Need some suggestions

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,806
Location
A Coruña, Spain
Hi,

everyday i got some spam email for viagra/casino/pharmacy and i would like to stop those kind of spam.

Here an example:
Code:
From - Mon May 31 11:10:16 2010
X-Account-Key: account5
X-UIDL: 00000ecf4853e823
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 31 May 2010 11:07:53 +0200
Received: from mail by Burn.CrazyNetwork.it with spam-scanned (Exim 4.71)
	(envelope-from <[email protected]>)
	id 1OJ0yJ-0007Uo-Ed; Mon, 31 May 2010 11:07:52 +0200
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on Burn.CrazyNetwork.it
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0 tests=MIME_BASE64_TEXT,
	NO_DNS_FOR_FROM,RDNS_NONE autolearn=no version=3.2.5
Received: from [117.197.172.234] (helo=atlaswebmail.com)
	by Burn.CrazyNetwork.it with smtp (Exim 4.71)
	(envelope-from <[email protected]>)
	id 1OJ0yC-0007U5-Pn; Mon, 31 May 2010 11:07:47 +0200
Message-ID: <[email protected]>
Date: Mon, 31 May 2010 11:52:27 +0300
From: "Golden Online Casino" <[email protected]>
To: <[email protected]>
Cc: <[email protected]>,
	<[email protected]>
Subject: =?iso-8859-1?B?SGFpIG90dGltZSBwcm9iYWJpbGl04CBkaSB1c2NpcnRlbmUgY29uIHVuIHNvcnJpc28h?=
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: base64

DQpVbiBjYXNpbvIgc29maXN0aWNhdG8gZSBkaSBjbGFzc2UsIGNvbiBmYW50YXN0aWNpIGdpb2No
aSBlIHVuIGVjY2VsbGVudGUgc2Vydml6aW8gY2xpZW50aTogZ2lvY2EgY29uIG5vaSENCg0KaHR0
cDovL3d3dy5oYXdhaWlzY2FzaW5vLnJ1L2l0Lw0K

How can i filter those email? I cant put "casino" for example in filter cause is an italian word aswell so will block email that are no spam.

I was thinkin about move spam score from 5.0 to something lower but i dunno if is a good idea.

Im sure here someone will have more better suggestion :)

thanks everyone for replies
 
SpamBlocker only blocks email based on reputation. It doesn't care about content, and while it blocks a lot of spam, some will always get through. If you can't delete on the specific word then yes, you can change SpamAssassin to something else; rather than change to lower than 5.0, I'd look for specific rules the emails all seem to trip but other emails seem to not trip, and change the values for those rules.

Which has nothing to do with SpamBlocker :).

Jeff
 
Hi Jeff,

thanks for reply first at all.

I know that this doesnt depend on it but.. i know that you read this section and that you are an expert on mail and spam so, i was sure you was the first reply to me :)

What is a nice score to setup spamassassin for you?

Regards
 
We use SpamAssassin defaults; they've worked fine for us over the past few years now that we've fine-tuned SpamBlocker.

We also use DirectAdmin's Spam Filter. If you can't filter single words perhaps you can find word groups to filter.

Jeff
 
Hello

I use DA email filter per user scope.

Is there a way to use that at a server scope ?

Thx,
Sky
 
Hi,

everyday i got some spam email for viagra/casino/pharmacy and i would like to stop those kind of spam.

How can i filter those email? I cant put "casino" for example in filter cause is an italian word aswell so will block email that are no spam.
If you don't want to switch to dspam, you can at least add the spam signatures to clamav and add a script that scans for known URLs
 
i thot that exim with spamblocker already was chekcing from external databases for check spam, am i wrong?

At least, with spamblocker most of the spam is disappeared..
 
You may want to configure Spamassassin to use DCC, Rizor to enhance the Spamassassin's accuracy. I personally find that a required score of 4.3 is good enough for the spam-every-where cyberspace.

If you're using ClamAV, you may want to check out Sanesecurity at http://www.sanesecurity.co.uk/clamav/index.htm where you can add 3rd party signatures to combat the spams.

By a mixture of all the above, the filtering rate can be quite satisfactory.
 
i thot that exim with spamblocker already was chekcing from external databases for check spam, am i wrong?

At least, with spamblocker most of the spam is disappeared..
Spamblocker only checks the sender's IP, domain and hostname. You need other tools to check the content of the message. I think SpamAssassin can do that if you install extra plugins.
 
Back
Top