Irritating amount of SPAM...

Is there an official fix to this issue yet please?

One of my servers was updated about 5 weeks ago, since then all hell broke loose.
Last week, another server was also updated, causing similar grief.

My hosts have applied the suggested fixes from this thread (or so i'm lead to believe), but things are still not right.

Spam scores are really low, resulting in more spam hitting the spam folder.
I've gone from having to manually scan through 25 spam emails per day to about 150.
Each time, i lower the threshold, this over writes some file on the server, resulting in scored spam being delivered to the users mailboxes.

The thread seems to have gone quiet.
 
Hello,

The fix is already in the code-base for release.
There are other features that were being implemented when the fix happened, so they'll all be released at the same with the next version of DA, which should be this Sunday, if all goes well.

You can grab the latest binary pack from the pre-release section, which has the fix already (but does the same thing as manually changing the filter_base file).

Note that the issue was not introduced with any version updates (it's always been that way), but rather the spammers changed how they sent spam and the filter needed to be changed to prevent it, hence the changes.

John
 
Hi John.

Thanks for the update.
I'm still a little confused though.

I'm connected to two servers both running DA.
One of which went crazy on or around the 13th of March, the other server was unaffected until last week, when it started displaying the same symptoms.

I'm not convinced that all spammers throughout the world would change the way they send spam all on the same day ?
It literally was like flicking a switch on our server. We went from 25 per day to about 150 or more, which is hard work on a Monday morning :-).


1. Spam which should have been delivered to the spam folder, was being delivered to the users mailboxes.
2. Spam with negative scores.
3. Filter drop rules not working as they should.
4. And any changes to the spam threshold overwrites a file resulting in No.1 again.

I'm still unable to tinker with the threshold without having to raise a support ticket with our hosts.

I look forward to the new release, hopefully, this will restore functionality.
 
I am getting seemingly random emails dropped by domain_filter since I made this edit:

Code: 
2013-06-24 12:27:13 1UrCPp-0004bv-5E <= [email protected] U=mail P=spam-scanned S=3905 id=16EE33E96CB24B98BF682F1A0D3FDF33@DianaXP T="testing from [email protected]" from <[email protected]> for [email protected]
2013-06-24 12:27:13 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UrCPp-0004bv-5E
2013-06-24 12:27:13 1UrCPp-0004bv-5E => discarded <[email protected]> R=domain_filter
2013-06-24 12:27:13 1UrCPp-0004bv-5E Completed

And mydomain.com filter (/etc/virtual/mydomain.com/filter):
Code: 
# Exim Filter

# created by DirectAdmin, version 1.42.1
# Do not modify this file as any changes will be
# overwritten when the user makes a change.
# (data is only written to this file, not read)



if
        $h_X-Spam-Level: contains "****"
then
        seen finish
endif


if
    $h_X-Spam-Status: contains "Yes,"
then
    seen finish
endif

Whitelisting them in /etc/virtual/whitelist_sender doesn't help.

Any ideas?
 
It will fix the mentioned spam filtering bug.

It won't fix the bug in the spammer's minds, causing them to decide to send you spam, unfortunately.

John
 
still having a few issues

I'm assuming that our server has been updated, as the amount of spam hitting the spam box has dropped from about 180 per day down to around 30 per day.

However, during the little bug period, i did notice that "Spam Filters" wasn't quite working as it should. I assumed part of the bug.

Well it transpires that they still don't appear to be working correctly.
I have a filter for the word "viagra".
Any email containing this word, should be instantly dropped.
But they are still being delivered in to the spam folder.

Any thoughts.. maybe my host tweaked something to alleviate the bug, and now it needs tweaking back ?

Spam detection software, running on the system "xxx.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Viagra 30 pills 100mg -20% USD 81.90
Viagra,Plavix,Cialis,Lipitor,Synthroid,Levitra,Propecia
==================================================================== Best
prices in the market Payment: VISA Discounts for returning customers FDA
approved productas 350000+ satisfied -customers Click here Good luck [...]


Content analysis details: (14.2 points, 4.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 MISSING_DATE Missing Date: header
0.0 SUBJECT_DRUG_GAP_C Subject contains a gappy version of 'cialis'
2.3 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
1.4 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis.
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5617]
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?46.225.251.193>]
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[46.225.251.193 listed in zen.spamhaus.org]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
[46.225.251.193 listed in dnsbl.sorbs.net]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: takistore.com.tr]
0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.3 DRUGS_ERECTILE Refers to an erectile drug
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
 
I tried to post that message about 6 times, but i kept getting errors, so i posted it as a fresh thread in the end.
I wasn't aware that the post actually made it.
Sorry
 
You posted many times, and each time the post was held for moderation. I've tried to find and remove all the duplicates.

Jeff
 
You must log in or register to reply here.
Back
Top