Any good anti spam package?

C

chow

Verified User
Joined
Aug 27, 2003
Messages
125
Location
The Netherlands
Hi, I configured spamd and spamassasin. Still I get enormous amounts of spam. When I forward this account to my google account I noticed that spam is filtered at google much much better. What solution is available to have my directadmin servers protected against spam?
 
xemaps said:
it work well, but you have to set up sa
Click to expand...

Setup is done according to other topics on this forum. On one account I get 300-500 spammails per day. Only 50% is filtered. When I route this email to my google account about 80% is filtered. I guess more sophisticated spamfilters are around but not sure which..
 
That mean you didn't set up hard/fine enough !
There is a how to on sa website

of course you can use real time blacklists to reject spam

before i had 90% spam... now only a few %

sample for one my user on my server :

>CURRENT WEEK---
spam:157
ham:707
rejected:2090
>>virus:41
>>blacklist:311
-WEEK-1---------
spam:350
ham:2920
rejected:5212
>>virus:80
>>blacklist:874
-WEEK-2---------
spam:238
ham:1248
rejected:3965
>>virus:107
>>blacklist:659
-WEEK-3---------
spam:246
ham:1214
rejected:3061
>>virus:88
>>blacklist:1391
-WEEK-4---------
spam:260
ham:1233
rejected:4563
>>virus:154
>>blacklist:1688
 
i use simply 'grep -ci' in a .sh file

sample :
printf "spam:"
grep -ci " Y " /var/log/maillog
 
chow said:
Gives as output "spam:17524"

Not the fancy stats you show :confused:
Click to expand...

Nothing wrong I guess!

Your output shows you are getting a result of 17524 spam messages which might be right.

If you would like to see the other items as well as indicated by Xemaps you have to run the same command again but with the word "spam" replaced by "rejected" or whatever you like.

You can create a nice script which prints some formatted output and that is probably what Xemaps has done.
 
What still wonders me is that spam still comes through which is obviously spam.. I'll figure out the script which would give me more info.
 
Did you check in the email header to make sure it lists spam assassin and the score the spam email is getting?
 
chow said:
What still wonders me is that spam still comes through which is obviously spam.. I'll figure out the script which would give me more info.
Click to expand...

I don't know what your settings are for Spamassassin, but mine are pretty good because only a small percentage is getting through.

Example (from the log file)
..... spamd[10035]: spamd: identified spam (29.9/5.0) for ......

The limit is set on 5.0 and the score in this case is 29.9 so way above the trigger level of 5.0.
In other cases however you might just see a score of 4.9 which is too low, so it misses the trigger level.
 
chatwizrd said:
Did you check in the email header to make sure it lists spam assassin and the score the spam email is getting?
Click to expand...

An obvious Viagra spam has this header

X-Spam-Status: No, score=3.4 required=5.0 tests=DRUGS_ERECTILE,
HTML_BADTAG_60_70,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,INVALID_MSGID,
MIME_HTML_ONLY,RCVD_ILLEGAL_IP,UNPARSEABLE_RELAY autolearn=no
version=3.1.1

This one was missed by my server but caught by gmail spamfilter..
 
Last edited:
What has the same message for sa headers on gmail ?

I said read sa manual for the conf and rules.
You can personalize spam level, activate some rules.
Give DRUGS_ERECTILE more spam points aso...
You can update sa, current is 3.1.3

You will find aditionnal rules for sa (.cf) on internet
 
Last edited:
xemaps said:
What has the same message for sa headers on gmail ?

I said read sa manual for the conf and rules.
You can personalize spam level, activate some rules.
Give DRUGS_ERECTILE more spam points aso...
You can update sa, current is 3.1.3

You will find aditionnal rules for sa (.cf) on internet
Click to expand...

I did read the manual and came up with this conf. To be honest I don't feel comfortable with experimenting with rules on a production server leaving my customers getting no email at all. If I give DRUGS_ERECTILE more points it won't help much since all headers give different words. I understand spammers are smart but I hoped for a better result. Gmail won't give me inside in their filter. It just says in the headers it was scanned by the gmail filter but no result thing whatever.
 
I have a production server.

Why without mail ?
You don't have to delete spam, just mark them and/or you can redirect spam to main account

but with a few rules in exim.conf (acl rules) you can reject blacklisted spammer ip from example spamcop or xbl.

I understand you aren't ready , i was in the same situation a few monthes ago.

For a domain spam just get marked but goes in spam folder in mailclient.
For another domain all spam goes to same account, stay on server, someone check sometimes with squirrelmail and can move to inbox or delete.
Aso...

Good luck
 
You must log in or register to reply here.
Back
Top