Web Hosting Forum | Lunarpages

Author Topic: Why the sudden surge of spam?  (Read 10569 times)

Offline inkslinger

  • Trekkie
  • **
  • Posts: 11
Why the sudden surge of spam?
« on: June 18, 2015, 06:17:00 AM »
I've been using LP hosting for over a decade. During that time I've never had much trouble with spam.

Beginning about three weeks ago, I suddenly began receiving hundreds of spam emails each day. I have SpamAssassin enabled, and I recently changed the setting to "10" in hopes it would reduce this flood of unwanted emails. Actually, changing the SA setting had zero effect on how much spam is getting through.

I've never had to "train" SA or really think about spam email at all because it wasn't a problem.

Why the sudden, massive increase in spam? Has something changed with SA? Has SA become basically useless?

What do you recommend to decrease the amount of spam reaching my inbox? I have no IT department or anything like that to tinker with this issue. It's just me, and I'm not particularly techie.

Thanks in advance,
Elizabeth

Offline MichaelT

  • Support
  • Jabba the Hutt
  • *****
  • Posts: 579
Re: Why the sudden surge of spam?
« Reply #1 on: June 19, 2015, 04:15:49 AM »
Hi inkslinger,

I cross posted this in the other thread but am also replying here as well.

If you are having issues with SpamAssassin not filtering properly please open a ticket with support as these forums are not an official means of technical support. They are primarily meant for official server related announcements from our admins and a central location for our customers to provide tips, hints and information amongst themselves. If you already have submitted a ticket and have not gotten any responses or the issue is continuing, please PM me your ticket # and I can get it looked into for you.

Offline doncht

  • Intergalactic Cowboy
  • *****
  • Posts: 63
Re: Why the sudden surge of spam?
« Reply #2 on: June 23, 2015, 10:46:07 AM »
Tuning up spa assassin with the trend that those spam emails are coming in should be worth your time I think.

Offline 356

  • Newbie
  • *
  • Posts: 1
Re: Why the sudden surge of spam?
« Reply #3 on: August 04, 2015, 04:02:17 PM »
Can you guys confirm you raise the number for 1 to 10 as the original poster noted  The instruction to me say a lower number is to stop spam.  I am also getting way to much spam and di change it to 1 with no help.

Thanks

from SPam Assassin in cPanel

Filters
Spam Auto Delete is Enabled
Spam with a score of 1 or higher will be deleted.

You can automatically delete messages marked as spam. First set the number of hits required before mail is considered spam.

(Note: 5 is the default setting. The higher the number, the more conservative the setting.)

Offline MichaelT

  • Support
  • Jabba the Hutt
  • *****
  • Posts: 579
Re: Why the sudden surge of spam?
« Reply #4 on: August 07, 2015, 04:28:14 AM »
The lower number is the more aggressive filtering. If you are having issues with SpamAssassin not filtering properly please open a ticket with technical support and they can check the server to make sure its working as it should be.

Offline Newbie+

  • va
  • Newbie
  • *
  • Posts: 1
Re: Why the sudden surge of spam?
« Reply #5 on: August 28, 2015, 07:28:03 PM »
Besides spam email detecting, I think you can hide your whois information by applying a whois hiding service to LP. Maybe recently your site's pr increase and rank high, so attract lots of spams.

Offline bakdong

  • Trekkie
  • **
  • Posts: 19
Re: Why the sudden surge of spam?
« Reply #6 on: September 07, 2015, 10:55:58 PM »
You should certainly look at training spam assassin to increase its effectiveness. I started doing this about a month ago and it is now catching 100% pretty much every day.

For info only, this is the script I use, having searched through the various pages available for inspiration:

Code: [Select]
#!/bin/sh

#Put your domain here
domain=domain.com
DNAME="$HOME/mail/$domain/"

echo -ne "Only users with scan-spam or scan-ham folders will be processed...\n\n"

for USER in $(ls $DNAME)
do

if [ -d "$DNAME$USER/.scan-spam/cur" ] ; then
  echo "Account: $USER"
  [ $(find "$DNAME$USER/.scan-spam/cur/" -prune -empty) ] && echo "..No emails in scan-spam folder" ||  (
   echo -ne "..Learning SPAM\n.."
   /usr/local/cpanel/3rdparty/bin/sa-learn --spam $DNAME$USER/.scan-spam/cur/;
    rm $DNAME$USER/.scan-spam/cur/* && echo "..and deleted"
  )
  echo
fi


if [ -d "$DNAME$USER/.scan-ham/cur" ] ; then
  [ $(find "$DNAME$USER/.scan-ham/cur/" -prune -empty) ] && echo "..No emails in scan-ham folder"  ||  (
    echo -ne "..Learning HAM\n.."
    /usr/local/cpanel/3rdparty/bin/sa-learn --ham $DNAME$USER/.scan-ham/cur/
    rm $DNAME$USER/.scan-ham/cur/* && echo "..and deleted"
  )
  echo
fi

done
echo "Done"

I'm sure that it can be improved, but it's been doing the job for me and I post it here in case it's of use to anyone else. It is only for courier type email folders. Use at your own risk and only when you understand what it does. Note that it deletes all the emails in the parsed folders.

I put it in the cgi-bin directory, called it sa-learner.sh and it runs from cron every morning:

Code: [Select]
0 20 * * * /home/username/public_html/cgi-bin/sa-trainer.sh
It will operate on any email account that has a "scan-spam" or a "scan-ham" folder. Other accounts are ignored.

It sends a short result summary email.

Additionally, I have tweaked the spam score trigger value to 4, and, when I was confident in the results, changed the BAYES_99 and BAYES_999 filter scores to 4 (in .spamassassin/user_prefs:

Code: [Select]
required_score 4.0
score BAYES_99 4
score BAYES_999 4

Unfortunately the recent upgrade to CP11.5 seems to have disabled the subject line rewriting so it's more difficult to see what has been caught and what's been missed. (The subject used to be changed to "***SPAM*** original subject", now only the X-Spam-Subject: headers are changed) and I haven't been able to find a way to revert to the previous behaviour.

Hope it's helpful to someone. With thanks for all the original pages and contributors that helped me.


Offline occamsrazor

  • Trekkie
  • **
  • Posts: 19
Re: Why the sudden surge of spam?
« Reply #7 on: September 29, 2015, 10:34:54 PM »
Hi bakdong, in the last month or so my spam emails have gotten crazy - hundreds a day now. So I'm looking into solutions and yours seems to be working well for you. A couple questions from a newbie that perhaps you could help with....

What are "courier type email folders"

Once you install the script and set it to run.... how do you actually train it in terms of manually selecting spam emails etc? I'd be using Outlook...

Also, I have now saved it to the cgi-bin directory, in the cPanel Cron Jobs section, what is the "command" to run this script?

Thanks much...

« Last Edit: September 29, 2015, 10:49:54 PM by occamsrazor »

Offline bakdong

  • Trekkie
  • **
  • Posts: 19
Re: Why the sudden surge of spam?
« Reply #8 on: September 30, 2015, 12:46:59 AM »
Hi,

Courier mail folders refers to the way the emails are stored on the server. http://www.courier-mta.org/maildir.html for the details.

The script takes any emails it finds in the folder called "scan-spam" and learns them as spam. Likewise, if there are any emails in "scan-ham" it learns them as ham. All you have to do is move the spam emails into the scan-spam folder and wait for the script to run.

You can use whatever client you like, as long as it is configured to use the IMAP protocol.

The command to use is the full path to the script file. In my case it is:

/home/username/public_html/cgi-bin/sa-trainer.sh

As I saved the script into a file  called "sa-trainer.sh" in the cgi-bin directory.  Substitute "username" for your own.

The script as it is deletes the emails after learning. I suggest you may want to comment out the lines that delete the emails (beginning "rm") until you have verified you have a working script. Mine's working fine but I take no responsibility for yours!

You might also like to have a look at Ian Douglas' rather more intricate perl cgi solution here: http://iandouglas.com/spamassassin-trainer/


Offline occamsrazor

  • Trekkie
  • **
  • Posts: 19
Re: Why the sudden surge of spam?
« Reply #9 on: October 01, 2015, 02:42:36 AM »
You might also like to have a look at Ian Douglas' rather more intricate perl cgi solution here: http://iandouglas.com/spamassassin-trainer/

Hi again... Thanks for all the info, much appreciated. As a newbie I do like the ease-of-use of Ian's script generator so I have decided to give that a go. Now I have it all installed and giving it a test. So far while still testing I'm calling the script manually but if all works fine I'll set up a cron-job. Will try to report back on results after a few days.....

Two other questions....

I think Ian's script doesn't auto-delete the scan-spam folder after scanning (which is fine by me I am happy to do manually - but in this case I should manually delete the emails after doing a scan, not leave them in there - yes?

My cPanel SpamAssassin has Spam-Box enabled and Auto-Delete off - in this case am I correct in saying that any new emails marked as Spam by the newly-trained SpamAssassin should be delivered into my "spam" folder?

Thanks again...
« Last Edit: October 01, 2015, 02:58:33 AM by occamsrazor »

Offline occamsrazor

  • Trekkie
  • **
  • Posts: 19
Re: Why the sudden surge of spam?
« Reply #10 on: October 05, 2015, 12:00:27 PM »
Just wanted to report back - very happy indeed. After a few days of feeding the spam emails through the script it's now successfully catching about 80% of them, and this figure has been climbing each day. Will be interesting to see how much this improves, but regardless I feel it's doing the job excellently.

My cPanel SpamAssassin has Spam-Box enabled and Auto-Delete off - in this case am I correct in saying that any new emails marked as Spam by the newly-trained SpamAssassin should be delivered into my "spam" folder?

To answer my own question - yes this is how it works.

Thanks again....

Offline Jonasu

  • Space Explorer
  • ***
  • Posts: 9
    • bandstarter
Re: Why the sudden surge of spam?
« Reply #11 on: July 31, 2016, 01:45:11 PM »
Hi Bakdong,

I installed you script but when I try to run it from cron I get this error message" /bin/sh: 0: command not found".
Do you know what I might have done wrong?

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6231
Re: Why the sudden surge of spam?
« Reply #12 on: July 31, 2016, 04:15:14 PM »
The 0 20 * * * is not part of the command. The command is the /home/ACCOUNTNAME/public_html/... part. The 0 20 * * * is the time and date fields for telling cron when to run the command.
Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-

Offline Jonasu

  • Space Explorer
  • ***
  • Posts: 9
    • bandstarter
Re: Why the sudden surge of spam?
« Reply #13 on: August 01, 2016, 07:08:27 AM »
Thank you! Now the cron job is working! But now I get this error message:

Account: xxxx
..Learning SPAM
../home/xxxx/public_html/cgi-bin/sa-trainer.sh: line 16: /usr/local/cpanel/3rdparty/bin/sa-learn: No such file or directory
..and deleted

..Learning HAM
../home/xxxx/public_html/cgi-bin/sa-trainer.sh: line 26: /usr/local/cpanel/3rdparty/bin/sa-learn: No such file or directory
..and deleted

I got the same error when I tried to use Ian Douglas Spam-assassin trainer. How do you locate the sa-learn directory?

Offline Jonasu

  • Space Explorer
  • ***
  • Posts: 9
    • bandstarter
Re: Why the sudden surge of spam?
« Reply #14 on: August 01, 2016, 07:43:37 AM »
I've got it working now!  :D
The correct path was: /usr/bin/sa-learn

Hope it really works now and the spam starts to decrease!

 

Share |