Need some suggestions

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Hi,

everyday i got some spam email for viagra/casino/pharmacy and i would like to stop those kind of spam.

Here an example:
Code:
From - Mon May 31 11:10:16 2010
X-Account-Key: account5
X-UIDL: 00000ecf4853e823
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <sgyrasxiqnez@atlaswebmail.com>
Envelope-to: andrea@iannucci.net
Delivery-date: Mon, 31 May 2010 11:07:53 +0200
Received: from mail by Burn.CrazyNetwork.it with spam-scanned (Exim 4.71)
	(envelope-from <sgyrasxiqnez@atlaswebmail.com>)
	id 1OJ0yJ-0007Uo-Ed; Mon, 31 May 2010 11:07:52 +0200
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on Burn.CrazyNetwork.it
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0 tests=MIME_BASE64_TEXT,
	NO_DNS_FOR_FROM,RDNS_NONE autolearn=no version=3.2.5
Received: from [117.197.172.234] (helo=atlaswebmail.com)
	by Burn.CrazyNetwork.it with smtp (Exim 4.71)
	(envelope-from <sgyrasxiqnez@atlaswebmail.com>)
	id 1OJ0yC-0007U5-Pn; Mon, 31 May 2010 11:07:47 +0200
Message-ID: <DDAB714F.0A317ECB@atlaswebmail.com>
Date: Mon, 31 May 2010 11:52:27 +0300
From: "Golden Online Casino" <sgyrasxiqnez@atlaswebmail.com>
To: <andrea@iannucci.net>
Cc: <massimo@iannucci.net>,
	<maurizio@iannucci.net>
Subject: =?iso-8859-1?B?SGFpIG90dGltZSBwcm9iYWJpbGl04CBkaSB1c2NpcnRlbmUgY29uIHVuIHNvcnJpc28h?=
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: base64

DQpVbiBjYXNpbvIgc29maXN0aWNhdG8gZSBkaSBjbGFzc2UsIGNvbiBmYW50YXN0aWNpIGdpb2No
aSBlIHVuIGVjY2VsbGVudGUgc2Vydml6aW8gY2xpZW50aTogZ2lvY2EgY29uIG5vaSENCg0KaHR0
cDovL3d3dy5oYXdhaWlzY2FzaW5vLnJ1L2l0Lw0K
How can i filter those email? I cant put "casino" for example in filter cause is an italian word aswell so will block email that are no spam.

I was thinkin about move spam score from 5.0 to something lower but i dunno if is a good idea.

Im sure here someone will have more better suggestion :)

thanks everyone for replies
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
SpamBlocker only blocks email based on reputation. It doesn't care about content, and while it blocks a lot of spam, some will always get through. If you can't delete on the specific word then yes, you can change SpamAssassin to something else; rather than change to lower than 5.0, I'd look for specific rules the emails all seem to trip but other emails seem to not trip, and change the values for those rules.

Which has nothing to do with SpamBlocker :).

Jeff
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Hi Jeff,

thanks for reply first at all.

I know that this doesnt depend on it but.. i know that you read this section and that you are an expert on mail and spam so, i was sure you was the first reply to me :)

What is a nice score to setup spamassassin for you?

Regards
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
We use SpamAssassin defaults; they've worked fine for us over the past few years now that we've fine-tuned SpamBlocker.

We also use DirectAdmin's Spam Filter. If you can't filter single words perhaps you can find word groups to filter.

Jeff
 

sky

Verified User
Joined
Nov 12, 2004
Messages
338
Hello

I use DA email filter per user scope.

Is there a way to use that at a server scope ?

Thx,
Sky
 

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
Hi,

everyday i got some spam email for viagra/casino/pharmacy and i would like to stop those kind of spam.

How can i filter those email? I cant put "casino" for example in filter cause is an italian word aswell so will block email that are no spam.
If you don't want to switch to dspam, you can at least add the spam signatures to clamav and add a script that scans for known URLs
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
i thot that exim with spamblocker already was chekcing from external databases for check spam, am i wrong?

At least, with spamblocker most of the spam is disappeared..
 

YMTan

Verified User
Joined
Jun 26, 2009
Messages
27
You may want to configure Spamassassin to use DCC, Rizor to enhance the Spamassassin's accuracy. I personally find that a required score of 4.3 is good enough for the spam-every-where cyberspace.

If you're using ClamAV, you may want to check out Sanesecurity at http://www.sanesecurity.co.uk/clamav/index.htm where you can add 3rd party signatures to combat the spams.

By a mixture of all the above, the filtering rate can be quite satisfactory.
 

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
i thot that exim with spamblocker already was chekcing from external databases for check spam, am i wrong?

At least, with spamblocker most of the spam is disappeared..
Spamblocker only checks the sender's IP, domain and hostname. You need other tools to check the content of the message. I think SpamAssassin can do that if you install extra plugins.
 
Top