04-2009, 12:05 AM
  2. 2 quick spam assassin questions
    By Nox in forum Administrators
    Replies: 1
    Last Post: 08-07-2008, 11:58 AM
  3. speed up the net
    By mcesari in forum Administrators
    Replies: 10
    Last Post: 04-25-2008, 11:24 AM
  4. Replies: 3
    Last Post: 03-21-2008, 09:47 AM
  5. Simple Spam Assassin help needed
    By gfdos.sys in forum Administrators
    Replies: 3
    Last Post: 09-17-2007, 12:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •