Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
October 25, 2014, 05:11:44 PM

Pages: [1]   Go Down
  Print  
Author Topic: Severe spam problems - begging for help :)  (Read 4673 times)
altoidboy
Intergalactic Cowboy
*****
Offline Offline

Posts: 63


« on: April 13, 2012, 09:18:32 PM »

I've been with LunarPages a long time and have dozens of e-mail accounts at my domains and add-on domains. I have SpamAssassin turned on for the entire account (Spam Auto Delete: disabled, score: 4, Spam Box: enabled, Custom Setup: required score=4)

For my own e-mail account (which I've had 10+ years) I don't have many spam problems. The occasional spam gets through, but most of it is intercepted correctly and sent to the spam box.

For my wife's account, she is getting CHRONIC spam. 100+ pieces per day. My gut is to say that SpamAssassin isn't working on her address, but when I examine headers for her mail, it does look like it's going through SpamAssassin, just scoring too low. (But how weird that her account, which she's had for much less time than I've had mine, is so chronically attacked while mine isn't.)

Below, I've included the relevant excerpts of headers from a few different spam mails. Can anyone with the expertise to read these help me figure out how I could modify SpamAssassin's settings to do a better job at catching mails like these? I can't lower the threshold any more, otherwise it'll be catching legitimate mail.

(Retiring her e-mail address is unfortunately not an option.)

GRATEFULLY APPRECIATE ANY HELP!!

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Have you seen the most recent changes to your credit-scores? Your Experian, Equifax & TransUnion Scores are your Ticket to a New car, Credit-cards, a Mortgage & more! Poor 301-600 Good 600-700 Excellent 700-849 [...] Content analysis details: (2.3 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    ++
X-Spam-Flag:    NO
X-Spam-Score:    23
X-Spam-Status:    No, score=2.3

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Does your bathroom need a facelift? Are you tired of stepping into the same old dreary bathroom with the same old dreary tile? Want to spruce it up? Make it beautiful? For most people the bathroom is the first place they go in the morning. Make it shiny, sunny, bright, clean. From just a tiny bit of improvement to a complete renovation that adds more space, we can do it at an incredible price. That's what we do. We find remodelers in your area that literally fight to get your business. They are qualified, bonded, insured, and experienced. [...] Content analysis details: (3.0 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [216.211.153.38 listed in bb.barracudacentral.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4987] 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +++
X-Spam-Flag:    NO
X-Spam-Score:    30
X-Spam-Status:    No, score=3.0

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Date: 4.13.12 Important information, you have been pre approved. You have been pre-approved for an advance of up to 1,000. You have up to 100 days to pay back the advance unlike other lender that only give you two weeks. [...] Content analysis details: (1.6 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.0 LOTS_OF_MONEY Huge... sums of money 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +
X-Spam-Flag:    NO
X-Spam-Score:    16
X-Spam-Status:    No, score=1.6

--

X-Ham-Report:    Spam detection software, running on the system "dwelling.lunarbreeze.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Power your home without greedy electric companies ? > VANCOUVER, British Columbia -- Vancouver's business community will be watching the Canucks set off on their Stanley Cup run with the same enthusiasm as most fans, while ensuring they're ready in case those fans ignore the team's marketing campaign aimed at averting a riot like the one that befell the city following a Game 7 loss to Boston in last year's Stanley Cup finals. [...] Content analysis details: (1.5 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.1465] 0.0 LOTS_OF_MONEY Huge... sums of money 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Bar:    +
X-Spam-Flag:    NO
X-Spam-Score:    15
X-Spam-Status:    No, score=1.5
Logged
Hush
Senior Moderator
▄ber Jedi
*****
Offline Offline

Posts: 2850


« Reply #1 on: April 14, 2012, 05:25:15 AM »

I'd like to be able to give you an answer in this post, but I don't use any anti-spam tools on my e-mail, and haven't done for many years. However, I will try to sit down today and look into your options and get back to you soon. In the mean time of course, it's very possible that someone else will come alone with a good solution  Thumbs Up

Whilst it may or may not be relevant to how you use your e-mails. One thing that I have been doing for a long time is using (very basic) ASCII encoding for my e-mail addresses on web sites. You can find a simple encoder at: http://www.wbwip.com/wbw/emailencoder.html

You can use the ASCII codes in the "mailto" section in place of the plain text e-mail address, and also as the actual address that is shown. What happens then is that the browser will interpret the codes back into plain text. But certainly most, if not all e-mail farmers seems to ignore ASCII and search for plain text. As I say, only relevant for some situations, but may help back on some new spam.
Logged

<- From the ashes will rise a phoenix ->

Lunarpages Web Hosting || Lunarpages Forums || Lunarpages Affiliate Program
Sherm
Spacescooter Operator
*****
Offline Offline

Posts: 31



WWW
« Reply #2 on: June 11, 2012, 12:02:51 PM »

I've been living way-too-much SPAM for a while and recently decided to tackle the problem.

I have always had SpamAssassin turned "on" with the "score" threshold set to 5.0.

But many of the SPAM messages I was getting had scores between 0.5 and 5.0 and therefore would make it through to my inbox.

I first tried setting up filters for keywords in the message subject or body, but found that that was hard to maintain and would lead to false-positives.

Then I notices some patterns:

When I looked at the X-Ham-Report header field, I saw many of the SPAM messages were listed in the various registries (eg: RCVD_IN_BRBL_LASTEXT and RCVD_IN_BRBL_LASTEXT) But even though these were "blacklisted" by the registries, they still didn't get a large enough score to trigger the filter.

So I added a simple filter in CPanel to do a "Header" "contains" "RCVD_IN_BRBL" and "Header" "contains" "RCVD_IN_BRBL"
I also added a few others of the items that show in the X-Ham-Report header.

Now my inbox is a much nicer place....

One question I would throw out to the LP experts: Is there way to "tweak" the scores given to each item that the system checks? Could I have anything blacklisted a "4.0" instead of what it usually gets (1.4 in the case of the email I checked just now...)?

Anyway, good luck!
Logged

Not a support rep, just a very happy customer!
Peter Florance
Trekkie
**
Offline Offline

Posts: 10


WWW
« Reply #3 on: December 06, 2012, 08:38:28 AM »

So I added a simple filter in CPanel to do a "Header" "contains" "RCVD_IN_BRBL" and "Header" "contains" "RCVD_IN_BRBL"
I also added a few others of the items that show in the X-Ham-Report header.


Sorry for HiJack but where did you do this?

It sounds like what I need to do.

Thanks!
Logged
Peter Florance
Trekkie
**
Offline Offline

Posts: 10


WWW
« Reply #4 on: December 06, 2012, 08:48:04 AM »

Oops, I figured it out.
Its in account level and user level filtering under email

Thanks!
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: