1

Topic: Spam filtering just not working

==== Provide basic information to help troubleshoot ====
- iRedMail version: 0.7.3
- Linux/BSD distribution name and version: Debian 6.0.2.1
- Any related log? Log is helpful for troubleshooting.
====

My spam filtering isn't working well at all. Perhaps there is an amavis tweak I need to make for the first example below, but im thinking SpamAssasin is to blame for the other two. Whats odd is I came from the workaround.org Tutorial that setup everything almost identically to how it is now and I got virtually no spam then. Any help would be appreciated.


    X-Quarantine-Id:     <Br0GErhMlOKw>
    X-Virus-Scanned:     amavisd-new at mail.root-survers.net
    X-Amavis-Alert:     BANNED, message contains .exe,.exe-ms,DHL_resend_N61F35USoll‮cod.exe
    X-Spam-Flag:     NO
    X-Spam-Score:     3.89
    X-Spam-Level:     ***
    X-Spam-Status:     No, score=3.89 tagged_above=1.5 required=5.02 tests=[BAYES_50=0.8, DATE_IN_PAST_06_12=1.543, DOS_RCVD_IP_TWICE_C=0.096, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, UPPERCASE_75_100=0.001] autolearn=no
    X-Original-Helo:     [123.24.212.52] (iRedMail: http://www.iredmail.org/)
    X-Mailer:     The Bat! (v3.5.18) Professional
    X-Priority:     3 (Normal)




    X-Virus-Scanned:     amavisd-new at mail.root-survers.net
    X-Spam-Flag:     NO
    X-Spam-Score:     2.118
    X-Spam-Level:     **
    X-Spam-Status:     No, score=2.118 tagged_above=1.5 required=5.02 tests=[BAYES_99=3.5, CTYPE_001C_B=0.001, FORGED_MUA_OUTLOOK=1.927, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_DYNAMIC=0.982, SPF_PASS=-10, TO_NO_BRKTS_DYNIP=1, TRACKER_ID=1.306] autolearn=no
    X-Original-Helo:     triband-mum-120.61.56.25.mtnl.net.in (iRedMail: http://www.iredmail.org/)
    Message-Id:     <000001cc786e8631110019383d78@tribandmum120.61.56.25.mtnl.net.in>
    Mime-Version:     1.0
    Content-Type:     multipart/alternative; boundary="----=_NextPart_000_0000_01CC786E.86311100"
    X-Priority:     3




    X-Virus-Scanned:     amavisd-new at mail.root-survers.net
    Authentication-Results:     mail.root-survers.net (amavisd-new); dkim=pass header.i=@yahoo.com
    Authentication-Results:     mail.root-survers.net (amavisd-new); domainkeys=pass header.from=jhschultz1967@yahoo.com
    X-Original-Helo:     nm9-vm4.bullet.mail.ne1.yahoo.com (iRedMail: http://www.iredmail.org/)
    X-Yahoo-Newman-Property:     ymail-3
    X-Yahoo-Newman-Id:     232855.1190.bm@omp1053.mail.ne1.yahoo.com
    Dkim-Signature:     v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1316614203; bh=Xi2VbVZvEUzxGudOU1SPQxc2VnCP0sHz4uymqn/uYwg=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nrTWTLToYNeuuSrwfnFKIFaAaUg59trS+ckQ7JHw4mr2swSn4tZpaz2Mlu5Djma8xfaL1BEoYQ7x8rFsjzXKTcm27TybHEoPeDbFDDuqctNTfesVUd/IBIANLCKHyZwYGgFhUpdnCV69mwR4kjz+L6nl/Lz59I6wdUIcFRJ7l3Q=
    Domainkey-Signature:     a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=G6/3nohGpDtirb6bdZCVec/yvRnp3kaCjXhA1oX/OPalPQ4u6wkiX+MOQluescOxwZqGWGq5vdBUQlXkeE6OcuhNQGFzYNNdmxun8e2w/mpDFBQ6MBSjXHtYXypLILFspP+tRbuWRNiIMWtHFXowNc+qe6PvqTea42LMDu3k8sA=;
    X-Ymail-Osg:     At_DcJ4VM1lWugNSoLdf6suSOL16HnSMOBs1889p1hM2niQ sxBQMMeEwFqm_IQccXtlcb2o5KHqQhb0OctdjtOWS3F0049GNXoY7OHHxcI. IRvt4DqGit0kmdZqVMM1VM74vLtg5PTBbmXgwXkI2gkR7cJO9Dq.wWTbz8YU G8u5zfqzVV6.nWZ0pykJELY5Td8tiDcxNrikbw_x9KTerEhEQpM2Fs8hMTye 9xcsJOhd1N0ohX9ABsJ58CGBZNc_gvE2OrJJXlwRmMWDeJtKGg9exOuC4Hll Gl3y_s3F8MtEFbBqkKpIgVhz9Smnay1Ve5.l..c.ZV8Yzzz9gs4J.JeKTic5 cNnLzhJLX3yIj6c75on7qlKWz9Xz5EFTTA6zxMLhaAnm78HRkucxPmnzfLCJ dT5UF45.t4sTdd1yN6QrJfUxJq5s3_wwGyqekK52DeqLP7Qzq3HE04S_tdXl Lby4EVOdGOzriINw87HMDGEufmLCu7rEi1DcNid8uAnlv5MG5JI_82Zqyp7k 2Y8E8oJ6IAZA7kC23vaztsJQ-
    X-Mailer:     YahooMailWebService/0.8.114.317681
    Message-Id:     <1316614203.26529.yint-ygo-j2me@web121508.mail.ne1.yahoo.com>

2

Re: Spam filtering just not working

brondon wrote:

    X-Spam-Status:     No, score=2.118 tagged_above=1.5 required=5.02 tests=[BAYES_99=3.5, CTYPE_001C_B=0.001, FORGED_MUA_OUTLOOK=1.927, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_DYNAMIC=0.982, SPF_PASS=-10, TO_NO_BRKTS_DYNIP=1, TRACKER_ID=1.306] autolearn=no

Did you see "SPF_PASS=-10"?

3

Re: Spam filtering just not working

Saw that and changed the config, however the other messages that weren't getting any SPF Pass are still leaking through the spam filter.

4

Re: Spam filtering just not working

Well I guess all I can do is hope the next release replaces AMAVIS with a better solution. Im quickly running out of ideas on things to check/change to get rid of a few very specific spam formats.

5

Re: Spam filtering just not working

Anti-spam is not an one-time fight.

You can analytics why they were spam, then create SpamAssassin rules to block them.

For example, mail header shows this email was from a dynamic ip address:

FORGED_MUA_OUTLOOK=1.927, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_DYNAMIC=0.982, SPF_PASS=-10, TO_NO_BRKTS_DYNIP=1

So you can increase scores of these tags in SpamAssassin to mark them as SPAM.