1

Topic: Massive SPAM after new setup of iredmail 0.8.6

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: 0.8.6 open source version
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 12.04.3 x32 1GB RAM
====

Hi,

after I set up a new iredmail system on a new host, I realized, that I get a lot of spam (100-150 a day). I looked up all the forum entries about that, and nothing really helped. What I have done so far is installing razor2, pyzor and dcc. I deactivated virus checking, because it used up a lot of RAM. The system obviously checks correctly the mail as you can see in this header:

Return-Path: <Bosley@hair-restorations.eu>
Delivered-To: dominik@kalisch.biz
Received: from localhost (poseidon.urban-systems.net [127.0.0.1])
    by poseidon.urban-systems.net (Postfix) with ESMTP id 9464641962
    for <dominik@kalisch.biz>; Thu, 27 Feb 2014 15:29:07 -0500 (EST)
X-Spam-Flag: NO
X-Spam-Score: 2.39
X-Spam-Level: **
X-Spam-Status: No, score=2.39 tagged_above=-1000 required=5
    tests=[AC_HTML_NONSENSE_TAGS=0.001, HTML_MESSAGE=0.001,
    MIME_HTML_ONLY=1.105, RDNS_NONE=1.274, SPF_PASS=-0.001,
    T_REMOTE_IMAGE=0.01] autolearn=no
Received: from poseidon.urban-systems.net ([127.0.0.1])
    by localhost (poseidon.urban-systems.net [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id mMCT6mxJKfg7 for <dominik@kalisch.biz>;
    Thu, 27 Feb 2014 15:29:06 -0500 (EST)
Received: from 039c00a1.hair-restorations.eu (unknown [199.195.142.83])
    by poseidon.urban-systems.net (Postfix) with ESMTP id 09551403AB
    for <dominik@kalisch.biz>; Thu, 27 Feb 2014 15:29:04 -0500 (EST)
Received: by 039c00a1.db8gw4uc.hair-restorations.eu
    (amavisd-new, port 13993) with ESMTP id 03YOCCXXRSH9C00LOOBBGGEXA1;
    for <dominik@kalisch.biz>; Thu, 27 Feb 2014 12:29:03 -0800
Message-ID: <499372605504324993125120299912959@db8gw4uc.hair-restorations.eu>
To: dominik@kalisch.biz
Content-Transfer-Encoding: 8bit
From: "Bosley" <Bosley@hair-restorations.eu>
Content-Type: text/html; charset=us-ascii
Content-Language: en-us
MIME-Version: 1.0
Date: Thu, 27 Feb 2014 12:29:03 -0800
Subject: Get started With *Bosley Now

But on my old system (also with iredmail) such emails were not delivered. I also train the system with spam and ham mails:

current status:
0.000          0          3          0  non-token data: bayes db version
0.000          0       1372          0  non-token data: nspam
0.000          0        574          0  non-token data: nham
0.000          0     113908          0  non-token data: ntokens
0.000          0 1392582426          0  non-token data: oldest atime
0.000          0 1393571553          0  non-token data: newest atime
0.000          0 1393573775          0  non-token data: last journal sync atime
0.000          0 1393517167          0  non-token data: last expiry atime
0.000          0     936954          0  non-token data: last expire atime delta
0.000          0      69804          0  non-token data: last expire reduction count

What else can I do? The system is almost not useable as important stuff get lost in the amount of mails. I remember that there were services that one can use that have lists of possible spam servers. Would that be a solution? and how can I integrate them?
Thanks for your help.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Massive SPAM after new setup of iredmail 0.8.6

istaon wrote:

I remember that there were services that one can use that have lists of possible spam servers. Would that be a solution? and how can I integrate them?

Do you mean DNS blacklist? If so, search "reject_rbl_client zen.spamhaus.org" in Google.

3

Re: Massive SPAM after new setup of iredmail 0.8.6

Hi Zhang,

I found the blacklist, but it seem that they not really help. I still get an huge amount of spam every day in my inbox.

I train my spamassassin every other day with the spam that I sorted out as root with:

sa-learn --no-sync --spam $FILESPAM
sa-learn --no-sync --ham $FILEHAM

Is this list /db considered automatically or do I have to setup something in amavis? Also do you have any other suggestions?
Thanks for your help!

4

Re: Massive SPAM after new setup of iredmail 0.8.6

istaon wrote:

I found the blacklist, but it seem that they not really help. I still get an huge amount of spam every day in my inbox.

What blacklist did you find and how do you use it?

You have to try to analyze what kind of spam they're, then fight them based on it.

5

Re: Massive SPAM after new setup of iredmail 0.8.6

ZhangHuangbin wrote:

What blacklist did you find and how do you use it?

You have to try to analyze what kind of spam they're, then fight them based on it.

I use zen.spamhaus.org and ix.dnsbl.manitu.net as blacklist and list.dnswl.org as whitelist against false positves. I included them in main.cf under smtpd_recipient_restrictions

smtpd_recipient_restrictions =
    reject_unknown_sender_domain
    reject_unknown_recipient_domain,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unlisted_recipient,
    check_policy_service inet:127.0.0.1:7777,
    check_policy_service inet:127.0.0.1:10031,
    permit_mynetworks,
    permit_dnswl_client list.dnswl.org,
    check_client_access hash:/etc/postfix/rbl_override,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client zen.spamhaus.org,
    permit_sasl_authenticated,
    reject_unauth_destination

All in one line. Actually, can I write the code in main.cf as over multiple lines as shown above?

6

Re: Massive SPAM after new setup of iredmail 0.8.6

istaon wrote:

All in one line. Actually, can I write the code in main.cf as over multiple lines as shown above?

Yes.

7

Re: Massive SPAM after new setup of iredmail 0.8.6

So I actually implemented RBL filtering, but I still get a huge amount of spam. I am really wondering, why that wasn't the case with the old installation. What else can I do to reduce the spam?