Client is having SA & email issues.

[modem]

A friend and fellow client came to me yesterday regarding their email issues. Back three weeks ago when I got SpamAssassin running once again after removing the v310.pre file told me he was only getting about 8 spams a day.

He's had 3 major issues, and I'm curious as to what options are available to make him happy:


Issue 1
---------
Recently he has had an explosion of spam, getting upto 250 per day and was really wondering what was going on. When I checked his account settings, he has his catch-all turned on. He doesn't want that turned off because he's afraid someone will mistype his email and an important email won't get to him. I temporarily turned catch-alls off for him last night and he said his spams virtually went away. However he doesn't like the idea that he may miss an email when mistyped emails aren't coming to him. I heavily suggested that catch-all be turned off if possible.

Is there anyway to make him happy by having catchall on, but having SA be more strict on the emails? This leads to issue 2...


Issue 2
----------
My client has been getting alot of MAILER-DAEMON@<differentdomainname>.com that has been coming in lately. Those have been scoring like 0.5 or 1.0 on the SA threshhold falling well short of his 4.0 threshold limit. I haven't noticed this on my email accounts, but appearantly it's happening to him quite a bit. I have alot of extra SARE rules installed and they are knocking out 98% of my own spam. Any suggestions to help help filter that out other than looking for websites that have more rulesets?


Issue 3
----------
Several spam emails have been getting through to his inbox unaltered by SA even though they have a threshold of 7.5 or higher. While other spams are getting nailed by SA just fine.

 

[nobaloney]

Recently he has had an explosion of spam, getting upto 250 per day and was really wondering what was going on. When I checked his account settings, he has his catch-all turned on. He doesn't want that turned off because he's afraid someone will mistype his email and an important email won't get to him.

He's probably getting dictionary attack spam, and the only sure way to get rid of it is to turn catchall off. It's a tradeoff and it's his call.

Is there anyway to make him happy by having catchall on, but having SA be more strict on the emails?

Sure. Search the net for more SA rulesets and install them. The more rulesets you have the more SA will put a resources draw on your server.

My client has been getting alot of MAILER-DAEMON@<differentdomainname>.com that has been coming in lately. Those have been scoring like 0.5 or 1.0 on the SA threshhold falling well short of his 4.0 threshold limit.

The mail is coming from misconfigured servers who get spam (probably also dictionary spam) with addresses on his domain name set as the sender. The servers are misconfigured and send the spam back to his domain instead of just refusing it. And RFCs require that email from MAILER-DAEMON be accepted. Much of this will also be eliminating by getting rid of catchall.

I haven't noticed this on my email accounts, but appearantly it's happening to him quite a bit. I have alot of extra SARE rules installed and they are knocking out 98% of my own spam. Any suggestions to help help filter that out other than looking for websites that have more rulesets?

He'll probably eliminate most of it if he gets rid of the catchall account, but again, that's got to be his decision.

Several spam emails have been getting through to his inbox unaltered by SA even though they have a threshold of 7.5 or higher. While other spams are getting nailed by SA just fine.

Are you sure they're not -7.5 which is not the same as 7.5. If they are,then you've got to tweak rule values, or see why the spam is triggering negative values.

The spamassassin-users list is probably a better resource for SA-specific questions than this forum.

Jeff

 

[modem]

Thanks. I was sure that was the cause and resolution, but I copied him your reply in effort to assist him in understanding that there is a trade off and it's a personal preference. I think he's hungup on the idea that after I implimented the new SARE rules, his spams decreased to 6 a day but then in the last week shot up to 250+ with no cause or reason.

Thanks again.

Just to confirm, the SA issue of removing the v310.pre file *DID* in fact solve the BSMTP errors I had for nearly a year. I've been running a month and half perfectly fine.